Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 354139 (CVE-2011-0014) - <dev-libs/openssl-{1.0.0d,0.9.8r}: OCSP stapling vulnerability (CVE-2011-0014)
Summary: <dev-libs/openssl-{1.0.0d,0.9.8r}: OCSP stapling vulnerability (CVE-2011-0014)
Status: RESOLVED FIXED
Alias: CVE-2011-0014
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL: http://www.openssl.org/news/secadv_20...
Whiteboard: A3 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2011-02-08 19:21 UTC by Paweł Hajdan, Jr. (RETIRED)
Modified: 2011-10-09 15:37 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2011-02-08 19:21:54 UTC
Incorrectly formatted ClientHello handshake messages could cause OpenSSL
to parse past the end of the message.

This issue applies to the following versions:
  1) OpenSSL 0.9.8h through 0.9.8q
  2) OpenSSL 1.0.0 through 1.0.0c

The parsing function in question is already used on arbitary data so no
additional vulnerabilities are expected to be uncovered by this.
However, an attacker may be able to cause a crash (denial of service) by
triggering invalid memory accesses.

The results of the parse are only availible to the application using
OpenSSL so do not directly cause an information leak. However, some
applications may expose the contents of parsed OCSP extensions,
specifically an OCSP nonce extension. An attacker could use this to read
the contents of memory following the ClientHello.

Users of OpenSSL should update to the OpenSSL 1.0.0d (or 0.9.8r) release,
which contains a patch to correct this issue. If upgrading is not
immediately possible, the source code patch provided in this advisory
should be applied.

Neel Mehta (Google) identified the vulnerability. Adam Langley and
Bodo Moeller (Google) prepared the fix.
Comment 1 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2011-02-08 19:24:49 UTC
Assuming the crash is not exploitable based on "no additional vulnerabilities are expected to be uncovered by this".
Comment 2 SpanKY gentoo-dev 2011-02-10 02:03:05 UTC
1.0.0d was in the tree before this bug was filed ...

0.9.8d wasnt explicitly announced, but it's in the tree now
Comment 3 Tim Sammut (RETIRED) gentoo-dev 2011-02-10 07:01:29 UTC
(In reply to comment #2)
> 1.0.0d was in the tree before this bug was filed ...
> 
> 0.9.8d wasnt explicitly announced, but it's in the tree now
> 

Thanks, Mike. Are we ok to stabilize? And are we stabilizing 0.9.8r on x86 and amd64 only? 
Comment 4 Laurent Bachelier 2011-02-17 10:44:22 UTC
For what it's worth, I'm using both 1.0.0d and 0.9.8d on stable amd64 systems without any issues.
tested with at least lighttpd/openssh/ktorrent2
Comment 5 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2011-02-17 15:41:06 UTC
Arches, please stabilize:

everyone: =dev-libs/openssl-1.0.0d
just amd64 and x86: =dev-libs/openssl-0.9.8r
Comment 6 Agostino Sarubbo gentoo-dev 2011-02-17 17:17:52 UTC
amd64 ok

( version 1.0.0d works also on my x86hardened )
Comment 7 Markos Chandras (RETIRED) gentoo-dev 2011-02-17 20:03:23 UTC
amd64 done. Thanks Agostino
Comment 8 Kacper Kowalik (Xarthisius) (RETIRED) gentoo-dev 2011-02-17 20:14:10 UTC
ppc/ppc64 stable
Comment 9 Alex Buell 2011-02-18 11:46:18 UTC
Tested openssl 1.0.0d on SPARC, seems to be OK. Stabilise please. 
Comment 10 Jeroen Roovers (RETIRED) gentoo-dev 2011-02-18 13:03:47 UTC
Stable for HPPA.
Comment 11 Markus Meier gentoo-dev 2011-02-19 19:18:27 UTC
arm stable
Comment 12 Andreas Schürch gentoo-dev 2011-02-21 15:00:22 UTC
Looks also good to go here on x86.
Comment 13 Christian Faulhammer (RETIRED) gentoo-dev 2011-02-21 18:34:04 UTC
x86 stable
Comment 14 Andreas Schürch gentoo-dev 2011-02-22 06:02:46 UTC
(In reply to comment #13)
> x86 stable
> 
Fauli, it seems that you forgot to stabilize =dev-libs/openssl-0.9.8r also!

Comment 15 Christian Faulhammer (RETIRED) gentoo-dev 2011-02-24 20:40:38 UTC
(In reply to comment #14)
> (In reply to comment #13)
> > x86 stable
> > 
> Fauli, it seems that you forgot to stabilize =dev-libs/openssl-0.9.8r also!

 Thanks for the heads up.  The CVS outage confused me.  x86 done for real.
Comment 16 Tobias Klausmann (RETIRED) gentoo-dev 2011-02-26 20:59:41 UTC
Stable on alpha.
Comment 17 Raúl Porcel (RETIRED) gentoo-dev 2011-03-05 15:48:31 UTC
ia64/m68k/s390/sh/sparc stable
Comment 18 Tim Sammut (RETIRED) gentoo-dev 2011-03-05 21:20:22 UTC
Thanks, everyone. Added to existing GLSA request.
Comment 19 GLSAMaker/CVETool Bot gentoo-dev 2011-06-24 00:35:07 UTC
CVE-2011-0014 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0014):
  ssl/t1_lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c
  allows remote attackers to cause a denial of service (crash), and possibly
  obtain sensitive information in applications that use OpenSSL, via a
  malformed ClientHello handshake message that triggers an out-of-bounds
  memory access, aka "OCSP stapling vulnerability."
Comment 20 GLSAMaker/CVETool Bot gentoo-dev 2011-10-09 15:37:56 UTC
This issue was resolved and addressed in
 201110-01 at http://security.gentoo.org/glsa/glsa-201110-01.xml
by GLSA coordinator Tobias Heinlein (keytoaster).
Comment 21 GLSAMaker/CVETool Bot gentoo-dev 2011-10-09 15:37:56 UTC
This issue was resolved and addressed in
 201110-01 at http://security.gentoo.org/glsa/glsa-201110-01.xml
by GLSA coordinator Tobias Heinlein (keytoaster).