Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 1152953 - (CVE-2014-3513) CVE-2014-3513 openssl: SRTP memory leak causes crash when using specially-crafted handshake message
CVE-2014-3513 openssl: SRTP memory leak causes crash when using specially-cra...
Status: NEW
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
high Severity high
: ---
: ---
Assigned To: Red Hat Product Security
impact=important,public=20141015,repo...
: Security
Depends On: 1152854 1152855 1152856 1152857 1154551
Blocks: 1152790 1155552
  Show dependency treegraph
 
Reported: 2014-10-15 05:27 EDT by Huzaifa S. Sidhpurwala
Modified: 2018-07-18 10:32 EDT (History)
35 users (show)

See Also:
Fixed In Version: openssl 1.0.1j
Doc Type: Bug Fix
Doc Text:
A memory leak flaw was found in the way OpenSSL parsed the DTLS Secure Real-time Transport Protocol (SRTP) extension data. A remote attacker could send multiple specially crafted handshake messages to exhaust all available memory of an SSL/TLS or DTLS server.
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2014:1652 normal SHIPPED_LIVE Important: openssl security update 2014-10-16 14:59:13 EDT
Red Hat Product Errata RHSA-2014:1692 normal SHIPPED_LIVE Important: openssl security update 2014-10-22 17:15:52 EDT

  None (edit)
Description Huzaifa S. Sidhpurwala 2014-10-15 05:27:43 EDT 
OpenSSL upstream reported the following security flaw:

A flaw in the DTLS SRTP extension parsing code allows an attacker, who sends a carefully crafted handshake message, to cause OpenSSL to fail to free up to 64k of memory causing a memory leak. This could be exploited in a Denial Of Service attack. This issue affects OpenSSL 1.0.1 server implementations for both SSL/TLS and DTLS regardless of whether SRTP is used or configured. Implementations of OpenSSL that have been compiled with OPENSSL_NO_SRTP defined are not affected.

OpenSSL 1.0.1 users should upgrade to 1.0.1j.

This issue was reported to OpenSSL on 26th September 2014, based on an original issue and patch developed by the LibreSSL project. Further analysis of the issue was performed by the OpenSSL team.

The fix was developed by the OpenSSL team.

External Reference:

https://www.openssl.org/news/secadv_20141015.txt
Comment 2 Huzaifa S. Sidhpurwala 2014-10-15 10:04:59 EDT 
Upstream patch:

OpenSSL-1.0.1:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=2b0532f3984324ebe1236a63d15893792384328d
Comment 3 Martin Prpič 2014-10-15 12:29:05 EDT 
IssueDescription:

A memory leak flaw was found in the way OpenSSL parsed the DTLS Secure Real-time Transport Protocol (SRTP) extension data. A remote attacker could send multiple specially crafted handshake messages to exhaust all available memory of an SSL/TLS or DTLS server.
Comment 4 Tomas Hoger 2014-10-15 15:44:09 EDT 
Fixed upstream in OpenSSL version 1.0.1j:

https://www.openssl.org/news/secadv_20141015.txt
Comment 7 Arun Babu Neelicattu 2014-10-16 00:46:16 EDT 
Statement:

This issue did not affect the versions of OpenSSL as shipped with Red Hat Enterprise Linux 5, Red Hat JBoss Enterprise Application Platform 5 and 6, and Red Hat Enterprise JBoss Enterprise Web Server 1 and 2.
Comment 8 errata-xmlrpc 2014-10-16 11:00:06 EDT 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6
  Red Hat Enterprise Linux 7

Via RHSA-2014:1652 https://rhn.redhat.com/errata/RHSA-2014-1652.html
Comment 11 errata-xmlrpc 2014-10-22 13:16:50 EDT 
This issue has been addressed in the following products:

  Red Hat Storage 2.1

Via RHSA-2014:1692 https://rhn.redhat.com/errata/RHSA-2014-1692.html
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.