Debian Bug report logs - #309111
[GNUTLS-SA-2005-1] DoS security problem in gnutls <=1.0.24 (and <=1.2.3)

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: "Vincent Deffontaines" <vincent.deffontaines@inl.fr>

To: submit@bugs.debian.org

Subject: [GNUTLS-SA-2005-1] DoS security problem in gnutls <=1.0.24 (and <=1.2.3)

Date: Sat, 14 May 2005 19:10:29 +0200 (CEST)

Package: libgnutls11
Version: 1.0.16-9
Severity: serious

The current libgnutls11 ships with a major bug, which improperly checks
user provided data, and can easily lead to denial of service attacks.

The bug was discovered by INL during a security audit of NuFW, and
reported to the gnutls development team, who released a new version
(1.0.25 and 1.2.3) correcting the bug.

More details about this issue can be found at this URL :
http://www.gnu.org/software/gnutls/security.html

The bug was also reported to Debian's security team during the 2nd half of
April, with no feedback at this time.

I am marking the severity as serious, as this actually makes other
software installed on the system potentially unusable by easily allowing a
Denial of Service attack on other packages such as OpenLDAP. Maybe this
should be marked a higher severity?

I suggest the package be upgraded to 1.0.25, or the bugfix be backported
to debian's 1.0.16.

Regards,

Vincent Deffontaines

Message #12 received at 309111@bugs.debian.org (full text, mbox, reply):

From: Matthijs Mohlmann <matthijs@cacholong.nl>

To: 309111@bugs.debian.org

Subject: Re: [GNUTLS-SA-2005-1] DoS security problem in gnutls <=1.0.24 (and <=1.2.3)

Date: Sun, 15 May 2005 12:44:44 +0200

[Message part 1 (text/plain, inline)]

Hi,

Attached a patch from cvs which fixes the problem.

Regards,

Matthijs Mohlmann

[security.patch (text/x-patch, inline)]

===================================================================
RCS file: /cvs/gnutls/gnutls/lib/gnutls_cipher.c,v
retrieving revision 2.70.2.4
retrieving revision 2.70.2.5
diff -u -r2.70.2.4 -r2.70.2.5
--- gnutls/lib/gnutls_cipher.c	2004/02/27 17:51:58	2.70.2.4
+++ gnutls/lib/gnutls_cipher.c	2005/04/27 17:43:56	2.70.2.5
@@ -448,7 +448,7 @@
 		
 		/* Check the pading bytes (TLS 1.x)
 		 */
-		if ( ver >= GNUTLS_TLS1)
+		if ( ver >= GNUTLS_TLS1 && pad_failed==0)
 		for (i=2;i<pad;i++) {
 			if (ciphertext.data[ciphertext.size-i] != ciphertext.data[ciphertext.size - 1]) 
 				pad_failed = GNUTLS_E_DECRYPTION_FAILED;
===================================================================
RCS file: /cvs/gnutls/gnutls/lib/gnutls_mpi.h,v
retrieving revision 2.18.4.5
retrieving revision 2.18.4.6
diff -u -r2.18.4.5 -r2.18.4.6
--- gnutls/lib/gnutls_mpi.h	2004/08/18 12:07:21	2.18.4.5
+++ gnutls/lib/gnutls_mpi.h	2005/04/27 17:43:56	2.18.4.6
@@ -26,6 +26,7 @@
 #define _gnutls_mpi_mul gcry_mpi_mul
 #define _gnutls_mpi_add gcry_mpi_add
 #define _gnutls_mpi_add_ui gcry_mpi_add_ui
+#define _gnutls_mpi_sub_ui gcry_mpi_sub_ui
 #define _gnutls_mpi_mul_ui gcry_mpi_mul_ui
 #define _gnutls_prime_check gcry_prime_check
 #define _gnutls_mpi_div gcry_mpi_div

[signature.asc (application/pgp-signature, attachment)]

Message #17 received at 309111@bugs.debian.org (full text, mbox, reply):

From: Matthijs Mohlmann <matthijs@cacholong.nl>

To: 309111@bugs.debian.org

Subject: Re: [GNUTLS-SA-2005-1] DoS security problem in gnutls <=1.0.24 (and <=1.2.3)

Date: Sun, 15 May 2005 13:24:08 +0200

[Message part 1 (text/plain, inline)]

Hi,

It seems that the last part of the patch is already applied.

Sorry, i didn't noticed that.

Regards,

Matthijs Mohlmann

[signature.asc (application/pgp-signature, attachment)]

Message #24 received at 309111@bugs.debian.org (full text, mbox, reply):

From: Steve Langasek <vorlon@debian.org>

To: Matthijs Mohlmann <matthijs@cacholong.nl>, 309111@bugs.debian.org

Subject: Re: Bug#309111: [GNUTLS-SA-2005-1] DoS security problem in gnutls <=1.0.24 (and <=1.2.3)

Date: Sun, 15 May 2005 05:18:37 -0700

[Message part 1 (text/plain, inline)]

Hi Matthijs,

On Sun, May 15, 2005 at 12:44:44PM +0200, Matthijs Mohlmann wrote:
> Attached a patch from cvs which fixes the problem.

What does the second part of this patch have to do with the first?

-- 
Steve Langasek
postmodern programmer

> ===================================================================
> RCS file: /cvs/gnutls/gnutls/lib/gnutls_cipher.c,v
> retrieving revision 2.70.2.4
> retrieving revision 2.70.2.5
> diff -u -r2.70.2.4 -r2.70.2.5
> --- gnutls/lib/gnutls_cipher.c	2004/02/27 17:51:58	2.70.2.4
> +++ gnutls/lib/gnutls_cipher.c	2005/04/27 17:43:56	2.70.2.5
> @@ -448,7 +448,7 @@
>  		
>  		/* Check the pading bytes (TLS 1.x)
>  		 */
> -		if ( ver >= GNUTLS_TLS1)
> +		if ( ver >= GNUTLS_TLS1 && pad_failed==0)
>  		for (i=2;i<pad;i++) {
>  			if (ciphertext.data[ciphertext.size-i] != ciphertext.data[ciphertext.size - 1]) 
>  				pad_failed = GNUTLS_E_DECRYPTION_FAILED;
> ===================================================================
> RCS file: /cvs/gnutls/gnutls/lib/gnutls_mpi.h,v
> retrieving revision 2.18.4.5
> retrieving revision 2.18.4.6
> diff -u -r2.18.4.5 -r2.18.4.6
> --- gnutls/lib/gnutls_mpi.h	2004/08/18 12:07:21	2.18.4.5
> +++ gnutls/lib/gnutls_mpi.h	2005/04/27 17:43:56	2.18.4.6
> @@ -26,6 +26,7 @@
>  #define _gnutls_mpi_mul gcry_mpi_mul
>  #define _gnutls_mpi_add gcry_mpi_add
>  #define _gnutls_mpi_add_ui gcry_mpi_add_ui
> +#define _gnutls_mpi_sub_ui gcry_mpi_sub_ui
>  #define _gnutls_mpi_mul_ui gcry_mpi_mul_ui
>  #define _gnutls_prime_check gcry_prime_check
>  #define _gnutls_mpi_div gcry_mpi_div

[signature.asc (application/pgp-signature, inline)]

Message #29 received at 309111@bugs.debian.org (full text, mbox, reply):

From: Matthijs Mohlmann <matthijs@cacholong.nl>

To: Steve Langasek <vorlon@debian.org>, 309111@bugs.debian.org

Subject: Re: Bug#309111: [GNUTLS-SA-2005-1] DoS security problem in gnutls <=1.0.24 (and <=1.2.3)

Date: Sun, 15 May 2005 14:43:39 +0200

[Message part 1 (text/plain, inline)]

Hi,

It was in the same commit in cvs as the first part and i thought it has
something todo with the security problem. Later i reviewed the patch
again and the second part seems already applied by a previous upload.

It was included in the patch I submitted by accident.

I'm still wondering why the first part of the patch was not applied in a
previous upload.

Regards,

Matthijs Mohlmann

PS: if you want me to prepare a NMU please ask, I'll ask my mentor to
upload.

Steve Langasek wrote:
> Hi Matthijs,
> 
> On Sun, May 15, 2005 at 12:44:44PM +0200, Matthijs Mohlmann wrote:
> 
>>Attached a patch from cvs which fixes the problem.
> 
> 
> What does the second part of this patch have to do with the first?
> 

[signature.asc (application/pgp-signature, attachment)]

Message #34 received at 309111@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <jmm@inutil.org>

To: 309111@bugs.debian.org

Cc: control@bugs.debian.org, vorlon@debian.org

Subject: gnutls DoS bug - Already filed

Date: Sun, 15 May 2005 21:15:23 +0200

merge 309111 307641
thanks

I've already filed this as 307641 11 days ago. The second part fixes
an issue in the RSA key export that looks worthy to be included in
Sarge as well. My original report includes two patches; for the DoS
issue and a patch which includes the RSA fix as well.

Cheers,
        Moritz

Message #41 received at 309111@bugs.debian.org (full text, mbox, reply):

From: Jeroen van Wolffelaar <jeroen@wolffelaar.nl>

To: Moritz Muehlenhoff <jmm@inutil.org>, 309111@bugs.debian.org

Cc: control@bugs.debian.org, vorlon@debian.org, team@security.debian.org

Subject: Re: gnutls DoS bug - Already filed

Date: Sun, 22 May 2005 23:19:11 +0200

tags 309111 - fixed
tags 309111 + sarge
thanks

On Sun, May 15, 2005 at 09:15:23PM +0200, Moritz Muehlenhoff wrote:
> The second part fixes an issue in the RSA key export that looks worthy
> to be included in Sarge as well. My original report includes two
> patches; for the DoS issue and a patch which includes the RSA fix as
> well.

NMU'd -13.1 for unstable, Sarge still needs to be fixed. Steve Langasek
has expressed concerns about the unstable vs testing difference,
especially the changes in -11.

The below patch also applies cleanly to the sarge version, and I tested
it succesfully with some ssl using applications on two sarge machines
(both i386 though). Also the fix looks really non-invasively trivial.

Joey/security team, ok to upload the below (built for sarge, with
modified changelog entry (version & dist) to testing-security?

--Jeroen

--- gnutls11-1.0.16/debian/changelog
+++ gnutls11-1.0.16/debian/changelog
@@ -1,3 +1,11 @@
+gnutls11 (1.0.16-13.1) unstable; urgency=high
+
+  * Non-Maintainer Upload fixing DoS
+  * DoS in TLS 1.x record packet parsing [CAN-2005-1431, GNUTLS-SA-2005-1]
+    (Closes: #309111)
+
+ -- Jeroen van Wolffelaar <jeroen@wolffelaar.nl>  Sun, 22 May 2005 21:47:58 +0200
+
 gnutls11 (1.0.16-13) unstable; urgency=high
 
   * Fixed an ASN.1 extraction error.
--- gnutls11-1.0.16.orig/lib/gnutls_cipher.c
+++ gnutls11-1.0.16/lib/gnutls_cipher.c
@@ -448,7 +448,7 @@
 		
 		/* Check the pading bytes (TLS 1.x)
 		 */
-		if ( ver >= GNUTLS_TLS1)
+		if ( ver >= GNUTLS_TLS1 && pad_failed==0 )
 		for (i=2;i<pad;i++) {
 			if (ciphertext.data[ciphertext.size-i] != ciphertext.data[ciphertext.size - 1]) 
 				pad_failed = GNUTLS_E_DECRYPTION_FAILED;

-- 
Jeroen van Wolffelaar
jeroen@wolffelaar.nl
http://jeroen.A-Eskwadraat.nl

Message #52 received at 309111-done@bugs.debian.org (full text, mbox, reply):

From: James Westby <jw+debian@jameswestby.net>

To: 309111-done@bugs.debian.org

Subject: Re: gnutls DoS bug - Fixed a long time ago

Date: Thu, 8 Jun 2006 01:56:00 +0100

Closing this bug as it was abviously fixed a long time ago.

I have verified that the fix in the bug report is applied in both
1.0.16-13.2 (Sarge) and 1.0.16-14+b1 (Etch/Sid).

James

-- 
  James Westby
  jw+debian@jameswestby.net
  http://jameswestby.net/

Send a report that this bug log contains spam.