Bug 209116 - CVE-2006-3738 OpenSSL issues (CVE-2006-4343, CVE-2006-2940, CVE-2006-2937, CVE-2006-4339)
CVE-2006-3738 OpenSSL issues (CVE-2006-4343, CVE-2006-2940, CVE-2006-2937, CV...
Status: CLOSED WONTFIX
Product: Fedora Legacy
Classification: Retired
Component: openssl (Show other bugs)
unspecified
All Linux
high Severity high
: ---
: ---
Assigned To: Fedora Legacy Bugs
impact=important, LEGACY, rh73, rh90,...
: Security
Depends On: 205180 206940 207274 207276 208744
Blocks:
  Show dependency treegraph
 
Reported: 2006-10-03 08:07 EDT by David Eisenstein
Modified: 2006-12-01 19:17 EST (History)
10 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-12-01 19:17:31 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description David Eisenstein 2006-10-03 08:07:35 EDT
+++ This bug was initially created as a clone of Bug #206940, Bug #207274,
    and Bug #207276 +++

     Four CVE issues:
-- Two from Bug #206940

 1) Buffer Overflow:  Tavis Ormandy and Will Drewry of the Google Security
    Team discovered a buffer overflow in SSL_get_shared_ciphers utility
    function, used by some applications such as exim and mysql. An attacker
    could send a list of ciphers that would overrun a buffer.  CVE-2006-3738

 2) Denial of Service:  Tavis Ormandy and Will Drewry of the Google Security
    Team discovered a possible DoS in the sslv2 client code.  Where a client
    application uses OpenSSL to make a SSLv2 connection to a malicious server
    that server could cause the client to crash.  CVE-2006-4343

-- One from Bug #207274

 3)  Parasitic Public Key DoS:  Dr S N Henson of the OpenSSL core team and
     Open Network Security recently developed an ASN1 test suite for NISCC
     (www.niscc.gov.uk). When the test suite was run against OpenSSL a denial
     of service vulnerability was discovered.

     Certain types of public key can take disproportionate amounts of
     time to process. This could be used by an attacker in a denial of
     service attack.  Any code which uses OpenSSL to parse ASN1 data from
     untrusted sources is affected.  This includes SSL servers which enable
     client authentication and S/MIME applications.  CVE-2006-2940

   -- One from Bug #207276

 4)  OpenSSL ASN1 DoS:  Dr S N Henson of the OpenSSL core team and Open
     Network Security recently developed an ASN1 test suite for NISCC
     (www.niscc.gov.uk).  When the test suite was run against OpenSSL 
     a denial of service vulnerability was discovered.

     During the parsing of certain invalid ASN1 structures an error condi-
     tion is mishandled. This can result in an infinite loop which consumes
     system memory.  Any code which uses OpenSSL to parse ASN1 data from
     untrusted sources is affected. This includes SSL servers which enable
     client authentication and S/MIME applications.  CVE-2006-2938

     This issue affects 0.9.7 and 0.9.8 but not 0.9.6 and earlier.

Red Hat has issued RHSA-2006-0695 for these issues.
   <https://rhn.redhat.com/errata/RHSA-2006-0695.html>.
Comment 1 David Eisenstein 2006-10-03 08:44:11 EDT
Michal Jaegermann has proposed .src.rpm package for FC4.  It may work for FC3 as
well.  <ftp://ftp.harddata.com/pub/Legacy_srpms/>.   There was evidently a bug
in one of the patches, but Michal says he has fixed that bug in his 
openssl-0.9.7f-7.10.3mj.src.rpm, and reported that bug to RHEL developer Tomas
Mraz in Bug #207844.

See Michal's post at 
<http://www.redhat.com/archives/fedora-legacy-list/2006-September/msg00036.html>
and following messages.

Pekka Savola indicates in post
<http://www.redhat.com/archives/fedora-legacy-list/2006-September/msg00037.html>
that he has created OpenSSL updates for Red Hat 7.3.

I plan to submit packages for RHL7.3, RHL9, FC3 and FC4 in the next day or two
for peer review (Publish QA) based upon the above good work.  Or, if someone
gets to them before me, please have at it!

Thanks, Guys!

(ps:  Am going ahead and submitting for RHL7.3 and RHL9 because this bug came
out before Legacy's Oct. 1st closure for new bugs to be introduced for those
releases.  Also-- added cc's for the folks to this bug who were involved in the
discussion on the legacy-list.  Hope you don't mind!)
Comment 2 Florian La Roche 2006-10-03 10:04:39 EDT
FYI: The FC5 update for openssl097a-0.9.7a-4.2.2.src.rpm should also just
recompile on FC4 as an official update.

regards,

Florian La Roche
Comment 3 David Eisenstein 2006-10-09 19:05:28 EDT
Thank you, Florian!

There is another issue that this ticket should also fix, CVE-2006-4339:
RSA Signature forgery.  Info from the related RHSA-2006-0661:

"Daniel Bleichenbacher recently described an attack on PKCS #1 v1.5
signatures. Where an RSA key with exponent 3 is used it may be possible
for an attacker to forge a PKCS #1 v1.5 signature that would be incorrectly
verified by implementations that do not check for excess data in the RSA
exponentiation result of the signature.

"The Google Security Team discovered that OpenSSL is vulnerable to this
attack. This issue affects applications that use OpenSSL to verify X.509
certificates as well as other uses of PKCS #1 v1.5. (CVE-2006-4339)"

Also - had a typo on the OpenSSL ASN1 DoS issue.  The CVE number is
CVE-2006-2937, not CVE-2006-2938 as previous mentioned.
Comment 4 Florian La Roche 2006-10-10 01:40:05 EDT
Even better, you can just recompiled the openssl097a rpm from the
FC-development tree on FC4 as a security update.
Also gzip from FC-devel can go in.

I've put some updates for FC4 together at 
http://www.jur-linux.org/rpms/fc-updates/4/

regards,

Florian La Roche
Comment 5 David Eisenstein 2006-10-10 22:27:22 EDT
This is wonderful, Florian!  Thank you ever so much!
Comment 6 David Eisenstein 2006-10-10 22:34:12 EDT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Okay, have built srpm's and compiled openssl for FC4.  The openssl I built
is almost entirely based on Michal Jaegermann's 'openssl-0.9.7f-7.10.3mj.
src.rpm', with no substantial changes.  Thanks Michal!

Still need to do openssl097a for FC4.  I will take FC5's
'openssl097a-0.9.7a-4.2.2.src.rpm', as Florian suggests, to use
for openssl097a for FC4.

Here is the FC4 openssl main package for publish (source) QA:

SHA1SUM                                   Package
=======================================   =============================
http://tinyurl.com/pg9rz/SRPM/
815f9c69b712a8d1aa231f35706606f1de3015a4__openssl-0.9.7f-7.11.legacy.src.rpm


Some binary packages that you can also look at and test.  Unless the .src.rpm
fails publish QA, they will likely be the packages pushed to updates-testing
(signed then by the Fedora Legacy PGP key, not my key).

SHA1SUM                                   Package
=======================================   =============================
http://tinyurl.com/pg9rz/x86_64/
00149f5f5bff76a7ecb0df9842218a3312d1322d__openssl-0.9.7f-7.11.legacy.x86_64.rpm
74d3ba73f6f6ec45fff32b3fb4dfa141aab37b65__openssl-devel-0.9.7f-7.11.legacy.x86_64.rpm
8ef360023a52e9b8db41d0c0fd64511404eeba5a__openssl-perl-0.9.7f-7.11.legacy.x86_64.rpm

http://tinyurl.com/pg9rz/i386/
64d64aca3c8d017d0c5d5961a6955132a04ebcfc__openssl-0.9.7f-7.11.legacy.i386.rpm
194d99fd5bbca1367e98d0ae83407f83ad3c6e89__openssl-devel-0.9.7f-7.11.legacy.i386.rpm
637f9297644136866d8fc5ec47f8f892e33efaf0__openssl-perl-0.9.7f-7.11.legacy.i386.rpm

Changelog:

* Mon Oct  9 2006 David Eisenstein <deisenst@gtw.net> - 0.9.7f.7.11.legacy
- - Incorporate Michal Jaegermann's fixes for CVE-2006-4339, CVE-2006-2937,
  CVE-2006-2940, CVE-2006-3738, and CVE-2006-4343 & rebuild. (#209116)

* Sat Sep 30 2006 Michal Jaegermann <michal@harddata.com> - 0.9.7f-7.10.3mj
- - in openssl-0.9.7a-cve-2006-2940.patch replaced 'goto err;' with
  'return(ret);' as we do not want to attempt to free some random
  junk in case of an early return.

* Fri Sep 29 2006 Michal Jaegermann <michal@harddata.com> - 0.9.7f-7.10.2mj
- - recompile for FC4 with recent security fixes

* Thu Sep 28 2006 Tomas Mraz <tmraz@redhat.com> 0.9.7a-43.14
- - fix CVE-2006-2937 - mishandled error on ASN.1 parsing (#207276)
- - fix CVE-2006-2940 - parasitic public keys DoS (#207274)
- - fix CVE-2006-3738 - buffer overflow in SSL_get_shared_ciphers (#206940)
- - fix CVE-2006-4343 - sslv2 client DoS (#206940)

* Tue Sep  5 2006 Michal Jaegermann <michal@harddata.com> - 0.9.7f-7.10.1mj
- - recompile for FC4 with CVE-2006-4339 fix

* Tue Sep  5 2006 Tomas Mraz <tmraz@redhat.com> 0.9.7a-43.11
- - fix CVE-2006-4339 - prevent attack on PKCS#1 v1.5 signatures (#205180)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFFLFY9xou1V/j9XZwRAqAkAKDdTTphf19J1LO1rW2KMwujI9dAJwCfajgt
gPUafwGVPfPoRF29h693b+0=
=6sq1
-----END PGP SIGNATURE-----
Comment 7 Donald Maner 2006-11-07 20:57:35 EST
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I have created the following SRPMs for openssl:

rh7.3:

f90ac90a823cc3691eda0a0db053bd806d0af5fe 
http://lance.maner.org/openssl095a-0.9.5a-24.7.7.legacy.src.rpm
b372df265cba12108b9a83fed5cad7c46cb9a22d 
http://lance.maner.org/openssl096-0.9.6-25.12.legacy.src.rpm
a52a6830fc0906ec8b3d894cebdd2819c8fe5117 
http://lance.maner.org/openssl-0.9.6b-39.11.legacy.src.rpm

rh9:

c7060919bb84d8573adafb47d07bd848271b6240 
http://lance.maner.org/openssl096-0.9.6-25.13.legacy.src.rpm
8d429b517982e36677cd3b65b68a7d76e28fbeaf 
http://lance.maner.org/openssl096b-0.9.6b-15.4.legacy.src.rpm
b133a985fdceb4ad531afc864eb18d677e0e4550 
http://lance.maner.org/openssl-0.9.7a-20.7.legacy.src.rpm

fc3:

d43e8c2d14eb78a5705dd3f5843c242110c7453b 
http://lance.maner.org/openssl096b-0.9.6b-21.43.legacy.src.rpm
fbf08082a5d80c1138fad543599087ae750a7ede 
http://lance.maner.org/openssl-0.9.7a-42.3.legacy.src.rpm
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQFFUTj9pxMPKJzn2lIRAvS2AJ9xwe1GhuvSPbBVCQVl6yU79tLbUQCgpvfT
B0Ta1ya888IYbvuPpxZKNtc=
=2Vgj
-----END PGP SIGNATURE-----
Comment 8 David Eisenstein 2006-11-12 02:45:39 EST
Thanks a bunch, Donald!  Guess I will build what you have presented here to
push to updates-testing.  I also have created this SRPM, which should complete
what we need for FC-4:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

(In reply to comment #4)
> Even better, you can just recompiled the openssl097a rpm from the
> FC-development tree on FC4 as a security update.
> Also gzip from FC-devel can go in.
> 
> I've put some updates for FC4 together at 
> http://www.jur-linux.org/rpms/fc-updates/4/
> 
> regards,
> 
> Florian La Roche

I looked into the openssl097a from FC-development, and integrated in 
all of the security patches from it into FC4's
openssl097a-0.9.7a-3.1.src.rpm and came up with 
openssl097a-0.9.7a-3.2.src.rpm.  There were a number of changes in
the openssl097a from the FC-development tree that, although they might
be helpful, I didn't feel safe in incorporating in Legacy's backports
for FC4

SRPM for fc4:

03b9d2e560dc2c42047e9de46dfccda5da21c4c5  openssl097a-0.9.7a-3.2.src.rpm

available at:
http://fedoralegacy.org/contrib/openssl/openssl097a-0.9.7a-3.2.src.rpm

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFFVsugxou1V/j9XZwRAkEDAKCd6XwycHiijT0QaVdzdluhdnk84QCePRQm
DWDvHMdmv0ggkNoOLOkebTM=
=hV6V
-----END PGP SIGNATURE-----
Comment 9 David Eisenstein 2006-11-12 03:11:01 EST
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Regarding comment #6, please scratch it.  The packages mentioned there
seem no longer to be available.

Instead, here is the FC4 openssl .src.rpm, signed by my 0x7910794F
PGP signature key:

82f0eb87fdbf6d19e53b25ea2d171ad4e52b0a84  openssl-0.9.7f-7.11.legacy.src.rpm

http://fedoralegacy.org/contrib/openssl/openssl-0.9.7f-7.11.legacy.src.rpm

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFFVtZ1xou1V/j9XZwRAjOvAKCXnoVPBtZ2RMkFXRpj6/yNa2N3twCeNwBH
ts9XwYWlNPOB9ABs2gXHq/s=
=9qa/
-----END PGP SIGNATURE-----
Comment 10 Matthew Miller 2006-11-13 15:17:49 EST
What about FC3? (Should I mark this one as FC4 and clone a new bug for FC3?)
Comment 11 Donald Maner 2006-11-13 15:33:00 EST
See comment #7.  FC3 SRPMs are in there.
Comment 12 Matthew Miller 2006-11-13 15:41:25 EST
Oh, sorry, I'd missed that.
Comment 13 David Eisenstein 2006-11-29 16:20:33 EST
I guess this needs to be pushed to updates-testing?  I am confused.
Jeff Sheltren -- any input?
Comment 14 David Eisenstein 2006-12-01 19:17:31 EST
Process Breakdown.  Abort.  Fedora Legacy is apparently, by consent of those
interested in the project, closed until further notice.

For discussion about this, see
http://www.redhat.com/archives/fedora-legacy-list/2006-November/thread.html#00114
and following...

If you feel that this closing of this bug report is in error, please
respond with a comment in this Bugzilla report, or on the 
<fedora-legacy-list@redhat.com> mailing list.  Thanks.  It *can* be
re-opened.

Note You need to log in before you can comment on or make changes to this bug.