719108 – (CVE-2020-12105) <net-vpn/openconnect-8.09: MITM by mishandling of X509_check return values (CVE-2020-12105)

Bug 719108 (CVE-2020-12105) - <net-vpn/openconnect-8.09: MITM by mishandling of X509_check return values (CVE-2020-12105)

Summary: <net-vpn/openconnect-8.09: MITM by mishandling of X509_check return values (C...

Status:	RESOLVED FIXED

Alias:	CVE-2020-12105

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor (vote)
Assignee:	Gentoo Security

URL:	https://gitlab.com/openconnect/openco...
Whiteboard:	B3 [glsa+ cve]
Keywords:	CC-ARCHES

Depends on:	718792 721570
Blocks:	CVE-2020-12823
	Show dependency tree

Reported:	2020-04-23 18:05 UTC by Sam James
Modified:	2020-06-15 15:47 UTC (History)
CC List:	5 users (show)

See Also:
Package list:	net-vpn/openconnect-8.09-r1 amd64 arm arm64 ppc64 x86 net-vpn/ocserv-1.0.1 amd64 arm arm64 ppc64 x86 sys-auth/oath-toolkit-2.6.2 arm arm64 ppc64 dev-libs/pcl-1.12-r1 amd64 arm arm64 ppc64 x86 net-libs/socket_wrapper-1.2.3 arm64 sys-libs/nss_wrapper-1.1.6 arm64 sys-libs/uid_wrapper-1.2.7 arm64 dev-libs/xmlsec-1.2.29 arm
Runtime testing required:	---

Flags:	nattka: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sam James archtester

2020-04-23 18:05:58 UTC

Description:
"OpenConnect through 8.08 mishandles negative return values from X509_check_ function calls, which might assist attackers in performing man-in-the-middle attacks."

PR (not yet merged): https://gitlab.com/openconnect/openconnect/-/merge_requests/96

Comment 1 Sam James archtester

2020-04-23 18:06:43 UTC

@maintainer(s), please keep an eye on this PR, as I will, and hopefully we can apply the patch once upstream merge it.

Comment 2 Sam James archtester

2020-05-01 01:20:44 UTC

@maintainer(s), 8.09 has been released with a patch for this. Please bump.

Comment 3 NATTkA bot gentoo-dev

2020-05-01 04:36:35 UTC

Sanity check failed:

> net-vpn/openconnect-8.09
>   bdepend arm64 stable profile default/linux/arm64/17.0 (9 total)
>     net-libs/socket_wrapper
>     sys-libs/uid_wrapper
> net-vpn/ocserv-1.0.0
>   bdepend arm64 stable profile default/linux/arm64/17.0 (9 total)
>     net-libs/socket_wrapper
>     sys-libs/nss_wrapper
>     sys-libs/uid_wrapper
> sys-auth/oath-toolkit-2.6.2
>   depend arm stable profile default/linux/arm/17.0 (1 total)
>     dev-libs/xmlsec
>   depend arm dev profile default/linux/arm/17.0/armv4 (31 total)
>     dev-libs/xmlsec
>   rdepend arm stable profile default/linux/arm/17.0 (1 total)
>     dev-libs/xmlsec
>   rdepend arm dev profile default/linux/arm/17.0/armv4 (31 total)
>     dev-libs/xmlsec

Comment 4 NATTkA bot gentoo-dev

2020-05-01 04:44:56 UTC

All sanity-check issues have been resolved

Comment 5 Agostino Sarubbo gentoo-dev

2020-05-07 15:59:09 UTC

amd64 stable

Comment 6 Sam James archtester

2020-05-09 08:57:16 UTC

arm64 stable

Comment 7 Agostino Sarubbo gentoo-dev

2020-05-13 17:14:58 UTC

ppc64 stable

Comment 8 Thomas Deutschmann (RETIRED) gentoo-dev

2020-05-14 21:30:23 UTC

x86 stable

Comment 9 Sam James archtester

2020-06-08 15:06:05 UTC

arm stable

----
@maintainer(s), please cleanup

Comment 10 Sam James archtester

2020-06-10 22:26:04 UTC

[glsa-ing as part of the other bug]

Comment 11 Larry the Git Cow gentoo-dev

2020-06-10 23:32:29 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0102eabe0befa3f87d530f5fc0e5885187ed20c9

commit 0102eabe0befa3f87d530f5fc0e5885187ed20c9
Author:     Mike Gilbert <floppym@gentoo.org>
AuthorDate: 2020-06-10 23:32:10 +0000
Commit:     Mike Gilbert <floppym@gentoo.org>
CommitDate: 2020-06-10 23:32:10 +0000

    net-vpn/openconnect: remove old
    
    Bug: https://bugs.gentoo.org/719108
    Signed-off-by: Mike Gilbert <floppym@gentoo.org>

 net-vpn/openconnect/Manifest                |   2 -
 net-vpn/openconnect/openconnect-8.06.ebuild | 141 --------------------------
 net-vpn/openconnect/openconnect-8.08.ebuild | 147 ----------------------------
 3 files changed, 290 deletions(-)

Comment 12 GLSAMaker/CVETool Bot gentoo-dev

2020-06-15 15:47:53 UTC

This issue was resolved and addressed in
 GLSA 202006-15 at https://security.gentoo.org/glsa/202006-15
by GLSA coordinator Aaron Bauman (b-man).