Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 18 Apr 2014 01:35:45 -0400 (EDT)
From: cve-assign@...re.org
To: geissert@...ian.org
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE ids for CyaSSL 2.9.4?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> http://www.yassl.com/yaSSL/Blog/Entries/2014/4/11_wolfSSL_Security_Advisory__April_9%2C_2014.html

> Issue #1 (Memory Corruption)
> lack a buffer length check in DoAlert()

Use CVE-2014-2896.


> Issue #2 (Out of bounds read)
> Affected Versions:  CyaSSL 2.5.0 - CyaSSL 2.9.0
> does not check the padding length for a verify failure

Use CVE-2014-2897.


> Issue #3 (Dangerous Default Behavior, out of bounds read)
> Affected Versions:  CyaSSL 2.9.0 and previous versions
> Vulnerability Type:  Unchecked Error Condition (CWE-391)
> A user who repeatedly calls CyaSSL_read() without checking the return
> code can cause an out-of-bound memory access

Use CVE-2014-2898.


> Issue #4 (NULL pointer dereference)
> requesting the peer certificate in a certificate parsing failure
> 
> if an SSL client receives a client_key_exchange message ... if the
> client does not have the peer's ephemeral key.

Use CVE-2014-2899.


> Issue #5 (Unknown Critical Certificate Extension Allowed)
> CyaSSL previously accepted certificates with unknown critical extensions

Use CVE-2014-2900.



> https://www.cs.utexas.edu/~shmat/shmat_oak14.pdf
> TABLE V: Semantic discrepancies in certificate validation (incorrect
> answers in bold)

[Note that these last four CVE IDs are not for issues fixed in
2.9.4.]

> Intermediate CA not authorized to issue certificates for server's
> hostname

Use CVE-2014-2901.


> CA certificate not authorized for signing other certificates

Use CVE-2014-2902.


> Server certificate not authorized for use in SSL/TLS handshake

Use CVE-2014-2903.


> Server certificate not authorized for server authentication

Use CVE-2014-2904.


("Intermediate CA not authorized to issue further intermediate CA
certificates, but followed in the chain by an intermediate CA
certificate ... followed by a leaf CA certificate," also found in
TABLE V, is not a vulnerability. This is a violation of the X.509
specification that causes valid data to be rejected.)

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJTULb8AAoJEKllVAevmvmsbMUIAJi7S8lW3pY3QBlgEwVVtU5u
bPZ3Yyl2kkV43o8K4NpD5r8eZ9FfM8sJQhbjAMlrjLdHBbTHIAxSewNbrDY0T+gt
fLAB6SPb7jcXQgRfSQ5GNiVdRrp5nCQt5YN/yvo6XVxR13yBM4WniUDBSgRBpR6j
tw1GDUyjNBJOmlQ6DKNou8+T8wx4XWRIheuL1PjFSXuFOHEDNuPvDO90S/THU9xW
Ysv2uV+rWPICxS7E/wsUBPaWKi7mkcu2kCesMMBcx86L8YdArcvl9K471xXSfgnj
Wyi+VcD/67NRAH31pNqGVJ5AN4CM3ElB3delQDI/AdWT9KgYC5a4nS9YTbLMFGw=
=SHEL
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ