Bug 1047840 (CVE-2013-6450)

Summary: CVE-2013-6450 openssl: crash in DTLS renegotiation after packet loss
Product: [Other] Security Response Reporter: Ratul Gupta <ratulg>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: erik-fedora, fnasser, hkario, huwang, jason.greene, jclere, jdoyle, jkurik, ktietz, lfarkas, lgao, myarboro, pcheung, pfrields, rjones, squ, tmraz, weli
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: impact=important,public=20131219,reported=20140102,source=cve,cvss2=5/AV:N/AC:L/Au:N/C:N/I:N/A:P,rhel-3/openssl=notaffected,rhel-4/openssl=notaffected,rhel-5/openssl=notaffected,rhel-5/openssl097a=notaffected,rhel-6/openssl=affected,rhel-6/openssl098e=notaffected,rhel-7/openssl=notaffected,rhel-7/openssl098e=notaffected,eap-5/openssl=notaffected,eap-6/openssl=notaffected,jbews-1/openssl=notaffected,jbews-2/openssl=notaffected,fedora-all/openssl=affected,fedora-all/mingw-openssl=affected,epel-5/mingw32-openssl=notaffected
Fixed In Version: openssl 1.0.1f, openssl 1.0.0l Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-01-31 10:06:20 EST Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Bug Depends On: 1047843, 1047844, 1047845, 1047846, 1047847, 1048277, 1048278    
Bug Blocks: 1045440    

Description Ratul Gupta 2014-01-02 06:10:32 EST
Common Vulnerabilities and Exposures assigned an identifier CVE-2013-6450 to the following vulnerability:

The DTLS retransmission implementation in OpenSSL through 0.9.8y and 1.x through 1.0.1e does not properly maintain data structures for digest and encryption contexts, which might allow man-in-the-middle attackers to trigger the use of a different context by interfering with packet delivery, related to ssl/d1_both.c and ssl/t1_enc.c.

Upstream commit:
Comment 3 Ratul Gupta 2014-01-02 06:15:41 EST
Created mingw32-openssl tracking bugs for this issue:

Affects: epel-5 [bug 1047845]
Comment 4 Ratul Gupta 2014-01-02 06:15:45 EST
Created openssl tracking bugs for this issue:

Affects: fedora-all [bug 1047843]
Comment 5 Ratul Gupta 2014-01-02 06:15:49 EST
Created mingw-openssl tracking bugs for this issue:

Affects: fedora-all [bug 1047844]
Comment 6 Ratul Gupta 2014-01-02 06:39:03 EST
Upstream bug link:
Comment 7 Mark J. Cox 2014-01-03 08:38:51 EST
OpenSSL 0.9.8 is not affected.
Comment 13 Tomas Hoger 2014-01-08 09:03:13 EST
DTLS protocol support is not available in openssl packages in Red Hat Enterprise Linux 4 and earlier.  Red Hat Enterprise Linux 5 uses openssl 0.9.8, which is not affected (see comment 7).


This issue did not affect the versions of openssl as shipped with Red Hat Enterprise Linux 5 and earlier.
Comment 14 errata-xmlrpc 2014-01-08 13:19:32 EST
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2014:0015 https://rhn.redhat.com/errata/RHSA-2014-0015.html
Comment 15 Tomas Hoger 2014-01-08 15:51:31 EST
(In reply to Mark J. Cox (Security Engineering) from comment #7)
> OpenSSL 0.9.8 is not affected.

More details in post from upstream developer:

Comment 17 Fedora Update System 2014-01-10 02:45:27 EST
openssl-1.0.1e-37.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 18 Fedora Update System 2014-01-10 02:58:36 EST
openssl-1.0.1e-37.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 19 Fedora Update System 2014-01-12 00:06:30 EST
openssl-1.0.1e-37.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 21 Vincent Danen 2014-01-31 10:06:20 EST
SUSE was reporting [1] some crashes with a patched openssl, so I wanted to clarify here that they were missing part of the required fix.

In addition to the upstream commit noted in comment #0:


Upstream also indicated [2] that this patch was required:


We have this patch in our openssl-1.0.1e-cve-2013-6450.patch which was applied to Red Hat Enterprise Linux 6's fix, as noted above.

So the problems that SUSE was describing would not affect Red Hat Enterprise Linux 6.

[1] https://bugzilla.novell.com/show_bug.cgi?id=861384
[2] http://rt.openssl.org/Ticket/Display.html?user=guest&pass=guest&id=3214#txn-38658