Bug 814185 (CVE-2012-2110)

Summary: CVE-2012-2110 openssl: asn1_d2i_read_bio integer errors leading to buffer overflow
Product: [Other] Security Response Reporter: Tomas Hoger <thoger>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: d.busby, djorm, eric.eisenhart, erik-fedora, gbock, jlieskov, jorton, kalevlember, karlamrhein, ktietz, lfarkas, mjc, mvadkert, pasteur, pep, pete.philips, phil, rcvalle, redhat, rjones, shawn.siefkas, skolpatrol, starlight, tmraz, wnefal+redhatbugzilla
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: openssl 0.9.8v, openssl 1.0.0i, openssl 1.0.1a Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-09-25 08:04:23 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 814187, 814188, 814189, 814190, 814191, 814192, 814193, 814194, 814195, 814196, 814197, 814198, 814200, 814201, 814202, 814203, 815672    
Bug Blocks: 813720    

Description Tomas Hoger 2012-04-19 11:09:02 UTC
Quoting Tavis Ormandy's advisory "Incorrect integer conversions in OpenSSL can result in memory corruption.":

  asn1_d2i_read_bio in OpenSSL contains multiple integer errors that can
  cause memory corruption when parsing encoded ASN.1 data. This error can be
  exploited on systems that parse untrusted data, such as X.509 certificates
  or RSA public keys.

Reference:
http://seclists.org/fulldisclosure/2012/Apr/210

Tavis's post also provides link to an upstream advisory, which has not been published yet.  Fixes are not yet available in upstream CVS repository.

http://www.openssl.org/news/secadv_20120419.txt

Comment 4 Tomas Hoger 2012-04-19 11:17:26 UTC
Created mingw32-openssl tracking bugs for this issue

Affects: fedora-all [bug 814203]

Comment 5 Tomas Hoger 2012-04-19 11:17:30 UTC
Created openssl tracking bugs for this issue

Affects: fedora-all [bug 814202]

Comment 6 Tomas Hoger 2012-04-19 12:02:47 UTC
(In reply to comment #0)

> Fixes are not yet available in upstream CVS repository.

Committed now in 0.9.8 and 1.0.0 branches:

http://cvs.openssl.org/chngview?cn=22431
http://cvs.openssl.org/chngview?cn=22434

Comment 7 Tomas Hoger 2012-04-19 12:37:22 UTC
(In reply to comment #6)
> Committed now in 0.9.8 and 1.0.0 branches:
> 
> http://cvs.openssl.org/chngview?cn=22431
> http://cvs.openssl.org/chngview?cn=22434

1.0.1 branch commit:

http://cvs.openssl.org/chngview?cn=22439


Upstream advisory is now available to:

http://www.openssl.org/news/secadv_20120419.txt

  Any application which uses BIO or FILE based functions to read untrusted DER
  format data is vulnerable. Affected functions are of the form d2i_*_bio or
  d2i_*_fp, for example d2i_X509_bio or d2i_PKCS12_fp.

  Applications using the memory based ASN1 functions (d2i_X509, d2i_PKCS12 etc)
  are not affected. In particular the SSL/TLS code of OpenSSL is *not*
  affected.

  Applications only using the PEM routines are not affected.

  S/MIME or CMS applications using the built in MIME parser SMIME_read_PKCS7
  or SMIME_read_CMS *are* affected.

  The OpenSSL command line utility is also affected if used to process
  untrusted data in DER format.

  Note: although an application using the SSL/TLS portions of OpenSSL is not
  automatically affected it might still call a function such as d2i_X509_bio on
  untrusted data and be vulnerable.

Fixed upstream in versions 1.0.1a, 1.0.0i and 0.9.8v.

Comment 8 Tomas Hoger 2012-04-20 08:42:39 UTC
OpenSSH upstream details on how OpenSSH is affected by this OpenSSL issue:
http://marc.info/?l=openssh-unix-dev&m=133483989311217&w=2

Comment 9 Tomas Hoger 2012-04-20 09:41:45 UTC
External Reference:

http://www.openssl.org/news/secadv_20120419.txt

Comment 10 Tomas Hoger 2012-04-20 13:09:52 UTC
Few notes on what is affected by this issue:

Upstream advisory mentions:

  Applications using the memory based ASN1 functions (d2i_X509, d2i_PKCS12 etc)
  are not affected. In particular the SSL/TLS code of OpenSSL is *not*
  affected.

SSL/TLS code is mentioned explicitly as ASN.1 encoded data - server and possibly client X509 certificates - are transferred and parsed during the SSL/TLS handshake.  Those certificates are parsed using d2i_X509 function, which do not lead to a call of the affected asn1_d2i_read_bio function.

SSL/TLS server or client may call the affected function to load certificates or private keys.  Those inputs are usually trusted.  Additionally, applications may only support loading those from PEM encoded files.  Upstream advisory notes PEM routines are unaffected:

  Applications only using the PEM routines are not affected.

Upstream advisory further notes that applications reading S/MIME or CMS files are affected:

  S/MIME or CMS applications using the built in MIME parser SMIME_read_PKCS7
  or SMIME_read_CMS *are* affected.

CMS format is only supported in openssl version in Red Hat Enterprise Linux 6.  Older versions do not have CMS support.

OCSP support in httpd/mod_ssl is affected affected by this issue, as it uses d2i_OCSP_RESPONSE_bio function.  OCSP response read from the network can trigger this issue.  The httpd versions in Red Hat Enterprise Linux 3, 4, 5 and 6 do not include OCSP support.  OCSP support in available in JBoss Enterprise Web Server 1 httpd packages.

Upstream advisory also notes that various openssl command's sub-commands can call affected asn1_d2i_read_bio function:

  The OpenSSL command line utility is also affected if used to process
  untrusted data in DER format.

Comment 11 Joe Orton 2012-04-20 15:53:25 UTC
On the OCSP stapling code: 

http://marc.info/?l=apache-httpd-dev&m=133493590915303

Comment 14 Tomas Hoger 2012-04-24 08:08:41 UTC
Upstream fix as included in 0.9.8v did not completely address this issue in OpenSSL versions 0.9.x.  This problem has now been corrected in 0.9.8w, see bug #815661 / CVE-2012-2131 for details.

OpenSSL versions 1.0.0 and 1.0.1 were not affected by this incomplete fix problem.

Comment 16 Tomas Hoger 2012-04-24 08:31:42 UTC
Created mingw32-openssl tracking bugs for this issue

Affects: epel-5 [bug 815672]

Comment 17 errata-xmlrpc 2012-04-24 19:58:13 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6
  Red Hat Enterprise Linux 5

Via RHSA-2012:0518 https://rhn.redhat.com/errata/RHSA-2012-0518.html

Comment 18 errata-xmlrpc 2012-04-25 12:46:52 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6.0 EUS - Server Only
  Red Hat Enterprise Linux 6.1 EUS - Server Only
  Red Hat Enterprise Linux 3 Extended Lifecycle Support
  Red Hat Enterprise Linux 4 Extended Lifecycle Support
  Red Hat Enterprise Linux 5.3 Long Life
  Red Hat Enterprise Linux 5.6 EUS - Server Only

Via RHSA-2012:0522 https://rhn.redhat.com/errata/RHSA-2012-0522.html

Comment 19 Fedora Update System 2012-04-26 20:07:36 UTC
openssl-1.0.0i-1.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 21 Fedora Update System 2012-04-27 20:49:55 UTC
openssl-1.0.0i-1.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 22 Fedora Update System 2012-05-10 14:15:55 UTC
openssl-1.0.0i-1.fc15 has been pushed to the Fedora 15 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 23 errata-xmlrpc 2012-09-24 16:02:51 UTC
This issue has been addressed in following products:

  JBoss Enterprise Application Platform 6.0.0

Via RHSA-2012:1308 https://rhn.redhat.com/errata/RHSA-2012-1308.html

Comment 24 errata-xmlrpc 2012-09-24 16:03:48 UTC
This issue has been addressed in following products:

  JBoss Enterprise Application Platform 5.1.2

Via RHSA-2012:1307 https://rhn.redhat.com/errata/RHSA-2012-1307.html

Comment 25 errata-xmlrpc 2012-09-24 16:04:57 UTC
This issue has been addressed in following products:

  JBoss Enterprise Web Server 1.0.2

Via RHSA-2012:1306 https://rhn.redhat.com/errata/RHSA-2012-1306.html