Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 719108 (CVE-2020-12105) - <net-vpn/openconnect-8.09: MITM by mishandling of X509_check return values (CVE-2020-12105)
Summary: <net-vpn/openconnect-8.09: MITM by mishandling of X509_check return values (C...
Status: RESOLVED FIXED
Alias: CVE-2020-12105
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://gitlab.com/openconnect/openco...
Whiteboard: B3 [glsa+ cve]
Keywords: CC-ARCHES
Depends on: 718792 721570
Blocks: CVE-2020-12823
  Show dependency tree
 
Reported: 2020-04-23 18:05 UTC by Sam James
Modified: 2020-06-15 15:47 UTC (History)
5 users (show)

See Also:
Package list:
net-vpn/openconnect-8.09-r1 amd64 arm arm64 ppc64 x86 net-vpn/ocserv-1.0.1 amd64 arm arm64 ppc64 x86 sys-auth/oath-toolkit-2.6.2 arm arm64 ppc64 dev-libs/pcl-1.12-r1 amd64 arm arm64 ppc64 x86 net-libs/socket_wrapper-1.2.3 arm64 sys-libs/nss_wrapper-1.1.6 arm64 sys-libs/uid_wrapper-1.2.7 arm64 dev-libs/xmlsec-1.2.29 arm
Runtime testing required: ---
nattka: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester gentoo-dev Security 2020-04-23 18:05:58 UTC
Description:
"OpenConnect through 8.08 mishandles negative return values from X509_check_ function calls, which might assist attackers in performing man-in-the-middle attacks."

PR (not yet merged): https://gitlab.com/openconnect/openconnect/-/merge_requests/96
Comment 1 Sam James archtester gentoo-dev Security 2020-04-23 18:06:43 UTC
@maintainer(s), please keep an eye on this PR, as I will, and hopefully we can apply the patch once upstream merge it.
Comment 2 Sam James archtester gentoo-dev Security 2020-05-01 01:20:44 UTC
@maintainer(s), 8.09 has been released with a patch for this. Please bump.
Comment 3 NATTkA bot gentoo-dev 2020-05-01 04:36:35 UTC
Sanity check failed:

> net-vpn/openconnect-8.09
>   bdepend arm64 stable profile default/linux/arm64/17.0 (9 total)
>     net-libs/socket_wrapper
>     sys-libs/uid_wrapper
> net-vpn/ocserv-1.0.0
>   bdepend arm64 stable profile default/linux/arm64/17.0 (9 total)
>     net-libs/socket_wrapper
>     sys-libs/nss_wrapper
>     sys-libs/uid_wrapper
> sys-auth/oath-toolkit-2.6.2
>   depend arm stable profile default/linux/arm/17.0 (1 total)
>     dev-libs/xmlsec
>   depend arm dev profile default/linux/arm/17.0/armv4 (31 total)
>     dev-libs/xmlsec
>   rdepend arm stable profile default/linux/arm/17.0 (1 total)
>     dev-libs/xmlsec
>   rdepend arm dev profile default/linux/arm/17.0/armv4 (31 total)
>     dev-libs/xmlsec
Comment 4 NATTkA bot gentoo-dev 2020-05-01 04:44:56 UTC
All sanity-check issues have been resolved
Comment 5 Agostino Sarubbo gentoo-dev 2020-05-07 15:59:09 UTC
amd64 stable
Comment 6 Sam James archtester gentoo-dev Security 2020-05-09 08:57:16 UTC
arm64 stable
Comment 7 Agostino Sarubbo gentoo-dev 2020-05-13 17:14:58 UTC
ppc64 stable
Comment 8 Thomas Deutschmann gentoo-dev Security 2020-05-14 21:30:23 UTC
x86 stable
Comment 9 Sam James archtester gentoo-dev Security 2020-06-08 15:06:05 UTC
arm stable

----
@maintainer(s), please cleanup
Comment 10 Sam James archtester gentoo-dev Security 2020-06-10 22:26:04 UTC
[glsa-ing as part of the other bug]
Comment 11 Larry the Git Cow gentoo-dev 2020-06-10 23:32:29 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0102eabe0befa3f87d530f5fc0e5885187ed20c9

commit 0102eabe0befa3f87d530f5fc0e5885187ed20c9
Author:     Mike Gilbert <floppym@gentoo.org>
AuthorDate: 2020-06-10 23:32:10 +0000
Commit:     Mike Gilbert <floppym@gentoo.org>
CommitDate: 2020-06-10 23:32:10 +0000

    net-vpn/openconnect: remove old
    
    Bug: https://bugs.gentoo.org/719108
    Signed-off-by: Mike Gilbert <floppym@gentoo.org>

 net-vpn/openconnect/Manifest                |   2 -
 net-vpn/openconnect/openconnect-8.06.ebuild | 141 --------------------------
 net-vpn/openconnect/openconnect-8.08.ebuild | 147 ----------------------------
 3 files changed, 290 deletions(-)
Comment 12 GLSAMaker/CVETool Bot gentoo-dev 2020-06-15 15:47:53 UTC
This issue was resolved and addressed in
 GLSA 202006-15 at https://security.gentoo.org/glsa/202006-15
by GLSA coordinator Aaron Bauman (b-man).