Incorrectly formatted ClientHello handshake messages could cause OpenSSL
to parse past the end of the message.
This issue applies to the following versions:
1) OpenSSL 0.9.8h through 0.9.8q
2) OpenSSL 1.0.0 through 1.0.0c
The parsing function in question is already used on arbitary data so no
additional vulnerabilities are expected to be uncovered by this.
However, an attacker may be able to cause a crash (denial of service) by
triggering invalid memory accesses.
The results of the parse are only availible to the application using
OpenSSL so do not directly cause an information leak. However, some
applications may expose the contents of parsed OCSP extensions,
specifically an OCSP nonce extension. An attacker could use this to read
the contents of memory following the ClientHello.
Users of OpenSSL should update to the OpenSSL 1.0.0d (or 0.9.8r) release,
which contains a patch to correct this issue. If upgrading is not
immediately possible, the source code patch provided in this advisory
should be applied.
Neel Mehta (Google) identified the vulnerability. Adam Langley and
Bodo Moeller (Google) prepared the fix.
Assuming the crash is not exploitable based on "no additional vulnerabilities are expected to be uncovered by this".
1.0.0d was in the tree before this bug was filed ...
0.9.8d wasnt explicitly announced, but it's in the tree now
(In reply to comment #2)
> 1.0.0d was in the tree before this bug was filed ...
> 0.9.8d wasnt explicitly announced, but it's in the tree now
Thanks, Mike. Are we ok to stabilize? And are we stabilizing 0.9.8r on x86 and amd64 only?
For what it's worth, I'm using both 1.0.0d and 0.9.8d on stable amd64 systems without any issues.
tested with at least lighttpd/openssh/ktorrent2
Arches, please stabilize:
just amd64 and x86: =dev-libs/openssl-0.9.8r
( version 1.0.0d works also on my x86hardened )
amd64 done. Thanks Agostino
Tested openssl 1.0.0d on SPARC, seems to be OK. Stabilise please.
Stable for HPPA.
Looks also good to go here on x86.
(In reply to comment #13)
> x86 stable
Fauli, it seems that you forgot to stabilize =dev-libs/openssl-0.9.8r also!
(In reply to comment #14)
> (In reply to comment #13)
> > x86 stable
> Fauli, it seems that you forgot to stabilize =dev-libs/openssl-0.9.8r also!
Thanks for the heads up. The CVS outage confused me. x86 done for real.
Stable on alpha.
Thanks, everyone. Added to existing GLSA request.
ssl/t1_lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c
allows remote attackers to cause a denial of service (crash), and possibly
obtain sensitive information in applications that use OpenSSL, via a
malformed ClientHello handshake message that triggers an out-of-bounds
memory access, aka "OCSP stapling vulnerability."
This issue was resolved and addressed in
201110-01 at http://security.gentoo.org/glsa/glsa-201110-01.xml
by GLSA coordinator Tobias Heinlein (keytoaster).