978847 – (CVE-2000-1254) VUL-0: CVE-2000-1254: openssl: Mishandling C bitwise-shift operations making easier to bypass protection mechanisms

Bug 978847 (CVE-2000-1254) - VUL-0: CVE-2000-1254: openssl: Mishandling C bitwise-shift operations making easier to bypass protection mechanisms

Summary: VUL-0: CVE-2000-1254: openssl: Mishandling C bitwise-shift operations making ...

Status:	RESOLVED FIXED

Alias:	CVE-2000-1254

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P5 - None Severity: Normal
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/168616/
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2016-05-06 12:15 UTC by Alexander Bergmann
Modified:	2016-05-06 12:16 UTC (History)
CC List:	2 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alexander Bergmann 2016-05-06 12:15:17 UTC

rh#1333287 / CVE-2000-1254

crypto/rsa/rsa_gen.c in OpenSSL before 0.9.6 mishandles C bitwise-shift operations that exceed the size of an expression, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging improper RSA key generation on 64-bit HP-UX platforms.

Upstream patch:

https://git.openssl.org/?p=openssl.git;a=commit;h=db82b8f9bd432a59aea8e1014694e15fc457c2bb

Comment 1 Alexander Bergmann 2016-05-06 12:16:23 UTC

This bug was only opened for reference. Only OpenSSL versions prior to 0.9.6 where affected.