Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 347623 (CVE-2010-4180) - <dev-libs/openssl-{1.0.0c,0.9.8q}: Ciphersuite Downgrade and JPAKE Validation Vulnerabilities (CVE-2010-{4180,4252})
Summary: <dev-libs/openssl-{1.0.0c,0.9.8q}: Ciphersuite Downgrade and JPAKE Validation...
Status: RESOLVED FIXED
Alias: CVE-2010-4180
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Security
URL: http://www.openssl.org/news/secadv_20...
Whiteboard: A4 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2010-12-03 07:30 UTC by Tim Sammut (RETIRED)
Modified: 2011-10-09 15:37 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Tim Sammut (RETIRED) gentoo-dev 2010-12-03 07:30:23 UTC
From $URL:

OpenSSL Ciphersuite Downgrade Attack
=====================================

A flaw has been found in the OpenSSL SSL/TLS server code where an old bug
workaround allows malicous clients to modify the stored session cache
ciphersuite. In some cases the ciphersuite can be downgraded to a weaker one
on subsequent connections.

The OpenSSL security team would like to thank Martin Rex for reporting this
issue.

This vulnerability is tracked as CVE-2010-4180

OpenSSL JPAKE validation error
===============================

Sebastian Martini found an error in OpenSSL's J-PAKE implementation
which could lead to successful validation by someone with no knowledge
of the shared secret. This error is fixed in 1.0.0c. Details of the
problem can be found here:

http://seb.dbzteam.org/crypto/jpake-session-key-retrieval.pdf

Note that the OpenSSL Team still consider our implementation of J-PAKE
to be experimental and is not compiled by default.

This issue is tracked as CVE-2010-4252.

Mike, thank you for being on top of the version bump.

Arches, please test and mark stable:
=dev-libs/openssl-1.0.0c
Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86"

=dev-libs/openssl-0.9.8q
Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86"
Comment 1 Christian Faulhammer (RETIRED) gentoo-dev 2010-12-03 10:31:17 UTC
x86 stable
Comment 2 Agostino Sarubbo gentoo-dev 2010-12-03 13:00:22 UTC
amd64 ok
Comment 3 Jeroen Roovers gentoo-dev 2010-12-03 17:38:48 UTC
(In reply to comment #0)
> Arches, please test and mark stable:
> =dev-libs/openssl-1.0.0c
> Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86"

Stable for HPPA PPC.

> =dev-libs/openssl-0.9.8q
> Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86"

If I recall correctly, most arches don't need this. Skipped for HPPA PPC. Readd us if you think this is in error.
Comment 4 Markos Chandras (RETIRED) gentoo-dev 2010-12-03 18:03:12 UTC
I am a bit worried about the dual target too
Comment 5 Tim Sammut (RETIRED) gentoo-dev 2010-12-03 22:31:32 UTC
(In reply to comment #4)
> I am a bit worried about the dual target too
> 

Thanks. From another recent openssl bug, bug 345767:

>(In reply to comment #5)
>> Arches, please test and mark stable:
>> =dev-libs/openssl-0.9.8p
>> Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86"
>
>Do note that SLOT="0.9.8" is only for binary programs, and only amd64 and x86
>has such dependencies in tree.  
>Others may wish to skip SLOT="0.9.8" and only get SLOT="0" to avoid unnecessary
>testing.

So here are the revised targets.

=dev-libs/openssl-0.9.8q
Target keywords : "amd64 x86"
Already stabled : "x86"
Missing keywords: "amd64"

=dev-libs/openssl-1.0.0c
Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86"
Already stabled : "hppa ppc x86"
Missing keywords: "alpha amd64 arm ia64 m68k ppc64 s390 sh sparc"

Thanks, folks.


Comment 6 Markos Chandras (RETIRED) gentoo-dev 2010-12-04 11:22:13 UTC
amd64 done. Thanks Agostino
Comment 7 Markus Meier gentoo-dev 2010-12-05 14:23:40 UTC
arm stable
Comment 8 Raúl Porcel (RETIRED) gentoo-dev 2010-12-06 15:33:28 UTC
s390 stable
Comment 9 Raúl Porcel (RETIRED) gentoo-dev 2010-12-06 20:00:00 UTC
alpha/ia64/m68k/sh/sparc stable
Comment 10 Brent Baude (RETIRED) gentoo-dev 2010-12-10 19:09:02 UTC
ppc64 done
Comment 11 Tim Sammut (RETIRED) gentoo-dev 2010-12-10 19:20:40 UTC
Thanks, folks.

GLSA Vote, Yes.
Comment 12 Stefan Behte (RETIRED) gentoo-dev Security 2011-02-23 22:53:03 UTC
GLSA Vote: no.
Comment 13 GLSAMaker/CVETool Bot gentoo-dev 2011-10-08 12:41:01 UTC
CVE-2010-4180 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4180):
  OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when
  SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly
  prevent modification of the ciphersuite in the session cache, which allows
  remote attackers to force the downgrade to an unintended cipher via vectors
  involving sniffing network traffic to discover a session identifier.
Comment 14 Tobias Heinlein (RETIRED) gentoo-dev 2011-10-08 22:45:33 UTC
GLSA vote: YES; request filed.
Comment 15 GLSAMaker/CVETool Bot gentoo-dev 2011-10-09 15:37:49 UTC
This issue was resolved and addressed in
 201110-01 at http://security.gentoo.org/glsa/glsa-201110-01.xml
by GLSA coordinator Tobias Heinlein (keytoaster).
Comment 16 GLSAMaker/CVETool Bot gentoo-dev 2011-10-09 15:37:49 UTC
This issue was resolved and addressed in
 201110-01 at http://security.gentoo.org/glsa/glsa-201110-01.xml
by GLSA coordinator Tobias Heinlein (keytoaster).