-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


		 NetBSD Security Advisory 2009-009
		 =================================

Topic:		OpenSSL DTLS Memory Exhaustion and DSA signature
		verification vulnerabilities

Version:	NetBSD-current:		affected prior to 2009-07-04
		NetBSD 5.0:		affected
		NetBSD 4.0.*:		affected
		NetBSD 4.0:		affected
		pkgsrc:			openssl package prior to 0.9.8j

Severity:	Denial of Service, DSA signature spoofing

Fixed:		NetBSD-current:		July 4, 2009
		NetBSD-5-0 branch:	July 4, 2009 (NetBSD 5.0.1 will include the fix)
		NetBSD-5 branch:	July 4, 2009 (NetBSD 5.1 will include the fix)
		NetBSD-4-0 branch:	July 4, 2009 (NetBSD 4.0.2 will include the fix)
		NetBSD-4 branch:	July 4, 2009 (NetBSD 4.1 will include the fix)
		pkgsrc 2009Q1:		openssl-0.9.8j corrects this issue

Please note that NetBSD releases prior to 4.0 are no longer supported.
It is recommended that all users upgrade to a supported release.


Abstract
========

Two range check errors in the DTLS code allow a remote attacker
to exhaust memory by executing too many out of sequence handshakes
or by sending DTLS packets with a future epoch.

A mistake in handling return codes allows a remote attacker to spoof
DSA signatures on data or certificates.

These vulnerabilities have been assigned CVE-2009-1377, CVE-2009-1378,
CVE-2009-1379, CVE-2009-1386 and CVE-2009-1387.


Technical Details
=================

The OpenSSL library does not limit the number of buffered DTLS records
tagged with a future epoch. If a large amount of such packages is
received, the DTLS records will occupy large amounts of memory, causing
exhaustion. Also, no limit is imposed on the number of out-of-sequence
handshake messages received, which can also be used to exhaust all
available memory.

A different error is caused by the functions validating DSA and ECDSA
keys. These functions do not handle the return code of
EVP_VerifyFinal() properly, causing some types of signature verification
errors to be ignored. This can be used to spoof DSA signatures on
data or certificates.


Solutions and Workarounds
=========================

No workaround to the problem is currently known. Users are advised
to either restrict access to OpenSSL services to trusted users only
or to apply the patches as described below.

The following instructions describe how to upgrade your OpenSSL
binaries by updating your source tree and rebuilding and
installing a new version of OpenSSL.

* NetBSD-current:

	Systems running NetBSD-current dated from before 2009-07-04
	should be upgraded to NetBSD-current dated 2009-07-05 or later.

	The following files/directories need to be updated from the
	netbsd-current CVS branch (aka HEAD):
		crypto/dist/openssl

	To update from CVS, re-build, and re-install OpenSSL:
		# cd src
		# cvs update -d -P crypto/dist/openssl
		# cd lib/libcrypt
		# make USETOOLS=no cleandir
		# make USETOOLS=no includes
		# make USETOOLS=no dependall install
		# cd ../libcrypto
		# make USETOOLS=no cleandir
		# make USETOOLS=no includes
		# make USETOOLS=no dependall install
		# cd ../libssl
		# make USETOOLS=no cleandir
		# make USETOOLS=no includes
		# make USETOOLS=no dependall install
		# cd ../../usr.bin/openssl
		# make USETOOLS=no cleandir
		# make USETOOLS=no dependall install

		If you use the patented libcrypto extensions,
		you will also want to execute the following commands:

		# cd ../../lib/libcrypto_idea
		# make USETOOLS=no cleandir
		# make USETOOLS=no includes
		# make USETOOLS=no dependall install
		# cd ../libcrypto_mdc2
		# make USETOOLS=no cleandir
		# make USETOOLS=no includes
		# make USETOOLS=no dependall install
		# cd ../libcrypto_rc5
		# make USETOOLS=no cleandir
		# make USETOOLS=no includes
		# make USETOOLS=no dependall install

* NetBSD 5.*:

	Systems running NetBSD 5.* sources dated from before
	2009-07-04 should be upgraded from NetBSD 5.* sources dated
	2009-07-05 or later.

	NetBSD 5.1 and 5.0.1 will include the fix.

	The following files/directories need to be updated from the
	netbsd-5 or netbsd-5-0 branches:
		crypto/dist/openssl

	To update from CVS, re-build, and re-install OpenSSL:

		# cd src
		# cvs update -r <branch_name> -d -P crypto/dist/openssl
		# cd lib/libcrypt
		# make USETOOLS=no cleandir
		# make USETOOLS=no includes
		# make USETOOLS=no dependall install
		# cd ../libcrypto
		# make USETOOLS=no cleandir
		# make USETOOLS=no includes
		# make USETOOLS=no dependall install
		# cd ../libssl
		# make USETOOLS=no cleandir
		# make USETOOLS=no includes
		# make USETOOLS=no dependall install
		# cd ../../usr.bin/openssl
		# make USETOOLS=no cleandir
		# make USETOOLS=no dependall install

		If you use the patented libcrypto extensions,
		you will also want to execute the following commands:

		# cd ../../lib/libcrypto_idea
		# make USETOOLS=no cleandir
		# make USETOOLS=no includes
		# make USETOOLS=no dependall install
		# cd ../libcrypto_mdc2
		# make USETOOLS=no cleandir
		# make USETOOLS=no includes
		# make USETOOLS=no dependall install
		# cd ../libcrypto_rc5
		# make USETOOLS=no cleandir
		# make USETOOLS=no includes
		# make USETOOLS=no dependall install

* NetBSD 4.*:

	Systems running NetBSD 4.* sources dated from before
	2009-07-04 should be upgraded from NetBSD 4.* sources dated
	2009-07-05 or later.

	NetBSD 4.1 and 4.0.2 will include the fix.

	The following files/directories need to be updated from the
	netbsd-4 or netbsd-4-0 branches:
		crypto/dist/openssl

	To update from CVS, re-build, and re-install OpenSSL:

		# cd src
		# cvs update -r <branch_name> -d -P crypto/dist/openssl
		# cd lib/libcrypt
		# make USETOOLS=no cleandir
		# make USETOOLS=no includes
		# make USETOOLS=no dependall install
		# cd ../libcrypto
		# make USETOOLS=no cleandir
		# make USETOOLS=no includes
		# make USETOOLS=no dependall install
		# cd ../libssl
		# make USETOOLS=no cleandir
		# make USETOOLS=no includes
		# make USETOOLS=no dependall install
		# cd ../../usr.bin/openssl
		# make USETOOLS=no cleandir
		# make USETOOLS=no dependall install

		If you use the patented libcrypto extensions,
		you will also want to execute the following commands:

		# cd ../../lib/libcrypto_idea
		# make USETOOLS=no cleandir
		# make USETOOLS=no includes
		# make USETOOLS=no dependall install
		# cd ../libcrypto_mdc2
		# make USETOOLS=no cleandir
		# make USETOOLS=no includes
		# make USETOOLS=no dependall install
		# cd ../libcrypto_rc5
		# make USETOOLS=no cleandir
		# make USETOOLS=no includes
		# make USETOOLS=no dependall install


Thanks To
=========

Daniel Mentz and the Google Security Team for discovering the vulnerabilities
and reporting them to the vendor.


Revision History
================

	2009-07-07	Initial release


More Information
================

Advisories may be updated as new information becomes available.
The most recent version of this advisory (PGP signed) can be found at 
  http://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.asc

Information about NetBSD and NetBSD security can be found at
http://www.NetBSD.org/ and http://www.NetBSD.org/Security/.

Copyright 2009, The NetBSD Foundation, Inc.  All Rights Reserved.
Redistribution permitted only in full, unmodified form.

$NetBSD: NetBSD-SA2009-009.txt,v 1.1 2009/07/07 21:57:15 tonnerre Exp $

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (NetBSD)

iQIcBAEBAgAGBQJKU8fzAAoJEAZJc6xMSnBuUZAQAKtILf4tYU6tpRvYaoWqA4+2
Co7wT+h0ihGJDgK2vRSXd+gG+rAhh3vi0b4nfuJY/zHotVC1l5Y50jLB4BSP/ZbR
STP2oBx87C1qmufqRW6fpe8rifelE9O3qmixSvogupro/zQXXaVrwnhNJPSjZ+o0
uZ1SWZr78UGBcyFgtOKhBD6p9wXpNl5R7by7V4qjxB+Q0a/tPwJ6Qb2mjWYE3Aj8
BfedB/5z2eP5rsmA89yk6m9cmm15n3OEtq/lqYDyRdnZTz8QnNvWEm/byVmjqDwu
lMVtSq4QmGkS97NVCrkkb9mAYm6rqaTaxlMVKQRoWVf1CSy3ZYTDjJNmp0kCWLct
gN9AXi+9TqL9/H1tuvqpzEHHVFJh+KSxB8bayzAz4ODPbcXeSv+mNKwQF7ryO+Kk
VenqjcD/0JSmX66hDwC4RfDTmYoqcKVOpRKhHmHLsrQ53Gv56gX+5z8r4Lcz4hH5
3a6oo6GG2jzJJaz6W9C+k1G4WQklgc4CpL3t9qJsnJ2947Dc7qELj2C20iEXSNcR
VcwlSYK4Niyf7IwNjcNZaXexzIfYDByEBLWtXCbSrBEwAI3TdSstlEafHYsBVXa3
+xWJpqjFsb+2CPlFwRDIdA2Mhp7MojHFaPvsdj4Y6EfN5KVLsLmhzMpmtP0XeCsm
Iosoo4fBPrIeYefwxcNs
=64Ku
-----END PGP SIGNATURE-----