The OpenSSL Project has released several new versions of the software that fix eight security vulnerabilities, including several certificate issues and a couple of denial-of-service flaws.
The patches included in OpenSSL 1.0.0p, 1.0.1k and 0.98zd are not for critical or high-risk vulnerabilities, but they do fix some interesting vulnerabilities. Two of the bugs are rated moderate and the other six are considered low risks. None of the vulnerabilities can result in remote code execution, according to the OpenSSL advisory, but some could be used to hang affected servers.
One of the moderate bugs is a memory leak in the buffer record of the DTLS implementation, which could allow an attacker to cause a denial-of-service condition on vulnerable machines.
“A memory leak can occur in the dtls1_buffer_record function under certain conditions. In particular this could occur if an attacker sent repeated DTLS records with the same sequence number but for the next epoch. The memory leak could be exploited by an attacker in a Denial of Service attack through memory exhaustion,” the advisory says.
The other moderate vulnerability is also in DTLS, and results in a DoS condition if an attacker sends a malicious DTLS message to a vulnerable server. The packet will cause a segmentation fault in OpenSSL because of a NULL pointer dereference.
Among the other vulnerabilities patched in the new releases are a handful of certificate-related problems, all of which are rated as low risks. One of the vulnerabilities can allow an attacker to remove forward secrecy from a server under some conditions.
“An OpenSSL client will accept a handshake using an ephemeral ECDH ciphersuite using an ECDSA certificate if the server key exchange message is omitted. This effectively removes forward secrecy from the ciphersuite,” the advisory says.
Another of the vulnerabilities could allow an attacker to authenticate to a server without using a private key.
“An OpenSSL server will accept a DH certificate for client authentication without the certificate verify message. This effectively allows a client to authenticate without the use of a private key. This only affects servers which trust a client certificate authority which issues certificates containing DH keys: these are extremely rare and hardly ever encountered,” the advisory says.
