On
September 22nd,
2016 OpenSSL announced the elimination of more than a dozen
vulnerabilities in it's cryptographic library. Among the bugs was a
mistake which
allowed attackers to carry out DoS-attacks within their software.
What's the problem
OpenSSL is a popular
open-source cryptographic library which allows for the creation of encrypted internet
connections using SSL or TLS. It's also used by the vast majority of websites and networks today. A
critical
vulnerability (CVE-2016-6304) is contained in OpenSSL versions 1.0.1,
1.0.2
and 1.1.0 and has been fixed in the new versions 1.1.0a, 1.0.2i b 1.0.
The vulnerability within these older versions lies in the fact that in
successive TLS renegotiations, the server doesn't release the memory
allocated
for one of the TLS protocol extensions - status request, but
"frays" a pointer to it, essentially causing a memory leak.
TLS
Renegotiations -
a mechanism that allows a client or server to change TLS connection
settings on the fly without interrupting the current session. The
parties
exchange Hello messages and certificates as in conventional handshakes,
but in here it uses an already established secure channel. A status
request extension assists with speeding up the server certificate status
checking, if the latter provides a
mechanism OCSP Stapling. By abusing this method, an attacker
can cause a memory leak each time a TLS renegotiation is requested. The size
of the memory leak ranges from 16 to 64 kilobytes (depending on the version of
OpenSSL in use).
A little background on OCSP (Online
Certificate Status Protocol) - This protocol is supported by all modern web browsers, it's designed to ensure verification of the digital certificate
installed on the site. OCSP
is divided into
both client and server responsibilities. When an application or a web browser
attempts SSL-certificate validation the client sends a HTTP-request to
an online
database which returns the status of the certificate. However, to speed
up the
validation mechanism for the client, the server itself can access the
OCSP
servers and then return the OCSP responses to the client within the
handshake step.
This mechanism is called OCSP stapling and allows the customer to avoid
the
waste of resources to appeal to the OCSP servers.
That's
not all
The OpenSSL
Foundation security bulletin from September 22nd also describes another vulnerability
CVE-2016-6307 (it has a low priority vulnerability rating). An error in the code library
version 1.1.0 could allow an attacker to carry out DoS-attacks by sending
large tls_get_message_header() header. Later it became
clear that a patch for the vulnerability CVE-2016-6307 spawned yet another
vulnerability (CVE-2016-6309). As a result of applying the patch to fix the DoS issue a buffer
processing error was generated causing applications to execute arbitrary code. After this was deteremined another patch was
released to fix this defect.
How
to protect yourself
Servers
that use the
OpenSSL version to 1.0.1g are non-affected by the CVE-2016-6304
vulnerability when
working in standard configuration. Administrators of vulnerable
resources should use the no-ocsp option to mitigate the chances of DDoS
against their systems. In
addition to this DDoS fix, the OpenSSL Foundation team has also fixed
another vulnerability (CVE-2016-6305)
in the library version 1.1.0, which could be used to carry out
DoS-attacks. Staying current on patches, as always, will help remediate
the risks within the OpenSSL libraries.
No comments:
Post a Comment