REDHAT-BUG-479676
First published: Mon Jan 12 2009(Updated: )
The m2crypto package (allowing to call OpenSSL functions from python scripts) incorrectly checked the result after calling various cryptographic decryption functions, allowing a malformed signature to be treated as a good signature rather than as an error. This issue affected the signature checks on DSA keys and ECDSA keys used with SSL/TLS. There are also calls to DSA_verify(), ECDSA_verify(), DSA_do_verify() and ECDSA_do_verify() that seem to think that -1 means error, and then return the return code. But 0 is also an error case (see man DSA_do_verify for example). Relevant part of the code: (SWIG/_dsa.i): 261 ret = DSA_do_verify(vbuf, vlen, sig, dsa); 262 DSA_SIG_free(sig); 263 if (ret == -1) 264 PyErr_SetString(_dsa_err, ERR_reason_error_string(ERR_get_error())); 265 return ret; SWIG/_ec.i 248 ret = ECDSA_do_verify(vbuf, vlen, sig, key); 249 ECDSA_SIG_free(sig); 250 if (ret == -1) 251 PyErr_SetString(_ec_err, ERR_reason_error_string(ERR_get_error())); 252 return ret; Occurences of other above mentioned functions: SWIG]# grep -r DSA_verify * | more _dsa.i: if ((ret = DSA_verify(0, vbuf, vlen, sbuf, slen, dsa)) == -1) _ec.i: if ((ret = ECDSA_verify(0, vbuf, vlen, sbuf, slen, key)) == -1) SWIG]# grep -r ECDSA_verify * | more _ec.i: if ((ret = ECDSA_verify(0, vbuf, vlen, sbuf, slen, key)) == -1) SWIG]# grep -r ECDSA_do_verify * | more _ec.i: ret = ECDSA_do_verify(vbuf, vlen, sig, key); Please check also the following two issues: The implementation of the verify_final() function in SWIG/_evp.i calls OpenSSL's EVP_VerifyFinal function (which was vulnerable to the recent OpenSSL's <a href="https://access.redhat.com/security/cve/CVE-2008-5077">CVE-2008-5077</a> flaw) and 'only' returns its value. M2Crypto/EVP.py seems to document that as only returning 0 for failure but it can also return -1 on failure. All these issues are related with recent OpenSSL's <a href="https://access.redhat.com/security/cve/CVE-2008-5077">CVE-2008-5077</a> flaw. Please see: <a class="bz_bug_link bz_status_CLOSED bz_closed bz_public " title="CLOSED ERRATA - CVE-2008-5077 OpenSSL Incorrect checks for malformed signatures" href="show_bug.cgi?id=476671">https://bugzilla.redhat.com/show_bug.cgi?id=476671</a> for more information. References: <a href="http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511515">http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511515</a>
| Affected Software | Affected Version | How to fix |
|---|---|---|
| M2Crypto | ||
| OpenSSL | =1.1.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://access.redhat.com/security/cve/CVE-2008-5077
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=476671
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511515
- https://access.redhat.com/security/cve/CVE-2009-0127
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0127
- http://openwall.com/lists/oss-security/2009/01/12/4
- https://bugzilla.redhat.com/show_bug.cgi?id=479676
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2009-0127
- agent/references
- agent/severity
- agent/description
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/m2crypto
- canonical/m2crypto
- vendor/openssl
- canonical/openssl