Updated (13:45 3/18 GMT): OpenSSL DoS Vulnerability, New Bagel Variants

Updated (13:45 3/18 GMT): OpenSSL DoS Vulnerability, New Bagel Variants
OpenSSL DoS Vulnerability ------------------------------------------------------ The OpenSSL Project announced today that there is a null pointer assignment flaw in all versions of OpenSSL from 0.9.6c to 0.9.6l inclusive and from 0.9.7a to 0.9.7c inclusive. A specifically crafted SSL/TLS handshake could cause OpenSSL to crash. This could lead to a DoS against whatever application uses OpenSSL. Because many devices/servers/systems use OpenSSL, this is a potential issue for many sites. Because of the nature of the vulnerability, there is not a means of using this for an exploit beyond a DoS, but it is important to be aware of this issue and patch affected installations as quickly as possible. The OpenSSL Project announcement: http://www.openssl.org/news/secadv_20040317.txt Various vendor announcements (updated as they are available): http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml https://rhn.redhat.com/errata/RHSA-2004-121.html http://www.openbsd.net/errata.html#openssl ------------------------------------------------------ New Bagel Variants New Bagel variants, Q, R, S, and T are currently in the wild, with at least variant Q having been given a "Medium" threat level by Trend Micro. (At the time of this update, R, S, and T are being analyzed.) The Q variant uses a known vulnerability in Microsoft Outlook (Object Tag Vulnerability in Popup Window) as one means of propagation. The malware creates an email message which triggers the Outlook vulnerability to automatically download a malicious HTML file which drops a Visual Basic Script file in the Windows system folder. This VBS file then downloads the actual Bagel executable. The malware may also spread itself via the more standard "click me" attachment on an email. The interesting twist here is that this variant sets the infected machine up as a server for subsequent downloads of the malicious code on TCP port 81. Should be an interesting day... More info: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=PE_BAGLE.Q http://vil.nai.com/vil/content/v_101108.htm http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.r@mm.html (note: I think that's Symantec's equivalent...) Info on the Object Tag Vulnerability in Popup Window from MS: http://www.microsoft.com/technet/security/bulletin/MS03-040.mspx ------------------------------------------------------ Handler on Duty: Tom Liston - ( http://www.labreatechnologies.com )	Tom 160 Posts ISC Handler
Subscribe	Mar 18th 2004 1 decade ago