Announcement

Collapse
No announcement yet.

New OpenSSL vuln

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • New OpenSSL vuln

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1


    Forthcoming OpenSSL releases
    ============================

    The OpenSSL project team would like to announce the forthcoming release
    of OpenSSL versions 1.0.2a, 1.0.1m, 1.0.0r and 0.9.8zf.

    These releases will be made available on 19th March. They will fix a
    number of security defects. The highest severity defect fixed by these
    releases is classified as "high" severity.

    Yours

    The OpenSSL Project Team
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1

    iQEcBAEBAgAGBQJVByl7AAoJENnE0m0OYESRm5MIAJV4ElRSS5 75QkYwPcOw7VTK
    8Ulc6TMHsy2s5UvTXl/THqEoy5n92v99Cm69Y69TSWOgK9FK8aV0BuKkVZVYp3Ko
    MYV4VMr8a7YiNh/16HctRLfEPH8bg5AkY76Y4RM5i1AXafSR6wMuwlJl21TmqMI+
    J+HA39UvlWZ9zI7Lzz0v1BMoGAXg0cr8//QRcrFFgZZuUVtscwRRA9nRS65+AJhX
    ogd3ncUPUI3YEzxqv0kDfUre/2XeUNOM+N+u9pyfjoXHaMVsSX3A1HtpmEAMyzhE
    DqF+kmhTEyK0HYCVLnl6PLnBdHpPKY3qNFYd8trFyC2hpB9U6Q sut4KeKNtAi2g=
    =Uwpw
    -----END PGP SIGNATURE-----
    I don't know any more information than this, so it's really just more a heads up for any sysadmins on here.

  • #2
    Yeah there have been mumblings about it in the usual places. Wonder if this one is going to get a trendy name a-la heartbleed, poodle etc? I suggest 'Bieber', something to really put the fear into people around the world.

    Comment


    • #3
      Originally posted by andyn View Post
      Yeah there have been mumblings about it in the usual places. Wonder if this one is going to get a trendy name a-la heartbleed, poodle etc? I suggest 'Bieber', something to really put the fear into people around the world.


      Oh I hope so. It's always fun chatting to my wife about it:

      Wifey: So, my hansom husband who I respect his opinion, what have you been doing at work today?
      Me: Thank you for asking, my gorgeous red headed nymphomaniac, today I have mostly been playing with POODLES.
      Wifey: Wow that sounds interesting. Tell me more!

      At least, I really wish that conversation would take place. The real transcript would be something more like:

      Wifey: How was today?
      Me: It was really busy, you know that....
      <wifey butts in>
      Wifey: Now about my day...blah blah blah blah blah
      <10 minutes pass>
      Wifey: Anyway, I'm tired so you can put the kids to bed and cook dinner.

      Comment


      • #4
        Originally posted by cold fusion View Post

        Wifey: How was today?
        Me: It was really busy, you know that....
        <wifey butts in>
        Wifey: Now about my day...blah blah blah blah blah
        <10 minutes pass>
        Wifey: Anyway, I'm tired so you can put the kids to bed and cook dinner.
        So THAT'S where my missus goes.....she has a secret 2nd family
        Originally posted by {SAS}TB
        Also gives me the chance to probe around the wife's rear end

        Comment


        • #5
          Originally posted by jointhedotz View Post
          So THAT'S where my missus goes.....she has a secret 2nd family
          hahaha that would explain why she's always tired

          Comment


          • #6
            Details published. The two high priority issues would be:
            1. DoS attack vulnerability on OpenSSL 1.0.2
            2. and RSA silently downgrades to EXPORT_RSA

            neither of which are Earth-shakingly serious, thankfully.

            For anyone interested, the full Security Advisory is below:
            Code:
            OpenSSL Security Advisory [19 Mar 2015]
            =======================================
            
            OpenSSL 1.0.2 ClientHello sigalgs DoS (CVE-2015-0291)
            =====================================================
            
            Severity: High
            
            If a client connects to an OpenSSL 1.0.2 server and renegotiates with an
            invalid signature algorithms extension a NULL pointer dereference will occur.
            This can be exploited in a DoS attack against the server.
            
            This issue affects OpenSSL version: 1.0.2
            
            OpenSSL 1.0.2 users should upgrade to 1.0.2a.
            
            This issue was was reported to OpenSSL on 26th February 2015 by David Ramos
            of Stanford University. The fix was developed by Stephen Henson and Matt
            Caswell of the OpenSSL development team.
            
            Reclassified: RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204)
            ============================================================================
            
            Severity: High
            
            This security issue was previously announced by the OpenSSL project and
            classified as "low" severity. This severity rating has now been changed to
            "high".
            
            This was classified low because it was originally thought that server RSA
            export ciphersuite support was rare: a client was only vulnerable to a MITM
            attack against a server which supports an RSA export ciphersuite. Recent
            studies have shown that RSA export ciphersuites support is far more common.
            
            This issue affects OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.
            
            OpenSSL 1.0.1 users should upgrade to 1.0.1k.
            OpenSSL 1.0.0 users should upgrade to 1.0.0p.
            OpenSSL 0.9.8 users should upgrade to 0.9.8zd.
            
            This issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan
            Bhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen
            Henson of the OpenSSL core team. It was previously announced in the OpenSSL
            security advisory on 8th January 2015.
            
            Multiblock corrupted pointer (CVE-2015-0290)
            ============================================
            
            Severity: Moderate
            
            OpenSSL 1.0.2 introduced the "multiblock" performance improvement. This feature
            only applies on 64 bit x86 architecture platforms that support AES NI
            instructions. A defect in the implementation of "multiblock" can cause OpenSSL's
            internal write buffer to become incorrectly set to NULL when using non-blocking
            IO. Typically, when the user application is using a socket BIO for writing, this
            will only result in a failed connection. However if some other BIO is used then
            it is likely that a segmentation fault will be triggered, thus enabling a
            potential DoS attack.
            
            This issue affects OpenSSL version: 1.0.2
            
            OpenSSL 1.0.2 users should upgrade to 1.0.2a.
            
            This issue was reported to OpenSSL on 13th February 2015 by Daniel Danner and
            Rainer Mueller. The fix was developed by Matt Caswell of the OpenSSL development
            team.
            
            Segmentation fault in DTLSv1_listen (CVE-2015-0207)
            ===================================================
            
            Severity: Moderate
            
            The DTLSv1_listen function is intended to be stateless and processes the initial
            ClientHello from many peers. It is common for user code to loop over the call to
            DTLSv1_listen until a valid ClientHello is received with an associated cookie. A
            defect in the implementation of DTLSv1_listen means that state is preserved in
            the SSL object from one invocation to the next that can lead to a segmentation
            fault. Errors processing the initial ClientHello can trigger this scenario. An
            example of such an error could be that a DTLS1.0 only client is attempting to
            connect to a DTLS1.2 only server.
            
            This issue affects OpenSSL version: 1.0.2
            
            OpenSSL 1.0.2 DTLS users should upgrade to 1.0.2a.
            
            This issue was reported to OpenSSL on 27th January 2015 by Per Allansson. The
            fix was developed by Matt Caswell of the OpenSSL development team.
            
            Segmentation fault in ASN1_TYPE_cmp (CVE-2015-0286)
            ===================================================
            
            Severity: Moderate
            
            The function ASN1_TYPE_cmp will crash with an invalid read if an attempt is
            made to compare ASN.1 boolean types. Since ASN1_TYPE_cmp is used to check
            certificate signature algorithm consistency this can be used to crash any
            certificate verification operation and exploited in a DoS attack. Any
            application which performs certificate verification is vulnerable including
            OpenSSL clients and servers which enable client authentication.
            
            This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8.
            
            OpenSSL 1.0.2 users should upgrade to 1.0.2a
            OpenSSL 1.0.1 users should upgrade to 1.0.1m.
            OpenSSL 1.0.0 users should upgrade to 1.0.0r.
            OpenSSL 0.9.8 users should upgrade to 0.9.8zf.
            
            This issue was discovered and fixed by Stephen Henson of the OpenSSL
            development team.
            
            Segmentation fault for invalid PSS parameters (CVE-2015-0208)
            =============================================================
            
            Severity: Moderate
            
            The signature verification routines will crash with a NULL pointer
            dereference if presented with an ASN.1 signature using the RSA PSS
            algorithm and invalid parameters. Since these routines are used to verify
            certificate signature algorithms this can be used to crash any
            certificate verification operation and exploited in a DoS attack. Any
            application which performs certificate verification is vulnerable including
            OpenSSL clients and servers which enable client authentication.
            
            This issue affects OpenSSL version: 1.0.2
            
            OpenSSL 1.0.2 users should upgrade to 1.0.2a
            
            This issue was was reported to OpenSSL on 31st January 2015 by Brian Carpenter
            and a fix developed by Stephen Henson of the OpenSSL development team.
            
            ASN.1 structure reuse memory corruption (CVE-2015-0287)
            =======================================================
            
            Severity: Moderate
            
            Reusing a structure in ASN.1 parsing may allow an attacker to cause
            memory corruption via an invalid write. Such reuse is and has been
            strongly discouraged and is believed to be rare.
            
            Applications that parse structures containing CHOICE or ANY DEFINED BY
            components may be affected. Certificate parsing (d2i_X509 and related
            functions) are however not affected. OpenSSL clients and servers are
            not affected.
            
            This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0
            and 0.9.8.
            
            OpenSSL 1.0.2 users should upgrade to 1.0.2a
            OpenSSL 1.0.1 users should upgrade to 1.0.1m.
            OpenSSL 1.0.0 users should upgrade to 1.0.0r.
            OpenSSL 0.9.8 users should upgrade to 0.9.8zf.
            
            This issue was discovered by Emilia Käsper and a fix developed by
            Stephen Henson of the OpenSSL development team.
            
            PKCS7 NULL pointer dereferences (CVE-2015-0289)
            ===============================================
            
            Severity: Moderate
            
            The PKCS#7 parsing code does not handle missing outer ContentInfo correctly.
            An attacker can craft malformed ASN.1-encoded PKCS#7 blobs with
            missing content and trigger a NULL pointer dereference on parsing.
            
            Applications that verify PKCS#7 signatures, decrypt PKCS#7 data or
            otherwise parse PKCS#7 structures from untrusted sources are
            affected. OpenSSL clients and servers are not affected.
            
            This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0
            and 0.9.8.
            
            OpenSSL 1.0.2 users should upgrade to 1.0.2a
            OpenSSL 1.0.1 users should upgrade to 1.0.1m.
            OpenSSL 1.0.0 users should upgrade to 1.0.0r.
            OpenSSL 0.9.8 users should upgrade to 0.9.8zf.
            
            This issue was reported to OpenSSL on February 16th 2015 by Michal
            Zalewski (Google) and a fix developed by Emilia Käsper of the OpenSSL
            development team.
            
            Base64 decode (CVE-2015-0292)
            =============================
            
            Severity: Moderate
            
            A vulnerability existed in previous versions of OpenSSL related to the
            processing of base64 encoded data. Any code path that reads base64 data from an
            untrusted source could be affected (such as the PEM processing routines).
            Maliciously crafted base 64 data could trigger a segmenation fault or memory
            corruption. This was addressed in previous versions of OpenSSL but has not been
            included in any security advisory until now.
            
            This issue affects OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.
            
            OpenSSL 1.0.1 users should upgrade to 1.0.1h.
            OpenSSL 1.0.0 users should upgrade to 1.0.0m.
            OpenSSL 0.9.8 users should upgrade to 0.9.8za.
            
            The fix for this issue can be identified by commits d0666f289a (1.0.1),
            84fe686173 (1.0.0) and 9febee0272 (0.9.8). This issue was originally reported by
            Robert Dugal and subsequently by David Ramos.
            
            DoS via reachable assert in SSLv2 servers (CVE-2015-0293)
            =========================================================
            
            Severity: Moderate
            
            A malicious client can trigger an OPENSSL_assert (i.e., an abort) in
            servers that both support SSLv2 and enable export cipher suites by sending
            a specially crafted SSLv2 CLIENT-MASTER-KEY message.
            
            This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0
            and 0.9.8.
            
            OpenSSL 1.0.2 users should upgrade to 1.0.2a
            OpenSSL 1.0.1 users should upgrade to 1.0.1m.
            OpenSSL 1.0.0 users should upgrade to 1.0.0r.
            OpenSSL 0.9.8 users should upgrade to 0.9.8zf.
            
            This issue was discovered by Sean Burford (Google) and Emilia Käsper
            (OpenSSL development team) in March 2015 and the fix was developed by
            Emilia Käsper.
            
            Empty CKE with client auth and DHE (CVE-2015-1787)
            ==================================================
            
            Severity: Moderate
            
            If client auth is used then a server can seg fault in the event of a DHE
            ciphersuite being selected and a zero length ClientKeyExchange message being
            sent by the client. This could be exploited in a DoS attack.
            
            This issue affects OpenSSL version: 1.0.2
            
            OpenSSL 1.0.2 users should upgrade to 1.0.2a.
            
            This issue was discovered and the fix was developed by Matt Caswell of the
            OpenSSL development team.
            
            Handshake with unseeded PRNG (CVE-2015-0285)
            ============================================
            
            Severity: Low
            
            Under certain conditions an OpenSSL 1.0.2 client can complete a handshake with
            an unseeded PRNG. The conditions are:
            - The client is on a platform where the PRNG has not been seeded automatically,
            and the user has not seeded manually
            - A protocol specific client method version has been used (i.e. not
            SSL_client_methodv23)
            - A ciphersuite is used that does not require additional random data from the
            PRNG beyond the initial ClientHello client random (e.g. PSK-RC4-SHA).
            
            If the handshake succeeds then the client random that has been used will have
            been generated from a PRNG with insufficient entropy and therefore the output
            may be predictable.
            
            For example using the following command with an unseeded openssl will succeed on
            an unpatched platform:
            
            openssl s_client -psk 1a2b3c4d -tls1_2 -cipher PSK-RC4-SHA
            
            This issue affects OpenSSL version: 1.0.2
            
            OpenSSL 1.0.2 users should upgrade to 1.0.2a.
            
            This issue was discovered and the fix was developed by Matt Caswell of the
            OpenSSL development team.
            
            Use After Free following d2i_ECPrivatekey error (CVE-2015-0209)
            ===============================================================
            
            Severity: Low
            
            A malformed EC private key file consumed via the d2i_ECPrivateKey function could
            cause a use after free condition. This, in turn, could cause a double
            free in several private key parsing functions (such as d2i_PrivateKey
            or EVP_PKCS82PKEY) and could lead to a DoS attack or memory corruption
            for applications that receive EC private keys from untrusted
            sources. This scenario is considered rare.
            
            This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8.
            
            OpenSSL 1.0.2 users should upgrade to 1.0.2a
            OpenSSL 1.0.1 users should upgrade to 1.0.1m.
            OpenSSL 1.0.0 users should upgrade to 1.0.0r.
            OpenSSL 0.9.8 users should upgrade to 0.9.8zf.
            
            This issue was discovered by the BoringSSL project and fixed in their commit
            517073cd4b. The OpenSSL fix was developed by Matt Caswell of the OpenSSL
            development team.
            
            X509_to_X509_REQ NULL pointer deref (CVE-2015-0288)
            ===================================================
            
            Severity: Low
            
            The function X509_to_X509_REQ will crash with a NULL pointer dereference if
            the certificate key is invalid. This function is rarely used in practice.
            
            This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0
            and 0.9.8.
            
            OpenSSL 1.0.2 users should upgrade to 1.0.2a
            OpenSSL 1.0.1 users should upgrade to 1.0.1m.
            OpenSSL 1.0.0 users should upgrade to 1.0.0r.
            OpenSSL 0.9.8 users should upgrade to 0.9.8zf.
            
            This issue was discovered by Brian Carpenter and a fix developed by Stephen
            Henson of the OpenSSL development team.
            
            Note
            ====
            
            As per our previous announcements and our Release Strategy
            (https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions
            1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these
            releases will be provided after that date. Users of these releases are advised
            to upgrade.
            
            References
            ==========
            
            URL for this Security Advisory:
            https://www.openssl.org/news/secadv_20150319.txt
            
            Note: the online version of the advisory may be updated with additional
            details over time.
            
            For details of OpenSSL severity classifications please see:
            https://www.openssl.org/about/secpolicy.html

            Comment


            • #7
              Second one this month:

              Code:
              -----BEGIN PGP SIGNED MESSAGE-----
              Hash: SHA256
              
              Forthcoming OpenSSL releases
              ============================
              
              The OpenSSL project team would like to announce the forthcoming release of
              OpenSSL versions 1.0.2g, 1.0.1s.
              
              These releases will be made available on 1st March 2016 between approximately
              1300-1700 UTC.  They will fix several security defects with maximum severity
              "high".
              
              Please see the following page for further details of severity levels:
              https://www.openssl.org/policies/secpolicy.html
              
              Please also note that, as per our previous announcements, support for 1.0.1
              will end on 31st December 2016.
              
              Yours
              
              The OpenSSL Project Team
              -----BEGIN PGP SIGNATURE-----
              Version: GnuPG v1
              
              iQEcBAEBCAAGBQJWzsjbAAoJEAEKUEB8TIy9ukoH/A+KQh0TPuC5CulMeFd4OiGy
              7HV9bX/nCe4sKmW5IGYt6GDPFRnhup9WR9Dvz0C/sBjwttsnF+UZOUUfYbDw2liO
              YG46kiS95zbeU4yYFQwHr9Sf01o89ogEGrxCIlKQiA4aXSZwn9liI0a51y7izWUC
              xdj2GEgQ/fnVnlN/AyToVmoQxlrphXJx9FigLxTuXi1X6nvSNdEYB1VtOuqjanRu
              8sR4UDCWYRZNT0L3as0IEU49X7ncwm5a85NR02SkVimevdbJw0mBT1ru4Zjddo88
              oO5xpgSKy2a56xC8yQXURkVPvuFqUpfvyojLwOULUnWHCpnDhzn+ygdko2Pii3o=
              =XURc
              -----END PGP SIGNATURE-----
              https://mta.openssl.org/pipermail/op...ry/000063.html

              Comment

              Working...
              X