Bug 40189 - openssl: Denial of service (3.2)
openssl: Denial of service (3.2)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 3.2
Other Linux
: P5 normal (vote)
: UCS 3.2-8-errata
Assigned To: Arvid Requate
Felix Botner
https://www.openssl.org/news/secadv/2...
:
Depends on: 40188
Blocks:
  Show dependency treegraph
 
Reported: 2015-12-07 19:39 CET by Arvid Requate
Modified: 2016-03-30 13:30 CEST (History)
3 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Ticket number:
Bug group (optional): Security
Max CVSS v3 score:


Attachments
CVE-2016-0800.patch (4.58 KB, patch)
2016-03-01 16:52 CET, Arvid Requate
Details | Diff
CVE-2016-0798.patch (12.36 KB, patch)
2016-03-01 16:53 CET, Arvid Requate
Details | Diff
CVE-2016-0797.patch (3.89 KB, patch)
2016-03-01 16:53 CET, Arvid Requate
Details | Diff
CVE-2016-0799.patch (14.99 KB, patch)
2016-03-01 16:54 CET, Arvid Requate
Details | Diff
CVE-2016-0702.patch (23.01 KB, patch)
2016-03-01 16:54 CET, Arvid Requate
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Arvid Requate univentionstaff 2015-12-07 19:39:29 CET
Upstream Debian package version 0.9.8o-4squeeze22 fixes this issue:

* PKCS#7 and CMS routines: malformed X509_ATTRIBUTE structure OpenSSL will leak memory (CVE-2015-3195)
Comment 1 Arvid Requate univentionstaff 2016-02-22 12:32:47 CET
Upstream Debian package version 0.9.8o-4squeeze23 fixes this issue:

* A malicious client can negotiate SSLv2 ciphers that have been disabled on the server and complete SSLv2 handshakes even if all SSLv2 ciphers have been disabled, provided that the SSLv2 protocol was not also disabled via
SSL_OP_NO_SSLv2 (CVE-2015-3197)

* Additionally, when using a DHE cipher suite a new DH key will always be
generated for each connection.
Comment 2 Arvid Requate univentionstaff 2016-03-01 15:16:20 CET
The following new issues have been identified
(see https://www.openssl.org/news/secadv/20160301.txt):

* Cross-protocol attack on TLS using SSLv2 (DROWN) (CVE-2016-0800)
* Memory leak in SRP database lookups (CVE-2016-0798)
* BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption (CVE-2016-0797)
* Memory issues in BIO_*printf functions (CVE-2016-0799)
* Side channel attack on modular exponentiation (CVE-2016-0702)
* Divide-and-conquer session key recovery in SSLv2 (CVE-2016-0703)
* Bleichenbacher oracle in SSLv2 (CVE-2016-0704)
Comment 3 Arvid Requate univentionstaff 2016-03-01 16:41:39 CET
Please note that CVE-2016-0703, CVE-2016-0704 and CVE-2016-0800 exploit SSLv2.

By default UCS 3.2 univention-apache disables SSLv2 (Bug 36173#c5, UCS 3.2 erratum 225) as well as export-grade ciphers (Bug 38632, UCS 3.2 erratum 345).

An univention-mail-postfix configuration disabling SSLv2 is available in errata 4.0-1 (Bug 38044).
Comment 4 Arvid Requate univentionstaff 2016-03-01 16:52:23 CET
Created attachment 7509 [details]
CVE-2016-0800.patch
Comment 5 Arvid Requate univentionstaff 2016-03-01 16:53:08 CET
Created attachment 7510 [details]
CVE-2016-0798.patch
Comment 6 Arvid Requate univentionstaff 2016-03-01 16:53:43 CET
Created attachment 7511 [details]
CVE-2016-0797.patch
Comment 7 Arvid Requate univentionstaff 2016-03-01 16:54:07 CET
Created attachment 7512 [details]
CVE-2016-0799.patch
Comment 8 Arvid Requate univentionstaff 2016-03-01 16:54:36 CET
Created attachment 7513 [details]
CVE-2016-0702.patch
Comment 9 Arvid Requate univentionstaff 2016-03-16 20:23:56 CET
I imported the latest squeeze-lts version and added patches for CVE-2016-0797 CVE-2016-0799 and CVE-2016-0800. The first two are from the wheezy package and the last one is taken from https://git.openssl.org/?p=openssl.git;a=commitdiff;h=56f1acf5ef8a432992497a04792ff4b3b2c6f286 . I compared the patch to what CentOS and RHEL6 did.

Backporting CVE-2016-0702 is too hard (non-applicable assembler patches) and CVE-2016-0703 as well as CVE-2016-0704 should be mitigated by the patch for CVE-2016-0800. This also matches the response of CentOS / RHEL.

Advisory: openssl.yaml
Comment 10 Felix Botner univentionstaff 2016-03-18 12:51:42 CET
amd64/i396

OK - built with patches (CVE-2015-3195, CVE-2015-3197, CVE-2016-0797, 
     CVE-2016-0799, CVE-2016-0800)

OK - ucs-test-base
OK - ucs-test-apache (from 4.1)

OK - openssl s_client -connect 443 636 993 
OK - ldapsearch -ZZZ
OK - certificate creation
OK - openssl cert verify (openssl verify -CAfile 
     /etc/univention/ssl/ucsCA/CAcert.pem 
     /etc/univention/ssl/master/cert.pem )
OK - ssl2 disabled (openssl s_client -connect hostname:443 -ssl2)
OK - imap/smtp with tls (univention-mail-horde, horde login, horde mail)
OK - libssl-dev

OK - YAML
Comment 11 Janek Walkenhorst univentionstaff 2016-03-30 13:30:25 CEST
<http://errata.software-univention.de/ucs/3.2/410.html>