Bug 598732 - (CVE-2010-1633) CVE-2010-1633 openssl: information leak due to invalid Return value check
CVE-2010-1633 openssl: information leak due to invalid Return value check
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
public=20100601,reported=20100601,sou...
: Security
Depends On: 598735 598736 598737
Blocks:
  Show dependency treegraph
 
Reported: 2010-06-01 18:51 EDT by Vincent Danen
Modified: 2015-10-15 17:12 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-06-25 05:50:30 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Vincent Danen 2010-06-01 18:51:34 EDT
From the upstream advisory [1]:

Invalid Return value check in pkey_rsa_verifyrecover
====================================================

When verification recovery fails for RSA keys an uninitialised buffer with an
undefined length is returned instead of an error code (CVE-2010-1633).

This bug is only present in OpenSSL 1.0.0 and only affects applications that
call the function EVP_PKEY_verify_recover(). As this function is not present
in previous versions of OpenSSL and not used by OpenSSL internal code very few
applications should be affected. The OpenSSL utility application "pkeyutl" does 
use this function.

Affected users should update to 1.0.0a which contains a patch to correct this
bug.

Thanks to Peter-Michael Hager for reporting this issue.

[1] http://www.openssl.org/news/secadv_20100601.txt
Comment 1 Vincent Danen 2010-06-01 18:53:52 EDT
Statement:

Not vulnerable. These issues did not affect the versions of OpenSSL as shipped with Red Hat Enterprise Linux 3, 4, or 5.
Comment 3 Vincent Danen 2010-06-01 18:54:34 EDT
Created openssl tracking bugs for this issue

Affects: fedora-12 [bug 598736]
Affects: fedora-13 [bug 598737]
Comment 4 Vincent Danen 2010-06-01 18:56:20 EDT
Upstream commit that corrects this issue:

http://cvs.openssl.org/chngview?cn=19693
Comment 5 Tomas Hoger 2010-06-02 04:31:02 EDT
(In reply to comment #4)
> Upstream commit that corrects this issue:
> http://cvs.openssl.org/chngview?cn=19693

Relevant part is crypto/rsa/rsa_pmeth.c change:
http://cvs.openssl.org/filediff?f=openssl/crypto/rsa/rsa_pmeth.c&v1=1.34&v2=1.34.2.1
Comment 6 Fedora Update System 2010-06-07 03:53:01 EDT
openssl-1.0.0a-1.fc13 has been submitted as an update for Fedora 13.
http://admin.fedoraproject.org/updates/openssl-1.0.0a-1.fc13
Comment 7 Fedora Update System 2010-06-07 03:53:33 EDT
openssl-1.0.0a-1.fc12 has been submitted as an update for Fedora 12.
http://admin.fedoraproject.org/updates/openssl-1.0.0a-1.fc12
Comment 8 Fedora Update System 2010-06-15 11:58:45 EDT
openssl-1.0.0a-1.fc13 has been pushed to the Fedora 13 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 9 Fedora Update System 2010-06-16 13:43:52 EDT
openssl-1.0.0a-1.fc12 has been pushed to the Fedora 12 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.