'Re: [oss-security] CVE Request -- tsqllib, slurm-llnl, libnasl,'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE Request -- tsqllib, slurm-llnl, libnasl,
From:       "Steven M. Christey" <coley () linus ! mitre ! org>
Date:       2009-01-21 2:25:41
Message-ID: Pine.GSO.4.51.0901202124410.22454 () faron ! mitre ! org
[Download RAW message or body]


Notice the various disputes, including one by Renaud Deraison from Nessus,
who says that while the issue is a bug, there is no security impact.

- Steve

======================================================
Name: CVE-2009-0124
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0124
Reference: MLIST:[oss-security] 20090112 CVE Request -- tsqllib, slurm-llnl, libnasl, \
                libcrypt-openssl-dsa-perl, erlang, boinc-client, m2crypto
Reference: URL:http://openwall.com/lists/oss-security/2009/01/12/4
Reference: MISC:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511509
Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=479650

The tqsl_verifyDataBlock function in openssl_cert.cpp in American
Radio Relay League (ARRL) tqsllib 2.0 does not properly check the
return value from the OpenSSL EVP_VerifyFinal function, which allows
remote attackers to bypass validation of the certificate chain via a
malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.


======================================================
Name: CVE-2009-0125
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0125
Reference: MLIST:[oss-security] 20090112 CVE Request -- tsqllib, slurm-llnl, libnasl, \
                libcrypt-openssl-dsa-perl, erlang, boinc-client, m2crypto
Reference: URL:http://openwall.com/lists/oss-security/2009/01/12/4
Reference: MISC:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511517
Reference: CONFIRM:http://cvs.fedoraproject.org/viewvc/rpms/libnasl/F-10/libnasl.spec?r1=1.16&r2=1.17
                
Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=479655
Reference: VIM:20090120 CVE-2009-0125 (fwd)
Reference: URL:http://www.attrition.org/pipermail/vim/2009-January/002133.html

** DISPUTED **

NOTE: this issue has been disputed by the vendor.  nasl/nasl_crypto2.c
in the Nessus Attack Scripting Language library (aka libnasl) 2.2.11
does not properly check the return value from the OpenSSL
DSA_do_verify function, which allows remote attackers to bypass
validation of the certificate chain via a malformed SSL/TLS signature,
a similar vulnerability to CVE-2008-5077.  NOTE: the vendor has
disputed this issue, stating "while we do misuse this function (this
is a bug), it has absolutely no security ramification."


======================================================
Name: CVE-2009-0126
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0126
Reference: MLIST:[oss-security] 20090112 CVE Request -- tsqllib, slurm-llnl, libnasl, \
                libcrypt-openssl-dsa-perl, erlang, boinc-client, m2crypto
Reference: URL:http://openwall.com/lists/oss-security/2009/01/12/4
Reference: CONFIRM:http://boinc.berkeley.edu/trac/changeset/16883
Reference: CONFIRM:http://boinc.berkeley.edu/trac/ticket/823
Reference: CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511521
Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=479664

The decrypt_public function in lib/crypt.cpp in the client in Berkeley
Open Infrastructure for Network Computing (BOINC) 6.2.14 and 6.4.5
does not check the return value from the OpenSSL RSA_public_decrypt
function, which allows remote attackers to bypass validation of the
certificate chain via a malformed SSL/TLS signature, a similar
vulnerability to CVE-2008-5077.


======================================================
Name: CVE-2009-0127
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0127
Reference: MLIST:[oss-security] 20090112 CVE Request -- tsqllib, slurm-llnl, libnasl, \
                libcrypt-openssl-dsa-perl, erlang, boinc-client, m2crypto
Reference: URL:http://openwall.com/lists/oss-security/2009/01/12/4
Reference: MISC:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511515
Reference: MISC:https://bugzilla.redhat.com/show_bug.cgi?id=479676

** DISPUTED ** M2Crypto does not properly check the return value from
the OpenSSL EVP_VerifyFinal, DSA_verify, ECDSA_verify, DSA_do_verify,
and ECDSA_do_verify functions, which might allow remote attackers to
bypass validation of the certificate chain via a malformed SSL/TLS
signature, a similar vulnerability to CVE-2008-5077.  NOTE: a Linux
vendor disputes the relevance of this report to the M2Crypto product
because "these functions are not used anywhere in m2crypto."


======================================================
Name: CVE-2009-0128
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0128
Reference: MLIST:[oss-security] 20090112 CVE Request -- tsqllib, slurm-llnl, libnasl, \
                libcrypt-openssl-dsa-perl, erlang, boinc-client, m2crypto
Reference: URL:http://openwall.com/lists/oss-security/2009/01/12/4
Reference: MISC:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511511

plugins/crypto/openssl/crypto_openssl.c in Simple Linux Utility for
Resource Management (aka SLURM or slurm-llnl) does not properly check
the return value from the OpenSSL EVP_VerifyFinal function, which
allows remote attackers to bypass validation of the certificate chain
via a malformed SSL/TLS signature, a similar vulnerability to
CVE-2008-5077.


======================================================
Name: CVE-2009-0129
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0129
Reference: MLIST:[oss-security] 20090112 CVE Request -- tsqllib, slurm-llnl, libnasl, \
                libcrypt-openssl-dsa-perl, erlang, boinc-client, m2crypto
Reference: URL:http://openwall.com/lists/oss-security/2009/01/12/4
Reference: CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511519

libcrypt-openssl-dsa-perl does not properly check the return value
from the OpenSSL DSA_verify and DSA_do_verify functions, which might
allow remote attackers to bypass validation of the certificate chain
via a malformed SSL/TLS signature, a similar vulnerability to
CVE-2008-5077.


======================================================
Name: CVE-2009-0130
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0130
Reference: MLIST:[oss-security] 20090112 CVE Request -- tsqllib, slurm-llnl, libnasl, \
                libcrypt-openssl-dsa-perl, erlang, boinc-client, m2crypto
Reference: URL:http://openwall.com/lists/oss-security/2009/01/12/4
Reference: MISC:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511520

** DISPUTED ** lib/crypto/c_src/crypto_drv.c in erlang does not
properly check the return value from the OpenSSL DSA_do_verify
function, which might allow remote attackers to bypass validation of
the certificate chain via a malformed SSL/TLS signature, a similar
vulnerability to CVE-2008-5077.  NOTE: a package maintainer disputes
this issue, reporting that there is a proper check within the only
code that uses the applicable part of crypto_drv.c, and thus "this
report is invalid."


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic