Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 409287 (CVE-2012-1573) - <net-libs/gnutls-2.12.18: record handling issue (CVE-2012-1573)
Summary: <net-libs/gnutls-2.12.18: record handling issue (CVE-2012-1573)
Status: RESOLVED FIXED
Alias: CVE-2012-1573
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://bugzilla.redhat.com/show_bug....
Whiteboard: A3 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2012-03-22 09:20 UTC by Michael Harrison
Modified: 2012-06-23 14:41 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Harrison 2012-03-22 09:20:46 UTC
The block cipher decryption logic in GnuTLS assumed that a record containing
any data which was a multiple of the block size was valid for further
decryption processing, leading to a heap corruption vulnerability.

The bug can be reproduced in GnuTLS 3.0.14 by creating a corrupt
GenericBlockCipher struct with a valid IV, while everything else is stripped
off the end, while the handshake message length retains its original value[...]

This will cause a segmentation fault, when the ciphertext_to_compressed
function tries to give decrypted data to _gnutls_auth_cipher_add_auth for HMAC
verification, even though the data length is invalid, and it should have
returned GNUTLS_E_DECRYPTION_FAILED or GNUTLS_E_UNEXPECTED_PACKET_LENGTH
instead, before _gnutls_auth_cipher_add_auth was called.


References:
** libgnutls: Corrections in record packet parsing.
Reported by Matthew Hall.
http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5912

Additional details from the reporter are described as MU-201202-01 in:
http://blog.mudynamics.com/2012/03/20/gnutls-and-libtasn1-vulns/

Patch for 2.x:
http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=422214868061370aeeb0ac9cd0f021a5c350a57d

Patch for 3.x:
http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=b495740f2ff66550ca9395b3fda3ea32c3acb185
Comment 1 Tim Sammut (RETIRED) gentoo-dev 2012-03-22 13:56:12 UTC
@crypto, I believe this was fixed in >=net-libs/gnutls-2.12.17 for 2.x. Can we move forward and stabilize that? Thanks.
Comment 2 Tim Harder gentoo-dev 2012-03-22 23:18:47 UTC
(In reply to comment #1)
> @crypto, I believe this was fixed in >=net-libs/gnutls-2.12.17 for 2.x. Can
> we move forward and stabilize that? Thanks.

I'd say =net-libs/gnutls-2.12.18 should go stable.
Comment 3 Tim Sammut (RETIRED) gentoo-dev 2012-03-25 14:56:12 UTC
(In reply to comment #2)
> 
> I'd say =net-libs/gnutls-2.12.18 should go stable.

Great, thanks.

Arches, please test and mark stable:
=net-libs/gnutls-2.12.18
Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86"
Comment 4 Tomáš "tpruzina" Pružina (amd64 [ex]AT) 2012-03-25 22:53:43 UTC
amd64: ok
Comment 5 Maurizio Camisaschi (amd64 AT) 2012-03-26 17:17:57 UTC
#required by net-libs/gnutls-2.12.18[pkcs11], required by =net-libs/gnutls-2.12.18 (argument)                                                                
=app-crypt/p11-kit-0.12 ~amd64 

added Bug 409781 but probably could be done simply here, notice now that have the same maintainer, sorry
Comment 6 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2012-03-27 14:59:53 UTC
x86 stable
Comment 7 Elijah "Armageddon" El Lazkani (amd64 AT) 2012-03-28 07:05:37 UTC
amd64: pass
Comment 8 Agostino Sarubbo gentoo-dev 2012-03-28 09:58:39 UTC
amd64 stable
Comment 9 GLSAMaker/CVETool Bot gentoo-dev 2012-03-28 11:16:33 UTC
CVE-2012-1573 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1573):
  gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15
  does not properly handle data encrypted with a block cipher, which allows
  remote attackers to cause a denial of service (heap memory corruption and
  application crash) via a crafted record, as demonstrated by a crafted
  GenericBlockCipher structure.
Comment 10 Jeroen Roovers gentoo-dev 2012-03-28 20:14:27 UTC
Stable for HPPA.
Comment 11 Brent Baude (RETIRED) gentoo-dev 2012-03-28 20:24:33 UTC
ppc64 done
Comment 12 Markus Meier gentoo-dev 2012-03-31 14:54:08 UTC
arm stable
Comment 13 Raúl Porcel (RETIRED) gentoo-dev 2012-04-08 15:28:13 UTC
alpha/ia64/m68k/s390/sh/sparc stable
Comment 14 Brent Baude (RETIRED) gentoo-dev 2012-04-16 18:04:47 UTC
ppc done
Comment 15 Sean Amoss (RETIRED) gentoo-dev Security 2012-04-16 21:09:34 UTC
Thanks, everyone. Creating new GLSA request.
Comment 16 GLSAMaker/CVETool Bot gentoo-dev 2012-06-23 14:41:28 UTC
This issue was resolved and addressed in
 GLSA 201206-18 at http://security.gentoo.org/glsa/glsa-201206-18.xml
by GLSA coordinator Sean Amoss (ackle).