Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 195634

Summary: dev-libs/openssl < 0.9.8f DTLS vulnerability (CVE-2007-4995)
Product: Gentoo Security Reporter: Rajiv Aaron Manglani (RETIRED) <rajiv>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: cilly, mgorny
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://secunia.com/advisories/25878/
Whiteboard: B1 [glsa]
Package list:
Runtime testing required: ---
Attachments:
Description Flags
openssl-0.9.8f.ebuild with padlock patch support
none
padlock engine patch for 0.9.8f ebuild none

Description Rajiv Aaron Manglani (RETIRED) gentoo-dev 2007-10-12 16:47:13 UTC 
From: Ben Laurie <ben@links.org>
To: OpenSSL Announce <openssl-announce@openssl.org>,
    openssl-users <openssl-users@openssl.org>,
    OpenSSL Dev <openssl-dev@openssl.org>, Bugtraq <BUGTRAQ@SECURITYFOCUS.COM>,
    Cryptography <cryptography@metzdowd.com>,
    full-disclosure-request@lists.grok.org.uk
Date: Fri, 12 Oct 2007 12:05:48 +0100
Subject: OpenSSL Security Advisory

-----BEGIN PGP SIGNED MESSAGE-----

OpenSSL Security Advisory [12-Oct-2007]

OpenSSL Vulnerabilities
- -----------------------

Vulnerability A
- ---------------

Andy Polyakov discovered a flaw in OpenSSL's DTLS implementation which
could lead to the compromise of clients and servers with DTLS enabled.

DTLS is a datagram variant of TLS specified in RFC 4347 first
supported in OpenSSL version 0.9.8. Note that the vulnerabilities do
not affect SSL and TLS so only clients and servers explicitly using
DTLS are affected.

We believe this flaw will permit remote code execution.

This vulnerability is tracked as CVE-2007-4995.

Versions Affected
- -----------------

All releases of 0.9.8 prior to 0.9.8f.

Recommendation
- --------------

Either

a) Upgrade to the latest version of OpenSSL (0.9.8f) and rebuild all
packages using OpenSSL for DTLS.

or,

b) Disable DTLS.

Vulnerability B
- ---------------

Moritz Jodeit found an off-by-one error in SSL_get_shared_ciphers(), a
function that should normally only be used for logging or debugging.

The impact of this overflow is unclear.

This vulnerability is tracked as CVE-2007-5135.

Versions Affected
- -----------------

All releases of 0.9.8 prior to 0.9.8f. All releases of 0.9.7 prior to
0.9.7m.

(Note that versions prior to 0.9.8d and 0.9.7l actually had a worse
problem in the same function).

Recommendation
- --------------

a) Don't use SSL_get_shared_ciphers().

OR

b) Upgrade to 0.9.8f.

- --
http://www.apache-ssl.org/ben.html           http://www.links.org/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQCVAwUBRw9VDBsIDEUnGa81AQEgFAP+MBSAb2CYGHXe0eicqsn3CRVE3R384PoC
01odYyJIdzjXrmgUxKZ0zaKst2Ud2BbNZff1WUDj3oymjc5wbylE2tQLK7KsetRv
hpfFwKmwbiLmhYtei+CVXOQiO+inOPeS9KbDbOqE40wrD9yMShJfpJXE7OG/Mf5t
8+l8pKLYag0=
=mVOD
-----END PGP SIGNATURE-----
Comment 1 SpanKY gentoo-dev 2007-10-13 02:36:23 UTC 
*** Bug 195674 has been marked as a duplicate of this bug. ***
Comment 2 Pierre-Yves Rofes (RETIRED) gentoo-dev 2007-10-13 12:08:15 UTC 
CVE-2007-5135 was adressed with GLSA 200710-06.

DTLS is used only for UDP mode, so I would rate this B1 as this isn't much used compared to classic TLS for TCP.
Anyway, base-system: please provide updated ebuild.
Comment 3 SpanKY gentoo-dev 2007-10-13 14:26:33 UTC 
0.9.8f is now in ... gave a quick test on x86/amd64/sparc/ppc/ppc64/ia64 and it seems to be ok ...
Comment 4 Pierre-Yves Rofes (RETIRED) gentoo-dev 2007-10-13 17:29:03 UTC 
Arches, please test and mark stable dev-libs/openssl-0.9.8f.
Target "-* alpha amd64 arm hppa ia64 m68k mips ppc ppc64 s390 sh sparc ~sparc-fbsd x86 ~x86-fbsd"
Comment 5 Dawid Węgliński (RETIRED) gentoo-dev 2007-10-13 18:45:10 UTC 
done on x86
Comment 6 cilly 2007-10-13 19:00:54 UTC 
Created attachment 133354 [details]
openssl-0.9.8f.ebuild with padlock patch support
Comment 7 cilly 2007-10-13 19:02:03 UTC 
Created attachment 133358 [details, diff]
padlock engine patch for 0.9.8f ebuild
Comment 8 cilly 2007-10-13 19:03:20 UTC 
Thanks, openssl-0.9.8f.ebuild works flawlessly, including padlock static loading patch.

Tested on X86 with apache, mysql, postfix, courier, ssh...
Comment 9 SpanKY gentoo-dev 2007-10-13 19:04:53 UTC 
Comment on attachment 133358 [details, diff]
padlock engine patch for 0.9.8f ebuild

stop posting this stuff as you were already told where to take it
Comment 10 Raúl Porcel (RETIRED) gentoo-dev 2007-10-14 11:19:46 UTC 
alpha/ia64/sparc stable
Comment 11 Markus Rothe (RETIRED) gentoo-dev 2007-10-14 17:40:55 UTC 
ppc64 stable
Comment 12 Jeroen Roovers (RETIRED) gentoo-dev 2007-10-14 18:11:09 UTC 
Stable for HPPA.
Comment 13 Jonas Pedersen 2007-10-14 19:29:35 UTC 
dev-libs/openssl-0.9.8f  USE="kerberos (sse2) test zlib -bindist -emacs -gmp"

1. Emerges on AMD64. 
2. No collisions and passes all tests. 
3. Works. Tested with openssh and can still login remotely with both password and keys. 

Portage 2.1.3.9 (default-linux/amd64/2007.0/desktop, gcc-4.1.2, glibc-2.5-r4, 2.6.22-gentoo-r2 x86_64)
=================================================================
System uname: 2.6.22-gentoo-r2 x86_64 Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz
Timestamp of tree: Tue, 02 Oct 2007 20:50:01 +0000
distcc 2.18.3 x86_64-pc-linux-gnu (protocols 1 and 2) (default port 3632) [enabled]
ccache version 2.4 [enabled]
app-shells/bash:     3.2_p17
dev-java/java-config: 1.3.7, 2.0.33-r1
dev-lang/python:     2.4.4-r5
dev-python/pycrypto: 2.0.1-r6
dev-util/ccache:     2.4-r7
sys-apps/baselayout: 1.12.9-r2
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.61-r1
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10
sys-devel/binutils:  2.17-r1
sys-devel/gcc-config: 1.3.16
sys-devel/libtool:   1.5.24
virtual/os-headers:  2.6.21
ACCEPT_KEYWORDS="amd64"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=nocona -Os -msse3 -pipe -fomit-frame-pointer"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config"
CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/splash /etc/terminfo"
CXXFLAGS="-march=nocona -Os -msse3 -pipe -fomit-frame-pointer"
DISTDIR="/usr/portage/distfiles"
FEATURES="ccache collision-protect distcc distlocks metadata-transfer multilib-strict parallel-fetch sandbox sfperms strict test unmerge-orphans userfetch"
GENTOO_MIRRORS="http://ftp.belnet.be/mirror/rsync.gentoo.org/gentoo/ http://trumpetti.atm.tut.fi/gentoo/ http://ftp.snt.utwente.nl/pub/os/linux/gentoo http://ds.thn.htu.se/linux/gentoo"
LC_ALL="en_DK.utf8"
MAKEOPTS="-j6"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-*"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/portage/local/layman/php-testing /usr/local/portage"
SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage"
USE="X a52 aac acl acpi aiglx alsa amd64 apache2 arts atk berkdb bitmap-fonts cairo cdr cli cracklib crypt cups dbus dga directfb dri dts dvd dvdr dvdread eds emboss encode evo fam fbcn ffmpeg firefox fortran ftp gd gdbm gif gphoto2 gpm gstreamer gtk hal iconv icq ieee1394 ipv6 isdnlog java jpeg kde kerberos lm_sensors mad midi mikmod mjpeg mmx mozilla mp2 mp3 mpeg mplayer msn mudflap ncurses nls nptl nptlonly ogg oggvorbis opengl openmp pam pcre pda pdf perl png ppds pppd python qt qt3 qt3support qt4 quicktime readline reflection samba sdl session spell spl sse sse2 sse3 ssl svg tcpd test threads tiff truetype truetype-fonts type1-fonts unicode vorbis x264 xcomposite xml xorg xscreensaver xv xvid zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" ELIBC="glibc" INPUT_DEVICES="keyboard mouse" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" USERLAND="GNU" VIDEO_CARDS="radeon"
Unset:  CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LDFLAGS, LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
Comment 14 Christoph Mende (RETIRED) gentoo-dev 2007-10-16 14:14:49 UTC 
amd64 stable
Comment 15 Tobias Scherbaum (RETIRED) gentoo-dev 2007-10-16 16:51:19 UTC 
ppc stable, ready for glsa
Comment 16 Robert Buchholz (RETIRED) gentoo-dev 2007-10-16 17:07:27 UTC 
thanks, request filed.
Comment 17 Pierre-Yves Rofes (RETIRED) gentoo-dev 2007-10-30 22:16:29 UTC 
GLSA 200710-30
Comment 18 Pierre-Yves Rofes (RETIRED) gentoo-dev 2007-10-31 08:42:17 UTC 
(In reply to comment #17)
> GLSA 200710-30
> 

As some of you noticed, the mail advisory included an error, vulnerable and unaffected versions were swapped, i.e. unaffected versions are of course >= 0.9.8f while vulnerable are < 0.9.8f, as the title says.

Thanks for all of those who reported, you don't need to send me more e-mails about that now :)