Common Vulnerabilities and Exposures assigned an identifier CVE-2009-0590 to the following vulnerability: ASN1 printing crash =================== The function ASN1_STRING_print_ex() when used to print a BMPString or UniversalString will crash with an invalid memory access if the encoded length of the string is illegal. (CVE-2009-0590) Any OpenSSL application which prints out the contents of a certificate could be affected by this bug, including SSL servers, clients and S/MIME software. Fixed in 0.9.8k http://cvs.openssl.org/chngview?cn=17907
Upstream security advisory: http://openssl.org/news/secadv_20090325.txt
The impact of this flaw is limited to crash of the applications calling affected openssl function. There are currently no known applications printing untrusted certificates, where application crash would be considered a security issue. Future opnessl packages updates may address this flaw.
This issue may only affect applications using ASN1_STRING_print_ex() (or ASN1_STRING_print_ex_fp(), or ASN1_item_print() calling ASN1_STRING_print_ex()) OpenSSL function to print untrusted inputs (such as values from not verified X509 client certificates). No application shipped in Red Hat Enterprise Linux uses affected function. It is only used in sslinfo extension shipped with the recent versions of the PostgreSQL server (contrib module, not enabled by default; only included in postgresql-contrib packages in Red Hat Application Stack 2), where it is used to print information from the client certificate that was previously used to successfully authenticate user's connection (i.e. it has been issued by a trusted CA and hence certificate is trusted). Additional searches suggest that the function is rarely used by other open source projects not included in any Red Hat product. There's currently no plan to release an asynchronous security update to address this low-impact issue. Future OpenSSL packages updates may address this flaw.
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2009:1335 https://rhn.redhat.com/errata/RHSA-2009-1335.html
This issue has been addressed in following products: Red Hat Enterprise Linux 3 Red Hat Enterprise Linux 4 Via RHSA-2010:0163 https://rhn.redhat.com/errata/RHSA-2010-0163.html