Red Hat Bugzilla – Bug 208744
openssl - patch for CVE-2006-2940 Parasitic Public Keys has issues
Last modified: 2007-11-30 17:07:27 EST
Description of problem:
I cannot reopen bug 207274 so this is filed separately.
There is a trouble with openssl-0.9.7a-cve-2006-2940.patch. For
crypto/dh/dh_key.c is says:
+ if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS)
+ goto err;
but goto target looks like that:
As 'ctx' is not initialized yet if that guard above fires then
various unhealthy operations are tried on a garbage pointer.
Looks like a possible avenue of an attack although I do not have
an exploit. At least a crash is fairly likely.
Instead of 'goto err;' there should be 'return(ret);' in that fragment
of the patch. Another possiblity would be to do 'BN_CTX *ctx=NULL;'
at the function beginning but this does not really buy anything
but two "empty" function calls.
The same problem shows up in FC5 updates and likely in rawhide and
other openssl updated packages as well.
Version-Release number of selected component (if applicable):
May I ask what happens with this issue? This bug report got marked
"urgent" nearly a month ago, openssl-0.9.8b-8 and openssl097a-0.9.7a-9
showed up in rawhide (now FC6) with a correction, but so far nothing
in RHEL or FC5. Well, the status is still ASSIGNED.
Thes issue does indeed affect Red Hat's OpenSSL fix for CVE-2006-2940. We
consider this flaw to be very low severity as based on our security response
team analysis all it can cause is a client crash upon processing a malicious
client certificate. Upstream also class this issue as low severity and although
it is fixed in OpenSSL CVS, no new release was produced to correct this issue.
We plan to address this issue when a future OpenSSL update is needed.
This was fixed in RHEL-4.5 openssl errata.