Ubuntu
polarssl package

CVE-2017-2784 - Freeing of memory allocated on stack when validating a public key with a secp224k1 curve

  1. Xenial (16.04)
  2. Bug #1672686
Bug #1672686 reported by James Cowgill
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
mbedtls (Debian)
Fix Released
Unknown
mbedtls (Ubuntu)
Fix Released
Medium
Unassigned
Xenial
Fix Released
Undecided
Unassigned
Yakkety
Fix Released
Undecided
Unassigned
polarssl (Debian)
Fix Released
Unknown
polarssl (Ubuntu)
Incomplete
Medium
Unassigned
Xenial
Confirmed
Undecided
Unassigned
Yakkety
Confirmed
Undecided
Unassigned

Bug Description

The following security bug was published for mbedtls:

Freeing of memory allocated on stack when validating a public key with a secp224k1 curve

[Vulnerability]
If a malicious peer supplies a certificate with a specially crafted secp224k1 public key, then an attacker can cause the server or client to attempt to free block of memory held on stack.

[Impact]
Depending on the platform, this could result in a Denial of Service (client crash) or potentially could be exploited to allow remote code execution with the same privileges as the host application.

[Resolution]
Affected users should upgrade to mbed TLS 1.3.19, mbed TLS 2.1.7 or mbed TLS 2.4.2.

https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2017-01

CVE References

James Cowgill (jcowgill)
information type: Private Security → Public Security
Revision history for this message
James Cowgill (jcowgill) wrote :

I think that only polarssl 1.3.* is affected because polarssl <= 1.2 does not support elliptic curve crypto.

Bug Watch Updater (bug-watch-updater)
Changed in polarssl (Debian):
status: Unknown → Confirmed
Revision history for this message
Seth Arnold (seth-arnold) wrote :

Thanks for taking the time to report this bug and helping to make Ubuntu better. Since the package referred to in this bug is in universe or multiverse, it is community maintained. If you are able, I suggest coordinating with upstream and posting a debdiff for this issue. When a debdiff is available, members of the security team will review it and publish the package. See the following link for more information: https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures

Changed in mbedtls (Ubuntu):
status: New → Incomplete
Changed in polarssl (Ubuntu):
status: New → Incomplete
Changed in mbedtls (Debian):
status: Unknown → Incomplete
Changed in polarssl (Debian):
status: Confirmed → Incomplete
Bug Watch Updater (bug-watch-updater)
Changed in mbedtls (Debian):
status: Incomplete → Fix Released
James Cowgill (jcowgill)
summary: - CVE-2017-2748 - Freeing of memory allocated on stack when validating a
+ CVE-2017-2784 - Freeing of memory allocated on stack when validating a
public key with a secp224k1 curve
Bug Watch Updater (bug-watch-updater)
Changed in polarssl (Debian):
status: Incomplete → Confirmed
Revision history for this message
James Cowgill (jcowgill) wrote :
Revision history for this message
James Cowgill (jcowgill) wrote :
Revision history for this message
James Cowgill (jcowgill) wrote :

Added patches for mbedtls.

For testing, I applied the testcase from here:
https://github.com/ARMmbed/mbedtls/commit/28fff141133314308994738fbe4f24f4a1e3c64d

Then tried building the package with and without the CVE fix patch (making sure it failed before and passed after).

Changed in mbedtls (Ubuntu):
status: Incomplete → Confirmed
Mathew Hodson (mhodson)
Changed in polarssl (Ubuntu):
importance: Undecided → Medium
Changed in mbedtls (Ubuntu):
importance: Undecided → Medium
tags: added: patch trusty xenial yakkety
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package mbedtls - 2.3.0-1ubuntu0.1

---------------
mbedtls (2.3.0-1ubuntu0.1) yakkety-security; urgency=medium

  * SECURITY UPDATE: Freeing of memory allocated on stack when validating
    a public key with a secp224k1 curve. (LP: #1672686)
    - debian/patches/CVE-2017-2784.patch: fix buffer size calculations in
      library/ecp_curves.c.
    - CVE-2017-2784

 -- James Cowgill <email address hidden> Fri, 17 Mar 2017 09:43:46 +0000

Changed in mbedtls (Ubuntu):
status: Confirmed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package mbedtls - 2.2.1-2ubuntu0.1

---------------
mbedtls (2.2.1-2ubuntu0.1) xenial-security; urgency=medium

  * SECURITY UPDATE: Freeing of memory allocated on stack when validating
    a public key with a secp224k1 curve. (LP: #1672686)
    - debian/patches/CVE-2017-2784.patch: fix buffer size calculations in
      library/ecp_curves.c.
    - CVE-2017-2784

 -- James Cowgill <email address hidden> Fri, 17 Mar 2017 09:36:37 +0000

Changed in mbedtls (Ubuntu):
status: Confirmed → Fix Released
Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

Since there is nothing left to sponsor, I am unsubscribing ubuntu-security-sponsors. Please re-subscribe the group when attaching another debdiff. Thanks!

Changed in mbedtls (Ubuntu Xenial):
status: New → Fix Released
Changed in mbedtls (Ubuntu Yakkety):
status: New → Fix Committed
status: Fix Committed → Fix Released
Changed in polarssl (Ubuntu Xenial):
status: New → Confirmed
Changed in polarssl (Ubuntu Yakkety):
status: New → Confirmed
Bug Watch Updater (bug-watch-updater)
Changed in polarssl (Debian):
status: Confirmed → Fix Committed
Bug Watch Updater (bug-watch-updater)
Changed in polarssl (Debian):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.