Bug 1053725 (CVE-2013-1740) - CVE-2013-1740 nss: false start PR_Recv information disclosure security issue
Summary: CVE-2013-1740 nss: false start PR_Recv information disclosure security issue
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2013-1740
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1032472 1054456 1054457 1101846 1113849 1113853
Blocks: 1054104 1063682
TreeView+ depends on / blocked
 
Reported: 2014-01-15 17:02 UTC by Ratul Gupta
Modified: 2019-09-29 13:12 UTC (History)
7 users (show)

Fixed In Version: nss 3.15.4
Doc Type: Bug Fix
Doc Text:
A flaw was found in the way TLS False Start was implemented in NSS. An attacker could use this flaw to potentially return unencrypted information from the server.
Clone Of:
Environment:
Last Closed: 2014-09-18 03:03:55 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2014:1378 normal SHIPPED_LIVE nss bugfix and enhancement update 2014-10-14 01:06:09 UTC
Red Hat Product Errata RHSA-2014:0917 normal SHIPPED_LIVE Critical: nss and nspr security, bug fix, and enhancement update 2014-07-22 21:59:48 UTC
Red Hat Product Errata RHSA-2014:1246 normal SHIPPED_LIVE Moderate: nss and nspr security, bug fix, and enhancement update 2014-09-16 09:39:01 UTC

Description Ratul Gupta 2014-01-15 17:02:25 UTC
A security issue has been reported in NSS, which can be exploited by a malicious user to disclose certain information.

The issue arises due to an error within the "ssl_Do1stHandshake()" function in lib/ssl/sslsecur.c, which can be exploited to potentially return unencrypted and unauthenticated data from PR_Recv. Successful exploitation requires false start to be enabled.

The issue is said to be fixed in NSS 3.15.4.

References:
https://bugs.gentoo.org/show_bug.cgi?id=498172
https://developer.mozilla.org/en-US/docs/NSS/NSS_3.15.4_release_notes

Upstream bug:
https://bugzilla.mozilla.org/show_bug.cgi?id=919877

Patch:
https://bugzilla.mozilla.org/attachment.cgi?id=825813

Comment 1 Ratul Gupta 2014-01-15 17:06:47 UTC
By default, NSS ships with false start disabled, for which the above patch works and was implemented in NSS 3.15.3.

Comment 4 Vincent Danen 2014-01-16 20:53:14 UTC
The upstream bug noted actually has fixes from another upstream bug [1] which notes the actual upstream commit [2], however the next noted commit [3] may also be required.

[1] https://bugzilla.mozilla.org/show_bug.cgi?id=713933
[2] https://hg.mozilla.org/projects/nss/rev/1b9c43d28713
[3] https://hg.mozilla.org/projects/nss/rev/f28426e944ae

Comment 5 Vincent Danen 2014-01-16 21:02:09 UTC
According to this document, False Start has been implemented in NSS since 3.12.9:

https://technotes.googlecode.com/git/falsestart.html

I'm unable to find any corresponding note or changelog for nss to back it up, however.

Comment 7 Vincent Danen 2014-01-16 21:07:05 UTC
Created nss tracking bugs for this issue:

Affects: fedora-all [bug 1054456]

Comment 8 Elio Maldonado Batiz 2014-01-16 21:49:54 UTC
(In reply to Vincent Danen from comment #5)
> According to this document, False Start has been implemented in NSS since
> 3.12.9:
> 
> https://technotes.googlecode.com/git/falsestart.html
> 
> I'm unable to find any corresponding note or changelog for nss to back it
> up, however.

Vincent, Looking at old cvs history (nss switched from cvs to mercurial last year) I see this commit
----------------------------
revision 1.39
date: 2010/07/30 03:00:16;  author: wtc%google.com;  state: Exp;  lines: +12 -1
Bug 525092: Support TLS false start.  The patch is contributed by Adam
Langley of Google <agl@chromium.org>.  r=wtc.
Modified Files:
	cmd/strsclnt/strsclnt.c cmd/tstclnt/tstclnt.c lib/ssl/ssl.h
	lib/ssl/ssl3con.c lib/ssl/ssl3gthr.c lib/ssl/sslimpl.h
	lib/ssl/sslsecur.c lib/ssl/sslsock.c tests/ssl/sslstress.txt
----------------

See https://bugzilla.mozilla.org/show_bug.cgi?id=525092
This may be what you are looking for.

-Elio

Comment 10 Vincent Danen 2014-01-16 22:39:50 UTC
(In reply to Elio Maldonado Batiz from comment #8)
...
> See https://bugzilla.mozilla.org/show_bug.cgi?id=525092
> This may be what you are looking for.

Thanks, Elio.  That's exactly it.  Last comment in that bug is:

"Patch checked in on the NSS trunk (NSS 3.13) and NSS_3_12_BRANCH
(NSS 3.12.8)."

which is pretty close to the 3.12.9 version I had indicated.  Thanks for that confirmation.

Comment 13 Fedora Update System 2014-01-21 05:50:04 UTC
nss-3.15.4-1.fc20, nss-softokn-3.15.4-1.fc20, nss-util-3.15.4-1.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 18 Fedora Update System 2014-02-04 02:46:44 UTC
nss-3.15.4-1.fc19, nss-softokn-3.15.4-1.fc19, nss-util-3.15.4-1.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 19 Huzaifa S. Sidhpurwala 2014-03-10 09:23:41 UTC
Statement:

(none)

Comment 25 errata-xmlrpc 2014-07-22 18:00:23 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2014:0917 https://rhn.redhat.com/errata/RHSA-2014-0917.html

Comment 26 Martin Prpič 2014-07-28 11:37:01 UTC
IssueDescription:

A flaw was found in the way TLS False Start was implemented in NSS. An attacker could use this flaw to potentially return unencrypted information from the server.

Comment 27 errata-xmlrpc 2014-09-16 05:39:29 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 5

Via RHSA-2014:1246 https://rhn.redhat.com/errata/RHSA-2014-1246.html


Note You need to log in before you can comment on or make changes to this bug.