Bug 1331402 (CVE-2016-2108) - CVE-2016-2108 openssl: Memory corruption in the ASN.1 encoder
Summary: CVE-2016-2108 openssl: Memory corruption in the ASN.1 encoder
Status: CLOSED ERRATA
Alias: CVE-2016-2108
Product: Security Response
Classification: Other
Component: vulnerability   
(Show other bugs)
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=important,public=20160503,repo...
Keywords: Security
Depends On: 1331569 1331570 1331865 1331866 1332398 1332399 1332588 1332589 1332590 1332591 1335811 1337157 1337158 1366994
Blocks: 1330106 1395463
TreeView+ depends on / blocked
 
Reported: 2016-04-28 13:14 UTC by Tomas Hoger
Modified: 2017-03-08 03:46 UTC (History)
52 users (show)

Fixed In Version: openssl 1.0.1o, openssl 1.0.2c
Doc Type: Bug Fix
Doc Text:
A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an application compiled against the OpenSSL library.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2017-02-22 12:28:42 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
OpenSSL upstream fix for the second issue (10.82 KB, patch)
2016-04-28 13:17 UTC, Tomas Hoger
no flags Details | Diff


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2016:0722 normal SHIPPED_LIVE Important: openssl security update 2016-05-09 13:28:24 UTC
Red Hat Product Errata RHSA-2016:0996 normal SHIPPED_LIVE Important: openssl security update 2016-05-10 08:18:56 UTC
Red Hat Product Errata RHSA-2016:1137 normal SHIPPED_LIVE Important: openssl security update 2016-05-31 09:56:24 UTC
Red Hat Product Errata RHSA-2016:2056 normal SHIPPED_LIVE Important: Red Hat JBoss Enterprise Application Platform 6.4.10 update 2016-10-12 20:57:34 UTC
Red Hat Product Errata RHSA-2016:2073 normal SHIPPED_LIVE Important: openssl security update 2016-10-18 11:08:06 UTC
Red Hat Product Errata RHSA-2016:2957 normal SHIPPED_LIVE Important: Red Hat JBoss Core Services Apache HTTP 2.4.23 Release 2016-12-16 03:11:19 UTC
Red Hat Product Errata RHSA-2017:0193 normal SHIPPED_LIVE Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Release on RHEL 6 2017-01-26 01:05:09 UTC
Red Hat Product Errata RHSA-2017:0194 normal SHIPPED_LIVE Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Release on RHEL 7 2017-01-26 01:04:50 UTC
Red Hat Knowledge Base (Solution) 2298211 None None None 2016-05-05 23:21 UTC

Description Tomas Hoger 2016-04-28 13:14:05 UTC
Quoting form the draft of OpenSSL upstream advisory:

Memory corruption in the ASN.1 encoder (CVE-2016-2108)
======================================================

Severity: High

This issue affected versions of OpenSSL prior to April 2015. The bug
causing the vulnerability was fixed on April 18th 2015, and released
as part of the June 11th 2015 security releases. The security impact
of the bug was not known at the time.

In previous versions of OpenSSL, ASN.1 encoding the value zero
represented as a negative integer can cause a buffer underflow
with an out-of-bounds write in i2c_ASN1_INTEGER. The ASN.1 parser does
not normally create "negative zeroes" when parsing ASN.1 input, and
therefore, an attacker cannot trigger this bug.

However, a second, independent bug revealed that the ASN.1 parser
(specifically, d2i_ASN1_TYPE) can misinterpret a large universal tag
as a negative zero value. Large universal tags are not present in any
common ASN.1 structures (such as X509) but are accepted as part of ANY
structures.

Therefore, if an application deserializes untrusted ASN.1 structures
containing an ANY field, and later reserializes them, an attacker may
be able to trigger an out-of-bounds write. This has been shown to
cause memory corruption that is potentially exploitable with some
malloc implementations.

Applications that parse and re-encode X509 certificates are known to
be vulnerable. Applications that verify RSA signatures on X509
certificates may also be vulnerable; however, only certificates with
valid signatures trigger ASN.1 re-encoding and hence the
bug. Specifically, since OpenSSL's default TLS X509 chain verification
code verifies the certificate chain from root to leaf, TLS handshakes
could only be targeted with valid certificates issued by trusted
Certification Authorities.

OpenSSL 1.0.2 users should upgrade to 1.0.2c
OpenSSL 1.0.1 users should upgrade to 1.0.1o

This vulnerability is a combination of two bugs, neither of which
individually has security impact. The first bug (mishandling of
negative zero integers) was reported to OpenSSL by Huzaifa Sidhpurwala
(Red Hat) and independently by Hanno Böck in April 2015. The second
issue (mishandling of large universal tags) was found using libFuzzer,
and reported on the public issue tracker on March 1st 2016. The fact
that these two issues combined present a security vulnerability was
reported by David Benjamin (Google) on March 31st 2016. The fixes were
developed by Steve Henson of the OpenSSL development team, and David
Benjamin.  The OpenSSL team would also like to thank Mark Brand and
Ian Beer from the Google Project Zero team for their careful analysis
of the impact.

The fix for the "negative zero" memory corruption bug can be
identified by commits

3661bb4e7934668bd99ca777ea8b30eedfafa871 (1.0.2)
and
32d3b0f52f77ce86d53f38685336668d47c5bdfe (1.0.1)

End of quote.


Links to the mentioned commits correcting the "negative zero" memory corruption bug:

1.0.2: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=3661bb4e7934668bd99ca777ea8b30eedfafa871
1.0.1: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=32d3b0f52f77ce86d53f38685336668d47c5bdfe

The report of the additional problem - mishandling of large universal tags:

https://rt.openssl.org/Ticket/Display.html?id=4364&user=guest&pass=guest

Includes proposed fix and the matching fix that was applied to BoringSSL:

https://boringssl.googlesource.com/boringssl/+/fb2c6f8c8565e1e2d85c24408050c96521acbcdc%5E!/

Comment 1 Tomas Hoger 2016-04-28 13:14:27 UTC
Acknowledgments:

Name: the OpenSSL project
Upstream: Huzaifa Sidhpurwala (Red Hat), Hanno Böck, David Benjamin (Google)

Comment 2 Tomas Hoger 2016-04-28 13:17 UTC
Created attachment 1151879 [details]
OpenSSL upstream fix for the second issue

Comment 12 Martin Prpič 2016-05-03 14:19:14 UTC
External References:

https://openssl.org/news/secadv/20160503.txt

Comment 13 Martin Prpič 2016-05-03 14:27:45 UTC
Created openssl101e tracking bugs for this issue:

Affects: epel-5 [bug 1332590]

Comment 14 Martin Prpič 2016-05-03 14:27:57 UTC
Created openssl tracking bugs for this issue:

Affects: fedora-all [bug 1332588]

Comment 15 Martin Prpič 2016-05-03 14:28:08 UTC
Created mingw-openssl tracking bugs for this issue:

Affects: fedora-all [bug 1332589]
Affects: epel-7 [bug 1332591]

Comment 16 Tomas Hoger 2016-05-04 13:32:18 UTC
The additional upstream commit preventing creation of structures for negative zero:

https://git.openssl.org/?p=openssl.git;a=commitdiff;h=f5da52e308a6aeea6d5f3df98c4da295d7e9cc27

Comment 17 Fedora Update System 2016-05-04 18:51:43 UTC
openssl-1.0.2h-1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.

Comment 18 Mike Parkin 2016-05-05 07:59:53 UTC
Given that I am not familiar with every library/program that links to openssl on my server, do I need to consider a reboot after upgrading openssl (because an old version might be kept in memory) or is this taken care of by the operating system for me.

If so can anyone point to some documentation that explains how this works please?

Comment 19 Tomas Hoger 2016-05-05 08:15:17 UTC
Bugzilla is not a support tool.  Please contact Red Hat Support with questions as the one above.  The following page lists multiple way to reach our Support:

https://access.redhat.com/support/

Comment 20 Fedora Update System 2016-05-07 11:38:53 UTC
openssl-1.0.2h-1.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.

Comment 21 errata-xmlrpc 2016-05-09 09:29:10 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2016:0722 https://rhn.redhat.com/errata/RHSA-2016-0722.html

Comment 22 errata-xmlrpc 2016-05-10 04:20:46 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2016:0996 https://rhn.redhat.com/errata/RHSA-2016-0996.html

Comment 26 Fedora Update System 2016-05-10 17:52:20 UTC
openssl-1.0.1k-15.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.

Comment 30 Fedora Update System 2016-05-27 23:16:58 UTC
openssl101e-1.0.1e-8.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report.

Comment 31 errata-xmlrpc 2016-05-31 05:58:13 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 5

Via RHSA-2016:1137 https://access.redhat.com/errata/RHSA-2016:1137

Comment 33 errata-xmlrpc 2016-10-12 17:00:38 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 6.4.10

Via RHSA-2016:2056 https://rhn.redhat.com/errata/RHSA-2016-2056.html

Comment 34 errata-xmlrpc 2016-10-12 17:09:03 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7

Via RHSA-2016:2054 https://rhn.redhat.com/errata/RHSA-2016-2054.html

Comment 35 errata-xmlrpc 2016-10-12 17:19:51 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6

Via RHSA-2016:2055 https://rhn.redhat.com/errata/RHSA-2016-2055.html

Comment 38 errata-xmlrpc 2016-10-18 07:09:08 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6.7 Extended Update Support

Via RHSA-2016:2073 https://rhn.redhat.com/errata/RHSA-2016-2073.html

Comment 42 errata-xmlrpc 2016-12-15 22:17:15 UTC
This issue has been addressed in the following products:



Via RHSA-2016:2957 https://rhn.redhat.com/errata/RHSA-2016-2957.html

Comment 43 errata-xmlrpc 2017-01-25 20:05:30 UTC
This issue has been addressed in the following products:

  JBoss Core Services on RHEL 7

Via RHSA-2017:0194 https://access.redhat.com/errata/RHSA-2017:0194

Comment 44 errata-xmlrpc 2017-01-25 20:07:01 UTC
This issue has been addressed in the following products:

  JBoss Core Services on RHEL 6

Via RHSA-2017:0193 https://access.redhat.com/errata/RHSA-2017:0193


Note You need to log in before you can comment on or make changes to this bug.