Bug 1377600 (CVE-2016-6304) - CVE-2016-6304 openssl: OCSP Status Request extension unbounded memory growth
Summary: CVE-2016-6304 openssl: OCSP Status Request extension unbounded memory growth
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2016-6304
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1378410 1378411 1377623 1377624 1377625 1377626 1378408 1378409 1381558 1381559 1381560 1389394 1389395 1389396 1389397 1389398 1429941
Blocks: 1367347 1446026 1457678 1461790 1479475
TreeView+ depends on / blocked
 
Reported: 2016-09-20 08:10 UTC by Tomas Hoger
Modified: 2019-09-29 13:56 UTC (History)
43 users (show)

Fixed In Version: openssl 1.0.1u, openssl 1.0.2i, openssl 1.1.0a
Doc Type: If docs needed, set a value
Doc Text:
A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiation. A remote attacker could cause a TLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory, if it enabled OCSP stapling support.
Clone Of:
Environment:
Last Closed: 2019-06-08 02:58:55 UTC


Attachments (Terms of Use)
OpenSSL upstream fix (2.00 KB, patch)
2016-09-20 08:11 UTC, Tomas Hoger
no flags Details | Diff
OpenSSL upstream fix for 1.1.0 (21.88 KB, patch)
2016-09-20 08:12 UTC, Tomas Hoger
no flags Details | Diff
Updated OpenSSL upstream fix (2.67 KB, patch)
2016-09-21 21:36 UTC, Tomas Hoger
no flags Details | Diff


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2016:1940 normal SHIPPED_LIVE Important: openssl security update 2016-09-27 17:46:00 UTC
Red Hat Knowledge Base (Solution) 2662211 None None None 2016-09-28 00:43:22 UTC
Red Hat Product Errata RHSA-2016:2802 normal SHIPPED_LIVE Important: openssl security update 2016-11-17 18:40:41 UTC
Red Hat Product Errata RHSA-2017:1413 normal SHIPPED_LIVE Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1 for RHEL 7 2017-06-07 21:54:35 UTC
Red Hat Product Errata RHSA-2017:1414 normal SHIPPED_LIVE Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1 for RHEL 6 2017-06-07 21:54:17 UTC
Red Hat Product Errata RHSA-2017:1415 normal SHIPPED_LIVE Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1 2017-06-07 21:43:43 UTC
Red Hat Product Errata RHSA-2017:1658 normal SHIPPED_LIVE Important: Red Hat JBoss Enterprise Application Platform 6.4.16 natives update 2017-06-29 00:20:17 UTC
Red Hat Product Errata RHSA-2017:1659 normal SHIPPED_LIVE Important: Red Hat JBoss Enterprise Application Platform 6.4.16 natives update 2017-06-28 23:59:52 UTC
Red Hat Product Errata RHSA-2017:2493 normal SHIPPED_LIVE Important: Red Hat JBoss Web Server 2 security update 2017-08-21 19:33:48 UTC
Red Hat Product Errata RHSA-2017:2494 normal SHIPPED_LIVE Important: Red Hat JBoss Web Server 2 security update 2017-08-21 19:22:58 UTC

Description Tomas Hoger 2016-09-20 08:10:27 UTC
Quoting form the draft of the OpenSSL upstream advisory:

OCSP Status Request extension unbounded memory growth (CVE-2016-6304)
=====================================================================

Severity: High

A malicious client can send an excessively large OCSP Status Request extension.
If that client continually requests renegotiation, sending a large OCSP Status
Request extension each time, then there will be unbounded memory growth on the
server. This will eventually lead to a Denial Of Service attack through memory
exhaustion. Servers with a default configuration are vulnerable even if they do
not support OCSP. Builds using the "no-ocsp" build time option are not affected.

OpenSSL 1.1.0 users should upgrade to 1.1.0a
OpenSSL 1.0.2 users should upgrade to 1.0.2i
OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 29th August 2016 by Shi Lei (Gear Team,
Qihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL
development team.

Comment 1 Tomas Hoger 2016-09-20 08:10:32 UTC
Acknowledgments:

Name: the OpenSSL project
Upstream: Shi Lei (Gear Team of Qihoo 360 Inc.)

Comment 2 Tomas Hoger 2016-09-20 08:11:57 UTC
Created attachment 1202766 [details]
OpenSSL upstream fix

Comment 3 Tomas Hoger 2016-09-20 08:12:31 UTC
Created attachment 1202768 [details]
OpenSSL upstream fix for 1.1.0

Comment 4 Tomas Hoger 2016-09-20 08:16:05 UTC
This flaw is in the code that handles status_request TLS extension (RFC 4366, RFC 6066).  The support for this extension was introduced upstream in version 0.9.8h, therefore openssl packages in Red Hat Enterprise Linux 5 and earlier were not affected as they did not include the affected code.

Comment 6 Tomas Hoger 2016-09-20 13:22:48 UTC
(In reply to Tomas Hoger from comment #0)
> Servers with a default configuration are vulnerable even if they do
> not support OCSP.

This statement does not apply to older OpenSSL versions.  Previously, parsing of status_request TLS extension only happened if application using OpenSSL provided tlsext_status_cb callback function.  The behaviour changed in response to this upstream bug report:

https://rt.openssl.org/Ticket/Display.html?id=3178&user=guest&pass=guest
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=eb85ee9a8867b605cd7fb427869d0e50caa80a3f

In 1.0.1 branch, this change was introduced in version 1.0.1g. The openssl packages in Red Hat Enterprise Linux 6 and 7 are based on upstream version 1.0.1e and require callback to be set to perform status_request extension parsing.  Therefore, this flaw can only be triggered for applications that explicitly enable OCSP stapling support.

That functionality does not seem to be widely used in server applications using OpenSSL.  Web servers as httpd (2.4) and nginx allow users to enable stapling support, but don't do that by default:

http://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslusestapling
http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_stapling

Comment 7 Tomas Hoger 2016-09-21 21:36:22 UTC
Created attachment 1203520 [details]
Updated OpenSSL upstream fix

Comment 8 Tomas Hoger 2016-09-22 10:58:27 UTC
Public now via upstream advisory.

Upstream commit:

https://git.openssl.org/?p=openssl.git;a=commitdiff;h=2c0d295e26306e15a92eb23a84a1802005c1c137

External Reference:

https://www.openssl.org/news/secadv/20160922.txt

Comment 9 Tomas Hoger 2016-09-22 11:03:52 UTC
Created openssl101e tracking bugs for this issue:

Affects: epel-5 [bug 1378409]

Comment 10 Tomas Hoger 2016-09-22 11:03:58 UTC
Created openssl tracking bugs for this issue:

Affects: fedora-all [bug 1378408]

Comment 11 Tomas Hoger 2016-09-22 11:04:04 UTC
Created mingw-openssl tracking bugs for this issue:

Affects: fedora-all [bug 1378410]
Affects: epel-7 [bug 1378411]

Comment 12 Tomas Hoger 2016-09-22 11:55:13 UTC
Reporter's vulnerability page, including vulnerability logo:

http://security.360.cn/cve/CVE-2016-6304/

Comment 13 Tomas Hoger 2016-09-22 13:22:47 UTC
Statement:

TLS server applications using OpenSSL versions in Red Hat Enterprise Linux 6 and 7 are only affected if they enable OCSP stapling support. Applications not enabling OCSP stapling support are not affected. Few applications implement OCSP stapling support and typically do not enable it by default.

Comment 14 errata-xmlrpc 2016-09-27 13:57:33 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6
  Red Hat Enterprise Linux 7

Via RHSA-2016:1940 https://rhn.redhat.com/errata/RHSA-2016-1940.html

Comment 18 errata-xmlrpc 2016-11-17 13:41:44 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6.2 Advanced Update Support
  Red Hat Enterprise Linux 6.4 Advanced Update Support
  Red Hat Enterprise Linux 6.5 Advanced Update Support
  Red Hat Enterprise Linux 6.5 Telco Extended Update Support
  Red Hat Enterprise Linux 6.6 Advanced Update Support
  Red Hat Enterprise Linux 6.6 Telco Extended Update Support
  Red Hat Enterprise Linux 6.7 Extended Update Support

Via RHSA-2016:2802 https://rhn.redhat.com/errata/RHSA-2016-2802.html

Comment 20 errata-xmlrpc 2017-06-07 17:44:02 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Core Services

Via RHSA-2017:1415 https://access.redhat.com/errata/RHSA-2017:1415

Comment 21 errata-xmlrpc 2017-06-07 17:55:43 UTC
This issue has been addressed in the following products:

  JBoss Core Services on RHEL 6

Via RHSA-2017:1414 https://access.redhat.com/errata/RHSA-2017:1414

Comment 22 errata-xmlrpc 2017-06-07 17:58:26 UTC
This issue has been addressed in the following products:

  JBoss Core Services on RHEL 7

Via RHSA-2017:1413 https://access.redhat.com/errata/RHSA-2017:1413

Comment 24 errata-xmlrpc 2017-06-28 20:02:02 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform

Via RHSA-2017:1659 https://access.redhat.com/errata/RHSA-2017:1659

Comment 25 errata-xmlrpc 2017-06-28 20:21:07 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7
  Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6

Via RHSA-2017:1658 https://access.redhat.com/errata/RHSA-2017:1658

Comment 26 errata-xmlrpc 2017-08-21 15:25:36 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Web Server 2

Via RHSA-2017:2494 https://access.redhat.com/errata/RHSA-2017:2494

Comment 27 errata-xmlrpc 2017-08-21 15:34:26 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Web Server 2 for RHEL 6
  Red Hat JBoss Enterprise Web Server 2 for RHEL 7

Via RHSA-2017:2493 https://access.redhat.com/errata/RHSA-2017:2493


Note You need to log in before you can comment on or make changes to this bug.