Six New OpenSSL Security Vulnerabilities Discovered Since Heartbleed

Heartbleed

In a recent security advisory from June 5th, 2014, six new vulnerabilities were disclosed on OpenSSL’s website. It’s important that these news OpenSSL flaws are being discovered quickly and getting fixed. But these new discoveries are indicative of other potential devastating security flaws that remain buried in the labyrinth of OpenSSL code.  Once again, the discoveries expose the risk of using OpenSSL to process SSL traffic for
your mission critical infrastructure and applications.

Here are some details around each of the new vulnerabilities discovered:

SSL/TLS MITM vulnerability (CVE-2014-0224)
===========================================

An attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. This can be exploited by a Man-in-the-middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server.

The attack can only be performed between a vulnerable client *and* server. OpenSSL clients are vulnerable in all versions of OpenSSL. Servers are only known to be vulnerable in OpenSSL 1.0.1 and 1.0.2-beta1. Users of OpenSSL servers earlier than 1.0.1 are advised to upgrade as a precaution.

OpenSSL 0.9.8 SSL/TLS users (client and/or server) should upgrade to 0.9.8za.
OpenSSL 1.0.0 SSL/TLS users (client and/or server) should upgrade to 1.0.0m.
OpenSSL 1.0.1 SSL/TLS users (client and/or server) should upgrade to 1.0.1h.

Discovered by Kikuchi Masashi of Lepidum Co. Ltd. on May 1st 2014 and the patch has already been created.

DTLS recursion flaw (CVE-2014-0221)
====================================

By sending an invalid DTLS handshake to an OpenSSL DTLS client the code can be made to recurse eventually crashing in a DoS attack.

Only applications using OpenSSL as a DTLS client are affected.

OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8za
OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0m.
OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1h.

Reported on May 9th, 2014 by Imre Rad from Search-Lab Ltd.

DTLS invalid fragment vulnerability (CVE-2014-0195)
====================================================

A buffer overrun attack can be triggered by sending invalid DTLS fragments to an OpenSSL DTLS client or server. This is potentially exploitable to run arbitrary code on a vulnerable client or server.

Only applications using OpenSSL as a DTLS client or server affected.

OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8za
OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0m.
OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1h.

Another buffer overrun attack that may have been prevented if OpenSSL were written in Java™ discovered by Juri Aedla on April 23rd, 2014.

SSL_MODE_RELEASE_BUFFERS NULL pointer dereference (CVE-2014-0198)
=================================================================

A flaw in the do_ssl3_write function can allow remote attackers to cause a denial of service via a NULL pointer dereference. This flaw only affects OpenSSL 1.0.0 and 1.0.1 where SSL_MODE_RELEASE_BUFFERS is enabled, which is not the default and not common.

OpenSSL 1.0.0 users should upgrade to 1.0.0m.
OpenSSL 1.0.1 users should upgrade to 1.0.1h.

This vulnerability has already had a patch put in place by Matt Caswell from the OpenSSL team.

SSL_MODE_RELEASE_BUFFERS session injection or denial of service (CVE-2010-5298)
============================================================

A race condition in the ssl3_read_bytes function can allow remote attackers to inject data across
sessions or cause a denial of service. This flaw only affects multithreaded applications using OpenSSL 1.0.0 and 1.0.1, where SL_MODE_RELEASE_BUFFERS is enabled, which is not the
default and not common.

OpenSSL 1.0.0 users should upgrade to 1.0.0m.
OpenSSL 1.0.1 users should upgrade to 1.0.1h.

Luckily, this flaw is not as common because the SL_Mode_Release_Buffers is not enable by default.

Anonymous ECDH denial of service (CVE-2014-3470)
================================================

OpenSSL TLS clients enabling anonymous ECDH ciphersuites are subject to a denial of service attack.

OpenSSL 0.9.8 users should upgrade to 0.9.8za
OpenSSL 1.0.0 users should upgrade to 1.0.0m.
OpenSSL 1.0.1 users should upgrade to 1.0.1h.

Those are the six most recent security vulnerabilities that have been discovered since Heartbleed. What will be the next flaw found? You don’t have to rely on OpenSSL, there are other ways of managing your SSL traffic without using OpenSSL.