Monday, October 17, 2016

OpenSSL vulnerabilities allow DDoS-attacks

On September 22nd, 2016 OpenSSL announced the elimination of more than a dozen vulnerabilities in it's cryptographic library. Among the bugs was a mistake which allowed attackers to carry out DoS-attacks within their software.

What's the problem

OpenSSL is a popular open-source cryptographic library which allows for the creation of encrypted internet connections using SSL or TLS. It's also used by the vast majority of websites and networks today. A critical vulnerability (CVE-2016-6304) is contained in OpenSSL versions 1.0.1, 1.0.2 and 1.1.0 and has been fixed in the new versions 1.1.0a, 1.0.2i b 1.0. The vulnerability within these older versions lies in the fact that in successive TLS renegotiations, the server doesn't release the memory allocated for one of the TLS protocol extensions - status request, but "frays" a pointer to it, essentially causing a memory leak.

TLS Renegotiations - a mechanism that allows a client or server to change TLS connection settings on the fly without interrupting the current session. The parties exchange Hello messages and certificates as in conventional handshakes, but in here it uses an already established secure channel. A status request extension assists with speeding up the server certificate status checking, if the latter provides a mechanism OCSP Stapling. By abusing this method, an attacker can cause a memory leak each time a TLS renegotiation is requested. The size of the memory leak ranges from 16 to 64 kilobytes (depending on the version of OpenSSL in use).

A little background on OCSP (Online Certificate Status Protocol) - This protocol is supported by all modern web browsers, it's designed to ensure verification of the digital certificate installed on the site. OCSP is divided into both client and server responsibilities. When an application or a web browser attempts SSL-certificate validation the client sends a HTTP-request to an online database which returns the status of the certificate. However, to speed up the validation mechanism for the client, the server itself can access the OCSP servers and then return the OCSP responses to the client within the handshake step. This mechanism is called OCSP stapling and allows the customer to avoid the waste of resources to appeal to the OCSP servers.
That's not all

The OpenSSL Foundation security bulletin from September 22nd also describes another vulnerability CVE-2016-6307 (it has a low priority vulnerability rating). An error in the code library version 1.1.0 could allow an attacker to carry out DoS-attacks by sending large tls_get_message_header() header. Later it became clear that a patch for the vulnerability CVE-2016-6307 spawned yet another vulnerability (CVE-2016-6309). As a result of applying the patch to fix the DoS issue a buffer processing error was generated causing applications to execute arbitrary code. After this was deteremined another patch was released to fix this defect.

How to protect yourself

Servers that use the OpenSSL version to 1.0.1g are non-affected by the CVE-2016-6304 vulnerability when working in standard configuration. Administrators of vulnerable resources should use the no-ocsp option to mitigate the chances of DDoS against their systems. In addition to this DDoS fix, the OpenSSL Foundation team has also fixed another vulnerability (CVE-2016-6305) in the library version 1.1.0, which could be used to carry out DoS-attacks. Staying current on patches, as always, will help remediate the risks within the OpenSSL libraries.

Guest Author: Written by Alex Bod, Information Security Researcher and the founder of Gods. He runs the penetration testing services provided by Gods Hackers Team.

No comments:

Post a Comment