openssl CVE-2014-0224 fix broke tls_session_secret_cb and EAP-FAST

Bug #1329297 reported by Jouni Malinen on 2014-06-12
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
openssl (Ubuntu)
Undecided
Marc Deslauriers
Lucid
Undecided
Marc Deslauriers
Precise
Undecided
Marc Deslauriers
Saucy
Undecided
Marc Deslauriers
Trusty
Undecided
Marc Deslauriers
Utopic
Undecided
Marc Deslauriers

Bug Description

The recently introduced openssl update to fix the CVE-2014-0224 vulnerability missed one code path where ChangeCipherSpec needs to be allowed. tls_session_secret_cb configured the key and needs to allow CCS message. The current Ubuntu package breaks programs that use that API, e.g., wpa_supplicant and EAP-FAST.

The upstream fix for the issue:

http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fb8d9ddb9dc19d84dffa84932f75e607c8a3ffe6;hp=c43a55407dccc6902058184d7dd0bd111fe6a61e

Upstream report and discussion related to the issue:

http://openssl.6102.n7.nabble.com/OpenSSL-1-0-1h-issue-with-EAP-FAST-session-resumption-td50696.html

ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: openssl 1.0.1f-1ubuntu2.2
ProcVersionSignature: Ubuntu 3.13.0-29.53-generic 3.13.11.2
Uname: Linux 3.13.0-29-generic x86_64
ApportVersion: 2.14.1-0ubuntu3.2
Architecture: amd64
CurrentDesktop: Unity
Date: Thu Jun 12 14:54:57 2014
InstallationDate: Installed on 2014-04-17 (55 days ago)
InstallationMedia: Ubuntu 14.04 LTS "Trusty Tahr" - Release amd64 (20140417)
SourcePackage: openssl
UpgradeStatus: No upgrade log present (probably fresh install)

Jouni Malinen (jkmaline) wrote :
Marc Deslauriers (mdeslaur) wrote :

Thanks for reporting this!

Changed in openssl (Ubuntu Lucid):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in openssl (Ubuntu Trusty):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in openssl (Ubuntu Saucy):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in openssl (Ubuntu Precise):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in openssl (Ubuntu Utopic):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in openssl (Ubuntu Lucid):
status: New → Confirmed
Changed in openssl (Ubuntu Precise):
status: New → Confirmed
Changed in openssl (Ubuntu Saucy):
status: New → Confirmed
Changed in openssl (Ubuntu Trusty):
status: New → Confirmed
Changed in openssl (Ubuntu Utopic):
status: New → Confirmed
Marc Deslauriers (mdeslaur) wrote :
Changed in openssl (Ubuntu Lucid):
status: Confirmed → Invalid
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package openssl - 1.0.1f-1ubuntu5

---------------
openssl (1.0.1f-1ubuntu5) utopic; urgency=medium

  * SECURITY UPDATE: regression with tls_session_secret_cb (LP: #1329297)
    - debian/patches/CVE-2014-0224.patch: set the CCS_OK flag when using
      tls_session_secret_cb for session resumption in ssl/s3_clnt.c.
 -- Marc Deslauriers <email address hidden> Thu, 12 Jun 2014 08:23:12 -0400

Changed in openssl (Ubuntu Utopic):
status: Confirmed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package openssl - 1.0.1-4ubuntu5.15

---------------
openssl (1.0.1-4ubuntu5.15) precise-security; urgency=medium

  * SECURITY UPDATE: regression with tls_session_secret_cb (LP: #1329297)
    - debian/patches/CVE-2014-0224.patch: set the CCS_OK flag when using
      tls_session_secret_cb for session resumption in ssl/s3_clnt.c.
 -- Marc Deslauriers <email address hidden> Thu, 12 Jun 2014 08:30:56 -0400

Changed in openssl (Ubuntu Precise):
status: Confirmed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package openssl - 1.0.1e-3ubuntu1.5

---------------
openssl (1.0.1e-3ubuntu1.5) saucy-security; urgency=medium

  * SECURITY UPDATE: regression with tls_session_secret_cb (LP: #1329297)
    - debian/patches/CVE-2014-0224.patch: set the CCS_OK flag when using
      tls_session_secret_cb for session resumption in ssl/s3_clnt.c.
 -- Marc Deslauriers <email address hidden> Thu, 12 Jun 2014 08:30:03 -0400

Changed in openssl (Ubuntu Saucy):
status: Confirmed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package openssl - 1.0.1f-1ubuntu2.3

---------------
openssl (1.0.1f-1ubuntu2.3) trusty-security; urgency=medium

  * SECURITY UPDATE: regression with tls_session_secret_cb (LP: #1329297)
    - debian/patches/CVE-2014-0224.patch: set the CCS_OK flag when using
      tls_session_secret_cb for session resumption in ssl/s3_clnt.c.
 -- Marc Deslauriers <email address hidden> Thu, 12 Jun 2014 08:29:16 -0400

Changed in openssl (Ubuntu Trusty):
status: Confirmed → Fix Released
Jouni Malinen (jkmaline) wrote :

Thanks! Would not have believed this could get released so quickly :-)

Robert E. (resans) wrote :

Hi,

I'm not sure if this is the correct forum for this question, but this issue seems to have been posted as a security problem ("USN-2232-2: OpenSSL regression"). It looks like this is just a functional issue. Can anyone clarify if this is a security issue, and if so, what the implications are?

Thanks

Marc Deslauriers (mdeslaur) wrote :

USN-2232-1 is a security fix
USN-2232-2 is a regression fix for USN-2232-1 that has no security impact

Jouni Malinen (jkmaline) wrote :

I agree with this not being an independent security issue. There is a (mostly theoretical) potential security impact based on how applications or users react to the case where session ticket unexpectedly cannot be used. That could, at least in theory, result in trying the authentication handshake again with reduced security (e.g., EAP-FAST anonymous provisioning) even when there would be a valid session ticket still available. I don't think this would really result in practical security issues, i.e., the impact is in previously working functionality not working anymore and connections not being established. That said, it is useful to get this regression addressed in a way that makes it more likely for devices to get the update since the regression was caused by a high priority security fix that was likely applied to most devices immediately.

Robert E. (resans) wrote :

Thanks for the replies and clarification. That helps!

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers