Current-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

NetBSD Security Advisory 2012-001: OpenSSL buffer overflow in DER read function



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

                NetBSD Security Advisory 2012-001
                =================================

Topic:          OpenSSL buffer overflow in DER read function


Version:        NetBSD-current:         source prior to Apr 20th, 2012
                NetBSD 6.0 Beta:        affected
                NetBSD 5.0.*:           affected
                NetBSD 5.0:             affected
                NetBSD 5.1:             affected
                NetBSD 4.0.*:           affected
                NetBSD 4.0:             affected

Severity:       remote DoS, information disclosure

Fixed:          NetBSD-current:         Apr 19th, 2012
                NetBSD 6.0 Beta:        Apr 23rd, 2012
                NetBSD-5-0 branch:      Apr 21st, 2012
                NetBSD-5-1 branch:      Apr 21st, 2012
                NetBSD-5 branch:        Apr 21st, 2012
                NetBSD-4-0 branch:      May 11th, 2012
                NetBSD-4 branch:        May 11th, 2012

Please note that NetBSD releases prior to 4.0 are no longer supported.
It is recommended that all users upgrade to a supported release.


Abstract
========

Incorrect integer conversions in OpenSSL DER buffer handling
can result in memory corruption.

This vulnerability has been assigned CVE-2012-2110.


Technical Details
=================

The openssl commit message to fix this issue is:
   check for potentially exploitable overflows in asn1_d2i_read_bio
   BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer
   in CRYPTO_realloc_clean. (CVE-2012-2110)

Further information can be found at:
 http://www.openssl.org/news/secadv_20120419.txt
 http://lists.grok.org.uk/pipermail/full-disclosure/2012-April/086585.html


Solutions and Workarounds
=========================

Patch, recompile, and reinstall the library.

File src/crypto/external/bsd/openssl/dist/crypto/mem.c
CVS branch      Rev.
HEAD            1.2
netbsd-6        1.1.1.2.4.1
File src/crypto/external/bsd/openssl/dist/crypto/asn1/a_d2i_fp.c
CVS branch      Rev.
HEAD            1.2
netbsd-6        1.1.1.1.8.1
File src/crypto/external/bsd/openssl/dist/crypto/buffer/buffer.c
CVS branch      Rev.
HEAD            1.2
netbsd-6        1.1.1.2.4.1

File src/crypto/dist/openssl/crypto/mem.c
CVS branch      Rev.
netbsd-5        1.1.1.8.4.1
netbsd-5-0      1.1.1.8.8.1
netbsd-5-1      1.1.1.8.12.1
netbsd-4        1.1.1.7.4.1
netbsd-4-0      1.1.1.7.14.1

File src/crypto/dist/openssl/crypto/asn1/a_d2i_fp.c
CVS branch      Rev.
netbsd-5        1.1.1.3.26.1
netbsd-5-0      1.1.1.3.30.1
netbsd-5-1      1.1.1.3.34.1
netbsd-4        1.1.1.3.4.1
netbsd-4-0      1.1.1.3.14.1

File src/crypto/dist/openssl/crypto/buffer/buffer.c
netbsd-5        1.1.1.5.4.1
netbsd-5-0      1.1.1.5.8.1
netbsd-5-1      1.1.1.5.12.1
netbsd-4        1.1.1.4.4.1
netbsd-4-0      1.1.1.4.14.1


Thanks To
=========

Thanks to Tavis Ormandy, Google Security Team, for discovering this issue
and to Adam Langley <agl%chromium.org@localhost> for fixing it.


Revision History
================

        2012-06-06      Initial release


More Information
================

Advisories may be updated as new information becomes available.
The most recent version of this advisory (PGP signed) can be found at 
  http://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2012-001.txt.asc

Information about NetBSD and NetBSD security can be found at
http://www.NetBSD.org/ and http://www.NetBSD.org/Security/ .


Copyright 2012, The NetBSD Foundation, Inc.  All Rights Reserved.
Redistribution permitted only in full, unmodified form.

$NetBSD: NetBSD-SA2012-001.txt,v 1.2 2012/06/06 19:46:15 tonnerre Exp $

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBAgAGBQJPz7PrAAoJEAZJc6xMSnBuN4IP/3fAvQ4g3frJ1575eLaDcgKJ
SIUWAbHtRhGMKFxFoX0lc5+zpcSzH76Em+Uuu48dhU7ohTCcJphod1oBtFj/PV0s
I3Z8wuz6Rp6rnbp3hNVA7OLWnvq0M1Qs3qTUpL++8Ft//vc+xXsOy52SUMJ6fHwD
R8FpdI2RTrNiY9oDKPZV1nd17SXWI/V8vLxztI10E41mRF4RiYNuGAPPUQs5fJwC
jlMPKyfFpIST3k0kthKDWSYZGOrtN5eOMvdEkENZGdcwoRWdhZYMy3hMzdc8iIWB
FbC6l69JHtYxABz/9JjdhVkYkgPz6zBp4xx3mZ7FQCA/1XX0GI1kqMN1muaDNQIW
i9vhdEnMRGMega6RrSGgfH80EaBF/F/mzD5A/7A9kNpQGw/34Bt2KG/1JAywvj/i
EIPi1DucV0uaOhSLhN4RXc+uC0DwzjhuOTa8rxLmEwFUKnd93bQCUw+8U5o2CNgE
F9nK0l6dh9RvNAleg4p8aveJk6Cm2hJJKfNjsPCSc9vM3Rs2wwtJQ9bIIn6v9ndQ
oDSHsZU+msrft0IA1P46MXRhiF8ez8JP5vhaQ/AM0CrjfvkcwOCE4yTc/22soiD8
RAB9CENHy3cfMmkReu2IXWnsovAKD3D61RXOrrnGAMZVgukLmX5fOPVQKGZNknBK
7UPOHuHe5Jo2UetAVTc3
=Yz6U
-----END PGP SIGNATURE-----


Home | Main Index | Thread Index | Old Index