Solved

Workarounds for latest OpenSSL vulnerabilities

Posted on 2015-01-12
7
372 Views
Last Modified: 2015-01-28
Can I use the following to mitigate against the latest OpenSSL CVEs (indicated further below):

Security advisory from OpenSSL.org recommended the use of TLS_FALLBACK_SCSV
mechanism to (Apache) web servers, to ensure that SSL 3.0 is used only when necessary

(in legacy apps). This way, attackers can no longer force a protocol downgrade.

edit Apache’s ssl.conf & look for the line containing SSLProtocol and amend it to:
                SSLProtocol all -SSLv3 –SSLv2
& issue “service httpd reload”

 
========================================================

Latest OpenSSL vulnerabilities.

•      CVE-2014-3571 - DTLS segmentation fault in dtls1_get_record.
•      CVE-2015-0206 - DTLS memory leak in dtls1_buffer_record.
•      CVE-2014-3569 - no-ssl3 configuration sets method to NULL
•      CVE-2014-3572 - ECDHE silently downgrades to ECDH [Client]
•      CVE-2015-0204 - RSA silently downgrades to EXPORT_RSA [Client]
•      CVE-2015-0205 - DH client certificates accepted without verification [Server]
•      CVE-2014-8275 - Certificate fingerprints can be modified
•      CVE-2014-3570 - Bignum squaring may produce incorrect results


[ Solution/Workaround ]
System Administrators are to check if their systems are running any vulnerable OpenSSL versions.
If they are vulnerable, GITSIR recommends to evaluate the patch before deploying to production systems.

Please refer to the advisory provided by OpenSSL for more details:
https://www.openssl.org/news/secadv_20150108.txt
0
Comment
Question by:sunhux
7 Comments
 
LVL 77

Assisted Solution

by:arnold
arnold earned 50 total points
ID: 40546001
Yes, presumably you mean altering the ssl portion of Apache to restrict crypt/ciphers and transport version.

You can then use openssl s_client -connect to test the ciphers available/offered on a test system if you have one before moving to production.
0
 
LVL 80

Assisted Solution

by:David Johnson, CD, MVP
David Johnson, CD, MVP earned 50 total points
ID: 40546135
you also have to implement:
OpenSSL 1.0.1 users should upgrade to 1.0.1k.
OpenSSL 1.0.0 users should upgrade to 1.0.0p.
OpenSSL 0.9.8 users should upgrade to 0.9.8zd.
0
 
LVL 63

Assisted Solution

by:btan
btan earned 280 total points
ID: 40546535
Vulnerabilities in the openssl still exist even if fallback is done and in fact not recommended as it is workaround. Disable SSL if not used, but not a a risk of removing the secure channel unnecessarily.

Eventually, consider closing the holes if patches (esp on the Host OS running - check the availability, some are already in work) are already make available. If that is not possible, consider taking off the appl systems server offline or segregate off that services using openssl from public facing. The whole idea is to reduce exposure even though the severity level for these are at max Medium and Low, and public exploit is not known (yet)(for now).

Check the current openssl version (mostly using e.g. openssl -v) based on your system principal advice. If it is as per listed in the vulnerable list or below, consider the patch upgrade. @ https://www.openssl.org/docs/apps/version.html
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 63

Assisted Solution

by:btan
btan earned 280 total points
ID: 40546573
in fact latest vulnerability did not surface in the Apache buzilla though ... below is just a open search for openssl and cve related @ https://issues.apache.org/bugzilla/buglist.cgi?bug_status=__open__&content=openssl%20CVE&no_redirect=1&order=changeddate%2Cpriority%2Cbug_severity&product=&query_based_on=&query_format=specific

Recalling past Heartbleed, there is record in bugzilla for patching Apache openssl. Likely the same approach in separate patch will need to be advised. https://issues.apache.org/bugzilla/show_bug.cgi?id=56363

But do note the Apacher APR and Native library (http://tomcat.apache.org/native-doc/) which uses OpenSSL as well, it was mentioned in the bugzilla above to patch that inclusively too..
0
 
LVL 62

Assisted Solution

by:gheist
gheist earned 120 total points
ID: 40557138
Not relevant at all:
      CVE-2014-3571 - DTLS segmentation fault in dtls1_get_record.
      CVE-2015-0206 - DTLS memory leak in dtls1_buffer_record.
Debian recompiled OpenSSL without any SSL3 and hit this bug, no debian no pain, yes debian - patch
      CVE-2014-3569 - no-ssl3 configuration sets method to NULL
Normally apache is not SSL client, at least not for untrusted sites.
      CVE-2014-3572 - ECDHE silently downgrades to ECDH [Client]
      CVE-2015-0204 - RSA silently downgrades to EXPORT_RSA [Client]
Those are relevant for client certificates, if none used no problem.
      CVE-2015-0205 - DH client certificates accepted without verification [Server]
      CVE-2014-8275 - Certificate fingerprints can be modified
Probably you need to factorize your private key if it was made on x86_64, though little detail is given on this:
      CVE-2014-3570 - Bignum squaring may produce incorrect results
0
 
LVL 63

Accepted Solution

by:
btan earned 280 total points
ID: 40557150
In the context of the Apache server, even if SSL3 is not used the vulnerable s/w is still in the server system. The workaround in all advisory is still to patch it (instead of workaround). Also note that older version will not be supported for security update so it is best to upgrade early ...
As per our previous announcements and our Release Strategy
(https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions
1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these
releases will be provided after that date. Users of these releases are advised
to upgrade.
Fixed in OpenSSL 1.0.1k (Affected 1.0.1j, 1.0.1i, 1.0.1h, 1.0.1g, 1.0.1f, 1.0.1e, 1.0.1d, 1.0.1c, 1.0.1b, 1.0.1a, 1.0.1)
Fixed in OpenSSL 1.0.0p (Affected 1.0.0o, 1.0.0n, 1.0.0m, 1.0.0l, 1.0.0k, 1.0.0j, 1.0.0i, 1.0.0g, 1.0.0f, 1.0.0e, 1.0.0d, 1.0.0c, 1.0.0b, 1.0.0a, 1.0.0)
Fixed in OpenSSL 0.9.8zd (Affected 0.9.8zc, 0.9.8zb, 0.9.8za, 0.9.8y, 0.9.8x, 0.9.8w, 0.9.8v, 0.9.8u, 0.9.8t, 0.9.8s, 0.9.8r, 0.9.8q, 0.9.8p, 0.9.8o, 0.9.8n, 0.9.8m, 0.9.8l, 0.9.8k, 0.9.8j, 0.9.8i, 0.9.8h, 0.9.8g, 0.9.8f, 0.9.8e, 0.9.8d, 0.9.8c, 0.9.8b, 0.9.8a, 0.9.8)
0
 
LVL 62

Assisted Solution

by:gheist
gheist earned 120 total points
ID: 40557239
1) there is no configuration workaround for any of the issues
2) Yes, even for few of them that affect your installation
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This story has been written with permission from the scammed victim, a valued client of mine – identity protected by request.
One of the biggest threats facing all high-value targets are APT's.  These threats include sophisticated tactics that "often starts with mapping human organization and collecting intelligence on employees, who are nowadays a weaker link than network…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question