Critical vulnerability of the OpenSSL library allows DoS attacks

Image: thehackernews.com

At the end of last week (September 22), the OpenSSL Foundation announced the elimination of more than a dozen vulnerabilities in its cryptographic library. Among the “bugs” found was a mistake, the exploitation of which allows attackers to carry out DoS attacks.
')

What is the problem

OpenSSL is a popular open source cryptographic library that provides encryption of Internet connections using SSL or TLS. This mechanism uses the vast majority of sites on the network.

The critical vulnerability (CVE-2016-6304) is contained in OpenSSL versions 1.0.1, 1.0.2 and 1.1.0 and has been fixed in versions OpenSSL 1.1.0a, 1.0.2i b 1.0. The essence of the vulnerability lies in the fact that during consecutive TLS Renegotiations, the server does not release the memory allocated for storing the field of one of the TLS protocol extensions - status request, and “grinds” a pointer to it, causing a memory leak.

TLS Renegotiations is a mechanism that allows a client or server to change TLS connection parameters on the go without interrupting the current session. At the same time, the parties exchange Hello messages and certificates, as with a regular handshake, but using an already established secure channel. And the status request extension allows you to speed up the verification of the server’s certificate status, if the latter supports the Stapling OCSP mechanism.

Thus, an attacker can cause a memory leak every time TLS Renegotiations is triggered. The size of the leak varies from 16 to 64 kilobytes, depending on the version of OpenSSL.

The OCSP (Online Certificate Status Protocol) protocol is supported by all modern web browsers and is designed to verify the status of a digital certificate installed on the site.

OCSP is divided into client and server. When an application or web browser tries to validate an SSL certificate, the client side sends an HTTP request to an online database that returns the certificate status. However, to speed up the validation mechanism for the client, the server can access the OCSP servers and then return the OCSP responses to the client during the handshake stage. Such a mechanism is called OCSP Stapling and allows the client to avoid wasting resources on accessing OCSP servers.

That's not all

Another security vulnerability, CVE-2016-6307, was described in the OpenSSL Foundation Security Bulletin of September 22 - it received a low degree of severity (Low). An error in the library code version 1.1.0 allowed an attacker to carry out DoS attacks by sending too large tls_get_message_header () headers.

It later emerged that a patch for the CVE-2016-6307 vulnerability created another vulnerability (CVE-2016-6309). As a result of applying the patch, a buffer processing error occurred, causing the application to crash and the ability to execute arbitrary code. To fix it, a separate patch was released.

How to protect

Servers using OpenSSL versions prior to 1.0.1g are not affected by CVE-2016-6304 when running in standard configuration. Administrators of vulnerable resources should use the no-ocsp option to reduce potential damage.

In addition, the OpenSSL Foundation team had previously fixed another vulnerability (CVE-2016-6305) of the library version 1.1.0, which could be used to implement DoS attacks.

Positive Technologies experts examined the details of the exploitation of the CVE-2016-6304 vulnerability and developed a signature to detect this vulnerability by means of IDS Suricata. In addition, it is recommended to use specialized tools for detecting vulnerabilities like those described, such as the MaxPatrol 8 security monitoring and compliance monitoring system.