BSDSec

deadsimple BSD Security Advisories and Announcements

NetBSD Security Advisory 2015-007: OpenSSL and SSLv3 vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

		NetBSD Security Advisory 2015-007
		=================================

Topic:		OpenSSL and SSLv3 vulnerabilities


Version:	NetBSD-current:		source prior to Mar 19th
		NetBSD 6.1 - 6.1.5:	affected
		NetBSD 6.0 - 6.0.6:	affected
		NetBSD 5.1 - 5.1.4:	affected
		NetBSD 5.2 - 5.2.2:	affected
		pkgsrc:			affected

Severity:	remote DoS, confidentiality compromise

Fixed:		NetBSD-current:		Mar 20th, 2015
		NetBSD-7 branch:	Mar 20th, 2015
		NetBSD-6-0 branch:	Mar 20th, 2015
		NetBSD-6-1 branch:	Mar 20th, 2015
		NetBSD-6 branch:	Mar 20th, 2015
		NetBSD-5-2 branch:	Mar 20th, 2015
		NetBSD-5-1 branch:	Mar 20th, 2015
		NetBSD-5 branch:	Mar 20th, 2015
		pkgsrc:			openssl-1.0.2a corrects this issue

Teeny versions released later than the fix date will contain the fix.

Please note that NetBSD releases prior to 5.1 are no longer supported.
It is recommended that all users upgrade to a supported release.


Abstract
========

This advisory covers the OpenSSL Security Advisory of Mar 19th, 2015
which lists eight different vulnerabilities that affect NetBSD releases:

RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204) (reclassified)
Segmentation fault in ASN1_TYPE_cmp (CVE-2015-0286)
ASN.1 structure reuse memory corruption (CVE-2015-0287)
PKCS7 NULL pointer dereferences (CVE-2015-0289)
Base64 decode (CVE-2015-0292) (fixed in January without advisory)
DoS via reachable assert in SSLv2 servers (CVE-2015-0293)
Use After Free following d2i_ECPrivatekey error (CVE-2015-0209)
X509_to_X509_REQ NULL pointer deref (CVE-2015-0288)


Technical Details
=================

See: https://www.openssl.org/news/secadv/20150319.txt


Solutions and Workarounds
=========================

Workarounds (partial) : the MiTM weakening of chosen encryption
will not work if the server does not allow weak encryption;
this is usually configurable on the server side.
This will incidentally also protect against CVE-2015-0293.

Solution:
Update the OpenSSL libraries and restart all affected services.

If you are on NetBSD 6.x or newer:
Please note that the versions below represent fixes of the vulnerabilities
against OpenSSL 1.0.1k; in the meantime the rest of OpenSSL 1.0.1m
has been applied, and we would suggest updating to that.

If you are using NetBSD 5.x:
Please be aware that while the crypto library from the OpenSSL in
NetBSD 5.x is still ok, that is not true for the ssl library.
The ssl library supports as newest and safest protocol TLS 1.0,
and that is no longer considered good enough. At the same time
we cannot just update OpenSSL on that branch to a newer version
since all available newer ones are incompatible.
Thus we would advise you to use OpenSSL from pkgsrc for all uses
where you actually want secure SSL connections.
Programs in base that use libssl are: amd, pkgtools, postfix,
hostapd, wpa_supplicant, httpd and the ldap client.
In cases where you use the encrypted communications feature of
these programs across an untrusted medium, using replacements
from pkgsrc is recommended as well.


- From source:
+-----------
Update src and rebuild and install.

Changed files:
relative to src/crypto/external/bsd/openssl/dist:
File				HEAD	netbsd-7
+ + + + + + + + + + + + + + + + + + + + + + + + + + +
crypto/asn1/a_type.c		1.2	1.1.1.1.26.2
crypto/asn1/tasn_dec.c		1.2	1.1.1.2.22.2
crypto/pkcs7/pk7_doit.c		1.2	1.1.1.5.2.1
crypto/pkcs7/pk7_lib.c		1.2	1.1.1.2.22.1
doc/crypto/d2i_X509.pod		1.2	1.1.1.2.26.1
ssl/s2_lib.c			1.3	1.1.1.2.2.2
ssl/s2_srvr.c			1.2	1.1.1.4.10.2

File				netbsd-6	netbsd-6-1	netbsd-6-0
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
crypto/asn1/a_type.c		1.1.1.1.8.2	1.1.1.1.22.2	1.1.1.1.14.2
crypto/asn1/tasn_dec.c		1.1.1.2.4.2	1.1.1.2.18.2	1.1.1.2.10.2
crypto/pkcs7/pk7_doit.c		1.1.1.3.4.3	1.1.1.3.4.1.6.2	1.1.1.3.4.1.4.2
crypto/pkcs7/pk7_lib.c		1.1.1.2.4.1	1.1.1.2.18.1	1.1.1.2.10.1
doc/crypto/d2i_X509.pod		1.1.1.2.8.1	1.1.1.2.22.1	1.1.1.2.14.1
ssl/s2_lib.c			1.1.1.1.8.3	1.1.1.1.22.3	1.1.1.1.14.3
ssl/s2_srvr.c			1.1.1.3.4.3	1.1.1.3.12.3	1.1.1.3.10.3

relative to src/crypto/dist/openssl:
File				netbsd-5	netbsd-5-2	netbsd-5-1
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
crypto/asn1/a_type.c		1.1.1.7.4.2	1.1.1.7.2.2	1.1.1.7.12.2
crypto/asn1/tasn_dec.c		1.8.4.3		1.8.4.1.10.2	1.8.4.1.6.2
crypto/pkcs7/pk7_doit.c		1.6.4.1		1.6.2.1		1.6.12.1
crypto/pkcs7/pk7_lib.c		1.1.1.8.4.1	1.1.1.8.2.1	1.1.1.8.12.1
doc/crypto/d2i_X509.pod		1.1.1.2.26.1	1.1.1.2.38.1	1.1.1.2.34.1
ssl/s2_lib.c			1.12.4.2	1.12.2.2	1.12.12.2
ssl/s2_srvr.c			1.9.4.3		1.9.4.1.10.2	1.9.4.1.6.2


- From tarballs:
+-------------
To obtain fixed binaries, fetch the appropriate base.tgz and comp.tgz
from a daily build later than the fix dates, from
http://nyftp.netbsd.org/pub/NetBSD-daily/<rel>/<date>/<arch>/binary/sets/
with a date later than the fix date for your branch as listed above,
and your release version and architecture
(e.g. http://nyftp.netbsd.org/pub/NetBSD-daily/netbsd-6-1/201503XXXX00Z/amd64/binary/sets/),
and then extract the files:

Shared libraries:

tar xzpf base.tgz \*libssl\* \*libcrypto\*

And static libraries and linker config files:

tar xzpf comp.tgz \*libssl\* \*libcrypto\*

Get the fixed library into use
+-----------------------------
Since the vulnerability is in a shared library, getting the old
library purged and the fixed one into use requires restarting
all programs that load libssl.
The easiest way to do this is to reboot the system.

Another method, using /bin/sh:

ps ax -o pid | (while read pid; do \
        pmap $pid | egrep '(libssl|libcrypto)' && echo found $pid ;\
done)

will find non-chrooted programs that have the affected libraries open;
you'll need to restart them.
sshd, ntp and named may not show up in this list since they may
run chrooted and re-exec'ed but they also would need to be restarted.
ldd <programname> will show the shared libraries a program will
want to use.


Thanks To
=========

Thanks to the OpenSSL development team for the advisory and fixes,
Karthikeyan Bhargavan of the PROSECCO team at INRIA for reporting
	CVE-2015-0204,
Emilia Käsper for reporting CVE-2015-0287,
Michal Zalewski (Google) for reporting CVE-2015-0289,
Robert Dugal and David Ramos for independently reporting CVE-2015-0292,
Sean Burford (Google) and Emilia Käsper (OpenSSL development team)
	for reporting CVE-2015-0293,
the BoringSSL project for detecting CVE-2015-0209,
and Brian Carpenter for reporting CVE-2015-0288.


Revision History
================

	2015-08-19	Initial release


More Information
================

Advisories may be updated as new information becomes available.
The most recent version of this advisory (PGP signed) can be found at 
  http://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2015-007.txt.asc

Information about NetBSD and NetBSD security can be found at
http://www.NetBSD.org/ and http://www.NetBSD.org/Security/ .


Copyright 2015, The NetBSD Foundation, Inc.  All Rights Reserved.
Redistribution permitted only in full, unmodified form.

$NetBSD: NetBSD-SA2015-007.txt,v 1.1 2015/08/19 18:15:33 tonnerre Exp $

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJV1NnMAAoJEAZJc6xMSnBuM3QQAKuY5xLMlHt/lmK4bhRPzasf
rFlXtOeoUK1rAvbtxfFWSIVIT/PGmx8LZN5gS7I6oQnUdY6T8lle0us47f3LuU00
asHocE4+7FsY0qo/AwEZ0iiTHnf7obV3D6CXFWOhuUaKa1VL8JaiB5YjYVfuGqff
IcrhAKydj+zSkBm9U5zQq1EliWf0DZ2mlu1sZQiRTk2eBaOqNtVlKb9N/W3oPAKi
YWOoHjKfuiORRfnwhVRQGRZLJYJWug+hsvpGpM6lnLAh8gBejzlekaRGp0D2AUu8
e4THLzm9bBOTrLP9SZI9LHytQMPwtOLTryu1lsnQ/ei5jDSC+MARLsYdBSgmv8BQ
V8E29brDpyHHiLQU1VAMqSBUSUxzU20gz8eflpcS99urpVpIxmQ0JfSFjBPYHoOk
TAA3zCzI0eYDRYskaTRZMor2GUJ23oNGFoKQzxrMVpDnYstyFLBsHMxZ09irJHLz
V3nPoun6JTGmhacegXKmP3j3UEn76zwkWpV41r7Ln1cerq+vd8Vdlh3Hsq+VFgmM
xopjvChRFwD9YAn8vCF+/HJs/+1AuA4irsy0pzajNqI2oCgrGnWlwYZBEuZoVour
xMFYwaWgnHeMZgnDSZ3S1PFUwWkV1RdEBwLQhaUKAVjhagVC0yaOv8tI3fXh1iPe
fWpt/tcI7AXBp/Os/z4F
=yvyo
-----END PGP SIGNATURE-----