Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 354139 (CVE-2011-0014)

Summary: <dev-libs/openssl-{1.0.0d,0.9.8r}: OCSP stapling vulnerability (CVE-2011-0014)
Product: Gentoo Security Reporter: Paweł Hajdan, Jr. (RETIRED) <phajdan.jr>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: laurent
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://www.openssl.org/news/secadv_20110208.txt
Whiteboard: A3 [glsa]
Package list:
Runtime testing required: ---

Description Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2011-02-08 19:21:54 UTC 
Incorrectly formatted ClientHello handshake messages could cause OpenSSL
to parse past the end of the message.

This issue applies to the following versions:
  1) OpenSSL 0.9.8h through 0.9.8q
  2) OpenSSL 1.0.0 through 1.0.0c

The parsing function in question is already used on arbitary data so no
additional vulnerabilities are expected to be uncovered by this.
However, an attacker may be able to cause a crash (denial of service) by
triggering invalid memory accesses.

The results of the parse are only availible to the application using
OpenSSL so do not directly cause an information leak. However, some
applications may expose the contents of parsed OCSP extensions,
specifically an OCSP nonce extension. An attacker could use this to read
the contents of memory following the ClientHello.

Users of OpenSSL should update to the OpenSSL 1.0.0d (or 0.9.8r) release,
which contains a patch to correct this issue. If upgrading is not
immediately possible, the source code patch provided in this advisory
should be applied.

Neel Mehta (Google) identified the vulnerability. Adam Langley and
Bodo Moeller (Google) prepared the fix.
Comment 1 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2011-02-08 19:24:49 UTC 
Assuming the crash is not exploitable based on "no additional vulnerabilities are expected to be uncovered by this".
Comment 2 SpanKY gentoo-dev 2011-02-10 02:03:05 UTC 
1.0.0d was in the tree before this bug was filed ...

0.9.8d wasnt explicitly announced, but it's in the tree now
Comment 3 Tim Sammut (RETIRED) gentoo-dev 2011-02-10 07:01:29 UTC 
(In reply to comment #2)
> 1.0.0d was in the tree before this bug was filed ...
> 
> 0.9.8d wasnt explicitly announced, but it's in the tree now
> 

Thanks, Mike. Are we ok to stabilize? And are we stabilizing 0.9.8r on x86 and amd64 only?
Comment 4 Laurent Bachelier 2011-02-17 10:44:22 UTC 
For what it's worth, I'm using both 1.0.0d and 0.9.8d on stable amd64 systems without any issues.
tested with at least lighttpd/openssh/ktorrent2
Comment 5 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2011-02-17 15:41:06 UTC 
Arches, please stabilize:

everyone: =dev-libs/openssl-1.0.0d
just amd64 and x86: =dev-libs/openssl-0.9.8r
Comment 6 Agostino Sarubbo gentoo-dev 2011-02-17 17:17:52 UTC 
amd64 ok

( version 1.0.0d works also on my x86hardened )
Comment 7 Markos Chandras (RETIRED) gentoo-dev 2011-02-17 20:03:23 UTC 
amd64 done. Thanks Agostino
Comment 8 Kacper Kowalik (Xarthisius) (RETIRED) gentoo-dev 2011-02-17 20:14:10 UTC 
ppc/ppc64 stable
Comment 9 Alex Buell 2011-02-18 11:46:18 UTC 
Tested openssl 1.0.0d on SPARC, seems to be OK. Stabilise please.
Comment 10 Jeroen Roovers (RETIRED) gentoo-dev 2011-02-18 13:03:47 UTC 
Stable for HPPA.
Comment 11 Markus Meier gentoo-dev 2011-02-19 19:18:27 UTC 
arm stable
Comment 12 Andreas Schürch gentoo-dev 2011-02-21 15:00:22 UTC 
Looks also good to go here on x86.
Comment 13 Christian Faulhammer (RETIRED) gentoo-dev 2011-02-21 18:34:04 UTC 
x86 stable
Comment 14 Andreas Schürch gentoo-dev 2011-02-22 06:02:46 UTC 
(In reply to comment #13)
> x86 stable
> 
Fauli, it seems that you forgot to stabilize =dev-libs/openssl-0.9.8r also!
Comment 15 Christian Faulhammer (RETIRED) gentoo-dev 2011-02-24 20:40:38 UTC 
(In reply to comment #14)
> (In reply to comment #13)
> > x86 stable
> > 
> Fauli, it seems that you forgot to stabilize =dev-libs/openssl-0.9.8r also!

 Thanks for the heads up.  The CVS outage confused me.  x86 done for real.
Comment 16 Tobias Klausmann (RETIRED) gentoo-dev 2011-02-26 20:59:41 UTC 
Stable on alpha.
Comment 17 Raúl Porcel (RETIRED) gentoo-dev 2011-03-05 15:48:31 UTC 
ia64/m68k/s390/sh/sparc stable
Comment 18 Tim Sammut (RETIRED) gentoo-dev 2011-03-05 21:20:22 UTC 
Thanks, everyone. Added to existing GLSA request.
Comment 19 GLSAMaker/CVETool Bot gentoo-dev 2011-06-24 00:35:07 UTC 
CVE-2011-0014 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0014):
  ssl/t1_lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c
  allows remote attackers to cause a denial of service (crash), and possibly
  obtain sensitive information in applications that use OpenSSL, via a
  malformed ClientHello handshake message that triggers an out-of-bounds
  memory access, aka "OCSP stapling vulnerability."
Comment 20 GLSAMaker/CVETool Bot gentoo-dev 2011-10-09 15:37:56 UTC 
This issue was resolved and addressed in
 201110-01 at http://security.gentoo.org/glsa/glsa-201110-01.xml
by GLSA coordinator Tobias Heinlein (keytoaster).
Comment 21 GLSAMaker/CVETool Bot gentoo-dev 2011-10-09 15:37:56 UTC 
This issue was resolved and addressed in
 201110-01 at http://security.gentoo.org/glsa/glsa-201110-01.xml
by GLSA coordinator Tobias Heinlein (keytoaster).