OpenSSL Mystery Patch is No Heartbleed

The anticipated high severity patch in OpenSSL is for a denial-of-service vulnerability in the recently released version 1.0.2 that can crash a client or server with a malformed certificate.

Hold the logo and the dedicated website; the anticipated high-severity OpenSSL vulnerability is serious, but it’s no Heartbleed or POODLE.

As it turns out, the bug is a denial-of-service condition that affects only version 1.0.2 of the ubiquitous crypto library. A dozen other vulnerabilities (nine ranked moderate, and three low) in older versions were also patched today. Users are urged to upgrade to version 1.0.2a.

“It’s a [denial of service] attack; you can make a client or server crash with a malformed cert,” said Rich Salz, a member of the OpenSSL development team of the high-severity vulnerability. “By our security policy, a DOS crash is a high severity issue.”

From the advisory issued at 10 a.m. ET: “If a client connects to an OpenSSL 1.0.2 server and renegotiates with an invalid signature algorithms extension, a NULL pointer dereference will occur. This can be exploited in a DoS attack against the server.”

David Ramos of Stanford University reported the issue, CVE-2015-0291, to OpenSSL on Feb. 26; Ramos has a private exploit for the bug, but Mark J. Cox of the Open Source Project said they are not aware of public exploits.

Under the aforementioned security policy, denial of service bugs along with memory leaks and remote code execution vulnerabilities trigger OpenSSL new releases. It is also the reason OpenSSL provided advanced notification of the vulnerability, which it has done in the past. That, however, did not stop rampant speculation on social media that the next Heartbleed was at the doorstep.

The policy was published last September and spells out how vulnerabilities are classified (high, moderate, low). As is the case with high severity issues, those ranked moderate are kept private as well until the next scheduled OpenSSL release. Low severity issues, meanwhile, would be patched in development versions and perhaps back-ported to versions still supported by the project. It’s unlikely a low severity issue, however, would trigger a new release, Salz told Threatpost in September.

OpenSSL also re-categorized the FREAK vulnerability as high. The bug, which allows an attacker in some instances to downgrade crypto on a server to 512 bits, intercept encrypted traffic, and decrypt it on the cheap, was quietly patched Jan. 8 by OpenSSL. It was ranked low severity at the time and users were urged to upgrade to version 1.0.1k, 1.0.0p, or 0.9.8zd depending on what version they’re starting out from. OpenSSL was notified Oct. 22 about FREAK, which stands for Factoring Related Attack on RSA Keys.

Today’s patches were shared with downstream providers who should also be patching soon as well.

Salz said it it’s important to patch because it’s not too tough to exploit.

“It’s pretty easy to take in a cert, read it, and modify it to cause a crash,” Salz said. “On the server side, it’s riskier. They have to be asking for client certs, which doesn’t happen that often. The practice is not common, but triggering the crash is easy.”

The vulnerability also affects clients, Salz said.

“Either said that verifies the signature [is affected],” he said. “On the server, if it is asking for client certs, or the client checking server certs, either side is affected.”

The bulk of the remaining bugs patched today affect version 1.0.1 in addition to 1.0.2; the high severity vulnerability, meanwhile, may affect fewer since 1.0.2 is relatively new.

“It takes a while to get things into products, [1.0.2] is not as widely used as 101,” Salz said. “Compared to some of the excitement we’ve had in the past, this one won’t require a logo or a theme song. We’ve been talking internally about the need for [a ranking] stronger than high for Heartbleed or POODLE type of bugs. For now, we’ll just point to the policy.”

Suggested articles