Bug 208744 - openssl - patch for CVE-2006-2940 Parasitic Public Keys has issues
Summary: openssl - patch for CVE-2006-2940 Parasitic Public Keys has issues
Alias: None
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: openssl (Show other bugs)
(Show other bugs)
Version: 4.0
Hardware: All Linux
Target Milestone: ---
: ---
Assignee: Tomas Mraz
QA Contact: Brian Brock
Keywords: Security
Depends On:
Blocks: 209116
TreeView+ depends on / blocked
Reported: 2006-10-01 14:03 UTC by Michal Jaegermann
Modified: 2007-11-30 22:07 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-07-25 11:25:37 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Michal Jaegermann 2006-10-01 14:03:06 UTC
Description of problem:

I cannot reopen bug 207274 so this is filed separately.

There is a trouble with openssl-0.9.7a-cve-2006-2940.patch. For
crypto/dh/dh_key.c is says:

+       if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS)
+               {
+               goto err;
+               }

but goto target looks like that:


As 'ctx' is not initialized yet if that guard above fires then
various unhealthy operations are tried on a garbage pointer.
Looks like a possible avenue of an attack although I do not have
an exploit.  At least a crash is fairly likely.

Instead of 'goto err;' there should be 'return(ret);' in that fragment
of the patch.  Another possiblity would be to do 'BN_CTX *ctx=NULL;'
at the function beginning but this does not really buy anything
but two "empty" function calls.

The same problem shows up in FC5 updates and likely in rawhide and
other openssl updated packages as well.

Version-Release number of selected component (if applicable):

Comment 1 Michal Jaegermann 2006-10-27 15:16:20 UTC
May I ask what happens with this issue?  This bug report got marked
"urgent" nearly a month ago, openssl-0.9.8b-8 and openssl097a-0.9.7a-9
showed up in rawhide (now FC6) with a correction, but so far nothing
in RHEL or FC5.  Well, the status is still ASSIGNED.

Comment 2 Mark J. Cox 2006-10-27 16:13:58 UTC
Thes issue does indeed affect Red Hat's OpenSSL fix for CVE-2006-2940.  We
consider this flaw to be very low severity as based on our security response
team analysis all it can cause is a client crash upon processing a malicious
client certificate.  Upstream also class this issue as low severity and although
it is fixed in OpenSSL CVS, no new release was produced to correct this issue.

We plan to address this issue when a future OpenSSL update is needed.

Comment 3 Tomas Mraz 2007-07-25 11:25:37 UTC
This was fixed in RHEL-4.5 openssl errata.

Note You need to log in before you can comment on or make changes to this bug.