Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 26 Mar 2021 10:17:16 -0400
From:      Shawn Webb <shawn.webb@hardenedbsd.org>
To:        freebsd-security@freebsd.org
Cc:        FreeBSD Security Advisories <security-advisories@freebsd.org>
Subject:   Re: FreeBSD Security Advisory FreeBSD-SA-21:07.openssl
Message-ID:  <20210326141716.zurvwj7octagfupg@mutt-hbsd>
In-Reply-To: <20210326000523.F2C6E6428@freefall.freebsd.org>
References:  <20210326000523.F2C6E6428@freefall.freebsd.org>

next in thread | previous in thread | raw e-mail | index | archive | help

--cvk4vgbn3huamglj
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, Mar 26, 2021 at 12:05:23AM +0000, FreeBSD Security Advisories wrote:
> A TLSv1.2 renegotiation ClientHello message sent to a TLS server that omi=
ts
> the signature_algorithms extension (where it was present in the initial
> ClientHello), but includes a signature_algorithms_cert extension results =
in a
> NULL pointer dereference in the server. [CVE-2021-3449]
>=20
> III. Impact
>=20
> The X509_V_FLAG_X509_STRICT issue can result in a bypass of the check that
> non-CA certificates must not be able to issue other certificates.
>=20
> The renegotiation issue can result in a crash and a denial of service att=
ack.

Hey all,

Has anyone looked at if/how setting map_at_zero=3D1 impacts the null ptr
deref issue?

Thanks,

--=20
Shawn Webb
Cofounder / Security Engineer
HardenedBSD

https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A=
4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc

--cvk4vgbn3huamglj
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEA6TL67gupaZ9nzhT/y5nonf44foFAmBd7OkACgkQ/y5nonf4
4frrmxAAlzyafFUlwtJ5soaz2J9of7fdiKJ3PwrJvlwDmSoPtJya2omD9pX0IL7f
OLkTFCzWMjrkRvjpKU8ZUzfQEST9eeVvRrMxysiT+SMC1OxB7RK4+WCzZ0lJEJNz
lxn/BvFPABa2k4jGiZTfghW3BiCYiwBmHcptc0xqO3r9Ng9OqBdYwUFrar/ByCgC
vZMSPpPJ65LxOvFn3vnw3geZZ2MF0+zvyJ3FN352g+t+GpB/HSBLY55x1Fb+kj2M
hQvLdFH8h9SelV9Wtny1fi/tecZgFR8ZL/C7A/tFMAQ9fqASDXmCTy4vGgfaqvpx
dpnr6ZZLuXdz2dWgttP0Pgf7xGi7yfV4z+74aBVQx0zoJdZElgjToOVc/HubDt3T
SZ9QLv2b5yJikS2DAZZI7nYfWaeJiDmBGVi9aPEFJyU3pdYkJlEeTpbIB9+JFJsn
OrVrg7DuaAAEdxItHAhYn7sjLP/l1b9cn8PEbpjYJ5+L8hiBywg+ARnxy/hy4HfO
rw6yqmHb59YZT7a9Gt1wnguNZEEglD28WCFDAbdBqRon0orofLQde4rRm4O6Od8z
kTpr10ZpAhYnOceTZsIq3QmqPy7YD2DBaZJJ8sVCyQhM4k0w9DnlxE6dbxC8VUCs
Uj7G6/RgbCL50M8lCoSJO+16ri9VCQAZh/Y6PL7B6sfgjE/qqBo=
=Iba9
-----END PGP SIGNATURE-----

--cvk4vgbn3huamglj--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20210326141716.zurvwj7octagfupg>