Bug 345767 (CVE-2010-3864)

Summary:

<dev-libs/openssl-{0.9.8p,1.0.0b-r1}: Buffer Overflow Vulnerability (CVE-2010-3864)

Product:

Gentoo Security

Reporter:

Tim Sammut (RETIRED) <underling>

Component:

Vulnerabilities

Assignee:

Gentoo Security <security>

Status:

RESOLVED FIXED

Severity:

blocker

CC:

axiator, brant, bugsgentoo, mno2go, ole+gentoo, phmagic

Priority:

High

Version:

unspecified

Hardware:

All

OS:

Linux

URL:

http://openssl.org/news/secadv_20101116.txt

Whiteboard:

A0 [glsa]

Package list:

Runtime testing required:

---

Bug Depends on:

346759

Bug Blocks:

Attachments:

Description	Flags
Build log	none

Description Tim Sammut (RETIRED) gentoo-dev

2010-11-16 16:04:42 UTC

From $URL:

TLS extension parsing race condition.
=====================================

A flaw has been found in the OpenSSL TLS server extension code parsing which
on affected servers can be exploited in a buffer overrun attack.

The OpenSSL security team would like to thank Rob Hulswit for reporting this
issue.

The fix was developed by Dr Stephen Henson of the OpenSSL core team.

This vulnerability is tracked as CVE-2010-3864

Who is affected?
=================

All versions of OpenSSL supporting TLS extensions contain this vulnerability
including OpenSSL 0.9.8f through 0.9.8o, 1.0.0, 1.0.0a releases.

Any OpenSSL based TLS server is vulnerable if it is multi-threaded and uses
OpenSSL's internal caching mechanism. Servers that are multi-process and/or
disable internal session caching are NOT affected.

In particular the Apache HTTP server (which never uses OpenSSL internal
caching) and Stunnel (which includes its own workaround) are NOT affected.

Recommendations for users of OpenSSL
=====================================

Users of all OpenSSL 0.9.8 releases from 0.9.8f through 0.9.8o should update
to the OpenSSL 0.9.8p release which contains a patch to correct this issue.

Users of OpenSSL 1.0.0 and 1.0.0a should update to the OpenSSL 1.0.0b release
which contains a patch to correct this issue.

If upgrading is not immediately possible, the relevant source code patch
provided in this advisory should be applied.

Comment 1 Brant Gurganus 2010-11-17 03:41:26 UTC

1.0.0b as in the tree now has the issue that slipped out and caught by the test cases. See the thread at https://groups.google.com/group/mailing.openssl.users/browse_thread/thread/f823f3163070e7d5#

There is a patch available.

Comment 2 Agostino Sarubbo gentoo-dev

2010-11-17 11:41:54 UTC

Created attachment 254619 [details]
Build log

Shorten the time. I guess this will become a stablereq, so I already leave my feedback.
Openssl-1.0.0b fails test, but it runs ( amd64 )
Openssl-1.0.0b fails test, but it runs ( x86 )

Openssl-0.9.8p ok ( amd64 )

Comment 3 Diego Elio Pettenò (RETIRED) gentoo-dev

2010-11-17 11:54:06 UTC

What's the point of stating "tests fail" and then attaching a log without any test result at all? Beside the fact that Brant already reported that upstream knows about the failure and we need a -r1?

Comment 4 Diego Elio Pettenò (RETIRED) gentoo-dev

2010-11-17 12:11:43 UTC

1.0.0b-r1 is in tree with the upstream patch, thanks Brant.

All tests pass now.

Comment 5 Tim Sammut (RETIRED) gentoo-dev

2010-11-17 14:37:10 UTC

Thanks, Diego.

Arches, please test and mark stable:
=dev-libs/openssl-0.9.8p
Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86"

=dev-libs/openssl-1.0.0b-r1
Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86"

Comment 6 Samuli Suominen (RETIRED) gentoo-dev

2010-11-17 14:57:30 UTC

(In reply to comment #5)
> Arches, please test and mark stable:
> =dev-libs/openssl-0.9.8p
> Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86"

Do note that SLOT="0.9.8" is only for binary programs, and only amd64 and x86 has such dependencies in tree.  
Others may wish to skip SLOT="0.9.8" and only get SLOT="0" to avoid unnecessary testing.

Comment 7 Agostino Sarubbo gentoo-dev

2010-11-17 15:25:54 UTC

(In reply to comment #3)
> What's the point of stating "tests fail" and then attaching a log without any
> test result at all? Beside the fact that Brant already reported that upstream
> knows about the failure and we need a -r1?
> 

sorry, I have attached a log wrong, and I did not realize the message of Brant.

Quiet, nothing happened ;)

Anyway:
=dev-libs/openssl-1.0.0b-r1 ok on amd64.
=dev-libs/openssl-0.9.8p ok ( already tested previously )

Comment 8 Jeroen Roovers (RETIRED) gentoo-dev

2010-11-17 15:38:32 UTC

Stable for HPPA PPC.

Comment 9 Thomas Kahle (RETIRED) gentoo-dev

2010-11-17 18:38:52 UTC

x86 done, thanks.

Comment 10 Markos Chandras (RETIRED) gentoo-dev

2010-11-17 20:16:51 UTC

amd64 done. Thanks Agostino

Comment 11 Markus Meier gentoo-dev

2010-11-19 13:49:53 UTC

arm stable

Comment 12 Raúl Porcel (RETIRED) gentoo-dev

2010-11-21 11:25:48 UTC

alpha/ia64/m68k/s390/sh/sparc stable

Comment 13 Brent Baude (RETIRED) gentoo-dev

2010-11-28 14:35:26 UTC

ppc64 done

Comment 14 Tim Sammut (RETIRED) gentoo-dev

2010-11-28 15:26:16 UTC

Thanks, everyone. GLSA with bug 332027.

Comment 15 GLSAMaker/CVETool Bot gentoo-dev

2011-06-24 19:52:55 UTC

CVE-2010-3864 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3864):
  Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through 0.9.8o,
  1.0.0, and 1.0.0a, when multi-threading and internal caching are enabled on
  a TLS server, might allow remote attackers to execute arbitrary code via
  client data that triggers a heap-based buffer overflow, related to (1) the
  TLS server name extension and (2) elliptic curve cryptography.

Comment 16 GLSAMaker/CVETool Bot gentoo-dev

2011-10-09 15:37:42 UTC

This issue was resolved and addressed in
 201110-01 at http://security.gentoo.org/glsa/glsa-201110-01.xml
by GLSA coordinator Tobias Heinlein (keytoaster).

Comment 17 GLSAMaker/CVETool Bot gentoo-dev

2011-10-09 15:37:42 UTC

This issue was resolved and addressed in
 201110-01 at http://security.gentoo.org/glsa/glsa-201110-01.xml
by GLSA coordinator Tobias Heinlein (keytoaster).