A security vulnerability in the RSA signature verification implementation in the OpenSSL product may incorrectly verify data signed with a forged signature. This will affect applications which make use of OpenSSL to verify RSA signatures. The direct impact to these applications will depend on the way in which this signed data is used.

OpenSSL is shipped with Solaris 10 (see openssl(5)). This library is not shipped with Solaris 9, however, a number of Solaris 9 applications statically link against this library and may be affected by these vulnerabilities. This Sun Alert provides details about the individual patches which should be installed to update the OpenSSL product on Solaris 10 and all potentially impacted Solaris 9 applications.

This issue is also described in the following documents:

• CERT VU#845620 at: http://www.kb.cert.org/vuls/id/845620
• CVE-2006-4339 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339

Note: The issue described in this Sun Alert is specific to the OpenSSL shipped with Solaris. Multiple Sun products are affected by this issue. For more details please see Sun Alert 102648.

These issues can occur with the OpenSSL included in the following applications and releases:

SPARC Platform

• Solaris 9 SSH without patches 113273-14 and 114356-11
• Solaris 9 Packaging utilities without patch 113713-24
• Solaris 10 without patch 121229-02

x86 Platform

• Solaris 9 SSH without patches 114357-10 and 114858-11
• Solaris 9 Packaging utilities without patch 114568-23
• Solaris 10 without patch 121230-02

Note 1: Solaris 8 is not impacted by this issue.

Note 2: Solaris 9 does not ship with OpenSSL libraries which can be used for application linking.

Note 3: The Solaris 9 SSH patches listed above update the OpenSSL library used by SSH to a version that is not impacted by this issue. However, this fix is not required for Solaris 9 systems which have the following patches installed, as the SSH that is contained in those patches does not make use of the impacted code from the OpenSSL library:

• Solaris 9 SPARC patches 112908-24, 113273-11, 114356-07, 117177-02 (or later revisions of these patches)
• Solaris 9 x86 patches 114263-05, 114357-07, 114858-09, 115168-11, 117178-02 (or later revisions of these patches)

Note 4: This issue is only exploitable in cases where keys with certain properties are used. Tools such as openssl(1) (which is shipped with Solaris 10, Solaris 9 does not include a tool which can be used for this purpose) can be used to get the needed properties:

    $ openssl x509 -pubkey -in server.crt -text

If the output contains the following lines, then signatures of this key can be forged:

    Public Key Algorithm: rsaEncryption
    Exponent: 3 (0x3)

For more information about displaying public keys and certificate signature verification, see the openssl(1) manual page on Solaris 10.

As an example of an affected application, Solaris 10 is distributed with the Apache web server. This server can be configured to accept connections with the HTTPS protocol. Since Apache uses OpenSSL for cryptographic operations it may be impacted by this vulnerability under certain circumstances.

To verify that a system running the Apache web server is configured to accept HTTPS connections a command such as the following can be used:

    $ svcprop -p httpd/ssl svc:network/http:apache2

If the above command reports "true" then Apache is configured to accept HTTPS connections.

The following command can be used to check whether a system that is configured to accept HTTPS connections uses certificates for client authentication:

    $ grep SSLVerifyClient /etc/apache2/ssl.conf

If the output contains the following line, then the system is vulnerable:

    SSLVerifyClient require

In such cases, an unprivileged remote user could gain access to restricted documents served by the Apache server. This depends on the type of certificates in use, as described above.

There are no predictable symptoms that would indicate the described issue has been exploited to forge a signature for trusted application data.

Until patches can be applied, sites may wish to disable the verification of RSA signatures or only enable the verification of RSA signatures created with RSA keys that have an exponent other than 3.

Please see the application documentation for instructions on how to disable verification of certificates containing keys with the above mentioned properties.

These issues are addressed in the following releases:

SPARC Platform

• Solaris 9 SSH with patches 113273-14 and 114356-11 or later
• Solaris 9 Packaging utilities with patch 113713-24 or later
• Solaris 10 with patch 121229-02 or later

x86 Platform

• Solaris 9 SSH with patches 114357-10 and 114858-11 or later
• Solaris 9 Packaging utilities with patch 114568-23 or later
• Solaris 10 with patch 121230-02 or later

• State: Resolved
• Updated the Product field
• Updated Contributing Factors and Resolution sections

• Updated the Contributing Factors section

This solution has no attachment