Bug 208744 - openssl - patch for CVE-2006-2940 Parasitic Public Keys has issues
openssl - patch for CVE-2006-2940 Parasitic Public Keys has issues
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: openssl (Show other bugs)
4.0
All Linux
urgent Severity low
: ---
: ---
Assigned To: Tomas Mraz
Brian Brock
: Security
Depends On:
Blocks: 209116
  Show dependency treegraph
 
Reported: 2006-10-01 10:03 EDT by Michal Jaegermann
Modified: 2007-11-30 17:07 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-07-25 07:25:37 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Michal Jaegermann 2006-10-01 10:03:06 EDT
Description of problem:

I cannot reopen bug 207274 so this is filed separately.

There is a trouble with openssl-0.9.7a-cve-2006-2940.patch. For
crypto/dh/dh_key.c is says:

+       if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS)
+               {
+               DHerr(DH_F_COMPUTE_KEY,DH_R_MODULUS_TOO_LARGE);
+               goto err;
+               }

but goto target looks like that:

err:
        BN_CTX_end(ctx);
        BN_CTX_free(ctx);
        return(ret);

As 'ctx' is not initialized yet if that guard above fires then
various unhealthy operations are tried on a garbage pointer.
Looks like a possible avenue of an attack although I do not have
an exploit.  At least a crash is fairly likely.

Instead of 'goto err;' there should be 'return(ret);' in that fragment
of the patch.  Another possiblity would be to do 'BN_CTX *ctx=NULL;'
at the function beginning but this does not really buy anything
but two "empty" function calls.

The same problem shows up in FC5 updates and likely in rawhide and
other openssl updated packages as well.

Version-Release number of selected component (if applicable):
openssl-0.9.7a-43.14
Comment 1 Michal Jaegermann 2006-10-27 11:16:20 EDT
May I ask what happens with this issue?  This bug report got marked
"urgent" nearly a month ago, openssl-0.9.8b-8 and openssl097a-0.9.7a-9
showed up in rawhide (now FC6) with a correction, but so far nothing
in RHEL or FC5.  Well, the status is still ASSIGNED.
Comment 2 Mark J. Cox (Product Security) 2006-10-27 12:13:58 EDT
Thes issue does indeed affect Red Hat's OpenSSL fix for CVE-2006-2940.  We
consider this flaw to be very low severity as based on our security response
team analysis all it can cause is a client crash upon processing a malicious
client certificate.  Upstream also class this issue as low severity and although
it is fixed in OpenSSL CVS, no new release was produced to correct this issue.

We plan to address this issue when a future OpenSSL update is needed.
Comment 3 Tomas Mraz 2007-07-25 07:25:37 EDT
This was fixed in RHEL-4.5 openssl errata.

Note You need to log in before you can comment on or make changes to this bug.