Bugzilla – Bug 977617
VUL-0: CVE-2016-2108: openssl: Memory corruption in the ASN.1 encoder
Last modified: 2022-02-13 11:13:58 UTC
Created attachment 674887 [details] 2579.patch EMBARGOED CRD: 2016-03-03 15:00 UTC Memory corruption in the ASN.1 encoder (CVE-2016-2108) ====================================================== Severity: High This issue affected versions of OpenSSL prior to April 2015. The bug causing the vulnerability was fixed on April 18th 2015, and released as part of the June 11th 2015 security releases. The security impact of the bug was not known at the time. In previous versions of OpenSSL, ASN.1 encoding the value zero represented as a negative integer can cause a buffer underflow with an out-of-bounds write in i2c_ASN1_INTEGER. The ASN.1 parser does not normally create "negative zeroes" when parsing ASN.1 input, and therefore, an attacker cannot trigger this bug. However, a second, independent bug revealed that the ASN.1 parser (specifically, d2i_ASN1_TYPE) can misinterpret a large universal tag as a negative zero value. Large universal tags are not present in any common ASN.1 structures (such as X509) but are accepted as part of ANY structures. Therefore, if an application deserializes untrusted ASN.1 structures containing an ANY field, and later reserializes them, an attacker may be able to trigger an out-of-bounds write. This has been shown to cause memory corruption that is potentially exploitable with some malloc implementations. Applications that parse and re-encode X509 certificates are known to be vulnerable. Applications that verify RSA signatures on X509 certificates may also be vulnerable; however, only certificates with valid signatures trigger ASN.1 re-encoding and hence the bug. Specifically, since OpenSSL's default TLS X509 chain verification code verifies the certificate chain from root to leaf, TLS handshakes could only be targeted with valid certificates issued by trusted Certification Authorities. OpenSSL 1.0.2 users should upgrade to 1.0.2c OpenSSL 1.0.1 users should upgrade to 1.0.1o This vulnerability is a combination of two bugs, neither of which individually has security impact. The first bug (mishandling of negative zero integers) was reported to OpenSSL by Huzaifa Sidhpurwala (Red Hat) and independently by Hanno Böck in April 2015. The second issue (mishandling of large universal tags) was found using libFuzzer, and reported on the public issue tracker on March 1st 2016. The fact that these two issues combined present a security vulnerability was reported by David Benjamin (Google) on March 31st 2016. The fixes were developed by Steve Henson of the OpenSSL development team, and David Benjamin. The OpenSSL team would also like to thank Mark Brand and Ian Beer from the Google Project Zero team for their careful analysis of the impact. The fix for the "negative zero" memory corruption bug can be identified by commits 3661bb4e7934668bd99ca777ea8b30eedfafa871 (1.0.2) and 32d3b0f52f77ce86d53f38685336668d47c5bdfe (1.0.1) note, having fixed either of the bugs is sufficient to address the CVE as neither bug is a security issue by itself. I.e. if you already rebased to a version of OpenSSL with the April 2015 fix, then that rebase fixed this CVE and you don’t need to use it when you fix the 2nd bug. 2nd patch 2579.patch (mjc link https://gitlab.openssl.org/openssl/openssl/merge_requests/2579 )
Some exploitability discussions based on OpenSSL team conversations: A block of memory of two bytes in length is allocated using OPENSSL_malloc(2). Both of these are set to zero. Lets call that "src". A destination is allocated for the encoding using OPENSSL_malloc(n) with n greater than 2 and maybe 30 or more. This will typically contain other bytes from other ASN.1 encodings. Normally one byte is copied from the source to somewhere past the start of the destination (lets call that "dst"): it will be single zero. When the bug is triggered every zero byte before the source is copied to bytes before the destination. So effectively this makes dst[-1] = 0 if src[-1] == 0, similarly for src[-2] and so on. Also the byte preceding the last zero in the source is copied (in slightly modified form). In the most favourable case src[-1] != 0 and you get the ASN.1 length byte corrupted: that produces and invalid encoding but nothing else. In the least favourable case dst[-1], dst[-2],... dst[-n] etc gets zeroes dumped into it and a final non-zero value. Exploitability depends on many factors especially how malloc is implemented. If (for example): p = malloc(2); is such that p[-1] is never zero then this can't be exploited at all and is just an annoyance: unfortunately that doesn't seem to be the case on the systems I tried. If p[-1]..p[-n] are all zero for n > 8 (either in the implementation or by attacker arrangement) then it's not good and an attacker can perform OOB writes but only zeroes and one additional non-zero write. If there is no "status structure" before malloc(n) then under some circumstances it might return consecutive blocks of memory. Then the attacker would need to control the block allocated before the malloc(2). When ASN.1 is decoded several mallocs occur in quick succession. In this case an ASN1_TYPE structure and an ASN1_INTEGER structure occur immediately before. The attacker has no control over those at all and they wont contain large numbers of zeroes. What could happen is that there is a context switch to another thread occurs between the critical mallocs and one of those would be something the attacker could exploit (e.g. some record buffer from another thread). It would need some precise timing and a fortuitous context switch but an attacker sending larger numbers of attempts to a server could get lucky. Alternative scenario is fragmented memory and there is just enough space for the malloc(2) to succeed but it gets an address immediately after a buffer the attacker controls." The ideal case for exploitation would be a malloc implementation with out-of-line metadata, like jemalloc or tcmalloc.
CRD: 2016-05-03 15:00 UTC
bugbot adjusting priority
An update workflow for this issue was started. This issue was rated as important. Please submit fixed packages until 2016-05-10. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/62679
This is an autogenerated message for OBS integration: This bug (977617) was mentioned in https://build.opensuse.org/request/show/393430 13.2+42.1 / openssl
This is an autogenerated message for OBS integration: This bug (977617) was mentioned in https://build.opensuse.org/request/show/393469 13.2+42.1 / libopenssl0_9_8
SUSE-SU-2016:1206-1: An update that solves 5 vulnerabilities and has four fixes is now available. Category: security (important) Bug References: 889013,971354,976942,976943,977614,977615,977616,977617,977621 CVE References: CVE-2016-2105,CVE-2016-2106,CVE-2016-2107,CVE-2016-2108,CVE-2016-2109 Sources used: SUSE Linux Enterprise Server 11-SECURITY (src): openssl1-1.0.1g-0.47.1
SUSE-SU-2016:1228-1: An update that solves 5 vulnerabilities and has three fixes is now available. Category: security (important) Bug References: 958501,976942,976943,977614,977615,977616,977617,977621 CVE References: CVE-2016-2105,CVE-2016-2106,CVE-2016-2107,CVE-2016-2108,CVE-2016-2109 Sources used: SUSE Linux Enterprise Software Development Kit 12 (src): openssl-1.0.1i-27.16.1 SUSE Linux Enterprise Server 12 (src): openssl-1.0.1i-27.16.1 SUSE Linux Enterprise Desktop 12 (src): openssl-1.0.1i-27.16.1
SUSE-SU-2016:1231-1: An update that fixes four vulnerabilities is now available. Category: security (important) Bug References: 976942,976943,977615,977617 CVE References: CVE-2016-2105,CVE-2016-2106,CVE-2016-2108,CVE-2016-2109 Sources used: SUSE Linux Enterprise Server for SAP 11-SP4 (src): compat-openssl097g-0.9.7g-146.22.44.1 SUSE Linux Enterprise Server for SAP 11-SP3 (src): compat-openssl097g-0.9.7g-146.22.44.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): compat-openssl097g-0.9.7g-146.22.44.1
SUSE-SU-2016:1233-1: An update that solves 5 vulnerabilities and has three fixes is now available. Category: security (important) Bug References: 958501,976942,976943,977614,977615,977616,977617,977621 CVE References: CVE-2016-2105,CVE-2016-2106,CVE-2016-2107,CVE-2016-2108,CVE-2016-2109 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP1 (src): openssl-1.0.1i-47.1 SUSE Linux Enterprise Server 12-SP1 (src): openssl-1.0.1i-47.1 SUSE Linux Enterprise Desktop 12-SP1 (src): openssl-1.0.1i-47.1
openSUSE-SU-2016:1237-1: An update that solves 5 vulnerabilities and has one errata is now available. Category: security (important) Bug References: 976942,976943,977614,977615,977616,977617 CVE References: CVE-2016-2105,CVE-2016-2106,CVE-2016-2107,CVE-2016-2108,CVE-2016-2109 Sources used: openSUSE Evergreen 11.4 (src): openssl-1.0.1p-74.1
openSUSE-SU-2016:1238-1: An update that solves 5 vulnerabilities and has three fixes is now available. Category: security (important) Bug References: 958501,976942,976943,977614,977615,977616,977617,977621 CVE References: CVE-2016-2105,CVE-2016-2106,CVE-2016-2107,CVE-2016-2108,CVE-2016-2109 Sources used: openSUSE 13.2 (src): openssl-1.0.1k-2.36.1
openSUSE-SU-2016:1239-1: An update that solves 9 vulnerabilities and has one errata is now available. Category: security (important) Bug References: 963415,968046,968048,968050,968374,976942,976943,977614,977615,977617 CVE References: CVE-2015-3197,CVE-2016-0702,CVE-2016-0797,CVE-2016-0799,CVE-2016-0800,CVE-2016-2105,CVE-2016-2106,CVE-2016-2108,CVE-2016-2109 Sources used: openSUSE Evergreen 11.4 (src): libopenssl0_9_8-0.9.8zh-14.1
openSUSE-SU-2016:1240-1: An update that solves 5 vulnerabilities and has one errata is now available. Category: security (important) Bug References: 976942,976943,977614,977615,977616,977617 CVE References: CVE-2016-2105,CVE-2016-2106,CVE-2016-2107,CVE-2016-2108,CVE-2016-2109 Sources used: openSUSE 13.1 (src): openssl-1.0.1k-11.87.1
openSUSE-SU-2016:1241-1: An update that solves 9 vulnerabilities and has one errata is now available. Category: security (important) Bug References: 963415,968046,968048,968050,968374,976942,976943,977614,977615,977617 CVE References: CVE-2015-3197,CVE-2016-0702,CVE-2016-0797,CVE-2016-0799,CVE-2016-0800,CVE-2016-2105,CVE-2016-2106,CVE-2016-2108,CVE-2016-2109 Sources used: openSUSE 13.1 (src): libopenssl0_9_8-0.9.8zh-5.3.1
openSUSE-SU-2016:1242-1: An update that solves 5 vulnerabilities and has one errata is now available. Category: security (important) Bug References: 968050,976942,976943,977614,977615,977617 CVE References: CVE-2016-0702,CVE-2016-2105,CVE-2016-2106,CVE-2016-2108,CVE-2016-2109 Sources used: openSUSE Leap 42.1 (src): libopenssl0_9_8-0.9.8zh-17.1 openSUSE 13.2 (src): libopenssl0_9_8-0.9.8zh-9.6.1
openSUSE-SU-2016:1243-1: An update that solves 5 vulnerabilities and has three fixes is now available. Category: security (important) Bug References: 958501,976942,976943,977614,977615,977616,977617,977621 CVE References: CVE-2016-2105,CVE-2016-2106,CVE-2016-2107,CVE-2016-2108,CVE-2016-2109 Sources used: openSUSE Leap 42.1 (src): openssl-1.0.1i-15.1
SUSE-SU-2016:1267-1: An update that solves 5 vulnerabilities and has two fixes is now available. Category: security (important) Bug References: 889013,968050,976942,976943,977614,977615,977617 CVE References: CVE-2016-0702,CVE-2016-2105,CVE-2016-2106,CVE-2016-2108,CVE-2016-2109 Sources used: SUSE Linux Enterprise Server for SAP 12-SP1 (src): compat-openssl098-0.9.8j-97.1 SUSE Linux Enterprise Module for Legacy Software 12 (src): compat-openssl098-0.9.8j-97.1 SUSE Linux Enterprise Desktop 12-SP1 (src): compat-openssl098-0.9.8j-97.1 SUSE Linux Enterprise Desktop 12 (src): compat-openssl098-0.9.8j-97.1
openSUSE-SU-2016:1273-1: An update that solves 5 vulnerabilities and has two fixes is now available. Category: security (important) Bug References: 889013,968050,976942,976943,977614,977615,977617 CVE References: CVE-2016-0702,CVE-2016-2105,CVE-2016-2106,CVE-2016-2108,CVE-2016-2109 Sources used: openSUSE Leap 42.1 (src): compat-openssl098-0.9.8j-12.2
This is an autogenerated message for OBS integration: This bug (977617) was mentioned in https://build.opensuse.org/request/show/394817 42.2 / openssl
SUSE-SU-2016:1290-1: An update that solves 5 vulnerabilities and has two fixes is now available. Category: security (important) Bug References: 889013,968050,976942,976943,977614,977615,977617 CVE References: CVE-2016-0702,CVE-2016-2105,CVE-2016-2106,CVE-2016-2108,CVE-2016-2109 Sources used: SUSE Studio Onsite 1.3 (src): openssl-0.9.8j-0.97.1 SUSE OpenStack Cloud 5 (src): openssl-0.9.8j-0.97.1 SUSE Manager Proxy 2.1 (src): openssl-0.9.8j-0.97.1 SUSE Manager 2.1 (src): openssl-0.9.8j-0.97.1 SUSE Linux Enterprise Software Development Kit 11-SP4 (src): openssl-0.9.8j-0.97.1 SUSE Linux Enterprise Server 11-SP4 (src): openssl-0.9.8j-0.97.1 SUSE Linux Enterprise Server 11-SP3-LTSS (src): openssl-0.9.8j-0.97.1 SUSE Linux Enterprise Server 11-SP2-LTSS (src): openssl-0.9.8j-0.97.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): openssl-0.9.8j-0.97.1 SUSE Linux Enterprise Debuginfo 11-SP3 (src): openssl-0.9.8j-0.97.1 SUSE Linux Enterprise Debuginfo 11-SP2 (src): openssl-0.9.8j-0.97.1
released all
SUSE-SU-2016:1360-1: An update that solves 5 vulnerabilities and has two fixes is now available. Category: security (important) Bug References: 968050,973223,976942,976943,977614,977615,977617 CVE References: CVE-2016-0702,CVE-2016-2105,CVE-2016-2106,CVE-2016-2108,CVE-2016-2109 Sources used: SUSE Linux Enterprise Server 10 SP4 LTSS (src): openssl-0.9.8a-18.96.1