Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 28 Feb 2012 15:36:28 -0700
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Matthias Weckbecker <mweckbecker@...e.de>
Subject: Re: CVE request: openssl: null pointer dereference
 issue

On 02/27/2012 10:17 AM, Kurt Seifried wrote:
> On 02/27/2012 07:42 AM, Matthias Weckbecker wrote:
>> Hi Kurt, Steve, vendors,
>>
>> bad S/MIME messages with crafted MIME headers can result in a NULL pointer 
>> dereference in openssl's ans1 parser,
>>
>>  https://bugzilla.novell.com/show_bug.cgi?id=748738
>>  http://www.mail-archive.com/openssl-dev@...nssl.org/msg30305.html
>>  http://cvs.openssl.org/chngview?cn=22144
>>
>> Does it qualify for a CVE?
>>
>> Thanks, Matthias
> 
> Ok did some more research and here's what we got:
> 
> First mention of this bug is in 2006:
> 
> http://marc.info/?l=openssl-dev&m=115685408414194&w=2
> 
> So please use CVE-2006-7248 for this issue.

Due to the Novell/kadu miss-paste this CVE needs to be re-issued. Please
use CVE-2006-7250 for this OpenSSL issue.


-- 
Kurt Seifried Red Hat Security Response Team (SRT)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ