Note: This is an archival copy of Security Sun Alert 258048 as previously published on http://sunsolve.sun.com. Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1020423.1. |
Category Security Release Phase Resolved 6824175 Product Solaris 10 Operating System OpenSolaris Date of Workaround Release 29-Apr-2009 Date of Resolved Release 08-Jun-2009 A Security Vulnerability in the ASN.1 Handling in Solaris OpenSSL May Lead to a Denial of Service (DoS) Condition 1. Impact A security vulnerability in the ASN.1 handling in the OpenSSL product (see openssl(5)) shipped with Solaris may allow a local or remote unprivileged user to cause a Denial of Service (DoS) to applications calling the "ASN1_STRING_print_ex()" printing function. Additional information regarding this issue can be found in the following document: CVE-2009-0590 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0590
2. Contributing Factors This issue can occur in the following releases: SPARC Platform:
1. Solaris 8 and Solaris 9 are not impacted by this issue. 2. Any OpenSSL application which prints out the contents of a certificate could be affected by this bug, including SSL servers, clients and S/MIME software. For example: commands such as openssl(1) and servers such as PostgreSQL are known to be vulnerable to this issue. 3. Solaris Secure Shell (SSH), Firefox and Thunderbird distributed with Solaris are not vulnerable to this issue. OpenSolaris distributions may include additional bug fixes above and beyond the build from which it was derived. The base build can be derived as follows: $ uname -v 3. Symptoms There are no predictable symptoms that would indicate the described vulnerability has been exploited. 4. Workaround There is no workaround for this issue. Please see the Resolution section below. 5. Resolution This issue is addressed in the following releases: SPARC Platform:
Modification History 04-May-2009: Added additional "Notes" to Contributing Factors 08-Jun-2009: Updated Contributing Factors and Resolution sections; Resolved References141742-01140119-07 ReferencesSUNPATCH:140119-07SUNPATCH:141742-01 Attachments This solution has no attachment |
|