Headline
Upcoming ‘critical’ OpenSSL update prompts feverish speculation
Is the new Heartbleed or just a bleeding distraction?
Is the new Heartbleed or just a bleeding distraction?
Developers of the OpenSSL cryptography library have taken the unusual step of pre-warning that an update due to land next Tuesday (November 1) will fix a critical vulnerability.
The looming OpenSSL 3.x patch represent the only the second time the project has addressed a flaw classified as ‘critical’. The only previous OpenSSL update of such elevated severity addressed the infamous Heartbleed vulnerability (CVE-2014-0160).
Heartbleed was a memory handling bug that opened the door for attackers to access secret keys, passwords, and sensitive personal information from vulnerable servers. At the time of its discovery eight years ago, experts from Netcraft estimated that the flaw affected 17% of SSL web servers or “half a million widely trusted websites”.
Little is known about the upcoming critical fix (OpenSSL 3.0.7), other than it is restricted to OpenSSL version 3.0, the latest release line of the software, and does not affect previous versions.
YOU MAY ALSO LIKE HyperSQL DataBase flaw leaves library vulnerable to RCE
OpenSSL 3.0.x only debuted in 2021, a factor that might limit the extent of the problems next week’s announcement will reveal. OpenSSL has been around since 1998 and most systems today are still built using earlier release lines.
No details of the upcoming patch or the critical flaw it tackles have been released. In the absence of any hard info, infosec Twitter has gone into overdrive with some speculating that the vulnerability might represent the “next Heartbleed”.
One security expert from Google, for example, has suggested on the basis of recent software commits and a blog post by the OpenSSL team that the update might relate to a denial-of-service (DoS) issue.
Feel the DHEat
This particular DoS bug – known as DHEat and previous confirmed to affect OpenVPN and SSH services – involves enforcing the Diffie-Hellman key exchange.
DHEat (AKA CVE-2002-20001) scores 7.5 on the CVSS 3.1 index, indicating high severity and falling somewhat short of critical.
On the face of it, an OpenSSL patch for DHEat would appear to be a poor candidate for a critical patch unless OpenSSL is particularly vulnerable. A recent OpenSSL blog post referencing DHEat makes it even more unlikely that the looming patch tackles this issue.
It seems more likely that a previously unknown vulnerability is at play, according to experts quizzed by The Daily Swig.
Action stations
Brian Fox, CTO of Sonatype, told us that organizations should audit their code base for exposure to any vulnerability in OpenSSL 3.0.x, leaving them prepared to either patch or isolate vulnerable systems next week.
“In the first instance, it’s critical to find out where 3.x is used,” Fox said. “More importantly, it’s vital to get tooling in place to avoid having to audit and identify components manually every time.”
Catch up on the latest encryption-related news and analysis
Fox went on to argue that speculation about the content of the upcoming fix were, at best, “unhelpful”. He said: “The speculation assumes that the fix is available in the publicly visible source and the advance notice gives attackers time to find it. This assumption may not be true. It is a best practice at some times to embargo the actual change until after the announcement for this exact reason.
“The team at OpenSSL consists of some of the foremost experts in handling high profile open source vulnerability disclosures and if they have determined this is the best course of action – to give advance notice – then I have faith in that decision.”
Professor Alan Woodward, a computer scientist at the University of Surrey, reasoned that the problem is unlikely to be related to the older vulnerability.
“If the OpenSSL vulnerability is truly critical as per their own definition, then it sounds dire,” Prof. Woodward told The Daily Swig. “If it’s the older vulnerability, I fear they may have cried wolf. It isn’t helpful to give so little information but as it is a tiny team I can see why.”
Prof. Woodward concluded: “I guess we’ll all have to wait until next week.”
YOU MAY ALSO LIKE GitHub patches bug that could allow access to another user’s repo
Related news
In Bitcoin Core through 26.0 and Bitcoin Knots before 25.1.knots20231115, datacarrier size limits can be bypassed by obfuscating data as code (e.g., with OP_FALSE OP_IF), as exploited in the wild by Inscriptions in 2022 and 2023.
Red Hat strives to get better at what we do, faster at how we do it, while maintaining high quality results. In modern software development, that means focusing on security as early as possible into our software development process, and continuously driving improvements by listening and acting upon early feedback in the Secure Development Lifecycle (SDL). One important tool toward that goal is the Common Weakness Enumeration (CWE), a community-developed taxonomy of flaws. We use CWE classifications to gather intelligence and data to visualize clustering common weaknesses. We can then better
An issue in Zimbra Collaboration ZCS v.8.8.15 and v.9.0 allows an attacker to execute arbitrary code via the sfdc_preauth.jsp component.
Scans of the Internet find that millions of computers, virtual machines, and containers are vulnerable to one or more of the hundreds of cyberattacks currently used in the wild, despite being patchable.
A vulnerability exists in the ClearPass OnGuard macOS agent that allows for an attacker with local macOS instance access to potentially obtain sensitive information. A successful exploit could allow an attacker to retrieve information that is of a sensitive nature in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x: 6.10.7 and below and ClearPass Policy Manager 6.9.x: 6.9.12 and below.
Organizations should update to the latest encryption (version 3.0.7) as soon as possible, but there's no need for Heartbleed-like panic, security experts say.
Punycode-related flaw fails the logo test
The OpenSSL project has rolled out fixes to contain two high-severity flaws in its widely used cryptography library that could result in a denial-of-service (DoS) and remote code execution. The issues, tracked as CVE-2022-3602 and CVE-2022-3786, have been described as buffer overrun vulnerabilities that can be triggered during X.509 certificate verification by supplying a specially-crafted email
Even if the security bug is not another Heartbleed, prepare like it might be, they note — it has potentially sprawling ramifications.
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities.
Zimbra Collaboration Open Source 8.8.15 does not encrypt the initial-login randomly created password (from the "zmprove ca" command). It is visible in cleartext on port UDP 514 (aka the syslog port).
OpenVPN Access Server 2.10 and prior versions are susceptible to resending multiple packets in a response to a reset packet sent from the client which the client again does not respond to, resulting in a limited amplification attack.
Under certain circumstances, a vulnerability in Metasys ADS/ADX/OAS 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS 11 versions prior to 11.0.2 could allow a user to inject malicious code into the MUI Graphics web interface.
Mitel 6800 and 6900 Series SIP phone devices through 2022-04-27 have "undocumented functionality." A vulnerability in Mitel 6800 Series and 6900 Series SIP phones excluding 6970, versions 5.1 SP8 (5.1.0.8016) and earlier, and 6.0 (6.0.0.368) through 6.1 HF4 (6.1.0.165), could allow a unauthenticated attacker with physical access to the phone to gain root access due to insufficient access control for test functionality during system startup. A successful exploit could allow access to sensitive information and code execution.
Mitel 6800 and 6900 Series SIP phone devices through 2022-04-27 have "undocumented functionality." A vulnerability in Mitel 6800 Series and 6900 Series SIP phones excluding 6970, versions 5.1 SP8 (5.1.0.8016) and earlier, and 6.0 (6.0.0.368) through 6.1 HF4 (6.1.0.165), could allow a unauthenticated attacker with physical access to the phone to gain root access due to insufficient access control for test functionality during system startup. A successful exploit could allow access to sensitive information and code execution.
Multiple unauthenticated command injection vulnerabilities were discovered in the AOS-CX API interface in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): AOS-CX 10.06.xxxx: 10.06.0170 and below, AOS-CX 10.07.xxxx: 10.07.0050 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below, AOS-CX 10.09.xxxx: 10.09.0002 and below. Aruba has released upgrades for Aruba AOS-CX devices that address these security vulnerabilities.
The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE.
Bitcoin Core 0.20.0 allows remote denial of service.
Multiple buffer overflows in Active Management Technology (AMT) in Intel Manageability Engine Firmware 8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20 allow attacker with local access to the system to execute arbitrary code with AMT execution privilege.
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier, and 5.6.17 and earlier, allows remote authenticated users to affect integrity and availability via vectors related to SRCHAR.
Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect integrity via unknown vectors related to Deployment.
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.