|Summary:||<net-libs/gnutls-2.12.18: record handling issue (CVE-2012-1573)|
|Product:||Gentoo Security||Reporter:||Michael Harrison <n0idx80>|
|Component:||Vulnerabilities||Assignee:||Gentoo Security <security>|
|Package list:||Runtime testing required:||---|
Description Michael Harrison 2012-03-22 09:20:46 UTC
The block cipher decryption logic in GnuTLS assumed that a record containing any data which was a multiple of the block size was valid for further decryption processing, leading to a heap corruption vulnerability. The bug can be reproduced in GnuTLS 3.0.14 by creating a corrupt GenericBlockCipher struct with a valid IV, while everything else is stripped off the end, while the handshake message length retains its original value[...] This will cause a segmentation fault, when the ciphertext_to_compressed function tries to give decrypted data to _gnutls_auth_cipher_add_auth for HMAC verification, even though the data length is invalid, and it should have returned GNUTLS_E_DECRYPTION_FAILED or GNUTLS_E_UNEXPECTED_PACKET_LENGTH instead, before _gnutls_auth_cipher_add_auth was called. References: ** libgnutls: Corrections in record packet parsing. Reported by Matthew Hall. http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5912 Additional details from the reporter are described as MU-201202-01 in: http://blog.mudynamics.com/2012/03/20/gnutls-and-libtasn1-vulns/ Patch for 2.x: http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=422214868061370aeeb0ac9cd0f021a5c350a57d Patch for 3.x: http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=b495740f2ff66550ca9395b3fda3ea32c3acb185
Comment 1 Tim Sammut (RETIRED) 2012-03-22 13:56:12 UTC
@crypto, I believe this was fixed in >=net-libs/gnutls-2.12.17 for 2.x. Can we move forward and stabilize that? Thanks.
Comment 2 Tim Harder 2012-03-22 23:18:47 UTC
(In reply to comment #1) > @crypto, I believe this was fixed in >=net-libs/gnutls-2.12.17 for 2.x. Can > we move forward and stabilize that? Thanks. I'd say =net-libs/gnutls-2.12.18 should go stable.
Comment 3 Tim Sammut (RETIRED) 2012-03-25 14:56:12 UTC
(In reply to comment #2) > > I'd say =net-libs/gnutls-2.12.18 should go stable. Great, thanks. Arches, please test and mark stable: =net-libs/gnutls-2.12.18 Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86"
Comment 4 Tomáš "tpruzina" Pružina (amd64 [ex]AT) 2012-03-25 22:53:43 UTC
Comment 5 Maurizio Camisaschi (amd64 AT) 2012-03-26 17:17:57 UTC
#required by net-libs/gnutls-2.12.18[pkcs11], required by =net-libs/gnutls-2.12.18 (argument) =app-crypt/p11-kit-0.12 ~amd64 added Bug 409781 but probably could be done simply here, notice now that have the same maintainer, sorry
Comment 6 Paweł Hajdan, Jr. (RETIRED) 2012-03-27 14:59:53 UTC
Comment 7 Elijah "Armageddon" El Lazkani (amd64 AT) 2012-03-28 07:05:37 UTC
Comment 8 Agostino Sarubbo 2012-03-28 09:58:39 UTC
Comment 9 GLSAMaker/CVETool Bot 2012-03-28 11:16:33 UTC
CVE-2012-1573 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1573): gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) via a crafted record, as demonstrated by a crafted GenericBlockCipher structure.
Comment 10 Jeroen Roovers (RETIRED) 2012-03-28 20:14:27 UTC
Stable for HPPA.
Comment 11 Brent Baude (RETIRED) 2012-03-28 20:24:33 UTC
Comment 12 Markus Meier 2012-03-31 14:54:08 UTC
Comment 13 Raúl Porcel (RETIRED) 2012-04-08 15:28:13 UTC
Comment 14 Brent Baude (RETIRED) 2012-04-16 18:04:47 UTC
Comment 15 Sean Amoss (RETIRED) 2012-04-16 21:09:34 UTC
Thanks, everyone. Creating new GLSA request.
Comment 16 GLSAMaker/CVETool Bot 2012-06-23 14:41:28 UTC
This issue was resolved and addressed in GLSA 201206-18 at http://security.gentoo.org/glsa/glsa-201206-18.xml by GLSA coordinator Sean Amoss (ackle).