Bug 492304 (CVE-2009-0590) - CVE-2009-0590 openssl: ASN1 printing crash
Summary: CVE-2009-0590 openssl: ASN1 printing crash
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2009-0590
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL: http://web.nvd.nist.gov/view/vuln/det...
Whiteboard:
Depends On: 482112 494578 530522 547448 563125 563127 1127896
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-03-26 12:06 UTC by Mark J. Cox
Modified: 2019-09-29 12:29 UTC (History)
9 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2010-03-25 09:28:39 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2009:1335 0 normal SHIPPED_LIVE Moderate: openssl security, bug fix, and enhancement update 2009-09-01 10:41:25 UTC
Red Hat Product Errata RHSA-2010:0163 0 normal SHIPPED_LIVE Moderate: openssl security update 2010-03-25 09:15:38 UTC

Comment 2 Mark J. Cox 2009-03-26 12:10:41 UTC 
Common Vulnerabilities and Exposures assigned an identifier CVE-2009-0590 to
the following vulnerability:

ASN1 printing crash
===================

The function ASN1_STRING_print_ex() when used to print a BMPString or
UniversalString will crash with an invalid memory access if the encoded length
of the string is illegal. (CVE-2009-0590)

Any OpenSSL application which prints out the contents of a certificate could
be affected by this bug, including SSL servers, clients and S/MIME software.

Fixed in 0.9.8k 
http://cvs.openssl.org/chngview?cn=17907
Comment 3 Tomas Hoger 2009-03-30 08:42:44 UTC 
Upstream security advisory:
  http://openssl.org/news/secadv_20090325.txt
Comment 4 Tomas Hoger 2009-03-30 08:59:53 UTC 
The impact of this flaw is limited to crash of the applications calling affected openssl function.  There are currently no known applications printing untrusted certificates, where application crash would be considered a security issue.

Future opnessl packages updates may address this flaw.
Comment 9 Tomas Hoger 2009-04-07 08:48:33 UTC 
This issue may only affect applications using ASN1_STRING_print_ex() (or ASN1_STRING_print_ex_fp(), or ASN1_item_print() calling ASN1_STRING_print_ex()) OpenSSL function to print untrusted inputs (such as values from not verified X509 client certificates).

No application shipped in Red Hat Enterprise Linux uses affected function.  It is only used in sslinfo extension shipped with the recent versions of the PostgreSQL server (contrib module, not enabled by default; only included in postgresql-contrib packages in Red Hat Application Stack 2), where it is used to print information from the client certificate that was previously used to successfully authenticate user's connection (i.e. it has been issued by a trusted CA and hence certificate is trusted).  Additional searches suggest that the function is rarely used by other open source projects not included in any Red Hat product.

There's currently no plan to release an asynchronous security update to address this low-impact issue.  Future OpenSSL packages updates may address this flaw.
Comment 17 errata-xmlrpc 2009-09-02 11:00:26 UTC 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2009:1335 https://rhn.redhat.com/errata/RHSA-2009-1335.html
Comment 29 errata-xmlrpc 2010-03-25 09:15:59 UTC 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 3
  Red Hat Enterprise Linux 4

Via RHSA-2010:0163 https://rhn.redhat.com/errata/RHSA-2010-0163.html
Note You need to log in before you can comment on or make changes to this bug.