Security-Announce archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
NetBSD Security Advisory 2010-012: OpenSSL TLS extension parsing race condition
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
NetBSD Security Advisory 2010-012
=================================
Topic: OpenSSL TLS extension parsing race condition.
Version: NetBSD-current: source prior to November 18, 2010
NetBSD 5.0.*: affected
NetBSD 5.0: affected
NetBSD 5.1: affected
NetBSD 4.0.*: not affected
NetBSD 4.0: not affected
pkgsrc: openssl package prior to 0.9.8p
Severity: Denial of Service and potential arbitrary code execution
Fixed: NetBSD-current: November 17, 2010
NetBSD-5-0 branch: November 19, 2010
NetBSD-5-1 branch: November 19, 2010
NetBSD-5 branch: November 19, 2010
pkgsrc 2010Q3: openssl-0.9.8p corrects this issue
Please note that NetBSD releases prior to 4.0 are no longer supported.
It is recommended that all users upgrade to a supported release.
Abstract
========
A flaw has been found in the OpenSSL TLS server extension code parsing which
on affected servers can be exploited in a buffer overrun attack.
This flaw impacts neither the Apache HTTP server nor any daemon as shipped
with NetBSD.
This vulnerability has been assigned CVE-2010-3864.
Technical Details
=================
Multiple race conditions in ssl/t1_lib.c in OpenSSL, when multi-threading
and internal caching are enabled on a TLS server, might allow remote
attackers to execute arbitrary code via client data that triggers a
heap-based buffer overflow, related to (1) the TLS server name extension
and (2) elliptic curve cryptography. A binary that does not link both
against libssl and a threading library like eg libpthread is unlikely
to be affected.
See http://www.openssl.org/news/secadv_20101116.txt for the vulnerability
announcement from OpenSSL.
Solutions and Workarounds
=========================
- - Patch, recompile, and reinstall libssl.
CVS branch file revision
------------- ---------------- --------
HEAD src/crypto/external/bsd/openssl/dist/ssl/t1_lib.c 1.2
CVS branch file revision
------------- ---------------- --------
netbsd-5-1 src/crypto/dist/openssl/ssl/t1_lib.c 1.2.12.1
netbsd-5-0 src/crypto/dist/openssl/ssl/t1_lib.c 1.2.8.1
netbsd-5 src/crypto/dist/openssl/ssl/t1_lib.c 1.2.4.1
The following instructions briefly summarize how to update and
recompile libssl. In these instructions, replace:
BRANCH with the appropriate CVS branch (from the above table)
FILES with the file names for that branch (from the above table)
To update from CVS, re-build, and re-install libc and sftp:
* NetBSD-current:
# cd src
# cvs update -d -P -A crypto/external/bsd/openssl/dist/ssl
# cd lib/libcrypt
# make USETOOLS=no cleandir dependall
# make USETOOLS=no install
# cd ../../crypto/external/bsd/openssl/lib/libcrypto
# make USETOOLS=no cleandir dependall
# make USETOOLS=no install
# cd ../libssl
# make USETOOLS=no cleandir dependall
# make USETOOLS=no install
* NetBSD 5.*:
# cd src
# cvs update -d -P -r BRANCH crypto/dist/openssl/ssl
# cd lib/libcrypt
# make USETOOLS=no cleandir dependall
# make USETOOLS=no install
# cd ../libcrypto
# make USETOOLS=no cleandir dependall
# make USETOOLS=no install
# cd ../libssl
# make USETOOLS=no cleandir dependall
# make USETOOLS=no install
For more information on building (oriented towards rebuilding the
entire system, however) see:
http://www.netbsd.org/guide/en/chap-build.html
Thanks To
=========
Thanks to Rob Hulswit for discovering the problem and Dr Stephen Henson
for providing the fix.
Revision History
================
2010-11-29 Initial release
More Information
================
Advisories may be updated as new information becomes available.
The most recent version of this advisory (PGP signed) can be found at
http://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2010-012.txt.asc
Information about NetBSD and NetBSD security can be found at
http://www.NetBSD.org/ and http://www.NetBSD.org/Security/ .
Copyright 2010, The NetBSD Foundation, Inc. All Rights Reserved.
Redistribution permitted only in full, unmodified form.
$NetBSD: NetBSD-SA2010-012.txt,v 1.1 2010/11/28 14:23:19 tonnerre Exp $
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (NetBSD)
iQIcBAEBAgAGBQJM8mX5AAoJEAZJc6xMSnBu1ZQQAI8P8gztP5S0nct//GzE8YTE
mwFB0kGqq7rIgv9iChIy6oqtziu2FG8NwYIOiQl0RkAIY3gM8aB+wpgAhgqdzzx+
8oQ8DPqQn+tbJl64oPAMQ1Ce0tvnuOtmcKBb61ggjI8jfA5wzL5WY+hl+jVJiQ4H
8SqrrkcNbq2IDFJNFzgteq8UmMb610wiFdZqp7HSfEER36da/lXD8Y+nueoW68Ck
NDAe8RxNqiglv71eMZ/7C+ZcZFSm/jooCC6GUK2ll10qx8uAVtiXxhaaT6//1JZX
JU4dHLoETi+SRMkUqaxb4E63DsBTHnwMhD44tpDswnKsNyPv+NwefIDJbYzPTQFg
CThH31PP/0DT1BbnmSao5+ghish9f4Rvk8uHt92JTlMLRWVjo9ApZnB6lxez/WK1
JIohxWytnKLtdvBh9iWT2cVAAQIbPSWrlQV9vpk7thEtZ6GVkc8h6WkwjhW3vEyS
R3mn9BUak3EjiFWLwNuQWEY+ID4dtNJvEwv7S0wIUxz8wB9M0RvxXEhYH5M3vRUv
ieL399QknRh3lkuu53MULj8SL24upjiLAV8pbdT9W4zX6Ci3bKLjc03stJt6x4IA
02jCmdAv5OniDLggF8FTuKLIEqZu+TkmVkOfzGglTFzHHCd+UIgzy1okvJrxN1wr
zV7L32PZRfpiwu9rngFS
=aB+B
-----END PGP SIGNATURE-----
Home |
Main Index |
Thread Index |
Old Index