Bug 503685 - (CVE-2009-1386) CVE-2009-1386 openssl: DTLS NULL deref crash on early ChangeCipherSpec request
CVE-2009-1386 openssl: DTLS NULL deref crash on early ChangeCipherSpec request
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
source=redhat,impact=moderate,reporte...
: Security
Depends On: 482112 501667 530522
Blocks:
  Show dependency treegraph
 
Reported: 2009-06-02 04:07 EDT by Tomas Hoger
Modified: 2016-03-04 06:00 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-12-22 10:26:39 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Tomas Hoger 2009-06-02 04:07:08 EDT
A NULL pointer dereference flaw was found in OpenSSL affecting DTLS servers.  If client sent a "change cipher spec" request before server had its session structures initialized properly, it caused server to dereference NULL pointer and crash.

Issue was fixed upstream via following commit:
  http://marc.info/?l=openssl-cvs&m=121866006013233&w=2

This fix was first included in upstream version 0.9.8i.
Comment 2 Tomas Hoger 2009-06-02 04:48:20 EDT
Upstream bug report:
  http://rt.openssl.org/Ticket/Display.html?id=1679&user=guest&pass=guest

Direct link to upstream CVS commit:
  http://cvs.openssl.org/chngview?cn=17369
Comment 4 Tomas Hoger 2009-06-02 05:26:16 EDT
This issue did not affect versions of openssl as shipped in Red Hat Enterprise Linux 3 and 4.

This issue affects openssl version as shipped in Red Hat Enterprise Linux 5 and it will be addressed in the openssl packages update in Red Hat Enterprise Linux 5.4.  There is no update planned before than, as both DTLS specification and OpenSSL's implementation is still in development and unlikely to be used in production environments.  There is no component shipped in Red Hat Enterprise Linux 5 using OpenSSL's DTLS implementation, except for OpenSSL's testing command line client - openssl.
Comment 5 errata-xmlrpc 2009-09-02 07:00:22 EDT
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2009:1335 https://rhn.redhat.com/errata/RHSA-2009-1335.html
Comment 6 errata-xmlrpc 2009-09-02 08:12:02 EDT
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2009:1335 https://rhn.redhat.com/errata/RHSA-2009-1335.html
Comment 7 Vincent Danen 2009-09-18 13:46:01 EDT
This issue doesn't affect Fedora 11, but it does affect Fedora 10 (0.9.8g).  Is it planned to be corrected in Fedora 10?

Note You need to log in before you can comment on or make changes to this bug.