Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 14 Jul 2015 09:48:17 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE Request: AWS s2n

On 07/14/2015 09:08 AM, Markus Vervier wrote:
> 
> Hi,
> 
> I would like to request a CVE for s2n.
> 
> When a server is sending invalid DH values during a handshake a BIGNUM
> value is not properly initialized. This causes a null pointer
> dereference in a s2n based client leading to a crash or possible worse
> on old systems (e.g. on Debian kernels lower than 2.6.26).
> 
> Technical details and a patch are available here:
> 
> https://github.com/awslabs/s2n/pull/124
> 
> The fix was merged and is in commit
> 9af6ba1815dfd5c00361cc3bd45cee1d64e0c3bf.
> 
> Markus


I just looked at the pull:

Markus Vervier noticed that our client side code isn't being
defensive enough around DHE parameters and can pass on a
"0" as the value of dh->p. Note: not that the the BIGNUM is NULL,
but that the value of the number is a literal zero.

[snip]

Reminder: Client mode is disabled and won't be enabled until X509
validation is ready. But we can still make improvements and fixes
in the meantime.

so I'm not sure this needs a CVE as the code is not yet enabled.

-- 
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Red Hat Product Security contact: secalert@...hat.com


[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ