Bug 494868 - Invalid ASN1 clearing check vulnerability - (CVE-2009-0789)
Summary: Invalid ASN1 clearing check vulnerability - (CVE-2009-0789)
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: openssl
Version: 4.7
Hardware: x86_64
OS: Linux
low
medium
Target Milestone: rc
: ---
Assignee: Tomas Mraz
QA Contact: BaseOS QE
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-04-08 13:32 UTC by George Deng
Modified: 2009-04-08 13:47 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-04-08 13:47:31 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)

Description George Deng 2009-04-08 13:32:44 UTC
When a malformed ASN1 structure is received, it's contents are freed up and zeroed and an error condition returned. On a small number of platforms where sizeof(long) < sizeof(void *) (for example WIN64) this can cause an invalid memory access later resulting in a crash when some invalid structures are read, for example RSA public keys ). Any OpenSSL application which uses the public key of an untrusted certificate could be crashed by a malformed structure. Including SSL servers, clients, CA and S/MIME software.

Comment 1 Tomas Mraz 2009-04-08 13:47:31 UTC
Red Hat Enterprise Linux 4 (and any other version) does not support any platform where sizeof(long) < sizeof(void *).


Note You need to log in before you can comment on or make changes to this bug.