From nobody@FreeBSD.org  Sun Apr  6 04:24:18 2008
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 6CB111065671
	for <freebsd-gnats-submit@FreeBSD.org>; Sun,  6 Apr 2008 04:24:18 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id 549E68FC13
	for <freebsd-gnats-submit@FreeBSD.org>; Sun,  6 Apr 2008 04:24:18 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.2/8.14.2) with ESMTP id m364O7nE005166
	for <freebsd-gnats-submit@FreeBSD.org>; Sun, 6 Apr 2008 04:24:07 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.2/8.14.1/Submit) id m364O7St005160;
	Sun, 6 Apr 2008 04:24:07 GMT
	(envelope-from nobody)
Message-Id: <200804060424.m364O7St005160@www.freebsd.org>
Date: Sun, 6 Apr 2008 04:24:07 GMT
From: "M. Kozuka" <ma-kun@kozuka.jp>
To: freebsd-gnats-submit@FreeBSD.org
Subject: In the systems subsequent to FreeBSD7, openssl is older than 0.9.8g.
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         122479
>Category:       bin
>Synopsis:       openssl(1): openssl SEGV with DTLS
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Sun Apr 06 04:30:01 UTC 2008
>Closed-Date:    Sat May 14 16:57:06 UTC 2011
>Last-Modified:  Sat May 14 16:57:06 UTC 2011
>Originator:     M. Kozuka
>Release:        7.0-RELEASE
>Organization:
Kyoto University
>Environment:
FreeBSD sctp3.sctp.jp 7.0-RELEASE FreeBSD 7.0-RELEASE #0: Sun Feb 24 19:59:52 UTC 2008     root@logan.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC  i386
>Description:
In all versions of 0.9.8 prior to 0.9.8f, openssl has a vulnerability around DTLS1 processing.
However, FreeBSD 7.0-RELEASE includes 0.9.8e.
>How-To-Repeat:
Using openssl command, you can use DTLS1.

% /usr/bin/openssl s_server -dtls1 -accept 8080 -cert /usr/src/crypto/openssl/demos/sign/cert.pem -key /usr/src/crypto/openssl/demos/sign/key.pem

% /usr/bin/openssl s_client -dtls1 -connect 127.0.0.1:8080

You cannot communicate each other using DTLS1.
And sometimes, you will meet a SEGV.

If you install 0.9.8g through ports (security/openssl) and use it, you will communicate correctly.
>Fix:
Upgrade to 0.9.8g or disable DTLS1 support.

>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->feedback 
State-Changed-By: gavin 
State-Changed-When: Sun Apr 6 10:26:30 UTC 2008 
State-Changed-Why:  
To submitter:  A fix was imported for this security hole 
(see http://lists.freebsd.org/pipermail/cvs-src/2007-October/082649.html ) 
before 7.0-RELEASE was released.  Therefore, although the version 
number reported is 0.9.8e, it should not be vulnerable to this 
issue.  Do you have reason to believe it is? 

http://www.freebsd.org/cgi/query-pr.cgi?pr=122479 

From: "M. Kozuka" <ma-kun@kozuka.jp>
To: bug-followup@FreeBSD.org, ma-kun@kozuka.jp
Cc:  
Subject: Re: misc/122479: In the systems subsequent to FreeBSD7, openssl is
 older than 0.9.8g.
Date: Sun, 06 Apr 2008 20:44:19 +0900

 I overlooked this fix.
 However, there are still some problems in FreeBSD 7.0-RELEASE's openssl
 around DTLS.
 
 The below commands (openssl s_server) will cause a SEGV on my machine.
 
 ==
 % /usr/bin/openssl s_server -debug -dtls1 -accept 8443 -cert \
 /usr/src/crypto/openssl/demos/sign/cert.pem -key \
 /usr/src/crypto/openssl/demos/sign/key.pem
 
 % /usr/local/bin/openssl s_client -dtls1 -debug -connect \
 127.0.0.1:8443
 ==
 
 If you omit "-debug", you will not meet a SEGV.
 But you cannot communicate each other yet.
 
 If you use /usr/local/bin/openssl on both side,
 you will communicate each other correctly.
 
 /usr/local/bin/openssl is installed through the ports
 (security/openssl).
 ==
 % /usr/bin/openssl version
 OpenSSL 0.9.8e 23 Feb 2007
 
 % /usr/local/bin/openssl version
 OpenSSL 0.9.8g 19 Oct 2007
 ==
State-Changed-From-To: feedback->open 
State-Changed-By: vwe 
State-Changed-When: Tue Apr 8 21:30:22 UTC 2008 
State-Changed-Why:  

feedback received 

http://www.freebsd.org/cgi/query-pr.cgi?pr=122479 
State-Changed-From-To: open->feedback 
State-Changed-By: jh 
State-Changed-When: Sun Mar 27 11:00:18 UTC 2011 
State-Changed-Why:  
Is this still a problem on a supported release? OpenSSL version in stable/7 
is 0.9.8q. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=122479 
State-Changed-From-To: feedback->closed 
State-Changed-By: jh 
State-Changed-When: Sat May 14 16:57:05 UTC 2011 
State-Changed-Why:  
Feedback timeout. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=122479 
>Unformatted:
