Current-Users archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
NetBSD Security Advisory 2012-001: OpenSSL buffer overflow in DER read function
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
NetBSD Security Advisory 2012-001
=================================
Topic: OpenSSL buffer overflow in DER read function
Version: NetBSD-current: source prior to Apr 20th, 2012
NetBSD 6.0 Beta: affected
NetBSD 5.0.*: affected
NetBSD 5.0: affected
NetBSD 5.1: affected
NetBSD 4.0.*: affected
NetBSD 4.0: affected
Severity: remote DoS, information disclosure
Fixed: NetBSD-current: Apr 19th, 2012
NetBSD 6.0 Beta: Apr 23rd, 2012
NetBSD-5-0 branch: Apr 21st, 2012
NetBSD-5-1 branch: Apr 21st, 2012
NetBSD-5 branch: Apr 21st, 2012
NetBSD-4-0 branch: May 11th, 2012
NetBSD-4 branch: May 11th, 2012
Please note that NetBSD releases prior to 4.0 are no longer supported.
It is recommended that all users upgrade to a supported release.
Abstract
========
Incorrect integer conversions in OpenSSL DER buffer handling
can result in memory corruption.
This vulnerability has been assigned CVE-2012-2110.
Technical Details
=================
The openssl commit message to fix this issue is:
check for potentially exploitable overflows in asn1_d2i_read_bio
BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer
in CRYPTO_realloc_clean. (CVE-2012-2110)
Further information can be found at:
http://www.openssl.org/news/secadv_20120419.txt
http://lists.grok.org.uk/pipermail/full-disclosure/2012-April/086585.html
Solutions and Workarounds
=========================
Patch, recompile, and reinstall the library.
File src/crypto/external/bsd/openssl/dist/crypto/mem.c
CVS branch Rev.
HEAD 1.2
netbsd-6 1.1.1.2.4.1
File src/crypto/external/bsd/openssl/dist/crypto/asn1/a_d2i_fp.c
CVS branch Rev.
HEAD 1.2
netbsd-6 1.1.1.1.8.1
File src/crypto/external/bsd/openssl/dist/crypto/buffer/buffer.c
CVS branch Rev.
HEAD 1.2
netbsd-6 1.1.1.2.4.1
File src/crypto/dist/openssl/crypto/mem.c
CVS branch Rev.
netbsd-5 1.1.1.8.4.1
netbsd-5-0 1.1.1.8.8.1
netbsd-5-1 1.1.1.8.12.1
netbsd-4 1.1.1.7.4.1
netbsd-4-0 1.1.1.7.14.1
File src/crypto/dist/openssl/crypto/asn1/a_d2i_fp.c
CVS branch Rev.
netbsd-5 1.1.1.3.26.1
netbsd-5-0 1.1.1.3.30.1
netbsd-5-1 1.1.1.3.34.1
netbsd-4 1.1.1.3.4.1
netbsd-4-0 1.1.1.3.14.1
File src/crypto/dist/openssl/crypto/buffer/buffer.c
netbsd-5 1.1.1.5.4.1
netbsd-5-0 1.1.1.5.8.1
netbsd-5-1 1.1.1.5.12.1
netbsd-4 1.1.1.4.4.1
netbsd-4-0 1.1.1.4.14.1
Thanks To
=========
Thanks to Tavis Ormandy, Google Security Team, for discovering this issue
and to Adam Langley <agl%chromium.org@localhost> for fixing it.
Revision History
================
2012-06-06 Initial release
More Information
================
Advisories may be updated as new information becomes available.
The most recent version of this advisory (PGP signed) can be found at
http://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2012-001.txt.asc
Information about NetBSD and NetBSD security can be found at
http://www.NetBSD.org/ and http://www.NetBSD.org/Security/ .
Copyright 2012, The NetBSD Foundation, Inc. All Rights Reserved.
Redistribution permitted only in full, unmodified form.
$NetBSD: NetBSD-SA2012-001.txt,v 1.2 2012/06/06 19:46:15 tonnerre Exp $
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBAgAGBQJPz7PrAAoJEAZJc6xMSnBuN4IP/3fAvQ4g3frJ1575eLaDcgKJ
SIUWAbHtRhGMKFxFoX0lc5+zpcSzH76Em+Uuu48dhU7ohTCcJphod1oBtFj/PV0s
I3Z8wuz6Rp6rnbp3hNVA7OLWnvq0M1Qs3qTUpL++8Ft//vc+xXsOy52SUMJ6fHwD
R8FpdI2RTrNiY9oDKPZV1nd17SXWI/V8vLxztI10E41mRF4RiYNuGAPPUQs5fJwC
jlMPKyfFpIST3k0kthKDWSYZGOrtN5eOMvdEkENZGdcwoRWdhZYMy3hMzdc8iIWB
FbC6l69JHtYxABz/9JjdhVkYkgPz6zBp4xx3mZ7FQCA/1XX0GI1kqMN1muaDNQIW
i9vhdEnMRGMega6RrSGgfH80EaBF/F/mzD5A/7A9kNpQGw/34Bt2KG/1JAywvj/i
EIPi1DucV0uaOhSLhN4RXc+uC0DwzjhuOTa8rxLmEwFUKnd93bQCUw+8U5o2CNgE
F9nK0l6dh9RvNAleg4p8aveJk6Cm2hJJKfNjsPCSc9vM3Rs2wwtJQ9bIIn6v9ndQ
oDSHsZU+msrft0IA1P46MXRhiF8ez8JP5vhaQ/AM0CrjfvkcwOCE4yTc/22soiD8
RAB9CENHy3cfMmkReu2IXWnsovAKD3D61RXOrrnGAMZVgukLmX5fOPVQKGZNknBK
7UPOHuHe5Jo2UetAVTc3
=Yz6U
-----END PGP SIGNATURE-----
Home |
Main Index |
Thread Index |
Old Index