Secunia

Some vulnerabilities have been reported in OpenSSL, which can be exploited by malicious people to bypass certain security restrictions or cause a DoS (Denial of Service).

1) An error exists in the "ASN1_STRING_print_ex()" function when printing "BMPString" or "UniversalString" strings. This can be exploited to trigger an access to invalid memory and cause a crash via an illegal encoded string length when e.g. printing the contents of a certificate.

2) The "CMS_verify()" function incorrectly handles an error condition when processing malformed signed attributes. This can be exploited to trick an application into considering a malformed set of signed attributes valid and skip further checks.

NOTE: This vulnerability only affects OpenSSL versions 0.9.8h and later with CMS enabled (disabled by default).

Successful exploitation requires access to a previously generated invalid signature.

3) An error when processing malformed ASN1 structures can be exploited to trigger an access to invalid memory and cause a crash via a specially crafted certificate.

NOTE: This vulnerability is only present on platforms where the size of "long" is smaller than the size of "void *" (e.g. WIN64).

The vulnerabilities are reported in versions prior to 0.9.8k.

Solution
Update to version 0.9.8k.

Provided and/or discovered by
1) Reported by the vendor.
2) The vendor credits Ivan Nestlerode of IBM.
3) The vendor credits Paolo Ganci.

Original Advisory
http://www.openssl.org/news/secadv_20090325.txt

Deep Links
Links available in Customer Area