OpenSSL 1.1.1k Patches Two High-Severity Vulnerabilities

[mood]

OpenSSL 1.1.1k Patches Two High-Severity Vulnerabilities

 

 

The OpenSSL Project on Thursday announced the release of version 1.1.1k, which patches two high-severity vulnerabilities, including one related to verifying a certificate chain and one that can lead to a server crash.

 

The first security hole, tracked as CVE-2021-3450, has been described as a “problem with verifying a certificate chain when using the X509_V_FLAG_X509_STRICT flag.” The flaw was discovered by researchers at Akamai.

“Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates,” the OpenSSL Project explained in its advisory.

 

The second vulnerability, tracked as CVE-2021-3449 and discovered by employees of telecoms giant Nokia, involves sending a specially crafted renegotiation ClientHello message from a client, and it can be exploited for denial-of-service (DoS) attacks.

“If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack,” reads the description of this vulnerability.

 

Servers running OpenSSL 1.1.1 are affected by CVE-2021-3449 if they have TLS 1.2 and renegotiation enabled — this is the default configuration.

 

Some companies have already started informing their customers about these OpenSSL vulnerabilities.

 

OpenSSL has come a long way in terms of security since the disclosure of the Heartbleed vulnerability back in 2014. Only three vulnerabilities were fixed in 2020, and only two of those were rated high severity. No high-severity issues were patched in OpenSSL in 2018 and 2019.

 

 

Source: OpenSSL 1.1.1k Patches Two High-Severity Vulnerabilities

[aum]

 

The maintainers of OpenSSL have released a fix for two high-severity security flaws in its software that could be exploited to carry out denial-of-service (DoS) attacks and bypass certificate verification.

 

Tracked as CVE-2021-3449 and CVE-2021-3450, both the vulnerabilities have been resolved in an update (version OpenSSL 1.1.1k) released on Thursday. While CVE-2021-3449 affects all OpenSSL 1.1.1 versions, CVE-2021-3450 impacts OpenSSL versions 1.1.1h and newer.

 

OpenSSL is a software library consisting of cryptographic functions that implement the Transport Layer Security protocol with the goal of securing communications sent over a computer network.

 

According to an advisory published by OpenSSL, CVE-2021-3449 concerns a potential DoS vulnerability arising due to NULL pointer dereferencing that can cause an OpenSSL TLS server to crash if in the course of renegotiation the client transmits a malicious "ClientHello" message during the handshake between the server and a user. The issue was introduced as part of changes dating back to January 2018.

 

"If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack," the advisory said.

 

Nokia, which has been credited with reporting the flaw on March 17, fixed the DoS bug with a one-line code change.

 

CVE-2021-3450, on the other hand, relates to an X509_V_FLAG_X509_STRICT flag that enables additional security checks of certificates present in a certificate chain. While this flag is not set by default, an error in the implementation meant that OpenSSL failed to check that "non-CA certificates must not be able to issue other certificates," resulting in a certificate bypass.

 

As a result, the flaw prevented apps from rejecting TLS certificates that aren't digitally signed by a browser-trusted certificate authority (CA).

 

"In order to be affected, an application must explicitly set the X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose," OpenSSL said.

 

Benjamin Kaduk from Akamai is said to have reported the issue to the project maintainers on March 18. The vulnerability was discovered by Xiang Ding and others at Akamai, with a fix put in place by former Red Hat principal software engineer and OpenSSL developer Tomáš Mráz.

 

Although neither of the issues affect OpenSSL 1.0.2, it's also worth noting that the version has been out of support since January 1, 2020, and is no longer receiving updates. Applications that rely on a vulnerable version of OpenSSL are advised to apply the patches to mitigate the risk associated with the flaws.

 

Source

[Karlston]

Similar topics merged.