Several patches have been released today to plug eight vulnerabilities in OpenSSL.
The fixes are contained within OpenSSL 1.0.1k, 1.0.0p and 0.98zd. The most serious of the bugs are classified by the OpenSSL Project as ‘moderate’ and could be leveraged to launch denial-of-service attacks. The remaining six issues are ranked ‘low’.
The first of the moderate bugs mentioned in the advisory can be triggered by a specially-crafted DTLS message to cause a segmentation fault in OpenSSL due to a NULL pointer dereference. This issue affects all current OpenSSL versions (1.0.1, 1.0.0 and 0.9.8) and could lead to a denial-of-service attack, according to the advisory. The second moderate bug is a memory leak that can occur in the dtls1_buffer_record function under certain conditions.
“In particular this could occur if an attacker sent repeated DTLS records with the same sequence number but for the next epoch,” according to the advisory. “The memory leak could be exploited by an attacker in a Denial of Service attack through memory exhaustion.”
This bug impacts OpenSSL versions 1.0.1 and 1.0.0.
Tod Beardsley, Rapid7’s engineering manager, noted that while none of these issues reach “Heartbleed-levels of severity,” system administrators should plan to upgrade their OpenSSL server instances in the coming days.
“While we are still researching the implications of the eight issues announced today, the most severe vulnerabilities merely lead to a Denial of Service (DoS) condition on affected services using OpenSSL through either segmentation fault and crashing (CVE-2014-3571) or memory exhaustion (CVE-2015-0206),” he said. “Therefore, in order to maintain reliable service, OpenSSL should be upgraded or replaced by SSL libraries not affected by these issues, such as LibreSSL.”
The other vulnerabilities are related to a number of issues, including one where the OpenSSL server accepts a DH client certificate without the certificate verify message.
“This effectively allows a client to authenticate without the use of a private key,” according to the advisory. “This only affects servers which trust a client certificate authority which issues certificates containing DH keys: these are extremely rare and hardly ever encountered.”
In another case, an OpenSSL client will accept a handshake using an ephemeral ECDH ciphersuite using an ECDSA certificate if the server key exchange message is omitted. In effect, this removes forward secrecy from the ciphersuite, the advisory notes.
The full advisory can be read here.
