Bug 802489 - (CVE-2012-1165) CVE-2012-1165 openssl: mime_param_cmp NULL dereference crash
CVE-2012-1165 openssl: mime_param_cmp NULL dereference crash
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20120312,repor...
: Security
Depends On: 802816 802817 802820 804550 804551 804552 804553
Blocks: 802502
  Show dependency treegraph
 
Reported: 2012-03-12 12:58 EDT by Tomas Hoger
Modified: 2016-03-04 07:24 EST (History)
3 users (show)

See Also:
Fixed In Version: openssl 0.9.8u, openssl 1.0.0h
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-09-25 03:58:58 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Tomas Hoger 2012-03-12 12:58:10 EDT
A NULL pointer dereference flaw was found in OpenSSL's mime_param_cmp.  A specially crafted S/MIME input headers could cause an application using OpenSSL to crash during S/MIME message verification or decryption.

This is similar to the mime_hdr_cmp issue tracked via bug 798100.

Upstream commit:
  http://cvs.openssl.org/chngview?cn=22252
  and cn 22243 and 22244 for 0.9.8 and 1.0.0 branch commits

Fixed upstream in versions: 0.9.8u and 1.0.0h
Comment 3 Tomas Hoger 2012-03-13 10:55:06 EDT
Created mingw32-openssl tracking bugs for this issue

Affects: fedora-all [bug 802817]
Affects: epel-5 [bug 802820]
Comment 4 Tomas Hoger 2012-03-13 10:59:24 EDT
Created openssl tracking bugs for this issue

Affects: fedora-all [bug 802816]
Comment 10 errata-xmlrpc 2012-03-27 18:57:29 EDT
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5
  Red Hat Enterprise Linux 6

Via RHSA-2012:0426 https://rhn.redhat.com/errata/RHSA-2012-0426.html
Comment 11 Fedora Update System 2012-04-10 23:52:19 EDT
openssl-1.0.0h-1.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 12 Fedora Update System 2012-04-11 13:05:41 EDT
openssl-1.0.0h-1.fc15 has been pushed to the Fedora 15 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 13 Fedora Update System 2012-04-11 13:06:32 EDT
openssl-1.0.0h-1.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 14 Fedora Update System 2012-04-11 22:49:41 EDT
openssl-1.0.0h-1.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 15 Ken Stailey 2012-07-25 12:30:05 EDT
There is no patch for openssl-0.9.7a/crypto/pkcs7/pk7_mime.c in openssl-0.9.7a-43.20.el4.src.rpm 

Neither mime_hdr_cmp() or mime_param_cmp() in openssl-0.9.7a/crypto/pkcs7/pk7_mime.c does any checking for NULL values.

Is RHEL 4 ELS vulnerable to NULL pointer could be dereferencing when parsing certain S/MIME messages?  If so will there be a fix released?  Thanks.
Comment 16 Tomas Hoger 2012-07-26 03:42:29 EDT
(In reply to comment #15)
> Is RHEL 4 ELS vulnerable to NULL pointer could be dereferencing when parsing
> certain S/MIME messages?  If so will there be a fix released?

This affects Red Hat Enterprise Linux 4 openssl packages and is not planned to get fixed.  Refer to Life Cycle and Update Policies pages for details on what fixes are addressed during the Extended Life Phase via ELS:

https://access.redhat.com/support/policy/updates/errata/#Extended_Life_Cycle_Phase
Comment 17 errata-xmlrpc 2012-09-24 12:02:43 EDT
This issue has been addressed in following products:

  JBoss Enterprise Application Platform 6.0.0

Via RHSA-2012:1308 https://rhn.redhat.com/errata/RHSA-2012-1308.html
Comment 18 errata-xmlrpc 2012-09-24 12:03:43 EDT
This issue has been addressed in following products:

  JBoss Enterprise Application Platform 5.1.2

Via RHSA-2012:1307 https://rhn.redhat.com/errata/RHSA-2012-1307.html
Comment 19 errata-xmlrpc 2012-09-24 12:04:52 EDT
This issue has been addressed in following products:

  JBoss Enterprise Web Server 1.0.2

Via RHSA-2012:1306 https://rhn.redhat.com/errata/RHSA-2012-1306.html

Note You need to log in before you can comment on or make changes to this bug.