[Pkg-openssl-devel] Bug#675436: openssl: Buffer overflow vulnerability

Vin Buccigrossi chenz9187 at gmail.com
Thu Mar 17 14:33:06 UTC 2016


Ok so I took a look through and the bug is present in older versions of
open ssl but it seems as of 1.0.2g it has been fixed.

Thank you,
Vinny
On Mar 13, 2016 11:40 AM, "Sebastian Andrzej Siewior"
<sebastian at breakpoint.cc> wrote:

> I tried to reproduce the bug and before that I look at
> PEM_def_callback() / EVP_read_pw_string_min() where the input password
> is read / checked for valid length. The limit is sometimes 1024 sometimes
> larger but it never overwrites anything.
> I tried various tests ala
>   openssl x509 -days 3650 -CA cacert.pem -CAkey cakey.pem -req -in \
>   cert-req.pem -outform PEM -out cert.pem -CAserial serial \
>   -passin $PASS
>
> with $PASS in "pass:, env: file: and fd:" and a length of 4101 and 9101
> bytes (x…x + \n) and never saw stack-protector screaming up.
>
> There are no additional information in the bugtraq report [0] or here. If
> there was something it might have been fixed by now. At least I can't find
> any evidence in current version.
>
> Any reason not to close this bug?
>
> [0] http://seclists.org/bugtraq/2012/May/155
>
> Sebastian
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-openssl-devel/attachments/20160317/c78ceea3/attachment.html>


More information about the Pkg-openssl-devel mailing list