Bug 223429 (CVE-2008-0891)

Summary:

dev-libs/openssl >=0.9.8f <0.9.8g-r2 Denial of Service vulnerabilities (CVE-2008-0891, CVE-2008-1672)

Product:

Gentoo Security

Reporter:

Robert Buchholz (RETIRED) <rbu>

Component:

Vulnerabilities

Assignee:

Gentoo Security <security>

Status:

RESOLVED FIXED

Severity:

normal

CC:

base-system, hanno, jer

Priority:

High

Version:

unspecified

Hardware:

All

OS:

Linux

URL:

http://www.openssl.org/news/secadv_20080528.txt

Whiteboard:

A3 [glsa]

Package list:

Runtime testing required:

---

Attachments:

Description	Flags
openssl-0.9.8g-CVE-2008-0891.patch	none
openssl-0.9.8g-CVE-2008-1672.patch	none

Description Robert Buchholz (RETIRED) gentoo-dev

2008-05-24 12:42:25 UTC

Mark J Cox gave us a heads-up on an OpenSSL flaw possibly resulting in a Denial of Service.

Details will be disclosed to us on Monday, and are not to be publicised until Wednesday.

Comment 1 Robert Buchholz (RETIRED) gentoo-dev

2008-05-26 11:09:31 UTC

#1
OpenSSL Server Name extension crash

Testing using the Codenomicon TLS test suite discovered a flaw in the
handling of server name extension data in OpenSSL 0.9.8f and OpenSSL
0.9.8g.  If OpenSSL has been compiled using the non-default TLS server
name extensions, a remote attacker could send a carefully crafted
packet to a server application using OpenSSL and cause a crash.
(CVE-2008-0891).

Please note this issue does not affect any other released versions of
OpenSSL, and does not affect versions compiled without TLS server name
extensions.

...

#2
OpenSSL Omit Server Key Exchange message crash

Testing using the Codenomicon TLS test suite discovered a flaw if the
'Server Key exchange message' is omitted from a TLS handshake in
OpenSSL 0.9.8f and OpenSSL 0.9.8g.  If a client connects to a
malicious server with particular cipher suites, the server could cause
the client to crash.  (CVE-2008-1672).

Comment 2 Robert Buchholz (RETIRED) gentoo-dev

2008-05-26 11:11:17 UTC

vapier, do we support these "non-default TLS server name extensions"?

I'll attach upstream patches, please prepare ebuilds and we can do prestable testing on this bug. Do not commit anything to CVS yet.

Comment 3 Robert Buchholz (RETIRED) gentoo-dev

2008-05-26 11:13:04 UTC

Created attachment 154341 [details, diff]
openssl-0.9.8g-CVE-2008-0891.patch

Comment 4 Robert Buchholz (RETIRED) gentoo-dev

2008-05-26 11:13:20 UTC

Created attachment 154343 [details, diff]
openssl-0.9.8g-CVE-2008-1672.patch

Comment 5 Doug Goldstein (RETIRED) gentoo-dev

2008-05-26 14:42:16 UTC

(In reply to comment #2)
> vapier, do we support these "non-default TLS server name extensions"?
> 
> I'll attach upstream patches, please prepare ebuilds and we can do prestable
> testing on this bug. Do not commit anything to CVS yet.
> 

Yes we do in 0.9.8g and 0.9.8g-r1

Comment 6 Robert Buchholz (RETIRED) gentoo-dev

2008-05-26 22:26:40 UTC

(In reply to comment #5)
> Yes we do in 0.9.8g and 0.9.8g-r1

Thanks for the info. Since the embargo is off in ~36 hours, let me know if you intend to do prestable testing (preferred by security), or want to bump to the release directly in the tree. In case of the former, attach ebuild incorporating the patches to this bug.

Comment 7 Matthias Geerdsen (RETIRED) gentoo-dev

2008-05-28 11:29:17 UTC

This is now public via http://www.openssl.org/news/secadv_20080528.txt

0.9.8h has been released to adress the issue, please bump the ebuild.

Comment 8 Doug Goldstein (RETIRED) gentoo-dev

2008-05-29 15:15:14 UTC

Well to further complicate this, I'm having several SSL services that are no longer accessible from a client using openssl 0.9.8h while they're accessible from all versions below 0.9.8h. I don't know if this relates to tlsext but infra will be interested since one of my affected services is LDAP.

Comment 9 Robert Buchholz (RETIRED) gentoo-dev

2008-05-30 05:13:15 UTC

Doug, do you experience the same issues using 0.9.8g + the patches on the bug?

Comment 10 SpanKY gentoo-dev

2008-05-30 21:07:08 UTC

even though we have 0.9.8h, it's way too new to consider for stable ... we should apply the patches to 0.9.8g

if Doug could get back to us quickly, that'd be good ...

Comment 11 Doug Goldstein (RETIRED) gentoo-dev

2008-05-30 21:15:04 UTC

yeah yeah. Gimme a minute. I had a busy day today.

Comment 12 Doug Goldstein (RETIRED) gentoo-dev

2008-05-30 21:28:34 UTC

Alright. We look golden. My issue is obviously something in 0.9.8h not related to the security fixes. I'll just make a new bug on that to figure it out. Who knows, maybe upstream is already aware.

Anyway, I had to strip out the diff for CHANGES to get the patches to apply. But I added them to openssl-0.9.8g-r2 to the tree.

Comment 13 Robert Buchholz (RETIRED) gentoo-dev

2008-05-31 08:02:40 UTC

Thanks for bumping!

Arches, please test and mark stable:
=dev-libs/openssl-0.9.8g-r2
Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 release s390 sh sparc x86"

Comment 14 Christian Faulhammer (RETIRED) gentoo-dev

2008-05-31 13:37:35 UTC

x86 stable

Comment 15 Markus Rothe (RETIRED) gentoo-dev

2008-05-31 19:59:27 UTC

ppc64 stable

Comment 16 Jonas Pedersen 2008-05-31 21:27:31 UTC

dev-libs/openssl-0.9.8g-r2  USE="kerberos (sse2) test zlib -bindist -gmp"

1. Emerges on AMD64. 
2. No collisions and passes tests etc. 
3. OpenSSH still works after upgrade and OpenSSH builds against the upgraded OpenSSL package. 

Portage 2.1.4.4 (default-linux/amd64/2007.0/desktop, gcc-4.1.2, glibc-2.6.1-r0, 2.6.24-gentoo-r2 x86_64)
=================================================================
System uname: 2.6.24-gentoo-r2 x86_64 Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz
Timestamp of tree: Sat, 31 May 2008 16:45:01 +0000
distcc 2.18.3 x86_64-pc-linux-gnu (protocols 1 and 2) (default port 3632) [enabled]
ccache version 2.4 [enabled]
app-shells/bash:     3.2_p33
dev-java/java-config: 1.3.7, 2.1.6
dev-lang/python:     2.4.4-r9
dev-python/pycrypto: 2.0.1-r6
dev-util/ccache:     2.4-r7
sys-apps/baselayout: 1.12.11.1
sys-apps/sandbox:    1.2.18.1-r2
sys-devel/autoconf:  2.13, 2.61-r1
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10.1
sys-devel/binutils:  2.18-r1
sys-devel/gcc-config: 1.4.0-r4
sys-devel/libtool:   1.5.26
virtual/os-headers:  2.6.23-r3
ACCEPT_KEYWORDS="amd64"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=nocona -Os -msse3 -pipe -fomit-frame-pointer"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/config /var/lib/hsqldb"
CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/splash /etc/terminfo /etc/udev/rules.d"
CXXFLAGS="-march=nocona -Os -msse3 -pipe -fomit-frame-pointer"
DISTDIR="/usr/portage/distfiles"
FEATURES="ccache collision-protect distcc distlocks metadata-transfer multilib-strict parallel-fetch sandbox sfperms strict test unmerge-orphans userfetch"
GENTOO_MIRRORS="http://ftp.belnet.be/mirror/rsync.gentoo.org/gentoo/ http://trumpetti.atm.tut.fi/gentoo/ http://ftp.snt.utwente.nl/pub/os/linux/gentoo http://ds.thn.htu.se/linux/gentoo"
LC_ALL="en_DK.utf8"
MAKEOPTS="-j6"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage"
USE="X a52 aac acl acpi aiglx alsa amd64 apache2 arts atk berkdb cairo cdr cli cracklib crypt cups dbus dga directfb dri dts dvd dvdr dvdread eds emboss encode evo fam fbcn ffmpeg firefox fortran ftp gd gdbm gif gphoto2 gpm gstreamer gtk hal iconv icq ieee1394 ipv6 isdnlog java jpeg kde kerberos live lm_sensors mad midi mikmod mjpeg mmx mozilla mp2 mp3 mpeg mplayer msn mudflap ncurses nls nptl nptlonly ogg oggvorbis opengl openmp pam pcre pda pdf perl png ppds pppd python qt qt3 qt3support qt4 quicktime readline reflection samba sdl session spell spl sse sse2 sse3 ssl svg tcpd threads tiff truetype unicode vorbis x264 xcomposite xml xorg xscreensaver xv xvid zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="keyboard mouse" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" USERLAND="GNU" VIDEO_CARDS="radeon"
Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LDFLAGS, LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS

Comment 17 Jeroen Roovers (RETIRED) gentoo-dev

2008-06-01 19:40:11 UTC

I think bug #224407 needs a mention here.

Comment 18 Jeroen Roovers (RETIRED) gentoo-dev

2008-06-02 02:15:16 UTC

Stable for HPPA.

Comment 19 Raúl Porcel (RETIRED) gentoo-dev

2008-06-02 10:01:24 UTC

alpha/ia64/sparc stable

Comment 20 Steve Dibb (RETIRED) gentoo-dev

2008-06-03 14:21:54 UTC

amd64 stable

Comment 21 Tobias Scherbaum (RETIRED) gentoo-dev

2008-06-05 18:08:43 UTC

ppc stable

Comment 22 Peter Volkov (RETIRED) gentoo-dev

2008-06-06 07:49:33 UTC

Fixed in release snapshot.

Comment 23 Robert Buchholz (RETIRED) gentoo-dev

2008-06-23 22:51:47 UTC

GLSA 200806-08.