Bug 503685 (CVE-2009-1386) - CVE-2009-1386 openssl: DTLS NULL deref crash on early ChangeCipherSpec request
Summary: CVE-2009-1386 openssl: DTLS NULL deref crash on early ChangeCipherSpec request
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2009-1386
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: source=redhat,impact=moderate,reporte...
Depends On: 482112 501667 530522
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-06-02 08:07 UTC by Tomas Hoger
Modified: 2019-06-08 12:46 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2010-12-22 15:26:39 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2009:1335 normal SHIPPED_LIVE Moderate: openssl security, bug fix, and enhancement update 2009-09-01 10:41:25 UTC

Description Tomas Hoger 2009-06-02 08:07:08 UTC
A NULL pointer dereference flaw was found in OpenSSL affecting DTLS servers.  If client sent a "change cipher spec" request before server had its session structures initialized properly, it caused server to dereference NULL pointer and crash.

Issue was fixed upstream via following commit:
  http://marc.info/?l=openssl-cvs&m=121866006013233&w=2

This fix was first included in upstream version 0.9.8i.

Comment 2 Tomas Hoger 2009-06-02 08:48:20 UTC
Upstream bug report:
  http://rt.openssl.org/Ticket/Display.html?id=1679&user=guest&pass=guest

Direct link to upstream CVS commit:
  http://cvs.openssl.org/chngview?cn=17369

Comment 4 Tomas Hoger 2009-06-02 09:26:16 UTC
This issue did not affect versions of openssl as shipped in Red Hat Enterprise Linux 3 and 4.

This issue affects openssl version as shipped in Red Hat Enterprise Linux 5 and it will be addressed in the openssl packages update in Red Hat Enterprise Linux 5.4.  There is no update planned before than, as both DTLS specification and OpenSSL's implementation is still in development and unlikely to be used in production environments.  There is no component shipped in Red Hat Enterprise Linux 5 using OpenSSL's DTLS implementation, except for OpenSSL's testing command line client - openssl.

Comment 5 errata-xmlrpc 2009-09-02 11:00:22 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2009:1335 https://rhn.redhat.com/errata/RHSA-2009-1335.html

Comment 6 errata-xmlrpc 2009-09-02 12:12:02 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2009:1335 https://rhn.redhat.com/errata/RHSA-2009-1335.html

Comment 7 Vincent Danen 2009-09-18 17:46:01 UTC
This issue doesn't affect Fedora 11, but it does affect Fedora 10 (0.9.8g).  Is it planned to be corrected in Fedora 10?


Note You need to log in before you can comment on or make changes to this bug.