Bug 623483 - (CVE-2010-2939) CVE-2010-2939 openssl: double-free vulnerability in ssl3_get_key_exchange()
CVE-2010-2939 openssl: double-free vulnerability in ssl3_get_key_exchange()
Status: CLOSED NOTABUG
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
unspecified Severity unspecified
: ---
: ---
Assigned To: Red Hat Product Security
public=20100807,reported=20100811,sou...
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2010-08-11 17:41 EDT by Vincent Danen
Modified: 2015-08-19 04:52 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-08-12 12:34:07 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Vincent Danen 2010-08-11 17:41:54 EDT
George Guninski reported [1] a double-free flaw in openssl's client implementation that could lead to a crash when ECDH is used.  It was reported against 1.0.0a but the code being patched [2] to correct the flaw has also been identified in 0.9.8 [3].

[1] http://marc.info/?l=openssl-dev&m=128118163216952&w=2
[2] http://marc.info/?l=openssl-dev&m=128128256314328&w=2
[3] http://article.gmane.org/gmane.comp.security.oss.general/3298
Comment 1 Vincent Danen 2010-08-11 17:44:01 EDT
I'm not 100% sure of the impact here as it looks like it might just be in the openssl client.  I don't know if this code is used by other clients linked to the openssl libraries or not, so at this point cannot say if other applications are impacted by this.
Comment 2 Tomas Mraz 2010-08-11 18:10:24 EDT
Except this code is not compiled in on our openssl - no ECC support there.
Comment 3 Vincent Danen 2010-08-12 00:03:30 EDT
ECC or ECDH?  So where this problem falls, we don't compile that support into any version of openssl we provide?
Comment 4 Tomas Mraz 2010-08-12 03:20:08 EDT
Yes, it's in #ifndef OPENSSL_NO_ECDH. And the ECDH is not even in the source tarball due to patent concerns with ECC.
Comment 6 Vincent Danen 2010-08-12 12:34:07 EDT
Statement:

This issue did not affect the versions of openssl as shipped with Red Hat Enterprise Linux 3, 4, or 5 as they did not include support for ECDH.

Note You need to log in before you can comment on or make changes to this bug.