Bug 570924 - (CVE-2009-3245) CVE-2009-3245 openssl: missing bn_wexpand return value checks
CVE-2009-3245 openssl: missing bn_wexpand return value checks
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
high Severity high
: ---
: ---
Assigned To: Red Hat Product Security
http://web.nvd.nist.gov/view/vuln/det...
impact=important,source=cve,reported=...
: Security
Depends On: 560680 560681 573653 573658 574765 574766 574767 577859 583820 659771 1127896
Blocks:
  Show dependency treegraph
 
Reported: 2010-03-05 16:04 EST by Vincent Danen
Modified: 2014-08-07 15:00 EDT (History)
8 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-12-13 15:08:43 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Vincent Danen 2010-03-05 16:04:13 EST
Common Vulnerabilities and Exposures assigned an identifier CVE-2009-3245 to
the following vulnerability:

OpenSSL before 0.9.8m does not check for a NULL return value from
bn_wexpand function calls in (1) crypto/bn/bn_div.c, (2)
crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, and (4)
engines/e_ubsec.c, which has unspecified impact and context-dependent
attack vectors.

Upstream bug report:
http://rt.openssl.org/Ticket/Display.html?id=2111&user=guest&pass=guest

References:
http://marc.info/?l=openssl-cvs&m=126692180606861&w=2
http://marc.info/?l=openssl-cvs&m=126692159706582&w=2
http://marc.info/?l=openssl-cvs&m=126692170906712&w=2
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.663049
http://secunia.com/advisories/38761
Comment 2 Tomas Hoger 2010-03-11 05:07:19 EST
Missing bn_wexpand return value check may cause BIGNUM value to have data buffer of an insufficient size.  If called right after the creation of BIGNUM, data pointer will be NULL, hence leading to NULL pointer deref crashes.  If bn_wexpand is used to expand / reallocate existing BIGNUM, failed malloc will cause d and dmax to be left unchanged.  Depending on the code following bn_wexpand, this can lead to buffer over-reads or over-writes.


First report of the missing bn_wexpand return value check was for and occurrence in crypt/bn/bn_mul.c (see upstream bug report mentioned in comment #0).  Upstream commit:

  http://cvs.openssl.org/chngview?cn=18936

This problem affects openssl packages in Red Hat Enterprise Linux 5.  Older openssl packages in RHEL 3 and RHEL 4 are not affected.


Follow-up report adding few more missing bn_wexpand return value checks:

  http://cvs.openssl.org/chngview?cn=19309

Changes following files:
- crypto/bn/bn_div.c
  - change is in the old and no longer used implementation (inside #if 0
    block), so this is non-issue

- crypto/bn/bn_gf2m.c
  - affected function - BN_GF2m_add - is not used in Red Hat openssl packages
    as they do not have support for Elliptic Curve Public-Key Crypto; this
    function is used by the openssl ECC code
  - affected code does not exist in openssl 0.9.7 in RHEL3 and RHEL4
  - this is exposed via libcrypto

- crypto/ec/ec2_smpl.c
  - ECC code again, not enabled in Red Hat openssl packages

- engines/e_ubsec.c
  - this code implements "UBSEC hardware engine support"
  - limited to NULL pointer deref (bn_wexpand called right after BN_new)
  - affects all openssl versions (crypto/engine/hw_ubsec.c in 0.9.7)


There are no other bn_wexpand calls missing return value check in openssl packages in RHEL 3, 4, or 5 as well as current 1.0.0-beta5 (RHEL 6 / Rawhide).
Comment 3 Tomas Hoger 2010-03-12 11:30:04 EST
Summary of affected versions:

openssl packages in Red Hat Enterprise Linux 5 are affected by bn_mul.c, bn_gf2m.c (this function is only used by openssl's ECC code, which is not included in Red Hat packages) and e_ubsec.c issues.

openssl packages in Red Hat Enterprise Linux 3 and 4 are only affected by hw_ubsec.c issue (impact is limited to NULL pointer dereferrence and the flaw is hardware engine specific, so low impact on RHEL3 and RHEL4 packages).
Comment 7 Fedora Update System 2010-03-23 03:27:06 EDT
openssl-0.9.8m-1.fc11 has been submitted as an update for Fedora 11.
http://admin.fedoraproject.org/updates/openssl-0.9.8m-1.fc11
Comment 8 errata-xmlrpc 2010-03-25 04:52:25 EDT
This issue has been addressed in openssl packages in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2010:0162 https://rhn.redhat.com/errata/RHSA-2010-0162.html
Comment 9 errata-xmlrpc 2010-03-25 05:58:41 EDT
This issue has been addressed in openssl096b packages in following products:

  Red Hat Enterprise Linux 3
  Red Hat Enterprise Linux 4

Via RHSA-2010:0173 https://rhn.redhat.com/errata/RHSA-2010-0173.html
Comment 10 Fedora Update System 2010-03-25 08:52:56 EDT
openssl-0.9.8n-1.fc11 has been submitted as an update for Fedora 11.
http://admin.fedoraproject.org/updates/openssl-0.9.8n-1.fc11
Comment 11 Tomas Hoger 2010-03-25 09:16:02 EDT
As noted in comment #3, this issue has low security impact on openssl packages in Red Hat Enterprise Linux 3 and 4.  Future openssl updates in those products will address this flaw.

CVSSv2 score for RHEL-3 and RHEL-4 openssl:
  2.6/AV:N/AC:H/Au:N/C:N/I:N/A:P
Comment 15 Fedora Update System 2010-03-30 06:43:53 EDT
openssl-1.0.0-1.fc13 has been submitted as an update for Fedora 13.
http://admin.fedoraproject.org/updates/openssl-1.0.0-1.fc13
Comment 16 Fedora Update System 2010-03-30 08:27:04 EDT
openssl-1.0.0-1.fc12 has been submitted as an update for Fedora 12.
http://admin.fedoraproject.org/updates/openssl-1.0.0-1.fc12
Comment 17 Fedora Update System 2010-04-08 23:42:27 EDT
openssl-1.0.0-1.fc13 has been pushed to the Fedora 13 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 18 Fedora Update System 2010-04-16 19:49:28 EDT
openssl-0.9.8n-1.fc11 has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 21 Fedora Update System 2010-05-18 12:53:23 EDT
openssl-1.0.0-4.fc12 has been submitted as an update for Fedora 12.
http://admin.fedoraproject.org/updates/openssl-1.0.0-4.fc12
Comment 22 Fedora Update System 2010-05-25 14:41:08 EDT
openssl-1.0.0-4.fc12 has been pushed to the Fedora 12 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 23 errata-xmlrpc 2010-05-25 16:41:51 EDT
This issue has been addressed in following products:

  Red Hat Enterprise Virtualization for RHEL-5

Via RHSA-2010:0440 https://rhn.redhat.com/errata/RHSA-2010-0440.html
Comment 25 errata-xmlrpc 2010-12-13 13:15:09 EST
This issue has been addressed in following products:

  Red Hat Enterprise Linux 4

Via RHSA-2010:0977 https://rhn.redhat.com/errata/RHSA-2010-0977.html
Comment 26 errata-xmlrpc 2011-06-22 19:17:40 EDT
This issue has been addressed in following products:

  JBoss Enterprise Web Server 1.0

Via RHSA-2011:0896 https://rhn.redhat.com/errata/RHSA-2011-0896.html
Comment 27 Mark J. Cox (Product Security) 2011-08-03 06:34:39 EDT
Statement:

(none)

Note You need to log in before you can comment on or make changes to this bug.