Current-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

NetBSD Security Advisory 2010-012: OpenSSL TLS extension parsing race condition

Hash: SHA1

                 NetBSD Security Advisory 2010-012

Topic:          OpenSSL TLS extension parsing race condition.

Version:        NetBSD-current:         source prior to November 18, 2010
                NetBSD 5.0.*:           affected
                NetBSD 5.0:             affected
                NetBSD 5.1:             affected
                NetBSD 4.0.*:           not affected
                NetBSD 4.0:             not affected
                pkgsrc:                 openssl package prior to 0.9.8p

Severity:       Denial of Service and potential arbitrary code execution

Fixed:          NetBSD-current:         November 17, 2010
                NetBSD-5-0 branch:      November 19, 2010
                NetBSD-5-1 branch:      November 19, 2010
                NetBSD-5 branch:        November 19, 2010
                pkgsrc 2010Q3:          openssl-0.9.8p corrects this issue

Please note that NetBSD releases prior to 4.0 are no longer supported.
It is recommended that all users upgrade to a supported release.


A flaw has been found in the OpenSSL TLS server extension code parsing which
on affected servers can be exploited in a buffer overrun attack.
This flaw impacts neither the Apache HTTP server nor any daemon as shipped
with NetBSD.

This vulnerability has been assigned CVE-2010-3864.

Technical Details

Multiple race conditions in ssl/t1_lib.c in OpenSSL, when multi-threading
and internal caching are enabled on a TLS server, might allow remote
attackers to execute arbitrary code via client data that triggers a
heap-based buffer overflow, related to (1) the TLS server name extension
and (2) elliptic curve cryptography. A binary that does not link both
against libssl and a threading library like eg libpthread is unlikely
to be affected.
See for the vulnerability
announcement from OpenSSL.

Solutions and Workarounds

- - Patch, recompile, and reinstall libssl.

  CVS branch    file                                                    revision
  ------------- ----------------                                        --------
  HEAD          src/crypto/external/bsd/openssl/dist/ssl/t1_lib.c       1.2

  CVS branch    file                                            revision
  ------------- ----------------                                --------
  netbsd-5-1    src/crypto/dist/openssl/ssl/t1_lib.c  

  netbsd-5-0    src/crypto/dist/openssl/ssl/t1_lib.c  

  netbsd-5      src/crypto/dist/openssl/ssl/t1_lib.c  

The following instructions briefly summarize how to update and
recompile libssl. In these instructions, replace:

  BRANCH   with the appropriate CVS branch (from the above table)
  FILES    with the file names for that branch (from the above table)

To update from CVS, re-build, and re-install libc and sftp:

* NetBSD-current:

        # cd src
        # cvs update -d -P -A crypto/external/bsd/openssl/dist/ssl
        # cd lib/libcrypt
        # make USETOOLS=no cleandir dependall
        # make USETOOLS=no install
        # cd ../../crypto/external/bsd/openssl/lib/libcrypto
        # make USETOOLS=no cleandir dependall
        # make USETOOLS=no install
        # cd ../libssl
        # make USETOOLS=no cleandir dependall
        # make USETOOLS=no install

* NetBSD 5.*:

        # cd src
        # cvs update -d -P -r BRANCH crypto/dist/openssl/ssl
        # cd lib/libcrypt
        # make USETOOLS=no cleandir dependall
        # make USETOOLS=no install
        # cd ../libcrypto
        # make USETOOLS=no cleandir dependall
        # make USETOOLS=no install
        # cd ../libssl
        # make USETOOLS=no cleandir dependall
        # make USETOOLS=no install

For more information on building (oriented towards rebuilding the
entire system, however) see:

Thanks To

Thanks to Rob Hulswit for discovering the problem and Dr Stephen Henson
for providing the fix.

Revision History

        2010-11-29      Initial release

More Information

Advisories may be updated as new information becomes available.
The most recent version of this advisory (PGP signed) can be found at

Information about NetBSD and NetBSD security can be found at and .

Copyright 2010, The NetBSD Foundation, Inc.  All Rights Reserved.
Redistribution permitted only in full, unmodified form.

$NetBSD: NetBSD-SA2010-012.txt,v 1.1 2010/11/28 14:23:19 tonnerre Exp $

Version: GnuPG v1.4.11 (NetBSD)


Home | Main Index | Thread Index | Old Index