New Version of OpenSSL Fixes Six Flaws

Author: Dennis Fisher
minute read

A new version of the OpenSSL package has been released, fixing six vulnerabilities, including a plaintext recovery attack on the DTLS implementation. There are two other cryptographic flaws fixed in OpenSSL 1.0.0f, and a few other less-serious problems.

OpenSSLA new version of the OpenSSL package has been released, fixing six vulnerabilities, including a plaintext recovery attack on the DTLS implementation. There are two other cryptographic flaws fixed in OpenSSL 1.0.0f, and a few other less-serious problems.

The most problematic of the vulnerabilities fixed in the new version is the one that enables the plaintext recovery attack, which was discovered by a pair of security researchers who found a way to extend the CBC padding oracle attack. The attack enables someone to exploit the problem with OpenSSL’s DTLS implementation to recover the plaintext version of an encrypted message.

“Nadhem Alfardan and Kenny Paterson have discovered an extension of the Vaudenay padding oracle attack on CBC mode encryption which enables an efficient plaintext recovery attack against the OpenSSL implementation of DTLS. Their attack exploits timing differences arising during decryption processing,” the OpenSSL adivsory says.

Among the other vulnerabilities fixed in version 1.0.0f is a problem with the way that the application handles padding for SSL 3.0 records. In those records, the application would not clear the bytes that it uses as padding, meaning that some amount of potentially sensitive data from previous transactions could be sent as part of a subsequent operation.

“OpenSSL prior to 1.0.0f and 0.9.8s failed to clear the bytes used as block cipher padding in SSL 3.0 records. This affects both clients and servers that accept SSL 3.0 handshakes: those that call SSL_CTX_new with SSLv3_{server|client}_method or SSLv23_{server|client}_method. It does not affect TLS. As a result, in each record, up to 15 bytes of uninitialized memory may be sent, encrypted, to the SSL peer. This could include sensitive contents of previously freed memory,” the advisory says.

Versions 1.0.0f and 0.9.8s also include updates for several other vulnerabilities, namely a condition that allows an attacker to cause a denial-of-service on a server that supports server-gated cryptography handshake restarts; an assertion failure caused by malformed RFC 3779 data; and a D0S condition that can be triggered by sending invalid parameters for the GOST hash function.

Users of previous versions should upgrade to OpenSSL 1.0.0f or 0.9.8s.

Suggested articles

Cybersecurity for your growing business
Cybersecurity for your growing business

Topics

Show all

Authors

Threatpost

InfoSec Insider

Infosec Insider Post

Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.

Sponsored

Sponsored Content

Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.