Hi.
There is a security bug in 'openssl'.

This information is from 'vendor-sec'.

This bug is NOT PUBLIC.

The coordinated release date (CRD) is: "the earlier of November 26 or public announcement"

More information can be found here:
	http://openssl.org/source/openssl-fips-1.1.2.tar.gz.

CVE number: CVE-2007-5502
CVE description: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5502


Original posting:



----- Forwarded message from Mark J Cox <mjc@redhat.com> -----

From: Mark J Cox <mjc@redhat.com>
To: vendor-sec@lst.de
Cc: Steve Marquess <marquess@oss-institute.org>,
	Dr Stephen N Henson <shenson@drh-consultancy.co.uk>
Subject: [vendor-sec] EMBARGOED OpenSSL FIPS vulnerability CVE-2007-5502
Errors-To: vendor-sec-admin@lst.de
Date: Sat, 17 Nov 2007 13:31:54 +0000 (GMT)

If you ship OpenSSL with FIPS this affects you:

Note this has an embargo date of "the earlier of November 26 or public 
announcement" (depends on test lab etc)

I've not attached a patch -- Steve said "Note the patch itself won't do 
the distributions any good, under the rules of FIPS 140-2 only the One 
True Tarball with a specific HNAC-SHA-1 digest can be used.  We've 
prepared that already and it will appear shortly at 
http://openssl.org/source/openssl-fips-1.1.2.tar.gz.  Even that won't be 
deployable for policy compliance until officially blessed, but at least 
the vendors could use it for building new binaries in advance of the 
official blessing."

--- draft advisory ---

A significant flaw in the PRNG implementation for the OpenSSL FIPS Object 
Module v1.1.1 (certificate #733, 
http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#733) 
has been reported by Geoff Lowe of Secure Computing corporation. Due to a 
coding error in the FIPS self-test the auto-seeding never takes place. 
That means that the PRNG key and seed used correspond to the last 
self-test. The FIPS PRNG gets additional seed data only from date-time 
information, so the generated random data is far more predictable than it 
should be, especially for the first few calls (CVE-2007-5502).

Note that this PRNG bug is only present in the v1.1.1 implementation and 
not in the regular OpenSSL product or in the OpenSSL FIPS Object Module 
v1.2 now undergoing validation testing. Only those applications using 
v1.1.1 of the OpenSSL FIPS Object Module which enter FIPS mode are 
affected. Applications which do not enter FIPS mode or which use any other 
version of OpenSSL are not affected.

Bugs like this in open source software are routinely found and corrected 
with a patch and/or updated source distribution. In this case two 
different such fixes have been developed by Dr Stephen Henson 
<steve@openssl.org>: http://www.openssl.org/news/patch-CVE-2007-5502-1.txt 
(the simplest direct fix) and: 
http://www.openssl.org/news/patch-CVE-2007-5502-2.txt (a workaround which 
avoids touching the PRNG code directly). However, for FIPS 140-2 validated 
software no changes are permitted without prior CMVP approval.

In consultation with the CMT test lab we will be submitting a "letter 
change" update request to the CMVP for the latter of these two patches. 
This latter patch also addresses a minor issue with the continuous PRNG 
self test. Once (and if) approved the new distribution containing this 
patch will be posted to replace the current distribution at 
http://openssl.org/source/openssl-fips-1.1.1.tar.gz.

--- end draft advisory ---

Thanks, Mark
--
Mark J Cox / Red Hat Security Response Team
_______________________________________________
Vendor Security mailing list
Vendor Security@lst.de
https://www.lst.de/cgi-bin/mailman/listinfo/vendor-sec

----- End forwarded message -----

-- 
Bye,
     Thomas
-- 
 Thomas Biege <thomas@suse.de>, SUSE LINUX, Security Support & Auditing
 SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
-- 
	Die meisten Menschen wenden mehr Zeit und Kraft auf,
	um Probleme herumzureden, als sie anzupacken...
					-- Henry Ford I.