[Pkg-openssl-devel] Bug#511196: CVE-2008-5077 Incorrect checks for malformed signatures
Sebastian Andrzej Siewior
sebastian at breakpoint.cc
Thu Jan 8 12:28:21 UTC 2009
Package: openssl
Version: 0.9.8g-15
Severity: important
Tags: +security +fixed-upstream
Advisory from OpenSSL [1]:
|Incorrect checks for malformed signatures
|===========================================
|
|Several functions inside OpenSSL incorrectly checked the result after
|calling the EVP_VerifyFinal function, allowing a malformed signature
|to be treated as a good signature rather than as an error. This issue
|affected the signature checks on DSA and ECDSA keys used with
|SSL/TLS.
|
|One way to exploit this flaw would be for a remote attacker who is in
|control of a malicious server or who can use a 'man in the middle'
|attack to present a malformed SSL/TLS signature from a certificate chain
|to a vulnerable client, bypassing validation.
|
|This vulnerability is tracked as CVE-2008-5077.
|
|The OpenSSL security team would like to thank the Google Security Team
|for reporting this issue.
|
|Who is affected?
|=================
|
|Everyone using OpenSSL releases prior to 0.9.8j as an SSL/TLS client
|when connecting to a server whose certificate contains a DSA or ECDSA
|key.
|
|Use of OpenSSL as an SSL/TLS client when connecting to a server whose
|certificate uses an RSA key is NOT affected.
|
|Verification of client certificates by OpenSSL servers for any key type
|is NOT affected.
The advisory contains a patch.
[1] http://www.openssl.org/news/secadv_20090107.txt
Sebastian
More information about the Pkg-openssl-devel
mailing list