Bug 1103593 (CVE-2014-0221)

Summary: CVE-2014-0221 openssl: DoS when sending invalid DTLS handshake
Product: [Other] Security Response Reporter: Huzaifa S. Sidhpurwala <huzaifas>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: aavati, abaron, acathrow, aneelica, aortega, apevec, ayoung, bazulay, cdewolf, cfergeau, chazlett, chrisw, cpelland, darran.lofthouse, dblechte, fdeutsch, fnasser, fweimer, gkotton, hkario, huwang, idith, iheim, jawilson, jkurik, jrusnack, kabbott, lgao, lhh, markmc, mdshaikh, mturk, myarboro, nlevinki, pgier, pmatouse, prabhakar_pujeri, pslavice, rbryant, rfortier, rsvoboda, sardella, sclewis, security-response-team, ssaha, tmraz, vbellur, vtunka, weli, yeylon
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: openssl 1.0.1h, openssl 1.0.0m, openssl 0.9.8za Doc Type: Bug Fix
Doc Text:
A denial of service flaw was found in the way OpenSSL handled certain DTLS ServerHello requests. A specially crafted DTLS handshake packet could cause a DTLS client using OpenSSL to crash.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2014-08-14 10:54:29 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1096233, 1096234, 1103604, 1103605, 1103632, 1103633, 1103741, 1104349, 1104350, 1104970, 1104988, 1127831, 1127832, 1127888, 1127889    
Bug Blocks: 1064757, 1103601, 1116304, 1127468    
Attachments:
Description Flags
Upstream patch none

Description Huzaifa S. Sidhpurwala 2014-06-02 07:25:42 UTC 
As per the upstream advisory:

By sending an invalid DTLS handshake to an OpenSSL DTLS client, the code can be made to recurse, eventually crashing in a DoS attack.

Only applications using OpenSSL as a DTLS client are affected.

OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8za
OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0m.
OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1h.
.

Acknowledgements:

Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Imre Rad of Search-Lab as the original reporter of this issue.
Comment 2 Huzaifa S. Sidhpurwala 2014-06-02 08:30:49 UTC 
Created attachment 901374 [details]
Upstream patch
Comment 8 Huzaifa S. Sidhpurwala 2014-06-04 08:51:33 UTC 
Statement:

(none)
Comment 10 Huzaifa S. Sidhpurwala 2014-06-05 11:32:26 UTC 
Fixed upstream in OpenSSL 1.0.1h, 1.0.0m and 0.9.8za.

External References:

https://www.openssl.org/news/secadv_20140605.txt
Comment 11 Huzaifa S. Sidhpurwala 2014-06-05 11:36:51 UTC 
Upstream commits:

OpenSSL-1.0.1:
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=d3152655d5319ce883c8e3ac4b99f8de4c59d846

OpenSSL-0.9.8:
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=de2422affbe24262496f477edeb1c04017907eb4
Comment 12 errata-xmlrpc 2014-06-05 11:54:11 UTC 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2014:0625 https://rhn.redhat.com/errata/RHSA-2014-0625.html
Comment 13 Huzaifa S. Sidhpurwala 2014-06-05 12:13:32 UTC 
Created openssl tracking bugs for this issue:

Affects: fedora-all [bug 1096233]
Comment 14 Huzaifa S. Sidhpurwala 2014-06-05 12:13:38 UTC 
Created mingw-openssl tracking bugs for this issue:

Affects: fedora-all [bug 1096234]
Comment 15 errata-xmlrpc 2014-06-05 12:16:01 UTC 
This issue has been addressed in following products:

  Red Hat Storage 2.1

Via RHSA-2014:0628 https://rhn.redhat.com/errata/RHSA-2014-0628.html
Comment 16 Fedora Update System 2014-06-05 21:53:57 UTC 
openssl-1.0.1e-38.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 17 Fedora Update System 2014-06-05 21:54:53 UTC 
openssl-1.0.1e-38.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 18 errata-xmlrpc 2014-06-10 12:28:22 UTC 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 7

Via RHSA-2014:0679 https://rhn.redhat.com/errata/RHSA-2014-0679.html
Comment 19 Prabhakar Pujeri 2014-06-11 07:44:32 UTC 
is there Errata for RHEL 5.9 ?
Comment 20 Tomas Hoger 2014-06-11 08:27:41 UTC 
(In reply to Prabhakar Pujeri from comment #19)
> is there Errata for RHEL 5.9 ?

Please direct this question to Red Hat Support:
https://access.redhat.com/site/support
Comment 23 Martin Prpič 2014-08-06 08:02:27 UTC 
IssueDescription:

A denial of service flaw was found in the way OpenSSL handled certain DTLS ServerHello requests. A specially crafted DTLS handshake packet could cause a DTLS client using OpenSSL to crash.
Comment 28 errata-xmlrpc 2014-08-06 14:53:02 UTC 
This issue has been addressed in following products:

  JBoss Enterprise Application Platform 6.3.0

Via RHSA-2014:1021 https://rhn.redhat.com/errata/RHSA-2014-1021.html
Comment 30 Tomas Hoger 2014-08-07 18:39:07 UTC 
Created mingw32-openssl tracking bugs for this issue:

Affects: epel-5 [bug 1127888]
Comment 31 errata-xmlrpc 2014-08-13 18:19:00 UTC 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2014:1053 https://rhn.redhat.com/errata/RHSA-2014-1053.html
Comment 32 errata-xmlrpc 2014-08-21 15:32:37 UTC 
This issue has been addressed in following products:

  JBoss Web Server 2.1.0

Via RHSA-2014:1086 https://rhn.redhat.com/errata/RHSA-2014-1086.html