Bug 479650 - (CVE-2009-0124) CVE-2009-0124 tqsllib: OpenSSL incorrect checks for malformed signatures
CVE-2009-0124 tqsllib: OpenSSL incorrect checks for malformed signatures
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
high Severity high
: ---
: ---
Assigned To: Red Hat Product Security
http://bugs.debian.org/cgi-bin/bugrep...
reported=20090112,public=20090111,imp...
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2009-01-12 06:15 EST by Jan Lieskovsky
Modified: 2014-05-02 12:57 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-05-02 12:57:00 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Jan Lieskovsky 2009-01-12 06:15:54 EST
The TrustedQSL library incorrectly checked the result after
calling the EVP_VerifyFinal function, allowing a malformed signature
to be treated as a good signature rather than as an error.

Proposed patch:
- if (!EVP_VerifyFinal(&ctx, sig, slen, TQSL_API_TO_CERT(cert)->key)) {
+ if (EVP_VerifyFinal(&ctx, sig, slen, TQSL_API_TO_CERT(cert)->key) <= 0) {

References:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511509
Comment 1 Jan Lieskovsky 2009-01-12 06:17:21 EST
This issue is related with recent OpenSSL's CVE-2008-5077 flaw.

This issue affects all versions of the tqsllib package, as shipped
with Fedora releases of 9, 10 and devel.

Please fix.
Comment 2 Fedora Update System 2009-01-12 12:07:42 EST
tqsllib-2.0-5.fc10 has been submitted as an update for Fedora 10.
http://admin.fedoraproject.org/updates/tqsllib-2.0-5.fc10
Comment 3 Fedora Update System 2009-01-12 12:08:30 EST
tqsllib-2.0-5.fc9 has been submitted as an update for Fedora 9.
http://admin.fedoraproject.org/updates/tqsllib-2.0-5.fc9
Comment 4 Lucian Langa 2009-01-12 12:10:11 EST
Thanks for the report.
Comment 5 Fedora Update System 2009-01-14 21:55:44 EST
tqsllib-2.0-5.fc10 has been pushed to the Fedora 10 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 6 Fedora Update System 2009-01-14 22:07:24 EST
tqsllib-2.0-5.fc9 has been pushed to the Fedora 9 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 7 Jan Lieskovsky 2009-01-16 09:01:02 EST
Common Vulnerabilities and Exposures assigned an identifier CVE-2009-0124 to
the following vulnerability:

The tqsl_verifyDataBlock function in openssl_cert.cpp in American
Radio Relay League (ARRL) tqsllib 2.0 does not properly check the
return value from the OpenSSL EVP_VerifyFinal function, which allows
remote attackers to bypass validation of the certificate chain via a
malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0124
http://openwall.com/lists/oss-security/2009/01/12/4

Note You need to log in before you can comment on or make changes to this bug.