Date: Fri, 26 Mar 2021 10:17:16 -0400 From: Shawn Webb <shawn.webb@hardenedbsd.org> To: freebsd-security@freebsd.org Cc: FreeBSD Security Advisories <security-advisories@freebsd.org> Subject: Re: FreeBSD Security Advisory FreeBSD-SA-21:07.openssl Message-ID: <20210326141716.zurvwj7octagfupg@mutt-hbsd> In-Reply-To: <20210326000523.F2C6E6428@freefall.freebsd.org>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --] On Fri, Mar 26, 2021 at 12:05:23AM +0000, FreeBSD Security Advisories wrote: > A TLSv1.2 renegotiation ClientHello message sent to a TLS server that omits > the signature_algorithms extension (where it was present in the initial > ClientHello), but includes a signature_algorithms_cert extension results in a > NULL pointer dereference in the server. [CVE-2021-3449] > > III. Impact > > The X509_V_FLAG_X509_STRICT issue can result in a bypass of the check that > non-CA certificates must not be able to issue other certificates. > > The renegotiation issue can result in a crash and a denial of service attack. Hey all, Has anyone looked at if/how setting map_at_zero=1 impacts the null ptr deref issue? Thanks, -- Shawn Webb Cofounder / Security Engineer HardenedBSD https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEA6TL67gupaZ9nzhT/y5nonf44foFAmBd7OkACgkQ/y5nonf4 4frrmxAAlzyafFUlwtJ5soaz2J9of7fdiKJ3PwrJvlwDmSoPtJya2omD9pX0IL7f OLkTFCzWMjrkRvjpKU8ZUzfQEST9eeVvRrMxysiT+SMC1OxB7RK4+WCzZ0lJEJNz lxn/BvFPABa2k4jGiZTfghW3BiCYiwBmHcptc0xqO3r9Ng9OqBdYwUFrar/ByCgC vZMSPpPJ65LxOvFn3vnw3geZZ2MF0+zvyJ3FN352g+t+GpB/HSBLY55x1Fb+kj2M hQvLdFH8h9SelV9Wtny1fi/tecZgFR8ZL/C7A/tFMAQ9fqASDXmCTy4vGgfaqvpx dpnr6ZZLuXdz2dWgttP0Pgf7xGi7yfV4z+74aBVQx0zoJdZElgjToOVc/HubDt3T SZ9QLv2b5yJikS2DAZZI7nYfWaeJiDmBGVi9aPEFJyU3pdYkJlEeTpbIB9+JFJsn OrVrg7DuaAAEdxItHAhYn7sjLP/l1b9cn8PEbpjYJ5+L8hiBywg+ARnxy/hy4HfO rw6yqmHb59YZT7a9Gt1wnguNZEEglD28WCFDAbdBqRon0orofLQde4rRm4O6Od8z kTpr10ZpAhYnOceTZsIq3QmqPy7YD2DBaZJJ8sVCyQhM4k0w9DnlxE6dbxC8VUCs Uj7G6/RgbCL50M8lCoSJO+16ri9VCQAZh/Y6PL7B6sfgjE/qqBo= =Iba9 -----END PGP SIGNATURE-----home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20210326141716.zurvwj7octagfupg>