Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?



OpenSSL Patches Logjam Bug, DoS Vulnerabilities

OpenSSL versions 1.0.2b, 1.0.1n, 1.0.0s and 0.9.8zg have been released. The latest versions of the open-source toolkit for SSL/TLS address several moderate and low severity security bugs.

OpenSSL versions 1.0.2b, 1.0.1n, 1.0.0s and 0.9.8zg have been released. The latest versions of the open-source toolkit for SSL/TLS address several moderate and low severity security bugs.

An advisory published by developers shows that the recently disclosed vulnerability known as “Logjam” has been patched in OpenSSL 1.0.2b and 1.0.1n. The vulnerability (CVE-2015-4000) is similar to FREAK and it can be exploited through man-in-the-middle (MitM) attacks to downgrade TLS connections to 512-bit export-grade cryptography.

OpenSSL has addressed the weakness by rejecting handshakes with Diffie-Hellman parameters shorter than 768 bits. The limit will be increased to 1024 bits in a future release of OpenSSL.

The latest updates also address a moderate severity denial-of-service (DoS) vulnerability caused by the way ECParameters structures are handled (CVE-2015-1788).

“When processing an ECParameters structure OpenSSL enters an infinite loop if the curve specified is over a specially malformed binary polynomial field,” OpenSSL said in its advisory. “This can be used to perform denial of service against any system which processes public keys, certificate requests or certificates. This includes TLS clients and TLS servers with client authentication enabled.”

The vulnerability affects OpenSSL 1.0.2, 1.0.1, 1.0.0d and below, and 0.9.8r and below. Recent 1.0.0 and 0.9.8 versions are not impacted.

Another moderate severity DoS flaw is an out-of-bounds read in the X509_cmp_time function (CVE-2015-1789).

Advertisement. Scroll to continue reading.

“X509_cmp_time does not properly check the length of the ASN1_TIME string and can read a few bytes out of bounds. In addition, X509_cmp_time accepts an arbitrary number of fractional seconds in the time string,” OpenSSL said.

The vulnerability affects all current versions of OpenSSL and it can be exploited with the aid of malformed certificates and certificate revocation lists (CRLs) against applications that verify certificates or CRLs. The security hole was reported by Robert Swiecki of Google and independently by Hanno Böck.

Michal Zalewski of Google discovered that applications designed to decrypt PKCS#7 data or parse PKCS#7 structures from untrusted sources can be caused to crash because missing inner EncryptedContent is not handled correctly (CVE-2015-1790). OpenSSL says the vulnerability does not affect clients and servers.

Another DoS bug that affects all current versions of OpenSSL has been assigned the CVE identifier CVE-2015-1792.

“When verifying a signedData message the CMS code can enter an infinite loop if presented with an unknown hash function OID,” reads OpenSSL’s advisory. “This can be used to perform denial of service against any system which verifies signedData messages using the CMS code.”

Finally, developers addressed a low severity bug that allows a remote, unauthenticated attacker to cause a DoS condition (CVE-2015-1791). According to an advisory published by Cisco for this issue, the vulnerability exists because session data is not handled properly.

“The vulnerability exists within the ssl3_get_new_session_ticket() function because the affected software fails to properly handle session data. The affected library improperly handles NewSessionTicket data when received by a multi-threaded client,” Cisco said. “An unauthenticated, remote attacker could exploit the vulnerability by transmitting crafted session requests to the targeted system. When processing such data, the library attempts to reuse a previous ticket and a race condition can occur which may lead to a double free memory error of the ticket data.”

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.