The Open SSL has provided a collection of updates for its libraries to fix a series of new vulnerabilities recently reported. The exact number of vulnerabilities affecting OpenSSL is 6 and two of them are considered critical, as reported in the table below the flaws could be exploited by attackers to conduct MiTM attacks, remote code execution or to force a DoS.
Recently OpenSSL was mentioned many times after the public disclosure of the critical Heartbleed bug that affected millions of users worldwide. To fix the above vulnerabilities the OpenSSL foundation has issued the patched versions 0.9.8za, 1.0.0m and 1.0.1h, which are both available on the project website.
Below the details of the flaws
SSL/TLS MITM vulnerability (CVE-2014-0224)
This vulnerability is a “CCS Injection” flaw and it resides in ChangeCipherSpec (CCS) request sent during the handshake. A hacker exploiting the flaw could perform a man-in-the-middle attack against the encrypted connection servers and clients, allowing him to decrypt, read or manipulate the data in transit. The CCS Injection attack is possible only if both server and client are vulnerable.
In order to exploit this issue, a MITM attacker would effectively do the following actions:
OpenSSL clients are vulnerable in all versions of OpenSSL.
Servers are only known to be vulnerable in OpenSSL 1.0.1 and 1.0.2-beta1.
Users of OpenSSL servers earlier than 1.0.1 are advised to upgrade as a precaution.
The vulnerability was discovered on May 1th 2014 and fixed by Stephen Henson of the OpenSSL core team.
DTLS recursion flaw vulnerability (CVE-2014-0221)
The attacker could exploit the vulnerability by sending an invalid DTLS handshake to an OpenSSL DTLS client, in this way he will force the code to recurse eventually crashing in a DoS attack.
DTLS classic TLS encryption over UDP used to secure voice chat, VOIP and live streams of video.
The attack is effective only for software using OpenSSL as a DTLS client:
The vulnerability was reported on May 9th, 2014, Stephen Henson of the OpenSSL core team has developed the fix.
DTLS invalid fragment vulnerability (CVE-2014-0195)
The attacker sends invalid DTLS fragments to an OpenSSL DTLS client or server to cause a buffer overrun attack and run arbitrary code on the target.
Only applications using OpenSSL as a DTLS client or server affected.
The vulnerability was discovered on April 23th 2014 and it was fixed by Stephen Henson of the OpenSSL core team.
SSL_MODE_RELEASE_BUFFERS NULL pointer dereference vulnerability (CVE-2014-0198)
The attacker exploiting a flaw in the do_ssl3_write function can force a denial of service via a NULL pointer dereference. This flaw only affects OpenSSL 1.0.0 and 1.0.1 where SSL_MODE_RELEASE_BUFFERS is enabled, which is not the default setting.
The fix was developed by Matt Caswell of the OpenSSL development team.
SSL_MODE_RELEASE_BUFFERS session injection or denial of service vulnerability (CVE-2010-5298)
The flaw could be exploited by a remote attackers to inject data across sessions or cause a denial of service. It is based on a race condition in the ssl3_read_bytes function, the vulnerability only affects multithreaded applications using OpenSSL 1.0.0 and 1.0.1, where SSL_MODE_RELEASE_BUFFERS is enabled, also in this case this is not the default setting and it is a not a common choice.
This issue was reported in public.
Anonymous ECDH denial of service vulnerability (CVE-2014-3470)
The advisory issued by the OpenSSL Foundation stated that TLS clients which anonymous ECDH (Elliptic Curve Diffie Hellman) ciphersuites are vulnerable to a denial of service attack.
The bug was reported on May 28th 2014, while the fix was developed by Stephen Henson of the OpenSSL core team.
The disclosure of the above vulnerabilities comes after more that a month the diffusion of the information on the HeartBleed bug and a few days after the revelation on the Hello vulnerability in the GnuTLS, the software implementation of SSL/TLS/DTLS protocols.
(Security Affairs – OpenSSL, encryption)