Bugzilla – Bug 949380
VUL-0: CVE-2015-5291: mbedtls, polarssl: remote code execution via session tickets or SNI
Last modified: 2015-12-27 00:12:42 UTC
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2015-01 CVE CVE-2015-5291 Date 5th of October 2015 Affects PolarSSL 1.0 and up Not affected PolarSSL 1.2.17 and up, mbed TLS 1.3.14 and up, mbed TLS 2.1.2 and up and any version with clients not using session tickets nor accepting hostnames from untrusted parties Impact Denial of service and possible remote code execution Severity High Exploit Withheld PolarSSL versions starting with 1.0 and up to the PolarSSL 1.2.16, mbed TLS 1.3.13 and mbed TLS 2.1.1 releases are affected by a remote attack in their default configuration in some use cases. This vulnerability was discovered by Guido Vranken of Intelworks. This Security Advisory describes the vulnerability, impact and fix for the attack. Vulnerability When the client creates its ClientHello message, due to insufficient bounds checking it can overflow the heap-based buffer containing the message while writing some extensions. Two extensions in particular could be used by a remote attacker to trigger the overflow: the session ticket extension and the server name indication (SNI) extension. Starting with PolarSSL 1.3.0 which added support for session tickets, any server the client connects to can send an overlong session ticket which will cause a buffer overflow if and when the client attempts to resume the connection with the server. Clients that disabled session tickets or never attempt to reconnect to a server using a saved session are not vulnerable to this attack vector. Starting with PolarSSL 1.0.0, this overflow could also be triggered by an attacker convincing a client to use an overlong hostname for the SNI extension. The hostname needs to be almost as long at SSL_MAX_CONTENT_LEN, which as 16KB by default, but could be smaller if a custom configuration is used. Clients that do not accept hostnames from unstrusted parties are not vulnerable to this attack vector. Impact Depending on the implementation of the memory allocator, this could result in a Denial of Service (client crash) or a possible Remote Code Execution. Servers are not affected in any version. Resolution Upgrade to PolarSSL 1.2.17, mbed TLS 1.3.14 or mbed TLS 2.1.2. If you can't, use the workaround below.
This is an autogenerated message for OBS integration: This bug (949380) was mentioned in https://build.opensuse.org/request/show/337106 Factory / mbedtls
Version containing fix sent to factory, 13.2 needs fix also.
bugbot adjusting priority
(In reply to Martin Pluskal from comment #2) I don't see it on 13.2, but Leap needs the fix.
releasing for Leap 42.1
openSUSE-SU-2015:2257-1: An update that fixes one vulnerability is now available. Category: security (important) Bug References: 949380 CVE References: CVE-2015-5291 Sources used: openSUSE Leap 42.1 (src): mbedtls-1.3.15-6.1
Markus noted that this package is still affected: openSUSE:13.2:Update/polarssl
Created attachment 659108 [details] proposed backport Based on the advisory, the following includes the fix for polarssl: https://github.com/ARMmbed/mbedtls/compare/21823f9a69d22f4cc5eb17493a1b6dbd889a24c8...643a922c56b77235e88f106fb1b41c1a764cea5f This backport is adjusted for context changes and discards two hunks in functions that were added after 1.3.9. Maintainer, please check this minimum fix? But there are more security relevant changes merged into the 1.3.14 tag, mostly memory handling stuff: https://github.com/ARMmbed/mbedtls/compare/21823f9a69d22f4cc5eb17493a1b6dbd889a24c8...36abef4c5c0a9466085719ec1a102198374fa657
Received https://build.opensuse.org/request/show/349628
Releasing 13.2 update
openSUSE-SU-2015:2371-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 949380 CVE References: CVE-2015-5291 Sources used: openSUSE 13.2 (src): polarssl-1.3.9-11.1