Just a month after a critical security hole in OpenSSL dubbed “Heartbleed” captured headlines around the globe, The OpenSSL Foundation has issued an other critical software update fixing six more security holes, two of them critical.
The Foundation issued its update on Thursday, saying that current versions of OpenSSL contain vulnerabilities that could be used to carry out “man in the middle” (or MITM) attacks against OpenSSL clients and servers. SSL VPN (virtual private network) products are believed to be especially vulnerable. Users of OpenSSL versions 0.9.8, 1.0.0 and 1.0.1 are all advised to update immediately.
According to information released by the OpenSSL Foundation, an attacker using a carefully crafted handshake can force the use of “weak keying material in OpenSSL SSL/TLS clients and servers.” That could lay the groundwork for man-in-the-middle attacks in which an attacker positions herself between a vulnerable client and server, decrypting and modifying traffic as it passes through the attacker’s system.
However, security experts caution that mitigating factors mean the vulnerabilities announced – while serious – are not as critical as Heartbleed. First, attacks are only possible in cases where both an SSL client and server are running vulnerable software. As it stands, OpenSSL clients are vulnerable in all versions of OpenSSL, however, only OpenSSL servers running version 1.0.1 and 1.0.2-beta1 are known to be vulnerable. Users of OpenSSL servers earlier than 1.0.1 are being asked to upgrade, just to be safe.
[Read Security Ledger’s coverage of the Heartbleed vulnerability in OpenSSL here.]
The six vulnerabilities patched by OpenSSL Foundation are:
- CVE-2014-0224 – an SSL/TLS MITM vulnerability that would allow an attacker using a carefully crafted handshake to force the use of weak keying material in OpenSSL SSL/TLS clients and servers.
- CVE-2014-0221 – a DTLS recursion flaw. By sending an invalid DTLS handshake to an OpenSSL DTLS client the code can be made to recurse eventually crashing in a DoS attack.
- CVE-2014-0195 – (CRITICAL) a DTLS invalid fragment vulnerability. A buffer overrun attack can be triggered by sending invalid DTLS fragments to a OpenSSL DTLS client or server. This is potentially exploitable to run arbitrary code on a vulnerable client or server.
- CVE-2014-0198 – SSL_MODE_RELEASE_BUFFERS NULL pointer dereference. A flaw in the do_ssl3_write function can allow remote attackers to cause a denial of service via a NULL pointer dereference.
- CVE-2010-5298 – SSL_MODE_RELEASE_BUFFERS session injection or denial of service. A race condition in the ssl3_read_bytes function can allow remote attackers to inject data across sessions or cause a denial of service.
- CVE-2014-3470– Anonymous ECDH denial of service. OpenSSL TLS clients enabling anonymous ECDH ciphersuites are subject to a denial of service attack.
Writing on the SANS Institute’s Internet Storm Center blog, Johannes Ullrich said that only one of the vulnerabilities, 2014-0195 could be considered critical. However, it only affects DTLS clients or servers. DTLS – or Datagram Transport Layer Security – is used mainly in voice over IP and other communications-related applications.
DTLS is a component of Cisco Systems’ AnyConnect VPN Client and the compatible open-source OpenConnect client. Google’s Chrome web browser and The Mozilla Foundation’s Firefox browser also support DTLS for WebRTC (Web Real-Time Communication), a W3C standard that’s designed to let browsers natively support video and voice chat as well as P2P file sharing.
Ullrich said the fact that the 0195 is specific to DTLS makes it unlikely to affect secure HTTP sessions, as Heartbleed did.
The Heartbleed vulnerability, revealed in early April, concerned a missing a bounds check in the handling of the TLS heartbeat extension requests. The flaw could be used to reveal up to 64K of memory on the machine running OpenSSL to a connected client or server, potentially exposing OpenSSL users’ secret keys and enabling an attacker to decrypt and read any protected traffic. While media attention to Heartbleed in the intervening weeks means that most affected systems have since been patched, problems linked to it persist.
Recently, a researcher at the firm Sysvalue reported a variation, dubbed “Cupid” that affects Android mobile devices and WiFi routers.
