Bug 570924 (CVE-2009-3245) - CVE-2009-3245 openssl: missing bn_wexpand return value checks
Summary: CVE-2009-3245 openssl: missing bn_wexpand return value checks
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2009-3245
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL: http://web.nvd.nist.gov/view/vuln/det...
Whiteboard: impact=important,source=cve,reported=...
Depends On: 560680 560681 573653 573658 574765 574766 574767 577859 583820 659771 1127896
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-03-05 21:04 UTC by Vincent Danen
Modified: 2019-06-08 12:57 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2010-12-13 20:08:43 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2010:0162 normal SHIPPED_LIVE Important: openssl security update 2010-03-25 08:52:22 UTC
Red Hat Product Errata RHSA-2010:0173 normal SHIPPED_LIVE Important: openssl096b security update 2010-03-25 09:58:33 UTC
Red Hat Product Errata RHSA-2010:0440 normal SHIPPED_LIVE Important: rhev-hypervisor security and bug fix update 2010-05-25 20:41:48 UTC
Red Hat Product Errata RHSA-2010:0977 normal SHIPPED_LIVE Moderate: openssl security update 2010-12-13 18:14:58 UTC
Red Hat Product Errata RHSA-2011:0896 normal SHIPPED_LIVE Moderate: JBoss Enterprise Web Server 1.0.2 update 2011-06-22 23:16:28 UTC

Description Vincent Danen 2010-03-05 21:04:13 UTC
Common Vulnerabilities and Exposures assigned an identifier CVE-2009-3245 to
the following vulnerability:

OpenSSL before 0.9.8m does not check for a NULL return value from
bn_wexpand function calls in (1) crypto/bn/bn_div.c, (2)
crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, and (4)
engines/e_ubsec.c, which has unspecified impact and context-dependent
attack vectors.

Upstream bug report:
http://rt.openssl.org/Ticket/Display.html?id=2111&user=guest&pass=guest

References:
http://marc.info/?l=openssl-cvs&m=126692180606861&w=2
http://marc.info/?l=openssl-cvs&m=126692159706582&w=2
http://marc.info/?l=openssl-cvs&m=126692170906712&w=2
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.663049
http://secunia.com/advisories/38761

Comment 2 Tomas Hoger 2010-03-11 10:07:19 UTC
Missing bn_wexpand return value check may cause BIGNUM value to have data buffer of an insufficient size.  If called right after the creation of BIGNUM, data pointer will be NULL, hence leading to NULL pointer deref crashes.  If bn_wexpand is used to expand / reallocate existing BIGNUM, failed malloc will cause d and dmax to be left unchanged.  Depending on the code following bn_wexpand, this can lead to buffer over-reads or over-writes.


First report of the missing bn_wexpand return value check was for and occurrence in crypt/bn/bn_mul.c (see upstream bug report mentioned in comment #0).  Upstream commit:

  http://cvs.openssl.org/chngview?cn=18936

This problem affects openssl packages in Red Hat Enterprise Linux 5.  Older openssl packages in RHEL 3 and RHEL 4 are not affected.


Follow-up report adding few more missing bn_wexpand return value checks:

  http://cvs.openssl.org/chngview?cn=19309

Changes following files:
- crypto/bn/bn_div.c
  - change is in the old and no longer used implementation (inside #if 0
    block), so this is non-issue

- crypto/bn/bn_gf2m.c
  - affected function - BN_GF2m_add - is not used in Red Hat openssl packages
    as they do not have support for Elliptic Curve Public-Key Crypto; this
    function is used by the openssl ECC code
  - affected code does not exist in openssl 0.9.7 in RHEL3 and RHEL4
  - this is exposed via libcrypto

- crypto/ec/ec2_smpl.c
  - ECC code again, not enabled in Red Hat openssl packages

- engines/e_ubsec.c
  - this code implements "UBSEC hardware engine support"
  - limited to NULL pointer deref (bn_wexpand called right after BN_new)
  - affects all openssl versions (crypto/engine/hw_ubsec.c in 0.9.7)


There are no other bn_wexpand calls missing return value check in openssl packages in RHEL 3, 4, or 5 as well as current 1.0.0-beta5 (RHEL 6 / Rawhide).

Comment 3 Tomas Hoger 2010-03-12 16:30:04 UTC
Summary of affected versions:

openssl packages in Red Hat Enterprise Linux 5 are affected by bn_mul.c, bn_gf2m.c (this function is only used by openssl's ECC code, which is not included in Red Hat packages) and e_ubsec.c issues.

openssl packages in Red Hat Enterprise Linux 3 and 4 are only affected by hw_ubsec.c issue (impact is limited to NULL pointer dereferrence and the flaw is hardware engine specific, so low impact on RHEL3 and RHEL4 packages).

Comment 7 Fedora Update System 2010-03-23 07:27:06 UTC
openssl-0.9.8m-1.fc11 has been submitted as an update for Fedora 11.
http://admin.fedoraproject.org/updates/openssl-0.9.8m-1.fc11

Comment 8 errata-xmlrpc 2010-03-25 08:52:25 UTC
This issue has been addressed in openssl packages in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2010:0162 https://rhn.redhat.com/errata/RHSA-2010-0162.html

Comment 9 errata-xmlrpc 2010-03-25 09:58:41 UTC
This issue has been addressed in openssl096b packages in following products:

  Red Hat Enterprise Linux 3
  Red Hat Enterprise Linux 4

Via RHSA-2010:0173 https://rhn.redhat.com/errata/RHSA-2010-0173.html

Comment 10 Fedora Update System 2010-03-25 12:52:56 UTC
openssl-0.9.8n-1.fc11 has been submitted as an update for Fedora 11.
http://admin.fedoraproject.org/updates/openssl-0.9.8n-1.fc11

Comment 11 Tomas Hoger 2010-03-25 13:16:02 UTC
As noted in comment #3, this issue has low security impact on openssl packages in Red Hat Enterprise Linux 3 and 4.  Future openssl updates in those products will address this flaw.

CVSSv2 score for RHEL-3 and RHEL-4 openssl:
  2.6/AV:N/AC:H/Au:N/C:N/I:N/A:P

Comment 15 Fedora Update System 2010-03-30 10:43:53 UTC
openssl-1.0.0-1.fc13 has been submitted as an update for Fedora 13.
http://admin.fedoraproject.org/updates/openssl-1.0.0-1.fc13

Comment 16 Fedora Update System 2010-03-30 12:27:04 UTC
openssl-1.0.0-1.fc12 has been submitted as an update for Fedora 12.
http://admin.fedoraproject.org/updates/openssl-1.0.0-1.fc12

Comment 17 Fedora Update System 2010-04-09 03:42:27 UTC
openssl-1.0.0-1.fc13 has been pushed to the Fedora 13 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 18 Fedora Update System 2010-04-16 23:49:28 UTC
openssl-0.9.8n-1.fc11 has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 21 Fedora Update System 2010-05-18 16:53:23 UTC
openssl-1.0.0-4.fc12 has been submitted as an update for Fedora 12.
http://admin.fedoraproject.org/updates/openssl-1.0.0-4.fc12

Comment 22 Fedora Update System 2010-05-25 18:41:08 UTC
openssl-1.0.0-4.fc12 has been pushed to the Fedora 12 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 23 errata-xmlrpc 2010-05-25 20:41:51 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Virtualization for RHEL-5

Via RHSA-2010:0440 https://rhn.redhat.com/errata/RHSA-2010-0440.html

Comment 25 errata-xmlrpc 2010-12-13 18:15:09 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 4

Via RHSA-2010:0977 https://rhn.redhat.com/errata/RHSA-2010-0977.html

Comment 26 errata-xmlrpc 2011-06-22 23:17:40 UTC
This issue has been addressed in following products:

  JBoss Enterprise Web Server 1.0

Via RHSA-2011:0896 https://rhn.redhat.com/errata/RHSA-2011-0896.html

Comment 27 Mark J. Cox 2011-08-03 10:34:39 UTC
Statement:

(none)


Note You need to log in before you can comment on or make changes to this bug.