rhsa-2003_116
Vulnerability from csaf_redhat
Published
2003-03-28 13:43
Modified
2024-11-21 22:43
Summary
Red Hat Security Advisory: apache, openssl security update for Stronghold

Notes

Topic
Updated versions of cross-platform Stronghold 4 are available to fix a number of vulnerabilities in OpenSSL and Apache.
Details
Stronghold 4 contains various open source technologies such as OpenSSL and Apache. A number of issues have been found in versions of these projects: Researchers discovered a timing attack on RSA keys that affects OpenSSL. A local or remote attacker could use this attack to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction and (2) the use of different integer multiplication algorithms (Karatsuba and normal). Stronghold does not enable RSA blinding by default and is, therefore, vulnerable to this attack. The SSL and TLS components for OpenSSL allow remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack. This attack (also known as the Klima-Pokorny-Rosa attack) uses a large number of SSL or TLS connections, using PKCS #1 v1.5 padding, and causes OpenSSL to leak information regarding the relationship between ciphertext and the associated plaintext. Versions of Apache 1.3 before 1.3.25 do not filter terminal escape sequences from access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences. These erratum packages contain a patch provided by the OpenSSL group that enables RSA blinding by default, thereby protecting against the Klima-Pokorny-Rosa attack, and a patch to filter escape sequences from Apache access logs.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.



{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated versions of cross-platform Stronghold 4 are available to fix a\nnumber of vulnerabilities in OpenSSL and Apache.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Stronghold 4 contains various open source technologies such as OpenSSL and\nApache. A number of issues have been found in versions of these projects:\n\nResearchers discovered a timing attack on RSA keys that affects OpenSSL.  \nA local or remote attacker could use this attack to obtain the server\u0027s\nprivate key by determining factors using timing differences on (1) the\nnumber of extra reductions during Montgomery reduction and (2) the use of\ndifferent integer multiplication algorithms (Karatsuba and normal).\nStronghold does not enable RSA blinding by default and is, therefore,\nvulnerable to this attack.\n\nThe SSL and TLS components for OpenSSL allow remote attackers to perform an\nunauthorized RSA private key operation via a modified Bleichenbacher\nattack. This attack (also known as the Klima-Pokorny-Rosa attack) uses a\nlarge number of SSL or TLS connections, using PKCS #1 v1.5 padding, and\ncauses OpenSSL to leak information regarding the relationship between\nciphertext and the associated plaintext.\n\nVersions of Apache 1.3 before 1.3.25 do not filter terminal escape\nsequences from access logs, which could make it easier for attackers to\ninsert those sequences into terminal emulators containing vulnerabilities\nrelated to escape sequences.\n\nThese erratum packages contain a patch provided by the OpenSSL group that\nenables RSA blinding by default, thereby protecting against the\nKlima-Pokorny-Rosa attack, and a patch to filter escape sequences from\nApache access logs.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2003:116",
        "url": "https://access.redhat.com/errata/RHSA-2003:116"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "http://www.openssl.org/news/secadv_20030319.txt",
        "url": "http://www.openssl.org/news/secadv_20030319.txt"
      },
      {
        "category": "external",
        "summary": "http://www.openssl.org/news/secadv_20030317.txt",
        "url": "http://www.openssl.org/news/secadv_20030317.txt"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2003/rhsa-2003_116.json"
      }
    ],
    "title": "Red Hat Security Advisory: apache, openssl security update for Stronghold",
    "tracking": {
      "current_release_date": "2024-11-21T22:43:00+00:00",
      "generator": {
        "date": "2024-11-21T22:43:00+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2003:116",
      "initial_release_date": "2003-03-28T13:43:00+00:00",
      "revision_history": [
        {
          "date": "2003-03-28T13:43:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2003-03-28T00:00:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-21T22:43:00+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Stronghold 4",
                "product": {
                  "name": "Red Hat Stronghold 4",
                  "product_id": "Red Hat Stronghold 4",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:stronghold:4"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Stronghold Cross Platform"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2003-0083",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1616961"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Stronghold 4"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2003-0083"
        },
        {
          "category": "external",
          "summary": "RHBZ#1616961",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616961"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2003-0083",
          "url": "https://www.cve.org/CVERecord?id=CVE-2003-0083"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0083",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0083"
        }
      ],
      "release_date": "2003-02-24T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2003-03-28T13:43:00+00:00",
          "details": "Fixed Stronghold 4 packages are now available via the update agent service; run\n\n$ bin/agent\n\nfrom the Stronghold 4 install root to upgrade an existing Stronghold 4\ninstallation to the new package versions. After upgrading Stronghold, the\nserver must be completely restarted by running the following commands from\nthe install root:\n\n$ bin/stop-server\n$ bin/start-server\n\nFor more information on how to upgrade between releases of Stronghold 4,\nsee http://stronghold.redhat.com/support/upgrade-sh4",
          "product_ids": [
            "Red Hat Stronghold 4"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2003:116"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2003-0131",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1616975"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses a large number of SSL or TLS connections using PKCS #1 v1.5 padding that cause OpenSSL to leak information regarding the relationship between ciphertext and the associated plaintext, aka the \"Klima-Pokorny-Rosa attack.\"",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Enterprise Linux 4 and 5 are not vulnerable to this issue as they both contain a backported patch.",
          "title": "Statement"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Stronghold 4"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2003-0131"
        },
        {
          "category": "external",
          "summary": "RHBZ#1616975",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616975"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2003-0131",
          "url": "https://www.cve.org/CVERecord?id=CVE-2003-0131"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0131",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0131"
        }
      ],
      "release_date": "2003-03-19T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2003-03-28T13:43:00+00:00",
          "details": "Fixed Stronghold 4 packages are now available via the update agent service; run\n\n$ bin/agent\n\nfrom the Stronghold 4 install root to upgrade an existing Stronghold 4\ninstallation to the new package versions. After upgrading Stronghold, the\nserver must be completely restarted by running the following commands from\nthe install root:\n\n$ bin/stop-server\n$ bin/start-server\n\nFor more information on how to upgrade between releases of Stronghold 4,\nsee http://stronghold.redhat.com/support/upgrade-sh4",
          "product_ids": [
            "Red Hat Stronghold 4"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2003:116"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2003-0147",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1616986"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server\u0027s private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms (\"Karatsuba\" and normal).",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.",
          "title": "Statement"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Stronghold 4"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2003-0147"
        },
        {
          "category": "external",
          "summary": "RHBZ#1616986",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616986"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2003-0147",
          "url": "https://www.cve.org/CVERecord?id=CVE-2003-0147"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0147",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0147"
        }
      ],
      "release_date": "2003-03-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2003-03-28T13:43:00+00:00",
          "details": "Fixed Stronghold 4 packages are now available via the update agent service; run\n\n$ bin/agent\n\nfrom the Stronghold 4 install root to upgrade an existing Stronghold 4\ninstallation to the new package versions. After upgrading Stronghold, the\nserver must be completely restarted by running the following commands from\nthe install root:\n\n$ bin/stop-server\n$ bin/start-server\n\nFor more information on how to upgrade between releases of Stronghold 4,\nsee http://stronghold.redhat.com/support/upgrade-sh4",
          "product_ids": [
            "Red Hat Stronghold 4"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2003:116"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "security flaw"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.