As per: http://tools.ietf.org/html/rfc5077#section-3.3: "The client MUST NOT treat the ticket as valid until it has verified the server's Finished message." This bug affects the case illustrated in figure 2 of RFC 5077, "Message Flow for Abbreviated Handshake Using New Session Ticket," where a NewSessionTicket message is sent during a session resumption, replacing the session ticket for a session already stored in the cache. That session may already be in use by other connections. It appear there are race conditions (TOCTOU, potentially use-after-free) to lack of locking around reads and updates of the sessionTicket field of sslSessionIDStr. For example, these races can happen when thread A is trying to resume a session concurrently with thread B that has already started resuming session that same session, and where thread B has received a NewSessionTicket extension that will cause it to update the sessionTicket field of the sid that thread A is trying to read. This may cause a use-after-free when ssl3_SetSIDSessionTicket calls SECITEM_FreeItem to free the session ticket data when ssl3_SendSessionTicketXtn is trying to read it. There are probably other similar problems. Acknowledgements: Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Brian Smith as the original reporter of this issue.
External References: http://www.mozilla.org/security/announce/2014/mfsa2014-12.html
Upstream advisory MFSA 2014-12 (see comment 1) links the following upstream bug as related to this CVE: https://bugzilla.mozilla.org/show_bug.cgi?id=930874 Upstream bug is currently private, however, the following nss upstream commit references the above upstream bug: http://hg.mozilla.org/projects/nss/rev/f6047eb1d0b8
The upstream bug mentioned in comment #4 is public now. This issue has been resolved in nss-3.15.4. Fedora 19 and Fedora 20 currently ship nss-3.15.5 and therefore is not vulnerable to this issue.
Statement: (none)
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2014:0917 https://rhn.redhat.com/errata/RHSA-2014-0917.html
IssueDescription: A race condition was found in the way NSS implemented session ticket handling as specified by RFC 5077. An attacker could use this flaw to crash an application using NSS or, in rare cases, execute arbitrary code with the privileges of the user running that application.
This issue has been addressed in the following products: Red Hat Enterprise Linux 5 Via RHSA-2014:1246 https://rhn.redhat.com/errata/RHSA-2014-1246.html