Poodle If you're using the popular OpenSSL open source cryptography library, you have more to worry about than the recently disclosed POODLE (Padding Oracle On Downgraded Legacy Encryption) vulnerability, project devs have warned.
In addition to patching two POODLE-related bugs, new releases of OpenSSL issued on Wednesday also close a pair of memory leaks that can allow attackers to launch denial-of-service attacks against OpenSSL-enabled servers.
The most serious of these is a bug in OpenSSL's code for the Secure Real-Time Transfer Protocol (SRTP), dubbed CVE-2014-3513. An attacker who sends a carefully crafted malicious SRTP handshake message to the server can trick it into failing to free up as much as 64KB of memory. If this happens enough times, the server will exhaust available memory, resulting in performance degradation or a crash.
The SRTP bug only exists in OpenSSL 1.0.1, but it can be exploited regardless of whether SRTP is configured or being used by the server. Without Wednesday's patch, the only way to avoid the vulnerability is to build the OpenSSL libraries with the OPENSSL_NO_SRTP compile-time option enabled.
A second memory leak, identified as CVE-2014-3567, affects OpenSSL versions going back to 0.9.8 and involves the server failing to free memory when it receives an invalid session ticket. As with the SRTP bug, an attacker who sends a large number of invalid session tickets can potentially crash the server.
Wednesday's patches also offer two POODLE mitigations. The first is the core software fix that was recommended by Google when it disclosed the POODLE vuln, which is to add support for TLS_FALLBACK_SCSV, the Transport Layer Security Signaling Cipher Suite Value that blocks servers from downgrading TLS connections to the inferior SSL 3.0 protocol.
The second fixes CVE-2014-3568, an OpenSSL-specific bug that allows clients and servers to send and complete SSL 3.0 handshakes even when the libraries are compiled with the "no_ssl3" build option.
Patches for all four bugs were released on Wednesday for the last three OpenSSL versions, where appropriate. The fixed versions of the libraries are OpenSSL 0.9.8zc, 1.0.0o, and 1.0.1j, all three of which can be downloaded from the project's official website. The full security advisory is available here. ®