Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 14 Jul 2015 09:48:17 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE Request: AWS s2n

On 07/14/2015 09:08 AM, Markus Vervier wrote:
> 
> Hi,
> 
> I would like to request a CVE for s2n.
> 
> When a server is sending invalid DH values during a handshake a BIGNUM
> value is not properly initialized. This causes a null pointer
> dereference in a s2n based client leading to a crash or possible worse
> on old systems (e.g. on Debian kernels lower than 2.6.26).
> 
> Technical details and a patch are available here:
> 
> https://github.com/awslabs/s2n/pull/124
> 
> The fix was merged and is in commit
> 9af6ba1815dfd5c00361cc3bd45cee1d64e0c3bf.
> 
> Markus


I just looked at the pull:

Markus Vervier noticed that our client side code isn't being
defensive enough around DHE parameters and can pass on a
"0" as the value of dh->p. Note: not that the the BIGNUM is NULL,
but that the value of the number is a literal zero.

[snip]

Reminder: Client mode is disabled and won't be enabled until X509
validation is ready. But we can still make improvements and fixes
in the meantime.

so I'm not sure this needs a CVE as the code is not yet enabled.

-- 
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Red Hat Product Security contact: secalert@...hat.com


Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.