169 lines
6.8 KiB
Text
169 lines
6.8 KiB
Text
-----BEGIN PGP SIGNED MESSAGE-----
|
|
Hash: SHA512
|
|
|
|
=============================================================================
|
|
FreeBSD-SA-17:12.openssl Security Advisory
|
|
The FreeBSD Project
|
|
|
|
Topic: OpenSSL multiple vulnerabilities
|
|
|
|
Category: contrib
|
|
Module: openssl
|
|
Announced: 2017-12-09
|
|
Affects: All supported versions of FreeBSD.
|
|
Corrected: 2017-12-07 18:04:48 UTC (stable/11, 11.1-STABLE)
|
|
2017-12-09 03:44:26 UTC (releng/11.1, 11.1-RELEASE-p6)
|
|
2017-12-09 03:41:31 UTC (stable/10, 10.4-STABLE)
|
|
2017-12-09 03:45:23 UTC (releng/10.4, 10.4-RELEASE-p5)
|
|
2017-12-09 03:45:23 UTC (releng/10.3, 10.3-RELEASE-p26)
|
|
CVE Name: CVE-2017-3737, CVE-2017-3738
|
|
|
|
For general information regarding FreeBSD Security Advisories,
|
|
including descriptions of the fields above, security branches, and the
|
|
following sections, please visit <URL:https://security.FreeBSD.org/>.
|
|
|
|
I. Background
|
|
|
|
FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is
|
|
a collaborative effort to develop a robust, commercial-grade, full-featured
|
|
Open Source toolkit for the Transport Layer Security (TLS) and Secure Sockets
|
|
Layer (SSL) protocols. It is also a full-strength general purpose
|
|
cryptography library.
|
|
|
|
II. Problem Description
|
|
|
|
Invoking SSL_read()/SSL_write() while in an error state causes data to be
|
|
passed without being decrypted/encrypted directly from the SSL/TLS record
|
|
layer.
|
|
|
|
In order to exploit this issue an application bug would have to be present
|
|
that resulted in a call to SSL_read()/SSL_write() being issued after having
|
|
already received a fatal error. [CVE-2017-3737]
|
|
|
|
There is an overflow bug in the x86_64 Montgomery multiplication procedure
|
|
used in exponentiation with 1024-bit moduli. This only affects processors
|
|
that support the AVX2 but not ADX extensions like Intel Haswell (4th
|
|
generation). [CVE-2017-3738] This bug only affects FreeBSD 11.x.
|
|
|
|
III. Impact
|
|
|
|
Applications with incorrect error handling may inappropriately pass
|
|
unencrypted data. [CVE-2017-3737]
|
|
|
|
Mishandling of carry propagation will produce incorrect output, and make it
|
|
easier for a remote attacker to obtain sensitive private-key information. No
|
|
EC algorithms are affected and analysis suggests that attacks against RSA and
|
|
DSA as a result of this defect would be very difficult to perform and are not
|
|
believed likely.
|
|
|
|
Attacks against DH1024 are considered just feasible (although very difficult)
|
|
because most of the work necessary to deduce information about a private key
|
|
may be performed offline. The amount of resources required for such an
|
|
attack would be very significant and likely only accessible to a limited
|
|
number of attackers. However, for an attack on TLS to be meaningful, the
|
|
server would have to share the DH1024 private key among multiple clients,
|
|
which is no longer an option since CVE-2016-0701. [CVE-2017-3738]
|
|
|
|
IV. Workaround
|
|
|
|
No workaround is available.
|
|
|
|
V. Solution
|
|
|
|
Perform one of the following:
|
|
|
|
1) Upgrade your vulnerable system to a supported FreeBSD stable or
|
|
release / security branch (releng) dated after the correction date.
|
|
|
|
Restart all daemons that use the library, or reboot the system.
|
|
|
|
2) To update your vulnerable system via a binary patch:
|
|
|
|
Systems running a RELEASE version of FreeBSD on the i386 or amd64
|
|
platforms can be updated via the freebsd-update(8) utility:
|
|
|
|
# freebsd-update fetch
|
|
# freebsd-update install
|
|
|
|
Restart all daemons that use the library, or reboot the system.
|
|
|
|
3) To update your vulnerable system via a source code patch:
|
|
|
|
The following patches have been verified to apply to the applicable
|
|
FreeBSD release branches.
|
|
|
|
a) Download the relevant patch from the location below, and verify the
|
|
detached PGP signature using your PGP utility.
|
|
|
|
[FreeBSD 10.x]
|
|
# fetch https://security.FreeBSD.org/patches/SA-17:12/openssl-10.patch
|
|
# fetch https://security.FreeBSD.org/patches/SA-17:12/openssl-10.patch.asc
|
|
# gpg --verify openssl-10.patch.asc
|
|
|
|
[FreeBSD 11.x]
|
|
# fetch https://security.FreeBSD.org/patches/SA-17:12/openssl-11.patch
|
|
# fetch https://security.FreeBSD.org/patches/SA-17:12/openssl-11.patch.asc
|
|
# gpg --verify openssl-11.patch.asc
|
|
|
|
b) Apply the patch. Execute the following commands as root:
|
|
|
|
# cd /usr/src
|
|
# patch < /path/to/patch
|
|
|
|
c) Recompile the operating system using buildworld and installworld as
|
|
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
|
|
|
|
Restart all daemons that use the library, or reboot the system.
|
|
|
|
VI. Correction details
|
|
|
|
The following list contains the correction revision numbers for each
|
|
affected branch.
|
|
|
|
Branch/path Revision
|
|
- -------------------------------------------------------------------------
|
|
stable/10/ r326721
|
|
releng/10.3/ r326723
|
|
releng/10.4/ r326723
|
|
stable/11/ r326663
|
|
releng/11.1/ r326722
|
|
- -------------------------------------------------------------------------
|
|
|
|
To see which files were modified by a particular revision, run the
|
|
following command, replacing NNNNNN with the revision number, on a
|
|
machine with Subversion installed:
|
|
|
|
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
|
|
|
|
Or visit the following URL, replacing NNNNNN with the revision number:
|
|
|
|
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
|
|
|
|
VII. References
|
|
|
|
<URL:https://www.openssl.org/news/secadv/20171207.txt>
|
|
|
|
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3737>
|
|
|
|
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3738>
|
|
|
|
The latest revision of this advisory is available at
|
|
<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-17:12.openssl.asc>
|
|
-----BEGIN PGP SIGNATURE-----
|
|
|
|
iQKTBAEBCgB9FiEEHPf/b631yp++G4yy7Wfs1l3PaucFAlorX9pfFIAAAAAALgAo
|
|
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDFD
|
|
RjdGRjZGQURGNUNBOUZCRTFCOENCMkVENjdFQ0Q2NURDRjZBRTcACgkQ7Wfs1l3P
|
|
aucRig//XLyBjQb+uqZbCWBG9TuefOrdNFeGay5QjBMXRT6TsHel+lUQbAZuMoA7
|
|
p4Iammlir+krH9+D/iWPZqLVRhY29LMmI7eyCL9vgA0McRsoDI1bN0daJiAOypo4
|
|
AWjzslm+Z/8vLcs93fpi0Y26yf45CY8uzGVJBspGg1D9wPJ60bqKqimCPTYMBXtS
|
|
2ZecrF89Vg9u+U2dYmsoTryBNerPR+UWLMtO5DUUgDtcdAdINKjjcQt6i6A0XPr2
|
|
2d7fzVCN4k4eBqmOOi1YWL96uoYcfDOCmUWD4NYN3x6+1n/oHVpviYYi8CgXJNbU
|
|
1dsD6fPeAlqfBOi4e3tNKY2bwzq93/nJF9/RpzDz2JDlUxjHk2jc0EG64Dh3HSjK
|
|
hwzXhc43qWnfzTs6PRkgZRNQp+0NFEZZT8gEXEQ8mCnW+3qF0LgvQYHBFknGDYCi
|
|
EdZhnVN+DTHvaqLJpVrgE8TKt/qWCkdhsw1RRQblAovsC6CZZD3lYUS/o86jn2tp
|
|
WVjndsfmfNs2EFWeZsKcwYCb+bdQGXbhlxb8iSU7f+U+msau5ZF++0+6T/EXvuvq
|
|
hVOfwXJUD8xjO1ebZ+gtjn4HvRORLXqwi3zkoKJrSBOikK5ttlKyed445Q0cvuRk
|
|
UHpNB7+q57SrO/4syinjh9fozSVSf78tTZaI9YbTCuC3DRY5luI=
|
|
=/29R
|
|
-----END PGP SIGNATURE-----
|