OpenSSL: A History of Security Vulnerabilities in 2016

1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5.00 out of 5)
Loading...

A quick overview of the security vulnerabilities OpenSSL faced over the past year.

OpenSSL is a software library that contains an open-source implementation of the SSL and TLS protocols. It is written in the C programming language and allows servers and applications to implement basic cryptographic functions while also providing various utility functions.

OpenSSL is regularly patched and updated as it encounters security vulnerabilities and evolutions of SSL/TLS technology.

In the interest of helping you keep your OpenSSL implementations up to date, we have compiled a cursory list of all the security vulnerabilities that OpenSSL encountered in 2016. The vulnerabilities have been broken down into four groups: Critical Severity Vulnerabilities, High Severity Vulnerabilities, Moderate Severity Vulnerabilities and Low Severity Vulnerabilities.

We have also included information on which patches and updates can help remedy these vulnerabilities as well.

So here, without further ado, are OpenSSL’s 2016 vulnerabilities:

January 28, 2016 – One High Severity Vulnerability, One Low Severity Vulnerability

High Severity Vulnerability: Introduced in the 1.0.2 release when “support was provided for generating X9.42 style parameter files such as those required for RFC 5114 support.”

Low Severity Vulnerability: Affect 1.0.2 and 1.0.1. It allows an attacker to “negotiate SSLv2 ciphers that have been disabled on the server and complete SSLv2 handshakes even if all SSLv2 ciphers have been disabled, provided that the SSLv2 protocol was not also disabled via SSL_OP_NO_SSLv2.”

Fix: System Administrators should update their instances of OpenSSL:

  • OpenSSL 1.0.2 should upgrade to 1.0.2f
  • OpenSSL 1.0.1 should upgrade to 1.0.1r

March 2, 2016 – One High Severity Vulnerability, Six Low Severity Vulnerabilities

High Security Vulnerability: DROWN (Decrypting RSA with Obsolete and Weakened Encryption) can “lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA padding oracle.”

Low Severity Vulnerabilities: Affect 1.0.1 and 1.0.2, they are as follows:

  • Double-free in DSA code (CVE-2016-0705)
  • Memory leak in SRP database lookups (CVE-2016-0798)
  • BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption (CVE-2016-0797)
  • Fix memory issues in BIO_*printf functions (CVE-2016-0799)
  • Side channel attack on modular exponentiation (CVE-2016-0702)

Fix: System Administrators should update their instances of OpenSSL:

  • OpenSSL 1.0.1 should upgrade to 1.0.1s
  • OpenSSL 1.0.2 should upgrade to 1.0.2g

May 3, 2016 – One High Severity Vulnerability, Four Low Severity Vulnerabilities

High Severity Vulnerability: The advisory reported two High Severity Vulnerabilities, but one – memory corruption – was a combination of two bugs that didn’t individually impact security. The second vulnerability allowed for an “MITM attacker to use a padding oracle based attack to decrypt traffic.” The vulnerabilities are as follows:

  • Memory corruption in the ASN.1 encoder (CVE-2016-2108)
  • Padding oracle in AES-NI CBC MAC check (CVE-2016-2107)

Low Severity Vulnerabilities: Affect 1.0.1 and 1.0.2, they are as follows:

  • EVP_EncodeUpdate overflow (CVE-2016-2105)
  • EVP_EncryptUpdate overflow (CVE-2016-2106)
  • 1 BIO excessive memory allocation (CVE-2016-2109)
  • EBCDIC overread (CVE-2016-2176)

Fix: System Administrators should update their instances of OpenSSL:

  • OpenSSL 1.0.1 should upgrade to 1.0.1t
  • OpenSSL 1.0.2 should upgrade to 1.0.2h

August 24, 2016 – Sweet32 Birthday Attack

This vulnerability was rated by the OpenSSL team as “Low Severity.” It affects the triple-DES cipher, which, per the team: “should now be considered as ‘bad’ as RC4.” Due to the 64-bit block size of the DES ciphers, attackers could run JavaScript in a browser and send large amounts of traffic during the same TLS connection, thus creating a collision that would allow them to retrieve information from a session cookie.

Fix: To mitigate this vulnerability, follow one of the steps listed below:

  • Disable any triple-DES cipher on servers that still support it
  • Upgrade old servers that do not support stronger ciphers than DES or RC4

September 22, 2016 – One High Severity Vulnerability, One Moderate Severity Vulnerability, 12 Low Severity Vulnerabilities

High Severity Vulnerability: This vulnerability allows an attacker to deliver a large OCSP Status Request extension, which is then followed by repeated renegotiation requests (each time delivering another OSCP Status Request extension). This continued renegotiation exhausts server memory, resulting in a DoS attack.

Moderate Severity Vulnerability: This vulnerability also deals with a DoS attack, if an attacker delivers an empty message, OpenSSL 1.1.0 hangs as it makes a call to SSL_peek, this can then be exploited in a DoS attack.

Low Severity Vulnerabilities: Two of the vulnerabilities affect OpenSSL 1.1.0, they are as follows:

  • Excessive allocation of memory in tls_get_message_header() (CVE-2016-6307)
  • Excessive allocation of memory in dtls1_preprocess_fragment() (CVE-2016-6308)
  • The other ten vulnerabilities affect 1.0.1 and 1.0.2. They are as follows:
  • SWEET32 Mitigation (CVE-2016-2183)
  • OOB write in MDC2_Update() (CVE-2016-6303)
  • Malformed SHA512 ticket DoS (CVE-2016-6302)
  • OOB write in BN_bn2dec() (CVE-2016-2182)
  • OOB read in TS_OBJ_print_bio() (CVE-2016-2180)
  • Pointer arithmetic undefined behaviour (CVE-2016-2177)
  • Constant time flag not preserved in DSA signing (CVE-2016-2178)
  • Certificate message OOB reads (CVE-2016-6306)
  • DTLS buffered message DoS (CVE-2016-2179)
  • DTLS replay protection DoS (CVE-2016-2181)

Fix: System Administrators should update their instances of OpenSSL:

  • OpenSSL 1.1.0 should upgrade to version 1.1.0a
  • OpenSSL 1.0.2 should upgrade to version 1.0.2i
  • OpenSSL 1.0.1 should upgrade to version 1.0.1u

September 26, 2016 – Two Critical Severity Vulnerabilities, One Moderate Severity Vulnerability

Critical Severity Vulnerabilities: Affecting 1.1.0a users, this vulnerability was created as an unintended consequence of the fix for the “Excessive allocation of memory in tls_get_message_header() (CVE-2016-6307)” low severity vulnerability. If a message is greater than 16k, then a server’s “underlying buffer to store the incoming message is reallocated and moved.” The problem is a “dangling pointer” remains, and when the server attempts to write this “free location” it can cause the server to crash, or even execute arbitrary code.

Moderate Severity Vulnerability: Affecting 1.0.2i users, this vulnerability came as a result of a bug fix that was suppoed to contain a “CRL sanity check.” Unfortunately, that was left out, so any attempt to use CRLs results in a crash.

Fix: System Administrators should update their instances of OpenSSL:

  • OpenSSL 1.1.0 should upgrade to version 1.1.0b
  • OpenSSL 1.0.2 should upgrade to version 1.0.2j

November 10, 2016 – One High Severity Vulnerability, One Moderate Severity Vulnerability, One Low Severity Vulnerability

High Severity Vulnerability: Affects TLS connections unsing the *-CHACHA20-POLY1305 cipher suites. These connections are vulnerable to a DoS attack where the attacker sends a large corrupted payload, which could potentially crash OpenSSL.

Moderate Severity Vulnerability: Per OpenSSL: “Applications parsing invalid CMS structures can crash with a NULL pointer dereference.”

Low Severity Vulnerability: Per OpenSSL: “Among EC algorithms only Brainpool P-512 curves are affected and one presumably can attack ECDH key negotiation.”

Fix: System Administrators should update their instances of OpenSSL:

  • OpenSSL 1.1.0 should upgrade to version 1.1.0c