Bug 1127498 (CVE-2014-3509)

Summary: CVE-2014-3509 openssl: race condition in ssl_parse_serverhello_tlsext
Product: [Other] Security Response Reporter: Andrew Griffiths <agriffit>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: abaron, apevec, bmcclain, cdewolf, cfergeau, chrisw, dallan, dandread, darran.lofthouse, dgregor, erik-fedora, fdeutsch, fnasser, gkotton, grocha, huwang, idith, jason.greene, jawilson, jclere, jdoyle, jgreguske, lgao, lhh, lpeer, markmc, mnewsome, myarboro, nlevinki, pslavice, pstehlik, rbryant, rfortier, rhs-bugs, rh-spice-bugs, rjones, rsvoboda, sclewis, srevivo, vtunka, weli, ycui, ykaul
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: openssl 1.0.1i, openssl 1.0.0n Doc Type: Bug Fix
Doc Text:
A race condition was found in the way OpenSSL handled ServerHello messages with an included Supported EC Point Format extension. A malicious server could possibly use this flaw to cause a multi-threaded TLS/SSL client using OpenSSL to write into freed memory, causing the client to crash or execute arbitrary code.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2021-10-20 10:45:14 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1127695, 1127696, 1127697, 1127698, 1127704, 1127705, 1127709, 1128405, 1128406, 1128961, 1181611    
Bug Blocks: 1127468, 1127506    

Description Andrew Griffiths 2014-08-07 01:57:35 UTC 
A race condition was found in the ssl_parse_serverhello_tlsext() code that may result in upto 255 bytes being written to memory that had been free'd if an ec point format extension was sent by the server. This issue only affects multi-threaded clients.
Comment 1 Arun Babu Neelicattu 2014-08-07 05:52:29 UTC 
External References:

https://www.openssl.org/news/secadv_20140806.txt
Comment 3 Tomas Hoger 2014-08-07 07:01:05 UTC 
Upstream commit:
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fb0bc2b273bcc2d5401dd883fe869af4fc74bb21
Comment 4 Tomas Hoger 2014-08-07 08:31:25 UTC 
Affected code that implements support for Supported Point Formats Extension for ECC ciphersuites was originally introduced in the following commit:

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=36ca4ba6

This code was added upstream in version 1.0.0.  Therefore, openssl packages in Red Hat Enterprise Linux 5 and earlier, which are based on upstream version 0.9.8 and earlier, are not affected by this issue.

Additionally, the openssl packages shipped in Red Hat Enterprise Linux 6 prior to update RHBA-2013:1585 released as part of Red Hat Enterprise Linux 6.5 were also not affected, as Elliptic Curve Cryptography (ECC) support was not enabled.
Comment 6 Tomas Hoger 2014-08-07 11:35:07 UTC 
Created openssl tracking bugs for this issue:

Affects: fedora-all [bug 1127704]
Comment 7 Tomas Hoger 2014-08-07 11:35:13 UTC 
Created mingw-openssl tracking bugs for this issue:

Affects: fedora-all [bug 1127705]
Comment 8 Tomas Hoger 2014-08-07 11:40:12 UTC 
Created mingw-openssl tracking bugs for this issue:

Affects: epel-7 [bug 1127709]
Comment 9 Fedora Update System 2014-08-09 07:34:19 UTC 
openssl-1.0.1e-39.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 10 Fedora Update System 2014-08-09 07:35:29 UTC 
openssl-1.0.1e-39.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 12 Martin Prpič 2014-08-12 07:40:16 UTC 
IssueDescription:

A race condition was found in the way OpenSSL handled ServerHello messages with an included Supported EC Point Format extension. A malicious server could possibly use this flaw to cause a multi-threaded TLS/SSL client using OpenSSL to write into freed memory, causing the client to crash or execute arbitrary code.
Comment 13 errata-xmlrpc 2014-08-13 21:33:21 UTC 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6
  Red Hat Enterprise Linux 7

Via RHSA-2014:1052 https://rhn.redhat.com/errata/RHSA-2014-1052.html
Comment 14 errata-xmlrpc 2014-08-14 04:44:52 UTC 
This issue has been addressed in following products:

  Red Hat Storage 2.1

Via RHSA-2014:1054 https://rhn.redhat.com/errata/RHSA-2014-1054.html
Comment 16 errata-xmlrpc 2015-02-11 17:44:14 UTC 
This issue has been addressed in the following products:

  RHEV Manager version 3.5

Via RHSA-2015:0197 https://rhn.redhat.com/errata/RHSA-2015-0197.html