Date: Fri, 26 Mar 2021 10:17:16 -0400 From: Shawn Webb <shawn.webb@hardenedbsd.org> To: freebsd-security@freebsd.org Cc: FreeBSD Security Advisories <security-advisories@freebsd.org> Subject: Re: FreeBSD Security Advisory FreeBSD-SA-21:07.openssl Message-ID: <20210326141716.zurvwj7octagfupg@mutt-hbsd> In-Reply-To: <20210326000523.F2C6E6428@freefall.freebsd.org> References: <20210326000523.F2C6E6428@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--cvk4vgbn3huamglj Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Mar 26, 2021 at 12:05:23AM +0000, FreeBSD Security Advisories wrote: > A TLSv1.2 renegotiation ClientHello message sent to a TLS server that omi= ts > the signature_algorithms extension (where it was present in the initial > ClientHello), but includes a signature_algorithms_cert extension results = in a > NULL pointer dereference in the server. [CVE-2021-3449] >=20 > III. Impact >=20 > The X509_V_FLAG_X509_STRICT issue can result in a bypass of the check that > non-CA certificates must not be able to issue other certificates. >=20 > The renegotiation issue can result in a crash and a denial of service att= ack. Hey all, Has anyone looked at if/how setting map_at_zero=3D1 impacts the null ptr deref issue? Thanks, --=20 Shawn Webb Cofounder / Security Engineer HardenedBSD https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A= 4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc --cvk4vgbn3huamglj Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEA6TL67gupaZ9nzhT/y5nonf44foFAmBd7OkACgkQ/y5nonf4 4frrmxAAlzyafFUlwtJ5soaz2J9of7fdiKJ3PwrJvlwDmSoPtJya2omD9pX0IL7f OLkTFCzWMjrkRvjpKU8ZUzfQEST9eeVvRrMxysiT+SMC1OxB7RK4+WCzZ0lJEJNz lxn/BvFPABa2k4jGiZTfghW3BiCYiwBmHcptc0xqO3r9Ng9OqBdYwUFrar/ByCgC vZMSPpPJ65LxOvFn3vnw3geZZ2MF0+zvyJ3FN352g+t+GpB/HSBLY55x1Fb+kj2M hQvLdFH8h9SelV9Wtny1fi/tecZgFR8ZL/C7A/tFMAQ9fqASDXmCTy4vGgfaqvpx dpnr6ZZLuXdz2dWgttP0Pgf7xGi7yfV4z+74aBVQx0zoJdZElgjToOVc/HubDt3T SZ9QLv2b5yJikS2DAZZI7nYfWaeJiDmBGVi9aPEFJyU3pdYkJlEeTpbIB9+JFJsn OrVrg7DuaAAEdxItHAhYn7sjLP/l1b9cn8PEbpjYJ5+L8hiBywg+ARnxy/hy4HfO rw6yqmHb59YZT7a9Gt1wnguNZEEglD28WCFDAbdBqRon0orofLQde4rRm4O6Od8z kTpr10ZpAhYnOceTZsIq3QmqPy7YD2DBaZJJ8sVCyQhM4k0w9DnlxE6dbxC8VUCs Uj7G6/RgbCL50M8lCoSJO+16ri9VCQAZh/Y6PL7B6sfgjE/qqBo= =Iba9 -----END PGP SIGNATURE----- --cvk4vgbn3huamglj--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20210326141716.zurvwj7octagfupg>