Bug 1416852 (CVE-2017-3731)

Summary: CVE-2017-3731 openssl: Truncated packet could crash via OOB read
Product: [Other] Security Response Reporter: Andrej Nemec <anemec>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: apmukher, bbaranow, bmaxwell, bmcclain, bugzilla-redhat, cdewolf, cfergeau, chazlett, csutherl, dandread, darran.lofthouse, dblechte, dimitris, dosoudil, eedri, erik-fedora, fgavrilo, fnasser, gzaronik, hasuzuki, huwang, jawilson, jclere, jondruse, jshepherd, kfujii, ktietz, lersek, lgao, lsurette, marcandre.lureau, mbabacek, mgoldboi, michal.skrivanek, msugaya, mturk, myarboro, pgier, pjurak, ppalaga, psakar, pslavice, redhat-bugzilla, rh-spice-bugs, rjones, rnetuka, rstancel, rsvoboda, sardella, slawomir, srevivo, tmraz, twalsh, vtunka, weli, ykaul, yozone
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: openssl 1.0.2k, openssl 1.1.0d Doc Type: If docs needed, set a value
Doc Text:
An integer underflow leading to an out of bounds read flaw was found in OpenSSL. A remote attacker could possibly use this flaw to crash a 32-bit TLS/SSL server or client using OpenSSL if it used the RC4-MD5 cipher suite.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2019-06-08 03:06:24 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1416864, 1416865, 1416866, 1416867, 1417552, 1418964, 1418965, 1418966, 1420893, 1420894    
Bug Blocks: 1416858    

Description Andrej Nemec 2017-01-26 15:35:26 UTC 
If an SSL/TLS server or client is running on a 32-bit host, and a specific
cipher is being used, then a truncated packet can cause that server or client
to perform an out-of-bounds read, usually resulting in a crash.

For Openssl 1.0.2, the crash can be triggered when using RC4-MD5; users who have
not disabled that algorithm should update to 1.0.2k

External References:

https://www.openssl.org/news/secadv/20170126.txt
Comment 1 Tomas Hoger 2017-01-26 15:55:36 UTC 
Upstream commits:

https://git.openssl.org/?p=openssl.git;a=commitdiff;h=2198b3a55de681e1f3c23edb0586afe13f438051
https://git.openssl.org/?p=openssl.git;a=commitdiff;h=8e20499629b6bcf868d0072c7011e590b5c2294d
Comment 2 Andrej Nemec 2017-01-26 16:07:37 UTC 
Created openssl101e tracking bugs for this issue:

Affects: epel-5 [bug 1416866]
Comment 3 Andrej Nemec 2017-01-26 16:08:01 UTC 
Created openssl tracking bugs for this issue:

Affects: fedora-all [bug 1416864]
Comment 4 Andrej Nemec 2017-01-26 16:08:24 UTC 
Created mingw-openssl tracking bugs for this issue:

Affects: fedora-all [bug 1416865]
Affects: epel-7 [bug 1416867]
Comment 9 Tomas Mraz 2017-01-30 10:23:14 UTC 
Also note that for 1.0.1e the upstream fix is insufficient - the check for return value from EVP_CTRL_AEAD_TLS1_AAD has to be added in t1_enc.c.
Comment 10 Tomas Hoger 2017-01-30 10:58:34 UTC 
(In reply to Tomas Mraz from comment #9)
> Also note that for 1.0.1e the upstream fix is insufficient - the check for
> return value from EVP_CTRL_AEAD_TLS1_AAD has to be added in t1_enc.c.

This was added upstream as part of this commit:

https://git.openssl.org/?p=openssl.git;a=commitdiff;h=1a3701f4fe0530a40ec073cd78d02cfcc26c0f8e#patch7
Comment 14 Tomas Hoger 2017-01-31 10:32:55 UTC 
The root cause here is integer underflow, which leads to out of bounds read, possibly resulting in crash.

Upstream advisory lists the following affected use cases:

- When CHACHA20/POLY1305 cipher suites are used.  Those are not supported by openssl packages as shipped with current versions of Red Hat products.

- When RC4-MD5 cipher suite is used.  This cipher is supported and enabled by default.  Problem can be mitigated by disabling this cipher in configuration of an application using OpenSSL (if the application allows that).
Comment 20 errata-xmlrpc 2017-02-20 10:56:54 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6
  Red Hat Enterprise Linux 7

Via RHSA-2017:0286 https://rhn.redhat.com/errata/RHSA-2017-0286.html
Comment 21 errata-xmlrpc 2018-07-12 16:05:20 UTC 
This issue has been addressed in the following products:

  Red Hat JBoss Core Services

Via RHSA-2018:2187 https://access.redhat.com/errata/RHSA-2018:2187
Comment 22 errata-xmlrpc 2018-07-12 16:14:56 UTC 
This issue has been addressed in the following products:

  JBoss Core Services on RHEL 6

Via RHSA-2018:2186 https://access.redhat.com/errata/RHSA-2018:2186
Comment 23 errata-xmlrpc 2018-07-12 16:17:00 UTC 
This issue has been addressed in the following products:

  JBoss Core Services on RHEL 7

Via RHSA-2018:2185 https://access.redhat.com/errata/RHSA-2018:2185