Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2010-2939

Source

Debian Bug report logs - #594415
CVE-2010-2939: Double free

Package: openssl; Maintainer for openssl is Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>; Source for openssl is src:openssl (PTS, buildd, popcon).

Reported by: Moritz Muehlenhoff <jmm@debian.org>

Date: Wed, 25 Aug 2010 20:06:01 UTC

Severity: grave

Tags: security

Found in version openssl/0.9.8o-1

Fixed in versions openssl/0.9.8o-2, openssl/0.9.8g-15+lenny8

Done: Kurt Roeckx <kurt@roeckx.be>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>:
Bug#594415; Package openssl. (Wed, 25 Aug 2010 20:06:04 GMT) (full text, mbox, link).

Acknowledgement sent to Moritz Muehlenhoff <jmm@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>. (Wed, 25 Aug 2010 20:06:05 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

Package: openssl
Version: 0.9.8o-1
Severity: grave
Tags: security

Please see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2939

Solar Designer posted an analysis on oss-security:

---

> Georgi Guninski found a double free issue in openssl's client implementation:
> http://www.mail-archive.com/openssl-dev@openssl.org/msg28043.html
> The affected code also is in pre 1.0 versions but only 1.0 uses ECDH
> for ssl by default AFAICT.

I took a brief look at the code.  ECDH was introduced somewhere between
0.9.7 and 0.9.8.  0.9.7m doesn't have it (so it was never backported to
those stable releases), 0.9.8 does.  The double-free bug, or at least
the code being patched now, is already present in 0.9.8.

Here's the trivial patch:

http://www.mail-archive.com/openssl-dev@openssl.org/msg28049.html

which should work for 0.9.8+ (applies cleanly to 0.9.8, with an offset)
and is not needed for older versions.

Alexander

---

Cheers,
        Moritz

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15@euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash

Versions of packages openssl depends on:
ii  libc6                   2.11.2-2         Embedded GNU C Library: Shared lib
ii  libssl0.9.8             0.9.8o-1         SSL shared libraries
ii  zlib1g                  1:1.2.3.4.dfsg-3 compression library - runtime

openssl recommends no packages.

Versions of packages openssl suggests:
ii  ca-certificates            20090814+nmu2 Common CA certificates

-- no debconf information

Reply sent to Kurt Roeckx <kurt@roeckx.be>:
You have taken responsibility. (Thu, 26 Aug 2010 17:51:03 GMT) (full text, mbox, link).

Notification sent to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer. (Thu, 26 Aug 2010 17:51:03 GMT) (full text, mbox, link).

Message #10 received at 594415-close@bugs.debian.org (full text, mbox, reply):

Source: openssl
Source-Version: 0.9.8o-2

We believe that the bug you reported is fixed in the latest version of
openssl, which is due to be installed in the Debian FTP archive:

libcrypto0.9.8-udeb_0.9.8o-2_amd64.udeb
  to main/o/openssl/libcrypto0.9.8-udeb_0.9.8o-2_amd64.udeb
libssl-dev_0.9.8o-2_amd64.deb
  to main/o/openssl/libssl-dev_0.9.8o-2_amd64.deb
libssl0.9.8-dbg_0.9.8o-2_amd64.deb
  to main/o/openssl/libssl0.9.8-dbg_0.9.8o-2_amd64.deb
libssl0.9.8_0.9.8o-2_amd64.deb
  to main/o/openssl/libssl0.9.8_0.9.8o-2_amd64.deb
openssl_0.9.8o-2.debian.tar.gz
  to main/o/openssl/openssl_0.9.8o-2.debian.tar.gz
openssl_0.9.8o-2.dsc
  to main/o/openssl/openssl_0.9.8o-2.dsc
openssl_0.9.8o-2_amd64.deb
  to main/o/openssl/openssl_0.9.8o-2_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 594415@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Kurt Roeckx <kurt@roeckx.be> (supplier of updated openssl package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 26 Aug 2010 18:25:29 +0200
Source: openssl
Binary: openssl libssl0.9.8 libcrypto0.9.8-udeb libssl-dev libssl0.9.8-dbg
Architecture: source amd64
Version: 0.9.8o-2
Distribution: unstable
Urgency: high
Maintainer: Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>
Changed-By: Kurt Roeckx <kurt@roeckx.be>
Description: 
 libcrypto0.9.8-udeb - crypto shared library - udeb (udeb)
 libssl-dev - SSL development libraries, header files and documentation
 libssl0.9.8 - SSL shared libraries
 libssl0.9.8-dbg - Symbol tables for libssl and libcrypto
 openssl    - Secure Socket Layer (SSL) binary and related cryptographic tools
Closes: 594415
Changes: 
 openssl (0.9.8o-2) unstable; urgency=high
 .
   * Fix CVE-2010-2939: Double free using ECDH. (Closes: #594415)
Checksums-Sha1: 
 37f88b2c9c8ce74989d8e29acdd16e55d295d24c 1967 openssl_0.9.8o-2.dsc
 fe2136e237f643962fa94096e28ca5916543e084 59243 openssl_0.9.8o-2.debian.tar.gz
 de25ae06394d2ba34d70602547214f28e86e33cc 1059178 openssl_0.9.8o-2_amd64.deb
 4294f425ab7c6054590428100fd3585972b22e68 945436 libssl0.9.8_0.9.8o-2_amd64.deb
 6e0689b5baeacde4da231497d3293ac218df0f78 642764 libcrypto0.9.8-udeb_0.9.8o-2_amd64.udeb
 c28b8e8cce0797fd7368f3bed610e327ad4b0df2 2296804 libssl-dev_0.9.8o-2_amd64.deb
 944874ac3ace165786e0afee7d1dfefe8a7e7618 1493268 libssl0.9.8-dbg_0.9.8o-2_amd64.deb
Checksums-Sha256: 
 35e31fa33dc1ca13942926f9405835401536c7f12ddf2f3b8463fdf2cd2ed249 1967 openssl_0.9.8o-2.dsc
 b2a473a80fd1f6cc6d6cbadf6773f1a970c634892816d9d9a1aeb5625a92abec 59243 openssl_0.9.8o-2.debian.tar.gz
 c1c49a11e1ed0971b3b581057cd07f344484ee5bb829ebd18f5a8ba2020b82c6 1059178 openssl_0.9.8o-2_amd64.deb
 ab96e5ed1eb8b01806faac41f86863afea036239333d003bd4715d18b4c5a683 945436 libssl0.9.8_0.9.8o-2_amd64.deb
 a4ebea246590fb02de28b79e73251a6d8856546df8f2c350cdcc2b0b3578f4ac 642764 libcrypto0.9.8-udeb_0.9.8o-2_amd64.udeb
 36c2bb2c232a323c923a7822cf93b0e6010145fc55f41aa7878ece4794835615 2296804 libssl-dev_0.9.8o-2_amd64.deb
 425ee8b9dadf1901da8304b6e9da90b57aeccdf2742a438dfeee453f362a2652 1493268 libssl0.9.8-dbg_0.9.8o-2_amd64.deb
Files: 
 44f733ea6ebd7c42d810ed4e56d28fa3 1967 utils optional openssl_0.9.8o-2.dsc
 a8e168d1b5aa794209e4298a8bed919a 59243 utils optional openssl_0.9.8o-2.debian.tar.gz
 56adf9a1f6a32f605420f5b8df29d044 1059178 utils optional openssl_0.9.8o-2_amd64.deb
 21ea85c5b47f3ef0b51210fde28225b0 945436 libs important libssl0.9.8_0.9.8o-2_amd64.deb
 bef24904cda749356c99eb28a51a41f3 642764 debian-installer optional libcrypto0.9.8-udeb_0.9.8o-2_amd64.udeb
 b8ecf6b59a3da53192a4d41d9307d633 2296804 libdevel optional libssl-dev_0.9.8o-2_amd64.deb
 ab7d3d1ef05dc5e588866724e9196c70 1493268 debug extra libssl0.9.8-dbg_0.9.8o-2_amd64.deb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAEBCgAGBQJMdqWIAAoJEGpMZM6DE7Xw9ZMP/1vDla2TWiTtqKzGEigFtkIJ
xmgVOxnRTbO3DMGwSwZZDpx1JTkjZAbSkz2FW1AOIGliaJoaKKT8hit+8xiiP/VI
OqmFSLXwwgDcctH2g57IUulGxFzwuxjyXs0A6otnQIGBEM7enbkHyicIx4XMJ0Gu
gfSdPmO1re1rkPry05xaNfLM/EVSTmYFTGlSGAiK8fU3xWSZipDZ1ga0IcUg1kh6
bqkO7ARFjjd+kLgQ/UW+d/G/prE2jG0Xs8QpwPsb6ni9hqIJEYF87PgvLRKKz340
ZPnlHvQuwzitUkHXKowK2kG+iOiufhBdUtW8RHjesfbVhfCdf1pdxwO1uX+tjbLR
OHQQvcpzZpa3qKuRJG1du6kkHrZ+v9ZxyXDJs41BsVUTOvSjy66FBTqJTHptIBmW
9NqdEfpFdH31LCjFlxwix4YeegfD/MTq24hScqkF+VRo8BETkEasWib+lxgnwndZ
k3IDil0AEfINMzk+HU3YtM/q9sftd+sbz0UxUj1g4857/MAGq5MtzoON46T2WeJw
GUHoRQNpLoCOidAEy9bU05xIKVNcyYwC/OOFGE7IDgBY476cuiGwE5nsAybjdnuT
Z5j5Sky3R89thcoYtG83oHTp3iMxKv6gEyhHGaKiNjOQ9px5ax6JlUPUbxaMnnOr
1n59F7cPbR7jlI7YtjeJ
=/6W+
-----END PGP SIGNATURE-----

Information forwarded to debian-bugs-dist@lists.debian.org, Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>:
Bug#594415; Package openssl. (Thu, 26 Aug 2010 18:27:03 GMT) (full text, mbox, link).

Acknowledgement sent to Kurt Roeckx <kurt@roeckx.be>:
Extra info received and forwarded to list. Copy sent to Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>. (Thu, 26 Aug 2010 18:27:03 GMT) (full text, mbox, link).

Message #15 received at 594415@bugs.debian.org (full text, mbox, reply):

On Wed, Aug 25, 2010 at 10:03:50PM +0200, Moritz Muehlenhoff wrote:
> Package: openssl
> Version: 0.9.8o-1
> Severity: grave
> Tags: security
> 
> Please see:
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2939

I've put a package stable at:
http://people.debian.org/~kroeckx/openssl/


Kurt

Reply sent to Kurt Roeckx <kurt@roeckx.be>:
You have taken responsibility. (Tue, 31 Aug 2010 14:00:16 GMT) (full text, mbox, link).

Notification sent to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer. (Tue, 31 Aug 2010 14:00:16 GMT) (full text, mbox, link).

Message #20 received at 594415-close@bugs.debian.org (full text, mbox, reply):

Source: openssl
Source-Version: 0.9.8g-15+lenny8

We believe that the bug you reported is fixed in the latest version of
openssl, which is due to be installed in the Debian FTP archive:

libcrypto0.9.8-udeb_0.9.8g-15+lenny8_amd64.udeb
  to main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny8_amd64.udeb
libssl-dev_0.9.8g-15+lenny8_amd64.deb
  to main/o/openssl/libssl-dev_0.9.8g-15+lenny8_amd64.deb
libssl0.9.8-dbg_0.9.8g-15+lenny8_amd64.deb
  to main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny8_amd64.deb
libssl0.9.8_0.9.8g-15+lenny8_amd64.deb
  to main/o/openssl/libssl0.9.8_0.9.8g-15+lenny8_amd64.deb
openssl_0.9.8g-15+lenny8.diff.gz
  to main/o/openssl/openssl_0.9.8g-15+lenny8.diff.gz
openssl_0.9.8g-15+lenny8.dsc
  to main/o/openssl/openssl_0.9.8g-15+lenny8.dsc
openssl_0.9.8g-15+lenny8_amd64.deb
  to main/o/openssl/openssl_0.9.8g-15+lenny8_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 594415@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Kurt Roeckx <kurt@roeckx.be> (supplier of updated openssl package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 26 Aug 2010 19:49:39 +0200
Source: openssl
Binary: openssl libssl0.9.8 libcrypto0.9.8-udeb libssl-dev libssl0.9.8-dbg
Architecture: source amd64
Version: 0.9.8g-15+lenny8
Distribution: stable-security
Urgency: low
Maintainer: Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>
Changed-By: Kurt Roeckx <kurt@roeckx.be>
Description: 
 libcrypto0.9.8-udeb - crypto shared library - udeb (udeb)
 libssl-dev - SSL development libraries, header files and documentation
 libssl0.9.8 - SSL shared libraries
 libssl0.9.8-dbg - Symbol tables for libssl and libcrypto
 openssl    - Secure Socket Layer (SSL) binary and related cryptographic tools
Closes: 594415
Changes: 
 openssl (0.9.8g-15+lenny8) stable-security; urgency=low
 .
   * Fix CVE-2010-2939: Double free using ECDH. (Closes: #594415)
Checksums-Sha1: 
 ce39e6240b326163e7b5e4ca0c25d4ceaafc77ec 1973 openssl_0.9.8g-15+lenny8.dsc
 e9017877390ee6fb04109ead10180d550a403eb6 60148 openssl_0.9.8g-15+lenny8.diff.gz
 bf7afa987a877a33c606269ad722bf9c2d4aa3f7 1043270 openssl_0.9.8g-15+lenny8_amd64.deb
 72a517ca68e7021d7697238b1b530449f112dfbd 975790 libssl0.9.8_0.9.8g-15+lenny8_amd64.deb
 835bbc1927486cc84473f153bc60df2d81f4148c 638416 libcrypto0.9.8-udeb_0.9.8g-15+lenny8_amd64.udeb
 8f93b091e71f244d63603c608ca06d9d2931bdf2 2243092 libssl-dev_0.9.8g-15+lenny8_amd64.deb
 849ba56e08c73fce511eb24bf0ddb8d53009ee3b 1627634 libssl0.9.8-dbg_0.9.8g-15+lenny8_amd64.deb
Checksums-Sha256: 
 c91eb5b2c0200debb80ce9f6fc8a901eb0756d0ec91c705ba03dd2978b37e95a 1973 openssl_0.9.8g-15+lenny8.dsc
 a1b981e9896f95639f32f9f060ac9c5abfc7c9e27ae31f7b8be3ed18b73cd06e 60148 openssl_0.9.8g-15+lenny8.diff.gz
 ece7b84d1e59f1e9159a28134442d7b51faf13fb1e2f6517ce9596201bf14cb4 1043270 openssl_0.9.8g-15+lenny8_amd64.deb
 18ad065450cb808fa45e5da2af8eb32d204604d679fa152e04b3f898dc857b0a 975790 libssl0.9.8_0.9.8g-15+lenny8_amd64.deb
 6ef97a7691ba03de1ef4a5097d0e5d9ec9f46a4ee3f047f730b3bfc5a3e610cb 638416 libcrypto0.9.8-udeb_0.9.8g-15+lenny8_amd64.udeb
 a9242c0b4c6fc54c0e3682dc96329c449e8b0b8161d93d26929b34a34d48869a 2243092 libssl-dev_0.9.8g-15+lenny8_amd64.deb
 8037ad7f0c6fe78cdb7604fa3b707540ab6cc8591481d5cb63c8e770d0dc1371 1627634 libssl0.9.8-dbg_0.9.8g-15+lenny8_amd64.deb
Files: 
 b3bc5cc9d4396dd53408d1523e5d9922 1973 utils optional openssl_0.9.8g-15+lenny8.dsc
 e011a196c7a96bdcfba8e8d1c7842d7a 60148 utils optional openssl_0.9.8g-15+lenny8.diff.gz
 7ccee021eceb10b6bcd55222f0f9c00f 1043270 utils optional openssl_0.9.8g-15+lenny8_amd64.deb
 04b625095430068834e3621b47749d60 975790 libs important libssl0.9.8_0.9.8g-15+lenny8_amd64.deb
 d578d3861d7402f70d340cb138e969c8 638416 debian-installer optional libcrypto0.9.8-udeb_0.9.8g-15+lenny8_amd64.udeb
 0b4a82a5a95df9d092498065e2c69d88 2243092 libdevel optional libssl-dev_0.9.8g-15+lenny8_amd64.deb
 e86e98d321e13f6941a5b14568cecbae 1627634 libdevel extra libssl0.9.8-dbg_0.9.8g-15+lenny8_amd64.deb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAEBCgAGBQJMdrCiAAoJEGpMZM6DE7Xw6L8QAIJD94C7jl8/8xMzb7/fhDeK
jneEgx6+nhnUzMFxanu1RlvAfyUcEcWrFEH4Mfs80cbXQ8DJv27ipDx2d5v6rS3z
lECrsrmcPdCLLtDKOrM2Fhmnkb1MxlBIpNYJIt+sQ5+prMFA8NUjSj8t+J1R/eup
EBKe/kbYUMGPJgeGxQbKe4Dup3r6r1tK4LbCaB4OA5S13idweS8S6EQBqWuFnnUf
JN73Yk5WWgAtn9hbvhIa7OY/6csmEZKYHfXHNLsIh4T1luLoZRsT6S4o56r9Gam1
/k5DM1TvyUGLa/uIOSzWqEWfwtlQo7CbO1UiV1SBmvay6b2mc52sBLHCUC348t5f
HwBlia7aSpou0g0+oPsdewcxB767OO8Qo3JnBIJhN7DcFDPsGBotVAmb+H3bHjxW
xldNiGewmJq4/RHOa+KkqucGXWr3rI31HLYSt9NsZ5z1Vh4cDiyQ8CjmFUuAEDv8
/pVdGXHGKLQnY5l07kAq72dNOTneqLf4abqnRywhmmxOw+uF5CN0d1aaghJc25+8
w/yl9MmCMBNZr2EPXuzBdw0Rg8ByOszs8YiSLfCX6FBL1Xfm1P2ouD/XPpOQLCMv
3QPpQLtFdscJ6nGLrDD2SwOqlnlr3ladX5cPJpd8B/U2Hrtj3bHuxxrjD7WDnJ4N
XqodgU5YiNZjJT/8O3KR
=1zIV
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Wed, 29 Sep 2010 07:31:04 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 17:37:00 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2010-2939: Double free

Debian Bug report logs - #594415
CVE-2010-2939: Double free

Vulmon Search

About

Products

Connect

CVE-2010-2939: Double free

Debian Bug report logs - #594415 CVE-2010-2939: Double free

Vulmon Search

About

Products

Connect

Debian Bug report logs - #594415
CVE-2010-2939: Double free