Bug 598732 (CVE-2010-1633) - CVE-2010-1633 openssl: information leak due to invalid Return value check
Summary: CVE-2010-1633 openssl: information leak due to invalid Return value check
Status: CLOSED ERRATA
Alias: CVE-2010-1633
Product: Security Response
Classification: Other
Component: vulnerability   
(Show other bugs)
Version: unspecified
Hardware: All Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: public=20100601,reported=20100601,sou...
Keywords: Security
Depends On: 598735 598736 598737
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-06-01 22:51 UTC by Vincent Danen
Modified: 2015-10-15 21:12 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-06-25 09:50:30 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Vincent Danen 2010-06-01 22:51:34 UTC
From the upstream advisory [1]:

Invalid Return value check in pkey_rsa_verifyrecover
====================================================

When verification recovery fails for RSA keys an uninitialised buffer with an
undefined length is returned instead of an error code (CVE-2010-1633).

This bug is only present in OpenSSL 1.0.0 and only affects applications that
call the function EVP_PKEY_verify_recover(). As this function is not present
in previous versions of OpenSSL and not used by OpenSSL internal code very few
applications should be affected. The OpenSSL utility application "pkeyutl" does 
use this function.

Affected users should update to 1.0.0a which contains a patch to correct this
bug.

Thanks to Peter-Michael Hager for reporting this issue.

[1] http://www.openssl.org/news/secadv_20100601.txt

Comment 1 Vincent Danen 2010-06-01 22:53:52 UTC
Statement:

Not vulnerable. These issues did not affect the versions of OpenSSL as shipped with Red Hat Enterprise Linux 3, 4, or 5.

Comment 3 Vincent Danen 2010-06-01 22:54:34 UTC
Created openssl tracking bugs for this issue

Affects: fedora-12 [bug 598736]
Affects: fedora-13 [bug 598737]

Comment 4 Vincent Danen 2010-06-01 22:56:20 UTC
Upstream commit that corrects this issue:

http://cvs.openssl.org/chngview?cn=19693

Comment 5 Tomas Hoger 2010-06-02 08:31:02 UTC
(In reply to comment #4)
> Upstream commit that corrects this issue:
> http://cvs.openssl.org/chngview?cn=19693

Relevant part is crypto/rsa/rsa_pmeth.c change:
http://cvs.openssl.org/filediff?f=openssl/crypto/rsa/rsa_pmeth.c&v1=1.34&v2=1.34.2.1

Comment 6 Fedora Update System 2010-06-07 07:53:01 UTC
openssl-1.0.0a-1.fc13 has been submitted as an update for Fedora 13.
http://admin.fedoraproject.org/updates/openssl-1.0.0a-1.fc13

Comment 7 Fedora Update System 2010-06-07 07:53:33 UTC
openssl-1.0.0a-1.fc12 has been submitted as an update for Fedora 12.
http://admin.fedoraproject.org/updates/openssl-1.0.0a-1.fc12

Comment 8 Fedora Update System 2010-06-15 15:58:45 UTC
openssl-1.0.0a-1.fc13 has been pushed to the Fedora 13 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 9 Fedora Update System 2010-06-16 17:43:52 UTC
openssl-1.0.0a-1.fc12 has been pushed to the Fedora 12 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.