Red Hat Bugzilla – Bug 503685
CVE-2009-1386 openssl: DTLS NULL deref crash on early ChangeCipherSpec request
Last modified: 2016-03-04 06:00:56 EST
A NULL pointer dereference flaw was found in OpenSSL affecting DTLS servers. If client sent a "change cipher spec" request before server had its session structures initialized properly, it caused server to dereference NULL pointer and crash.
Issue was fixed upstream via following commit:
This fix was first included in upstream version 0.9.8i.
Upstream bug report:
Direct link to upstream CVS commit:
This issue did not affect versions of openssl as shipped in Red Hat Enterprise Linux 3 and 4.
This issue affects openssl version as shipped in Red Hat Enterprise Linux 5 and it will be addressed in the openssl packages update in Red Hat Enterprise Linux 5.4. There is no update planned before than, as both DTLS specification and OpenSSL's implementation is still in development and unlikely to be used in production environments. There is no component shipped in Red Hat Enterprise Linux 5 using OpenSSL's DTLS implementation, except for OpenSSL's testing command line client - openssl.
This issue has been addressed in following products:
Red Hat Enterprise Linux 5
Via RHSA-2009:1335 https://rhn.redhat.com/errata/RHSA-2009-1335.html
This issue doesn't affect Fedora 11, but it does affect Fedora 10 (0.9.8g). Is it planned to be corrected in Fedora 10?