Hi there, a review of openssl-0.9.8a revealed some security issues. A buffer overflow exists in the SSL_get_shared_ciphers() utility function, used to generate human readable strings from the list of shared ciphers supported on an SSL connection. A web search suggests at least exim, mysql, openssl(1) and psybnc are using this function and may be affected. char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len) { ... for (i=0; i<sk_SSL_CIPHER_num(sk); i++) { /* Decrement for either the ':' or a '\0' */ len--; <------------ b c=sk_SSL_CIPHER_value(sk,i); for (cp=c->name; *cp; ) { if (len-- == 0) <------------ a { *p='\0'; return(buf); } else *(p++)= *(cp++); } *(p++)=':'; } p[-1]='\0'; return(buf); } In the code above, if at the location marked a `len` is 1, len will be decremented to zero, a character will be copied to the destination buffer and then at location b len will be decremented again to -1, and thus not satisfying the end condition `len == 0`. An attacker could send a list of ciphers (you can send a long list of the same cipher to pad up to the boundary) and then by careful selection of the final ciphers overrun the buffer with data. Although it wouldnt be easy (as you have to choose from the characters in the list of available ciphers, or ':', or '\0'), this is clearly going to be exploitable in some situations. A denial of service was discovered in the sslv2 client code, where a missing check for NULL could allow a malicious ssl server to crash a connecting client. The following perl command can be used to reproduce this issue, followed by `wget https://localhost/` # perl -e 'print "\x80\xec\x04\x4d\x00\x00\x02","\x00"x"5","A"x"512"' | nc -lp 443 If there are no objections I'll suggest 5th September as an embargo date. Please credit "Tavis Ormandy and Will Drewry, Google Security Team" in any advisories relating to these issues. Thanks, Tavis.
Created attachment 95404 [details, diff] openssl-goo-sec.diff
0.9.7j is affected as well (we dont have 0.9.8x in ~arch yet)
SpanKY do we want pretesting of this one or are we waiting for an upstream release?
is upstream aware of the issue ? i havent contacted them at all
Upstream is informed about the issue.
openssl-0.9.7l and openssl-0.9.8d in portage
advisory public at http://www.openssl.org/news/secadv_20060928.txt arches, please test and mark stable if possible...
Which? 7j or 8d? or both?
err... 7l... not 7j...
ideally you'd do both
I have tested: dev-libs/openssl-0.9.7l USE="test zlib -bindist -emacs (-sse2%*)" dev-libs/openssl-0.9.8d USE="sse2 test zlib -bindist -emacs": The following applies to both of them: 1) emerges fine 2) passes test suite 3) passes collision test 4) works with openssh Gentoo Base System version 1.12.5 Portage 2.1.1 (default-linux/x86/2006.1/desktop, gcc-4.1.1, glibc-2.4-r3, 2.6.17-suspend2-r5 i686) ================================================================= System uname: 2.6.17-suspend2-r5 i686 Intel(R) Pentium(R) M processor 1600MHz Last Sync: Thu, 28 Sep 2006 00:00:08 +0000 ccache version 2.3 [enabled] app-admin/eselect-compiler: [Not Present] dev-java/java-config: 1.3.7, 2.0.30 dev-lang/python: 2.4.3-r4 dev-python/pycrypto: 2.0.1-r5 dev-util/ccache: 2.3 dev-util/confcache: [Not Present] sys-apps/sandbox: 1.2.17 sys-devel/autoconf: 2.13, 2.59-r7 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2 sys-devel/binutils: 2.16.1-r3 sys-devel/gcc-config: 1.3.13-r3 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.17-r1 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-march=pentium-m -Os -pipe" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config /usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/ /usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/ /usr/share/texmf/xdvi/" CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/java-config/vms/ /etc/revdep-rebuild /etc/splash /etc/terminfo" CXXFLAGS="-march=pentium-m -Os -pipe" DISTDIR="/opt/distfiles" FEATURES="autoconfig buildpkg ccache collision-protect distlocks fixpackages metadata-transfer parallel-fetch sandbox sfperms splitdebug strict test userfetch" GENTOO_MIRRORS="http://mirror.uni-c.dk/pub/gentoo http://ftp.belnet.be/mirror/rsync.gentoo.org/gentoo" LC_ALL="en_GB.utf8" LINGUAS="da en en_GB" MAKEOPTS="-j2" PKGDIR="/opt/packages" PORTAGE_RSYNC_EXTRA_OPTS="--timeout=60" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude='/distfiles' --exclude='/local' --exclude='/packages'" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://zlin.dk/gentoo-portage" USE="x86 X aac acpi alsa asf bash-completion berkdb bitmap-fonts bluetooth bzip2 cairo cdr cli crypt css cups dlloader dri dvd dvdr elibc_glibc emboss encode fam fat fbcon ffmpeg firefox flac fortran gdbm gif gphoto2 gpm i8x0 ieee1394 imagemagick input_devices_evdev input_devices_keyboard input_devices_mouse input_devices_synaptics input_devices_void irda irmc isdnlog jfs jpeg kde kdehiddenvisibility kernel_linux lcd libg++ linguas_da linguas_en linguas_en_GB logitech-mouse mad mikmod mmx mmxext mp3 mpeg mplayer msn ncurses nls nptl nptlonly nsplugin ntfs ogg opengl pam pcre pdf perl png ppds pppd python qt3 quicktime readline real reflection reiser4 reiserfs scanner sdl session slp spell spl sse sse2 ssl subversion svg svga syslog tcpd test tetex tiff truetype truetype-fonts type1-fonts udev unicode usb userland_GNU vcd video_cards_fbdev video_cards_fglrx video_cards_i810 video_cards_radeon video_cards_vesa vim vorbis wifi win32codecs xcomposite xfs xine xml xorg xscreensaver xv xvid zlib" Unset: CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LDFLAGS
Marked openssl-0.9.7l ppc64 stable; have to check with corsair about 8d.
dev-libs/openssl-0.9.8d: - emerges fine on amd64 - passes collision-protect - passes multilib-strict - passes test suite - works (tried wget, openssh) dev-libs/openssl-0.9.7l - emerges fine on amd64 - passes collision-protect - passes multilib-strict - passes test suite - wget works, but openssh failed to compile against it: checking for dlopen in -ldl... no checking for pam_set_item in -lpam... no configure: error: *** libpam missing Portage 2.1.1-r1 (default-linux/amd64/2006.1/desktop, gcc-4.1.1, glibc-2.4-r3, 2.6.18-ck1 x86_64) ================================================================= System uname: 2.6.18-ck1 x86_64 AMD Athlon(tm) 64 Processor 3000+ Gentoo Base System version 1.12.5 Last Sync: Thu, 28 Sep 2006 15:20:01 +0000 app-admin/eselect-compiler: [Not Present] dev-java/java-config: [Not Present] dev-lang/python: 2.4.3-r4 dev-python/pycrypto: 2.0.1-r5 dev-util/ccache: [Not Present] dev-util/confcache: [Not Present] sys-apps/sandbox: 1.2.17 sys-devel/autoconf: 2.13, 2.59-r7 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2 sys-devel/binutils: 2.16.1-r3 sys-devel/gcc-config: 1.3.13-r3 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.11-r2 ACCEPT_KEYWORDS="amd64" AUTOCLEAN="yes" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=k8 -O2 -pipe" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/share/X11/xkb" CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/revdep-rebuild /etc/terminfo" CXXFLAGS="-march=k8 -O2 -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig ccache collision-protect distlocks metadata-transfer multilib-strict parallel-fetch sandbox sfperms strict test" GENTOO_MIRRORS="ftp://linux.rz.ruhr-uni-bochum.de/gentoo-mirror/ ftp://ftp.uni-erlangen.de/pub/mirrors/gentoo ftp://ftp.join.uni-muenster.de/pub/linux/distributions/gentoo ftp://ftp.wh2.tu-dresden.de/pub/mirrors/gentoo ftp://ftp.join.uni-muenster.de/pub/linux/distributions/gentoo ftp://ftp-stud.fht-esslingen.de/pub/Mirrors/gentoo/ ftp://ftp.gentoo.mesh-solutions.com/gentoo/ ftp://pandemonium.tiscali.de/pub/gentoo/ " MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_EXTRA_OPTS="--exclude-from=/etc/portage/rsync_excludes" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude='/distfiles' --exclude='/local' --exclude='/packages'" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage" USE="amd64 X a52 aac acpi alsa amr avi berkdb bitmap-fonts branding bzip2 cairo cdinstall cdparanoia cdr cli crypt cups dbus divx dlloader dri dvd dvdr dvdread elibc_glibc emboss encode expat fam firefox foomaticdb fortran gdbm gif glut gnutls gpm gstreamer gtk gtk2 hal imagemagick input_devices_evdev input_devices_keyboard isdnlog jpeg kernel_linux lcms ldap libg++ lirc lirc_devices_inputlirc logrotate mad mikmod mng mp3 mpeg musicbrainz ncurses nls nptl nptlonly offensive ogg opengl pam pcre pdflib php png ppds pppd quicktime readline reflection reiserfs rtc sdl session socks5 spl ssl svg symlink tcpd tiff truetype truetype-fonts type1-fonts udev unicode userland_GNU userlocales v4l v4l2 video_cards_fglrx video_cards_radeon vim-with-x vorbis wmp x264 xfs xine xinerama xml xorg xv xvid zlib" Unset: CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, LINGUAS, PORTDIR_OVERLAY
Stable on amd64/x86.. thanks AT's!
SPARC stable on both versions.
hppa stable on both, 0.9.8d looks sane, otherwise... shoot me.
ppc stable
as ranger said in comment #12 he marked 0.9.7l stable on ppc64. For now we (ppc64) will stick with 0.9.7 series until last issues with .8 are fixed (toolchain specific). removing ppc64 from CC.
Done for alpha.
errr.... what about app-emulation/emul-linux-x86-baselibs? CCing amd64@
is app-emulation/emul-linux-x86-baselibs also vulnerable to these issues ? The last time we upgraded openssl for a security reason, emul-linux-x86-baselibs was also concerned.
Latest stable baselibs contains dev-libs/openssl-0.9.8c, so yes, we're vulnerable. Herbs is working on this already, AFAIK.
OK thank you. I update the glsa draft and we'll wait until this package is updated before sending it.
Ping Herbs / amd64 team ? Tell me if this will be long, thus we will probably send a GLSA for openssl only without app-emulation/emul-linux-x86-baselibs, thanks
(In reply to comment #24) > Ping Herbs / amd64 team ? Tell me if this will be long, thus we will probably > send a GLSA for openssl only without app-emulation/emul-linux-x86-baselibs, I think we will need a seperate GLSA. I repeatedly tried to ping Herbs without success, but for this update a whole bunch of other libs included in the emul-packages must be rebuilt, so this is not a trivial change which I'd rather let Herbs do.
> > I think we will need a seperate GLSA. I repeatedly tried to ping Herbs without > success, but for this update a whole bunch of other libs included in the > emul-packages must be rebuilt, so this is not a trivial change which I'd rather > let Herbs do. > OK. I open a new bug to handle emul-linux-x86-baselibs.
GLSA 200610-11