Bug 591188 - Please apply fix for GNUTLS-SA-2006-2.
Summary: Please apply fix for GNUTLS-SA-2006-2.
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: gnutls
Version: 5.4
Hardware: All
OS: Linux
low
medium
Target Milestone: rc
: ---
Assignee: Tomas Mraz
QA Contact: BaseOS QE Security Team
URL:
Whiteboard:
Depends On:
Blocks: CVE-2006-7239
TreeView+ depends on / blocked
 
Reported: 2010-05-11 15:56 UTC by Enrico Scholz
Modified: 2012-03-15 10:59 UTC (History)
1 user (show)

Fixed In Version: gnutls-1.4.1-7.el5_8.1
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-03-15 10:59:27 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Enrico Scholz 2010-05-11 15:56:17 UTC 
Description of problem:

While verifying client certificates with sha512 hashes I get segfaults like

==7286== Invalid read of size 1
==7286==    at 0x4A06794: strcmp (mc_replace_strmem.c:341)
==7286==    by 0x4C309C5: _gnutls_x509_oid2mac_algorithm (gnutls_algorithms.c:573)
==7286==    by 0x4C5830A: verify_sig (verify.c:498)
==7286==    by 0x4C5850D: _gnutls_x509_verify_signature (verify.c:696)
==7286==    by 0x4C58D37: _gnutls_verify_certificate2 (verify.c:295)
==7286==    by 0x4C5911F: gnutls_x509_crt_list_verify (verify.c:401)
==7286==    by 0x4C470AB: _gnutls_x509_cert_verify_peers (gnutls_x509.c:179)
==7286==    by 0x402DAA: ssl_server (ssl-server.c:520)
==7286==    by 0x403C77: main (ssl-server.c:820)
==7286==  Address 0x0 is not stack'd, malloc'd or (recently) free'd
==7286== 
==7286== Process terminating with default action of signal 11 (SIGSEGV)
==7286==  Access not within mapped region at address 0x0
==7286==    at 0x4A06794: strcmp (mc_replace_strmem.c:341)
==7286==    by 0x4C309C5: _gnutls_x509_oid2mac_algorithm (gnutls_algorithms.c:573)
==7286==    by 0x4C5830A: verify_sig (verify.c:498)
==7286==    by 0x4C5850D: _gnutls_x509_verify_signature (verify.c:696)
==7286==    by 0x4C58D37: _gnutls_verify_certificate2 (verify.c:295)
==7286==    by 0x4C5911F: gnutls_x509_crt_list_verify (verify.c:401)
==7286==    by 0x4C470AB: _gnutls_x509_cert_verify_peers (gnutls_x509.c:179)
==7286==    by 0x402DAA: ssl_server (ssl-server.c:520)
==7286==    by 0x403C77: main (ssl-server.c:820)


This issues seems to be described in http://lists.gnupg.org/pipermail/gnutls-dev/2006-August/001190.html and solved in gnutls-1.4.2.

Practically, this allows DOS attacks against gnutls based servers by providing client certificates with unsupported algorithms (e.g. sha256 or sha512).


Version-Release number of selected component (if applicable):


How reproducible:

gnutls-1.4.1-3.el5_4.8
Comment 3 RHEL Program Management 2010-12-07 09:45:42 UTC 
This request was evaluated by Red Hat Product Management for inclusion in Red Hat Enterprise Linux 5.6 and Red Hat does not plan to fix this issue the currently developed update.

Contact your manager or support representative in case you need to escalate this bug.
Comment 4 Ludek Smid 2011-06-06 09:00:34 UTC 
This request was evaluated by Red Hat Product Management for inclusion in Red
Hat Enterprise Linux 5.7 and Red Hat does not plan to fix this issue the
currently developed update.

Contact your manager or support representative in case you need to escalate
this bug.
Comment 5 RHEL Program Management 2012-01-09 14:05:29 UTC 
This request was evaluated by Red Hat Product Management for inclusion in Red Hat Enterprise Linux 5.8 and Red Hat does not plan to fix this issue the currently developed update.

Contact your manager or support representative in case you need to escalate this bug.
Note You need to log in before you can comment on or make changes to this bug.