Bug 208744

Summary: openssl - patch for CVE-2006-2940 Parasitic Public Keys has issues
Product: Red Hat Enterprise Linux 4 Reporter: Michal Jaegermann <michal>
Component: opensslAssignee: Tomas Mraz <tmraz>
Status: CLOSED ERRATA QA Contact: Brian Brock <bbrock>
Severity: low Docs Contact:
Priority: urgent    
Version: 4.0CC: bugs-redhat, security-response-team
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-07-25 11:25:37 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 209116    

Description Michal Jaegermann 2006-10-01 14:03:06 UTC 
Description of problem:

I cannot reopen bug 207274 so this is filed separately.

There is a trouble with openssl-0.9.7a-cve-2006-2940.patch. For
crypto/dh/dh_key.c is says:

+       if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS)
+               {
+               DHerr(DH_F_COMPUTE_KEY,DH_R_MODULUS_TOO_LARGE);
+               goto err;
+               }

but goto target looks like that:

err:
        BN_CTX_end(ctx);
        BN_CTX_free(ctx);
        return(ret);

As 'ctx' is not initialized yet if that guard above fires then
various unhealthy operations are tried on a garbage pointer.
Looks like a possible avenue of an attack although I do not have
an exploit.  At least a crash is fairly likely.

Instead of 'goto err;' there should be 'return(ret);' in that fragment
of the patch.  Another possiblity would be to do 'BN_CTX *ctx=NULL;'
at the function beginning but this does not really buy anything
but two "empty" function calls.

The same problem shows up in FC5 updates and likely in rawhide and
other openssl updated packages as well.

Version-Release number of selected component (if applicable):
openssl-0.9.7a-43.14
Comment 1 Michal Jaegermann 2006-10-27 15:16:20 UTC 
May I ask what happens with this issue?  This bug report got marked
"urgent" nearly a month ago, openssl-0.9.8b-8 and openssl097a-0.9.7a-9
showed up in rawhide (now FC6) with a correction, but so far nothing
in RHEL or FC5.  Well, the status is still ASSIGNED.
Comment 2 Mark J. Cox 2006-10-27 16:13:58 UTC 
Thes issue does indeed affect Red Hat's OpenSSL fix for CVE-2006-2940.  We
consider this flaw to be very low severity as based on our security response
team analysis all it can cause is a client crash upon processing a malicious
client certificate.  Upstream also class this issue as low severity and although
it is fixed in OpenSSL CVS, no new release was produced to correct this issue.

We plan to address this issue when a future OpenSSL update is needed.
Comment 3 Tomas Mraz 2007-07-25 11:25:37 UTC 
This was fixed in RHEL-4.5 openssl errata.