September 25, 2016

Six Security Flaws Fixed in OpenSSL

(LiveHacking.Com) – The OpenSSL project team has released two new versions of the popular open source toolkit for SSL/TLS. OpenSSL 1.0.0f and 0.9.8s fix a total of six security flaws. Of the six fixes, four apply to 1.0.0f and 0.9.8s together and then each version has one unique fix for its code stream.

The relevant security advisory lists the following:

  1. DTLS Plaintext Recovery Attack (CVE-2011-4108) – Nadhem Alfardan and Kenny Paterson have discovered an extension of the Vaudenay padding oracle attack on CBC mode encryption which enables an efficient plaintext recovery attack against the OpenSSL implementation of DTLS. Their attack exploits timing differences arising during decryption processing. A research paper describing this attack can befound at http://www.isg.rhul.ac.uk/~kp/dtls.pdf
  2. Double-free in Policy Checks (CVE-2011-4109) – If X509_V_FLAG_POLICY_CHECK is set in OpenSSL 0.9.8, then a policy check failure can lead to a double-free. The bug does not occur unless this flag is set. Users of OpenSSL 1.0.0 are not affected.
  3. Uninitialized SSL 3.0 Padding (CVE-2011-4576) – OpenSSL prior to 1.0.0f and 0.9.8s failed to clear the bytes used as block cipher padding in SSL 3.0 records. This affects both clients and servers that accept SSL 3.0 handshakes: those that call SSL_CTX_new with SSLv3_{server|client}_method or SSLv23_{server|client}_method. It does not affect TLS. As a result, in each record, up to 15 bytes of uninitialized memory may be sent, encrypted, to the SSL peer. This could include sensitive contents of previously freed memory. However, in practice, most deployments do not use SSL_MODE_RELEASE_BUFFERS and therefore have a single write buffer per connection. That write buffer is partially filled with non-sensitive, handshake data at the beginning of the connection and, thereafter, only records which are longer any any previously sent record leak any non-encrypted data. This, combined with the small number of bytes leaked per record, serves to limit to severity of this issue.
  4. Malformed RFC 3779 Data Can Cause Assertion Failures (CVE-2011-4577) – RFC 3779 data can be included in certificates, and if it is malformed, may trigger an assertion failure. This could be used in a denial-of-service attack. Note, however, that in the standard release of OpenSSL, RFC 3779 support is disabled by default, and in this case OpenSSL is not vulnerable. Builds of OpenSSL are vulnerable if configured with “enable-rfc3779”.
  5. SGC Restart DoS Attack (CVE-2011-4619) – Support for handshake restarts for server gated cryptograpy (SGC) can be used in a denial-of-service attack.
  6. Invalid GOST parameters DoS Attack (CVE-2012-0027) – A malicious TLS client can send an invalid set of GOST parameters which will cause the server to crash due to lack of error checking. This could be used in a denial-of-service attack. Only users of the OpenSSL GOST ENGINE are affected by this bug.

OpenSSL 1.0.0f  is considered the current best version of OpenSSL available and it is recommended that users of older versions upgrade as soon as possible. OpenSSL 1.0.0f is available for download via HTTP and FTP from the following master locations:

For a complete list of changes, please seehttp://cvs.openssl.org/getfile?f=openssl/CHANGES&v=OpenSSL_1_0_0f.

 

Share and Enjoy:
  • Print
  • Digg
  • StumbleUpon
  • del.icio.us
  • Facebook
  • Yahoo! Buzz
  • Twitter
  • Google Bookmarks