New flaws discovered in OpenSSL……..heartbleed mark 2 awaits?
June 6, 2014 |
The problem with having a ubiquitous open source software that is a key part of the security framework for communications in cyberspace is that where problems arise the impact is tremendous and potentially disastrous. The Heartbleed episode demonstrated that in no uncertain terms. Changes to passwords, rushed out patches and changes to security protocols all came with cost, aggravation and no shortage of concern.
OpenSSL has identified flaws in the cryptographic library which makes it vulnerable to a man-in-the-middle-attack (which is a form of active eavesdropping in which the attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker) in an advisory which relevantly provides:
OpenSSL Security Advisory [05 Jun 2014]
SSL/TLS MITM vulnerability (CVE-2014-0224)
An attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. This can be exploited by a Man-in-the-middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server. The attack can only be performed between a vulnerable client *and* server. OpenSSL clients are vulnerable in all versions of OpenSSL. Servers are only known to be vulnerable in OpenSSL 1.0.1 and 1.0.2-beta1. Users of OpenSSL servers earlier than 1.0.1 are advised to upgrade as a precaution. OpenSSL 0.9.8 SSL/TLS users (client and/or server) should upgrade to 0.9.8za. OpenSSL 1.0.0 SSL/TLS users (client and/or server) should upgrade to 1.0.0m. OpenSSL 1.0.1 SSL/TLS users (client and/or server) should upgrade to 1.0.1h. Thanks to KIKUCHI Masashi (Lepidum Co. Ltd.) for discovering and researching this issue. This issue was reported to OpenSSL on 1st May 2014 via JPCERT/CC. The fix was developed by Stephen Henson of the OpenSSL core team partly based on an original patch from KIKUCHI Masashi.
The advisory states that, presumably, after the issue was identified a fix was developed but a recommendation to upgrade has been made. The immediate impact of such a weakness being identified is that APP entities must, at least under APP 11, take reasonable steps to protect personal information. A man-in-the-middle attack would potentially threaten personal information to interference. The Privacy Commissioner made that clear in a statement on 11 April 2014 in relation to the Heartbleed Bug. At minimum organisations should follow the recommendations by OpenSSL in particular to upgrade software. To do otherwise would most likely to be failing to take reasonable steps requirements in complying with APP 11.
Itnews has covered the story in Serious new flaws discovered in OpenSSL.
It provides:
Researchers have discovered new flaws in the popular open source OpenSSL cryptographic library, at least two of which are considered to be serious.
A security advisory from OpenSSL describes the flaw as:
“An attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. This can be exploited by a Man-in-the-middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server.”
Masahi Kikuchi of Japanese software company Lepidum discovered the bug, and said it has existed since the first release of OpenSSL.
Kikuchi believes the reason the bug hasn’t been discovered over the past 16 years is insufficient code reviews, especially by experts with Transport Layer Security/Secure Sockets Layer (TLS/SSL) implementation experience.
He also believes the SSL protocol version 3.0 specification document could be clearer on how to implement the ChangeCipherSpec content type, so as to verify certain conditions before it is secure to accept it during a handshake or connection negotiation between client and server.
OpenSSL is used in millions of servers around the world to authenticate and secure communications.
In the wake of the severe Heartbleed security hole that left systems open to undetectable attacks, the OpenSSL project has received funding and support from the Linux Foundation’s Core Infrastructure Initiative in an effort to tighten security reviews.
Another OpenSSL flaw affecting the handling of Datagram Transport Layer Security (DTLS) fragments means it’s possible to send a single specially crafted User Datagram Protocol (UDP) packet, causing application crashes and a denial of service, writes HP security researcher Brian Gorenc.
Gorenc said a more serious attack is possible, and that it is also theoretically possible to inject malicious code, and possibly execute it with the privileges of the process that is running and using OpenSSL.
The code in question was committed to OpenSSL by Robin Seggelman, the same person who introduced the recent massive Heartbleed vulnerability, Gorenc notes.
“Seggelmann is not completely to blame, of course. OpenSSL is an open source project. The ‘many eyes’ that look at this code failed to catch this bug, but a new breed of individuals are looking at this code…especially at Seggelmann’s code. This code is now known for having vulnerabilities. There is blood in the water,” Gorenc said.
Three other bugs that could be used in denial of service attacks against applications using OpenSSL are also fixed with the latest set of patches.
OpenSSL suggests that users of its software upgrade it according to the guide below:
- OpenSSL 0.9.8 users should upgrade to 0.9.8za
- OpenSSL 1.0.0 users should upgrade to 1.0.0m
- OpenSSL 1.0.1 users should upgrade to 1.0.1h
Google, which uses OpenSSL in some of its applications, has already released a new version of the Chrome web browser for Android, and will make it available in its Play app store over the next few days.
It’s been a bad week for open-source Secure Socket Layer (SSL) programs.
First, the obscure, GnuTLS was revealed to have a trivial but damning flaw. Then, the massively popular OpenSSL was found to have a man-in-the-middle vulnerability. After the Heartbleed fiasco, OpenSSL needed this like a hole in the head.
This vulnerability, according to Adam Langley, a senior staff software engineer at Google, has been around for at least 15 years. It’s a pity the Core Infrastructure Initiative (CII) riding to OpenSSL’s rescue with more developer funding didn’t happen any sooner than it did.
That said, this bug is still is nowhere near as bad as Heartbleed. For starters, an attacker needs to be running a system between the web browser or other SSL-enabled client program to make use of the security hole.
Be that as it may, you still need to address it by upgrading as soon as possible. As Chris Camejo, Director of Assessment Services for NTT Com Security said in an e-mail interview, “It’s bad because it has been around for a long time and looks to be fairly widespread.”
He added: “If exploited it would allow the attacker to decrypt traffic. This is serious given that the whole point of SSL is to encrypt traffic and it is widely used to protect passwords, credit card numbers, and all other manner of sensitive transactions that happen on web sites as well as certain email connections.”
In a separate interview, Mark Cox, Red Hat’s senior director of product security, went into deeper detail. Cox said, OpenSSL has fixed a number of security flaws, but given the Heartbleed episode we needed to find a way to tell people not to panic.
Cox explained that Heartbleed had been patched before it was revealed but news of the exploit spread before news of the patches, hence so much of the upset around it. In this latest case, there have been seven security issues patched but only two of them need concern administrators and users.
The first, Cox continued, is the Datagram Transport Layer Security (DTLS) bug. There is no known exploit of it at this time, but there is the potential for a successful attack against it.
Therefore, while DTLS is not widely used, if you do use it, it should be patched as soon as possible.
Cox then said the “real meat of the issue is the man-in-the-middle attack.” Even here, for this work, someone really must be “in the middle” between a vulnerable server and client to make use of the hole.
But if someone can do this, they could “bypass SSL and get to the raw data… This is quite a serious issue.”
Still, with Heartbleed anyone could theoretically exploit vulnerable SSL servers. To attack using this hole would require network access to the traffic between the client and server. For example, a successful attack might be made with a fake coffee house Wi-Fi access point being used to connect the Android version of the Chrome Web browser and an unpatched Web server. Fortunately, Google has already released an updated version of this browser, 35.0.1916.141, to eliminate this problem.
The most vulnerable systems, according to Cox, are unpatched Android devices using a bogus Wi-Fi hot spot. Morrell added that since Android users are at the mercy of their phone vendors and telcos for security updates they may be stuck with vulnerabilities for quite a long time.
Fortunately, if the servers they connect with have been updated, they still can’t be attacked.
The OpenSSL security community has known about this problem since early May. The group, working with Red Hat, other major Linux and open-source groups, and hardware vendors, went to a great deal of trouble to not simply patch the bug but to take the next steps of testing the repair, so that they could be as certain (as anyone can ever be in security) that it would fix the hole, but also not introduce any new security problems, and work with most combinations of OpenSSL servers and clients.
Now that the patch is out there, OpenSSL is trying to get the solid facts, as well as the patch, out to people so there won’t be any undue panic over these problems. Cox added that the major Linux vendors, such as Red Hat and Ubuntu, already have the patches available.
All server administrators need do is to download and install them and instead of a security crisis this will prove to be business as usual.
[…] New flaws discovered in OpenSSL……..heartbleed mark 2 awaits? […]