Bug 492304 - (CVE-2009-0590) CVE-2009-0590 openssl: ASN1 printing crash
CVE-2009-0590 openssl: ASN1 printing crash
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
http://web.nvd.nist.gov/view/vuln/det...
reported=20090325,public=20090325,sou...
: Security
Depends On: 482112 494578 530522 547448 563125 563127 1127896
Blocks:
  Show dependency treegraph
 
Reported: 2009-03-26 08:06 EDT by Mark J. Cox (Product Security)
Modified: 2014-08-07 15:00 EDT (History)
9 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-03-25 05:28:39 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Comment 2 Mark J. Cox (Product Security) 2009-03-26 08:10:41 EDT
Common Vulnerabilities and Exposures assigned an identifier CVE-2009-0590 to
the following vulnerability:

ASN1 printing crash
===================

The function ASN1_STRING_print_ex() when used to print a BMPString or
UniversalString will crash with an invalid memory access if the encoded length
of the string is illegal. (CVE-2009-0590)

Any OpenSSL application which prints out the contents of a certificate could
be affected by this bug, including SSL servers, clients and S/MIME software.

Fixed in 0.9.8k 
http://cvs.openssl.org/chngview?cn=17907
Comment 3 Tomas Hoger 2009-03-30 04:42:44 EDT
Upstream security advisory:
  http://openssl.org/news/secadv_20090325.txt
Comment 4 Tomas Hoger 2009-03-30 04:59:53 EDT
The impact of this flaw is limited to crash of the applications calling affected openssl function.  There are currently no known applications printing untrusted certificates, where application crash would be considered a security issue.

Future opnessl packages updates may address this flaw.
Comment 9 Tomas Hoger 2009-04-07 04:48:33 EDT
This issue may only affect applications using ASN1_STRING_print_ex() (or ASN1_STRING_print_ex_fp(), or ASN1_item_print() calling ASN1_STRING_print_ex()) OpenSSL function to print untrusted inputs (such as values from not verified X509 client certificates).

No application shipped in Red Hat Enterprise Linux uses affected function.  It is only used in sslinfo extension shipped with the recent versions of the PostgreSQL server (contrib module, not enabled by default; only included in postgresql-contrib packages in Red Hat Application Stack 2), where it is used to print information from the client certificate that was previously used to successfully authenticate user's connection (i.e. it has been issued by a trusted CA and hence certificate is trusted).  Additional searches suggest that the function is rarely used by other open source projects not included in any Red Hat product.

There's currently no plan to release an asynchronous security update to address this low-impact issue.  Future OpenSSL packages updates may address this flaw.
Comment 17 errata-xmlrpc 2009-09-02 07:00:26 EDT
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2009:1335 https://rhn.redhat.com/errata/RHSA-2009-1335.html
Comment 29 errata-xmlrpc 2010-03-25 05:15:59 EDT
This issue has been addressed in following products:

  Red Hat Enterprise Linux 3
  Red Hat Enterprise Linux 4

Via RHSA-2010:0163 https://rhn.redhat.com/errata/RHSA-2010-0163.html

Note You need to log in before you can comment on or make changes to this bug.