OpenSSL patches crash-me bug triggered by rogue certs

Bad data can throw vulnerable apps and services for an infinite loop


A bug in OpenSSL certificate parsing leaves systems open to denial-of-service attacks from anyone wielding an explicit curve. 

The vulnerability stems from a bug in the BN_mod_sqrt() function, which the OpenSSL team said is used to parse certificates that "contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form." As it turns out, all you need to do to trigger an infinite loop in BN_mod_sqrt() is hand an OpenSSL-based application or service a certificate with invalid explicit curve parameters. 

This parsing happens prior to verification of the certificate's signature. Slip a bad certificate to any app or server using BN_mod_sqrt() to parse certs, and the software will get caught in the loop and stop working.

There are quite a few situations where this can be abused in the wild, the OpenSSL team said in its security advisory. Possibly exploitable situations include TLS clients consuming server certificates (and vice-versa), hosting providers accepting keys from customers, certificate authorities parsing cert requests from subscribers, or "anything else which parses ASN.1 elliptic curve parameters."

"The most common scenario where this would be a problem would be for a TLS client accessing a malicious server that serves up a problematic certificate. TLS servers may be affected if they are using client authentication (which is a less common configuration) and a malicious client attempts to connect to it," said Matt Caswell, a developer at the OpenSSL Software Foundation.

Caswell said he isn't aware of anyone exploiting this high-severity vulnerability in the wild, nor does he believe there's any way to use this security hole for anything other than a denial-of-service attack. Still, a DoS can lead to services dying for netizens, sparking reports of outages.

This vulnerability affects OpenSSL versions 1.0.2, 1.1.1, and 3.0. Patches 1.1.1n and 3.0.2 addresses these issues, so if you're using one of those versions be sure to patch now: as a user, update your packages and libraries, and if you're a developer, make sure your software requires or is built with a fixed version.

There's a patch for 1.0.2 users as well (1.0.2zd), though it's reserved for premium support customers only. If you aren't one of those, you're still in luck: the exploit is harder to trigger in OpenSSL 1.0.2 because the public key isn't parsed during the initial certificate processing.  

That said, "any operation which requires the public key from the certificate will trigger the infinite loop," the OpenSSL team writes. In other words, it's still possible to fall prey, especially when the attacker can trigger the loop during verification of the cert signature by using a self-signed certificate. ®


Other stories you might like

  • CISA and friends raise alarm on critical flaws in industrial equipment, infrastructure
    Nearly 60 holes found affecting 'more than 30,000' machines worldwide

    Updated Fifty-six vulnerabilities – some deemed critical – have been found in industrial operational technology (OT) systems from ten global manufacturers including Honeywell, Ericsson, Motorola, and Siemens, putting more than 30,000 devices worldwide at risk, according to private security researchers. 

    Some of these vulnerabilities received CVSS severity scores as high as 9.8 out of 10. That is particularly bad, considering these devices are used in critical infrastructure across the oil and gas, chemical, nuclear, power generation and distribution, manufacturing, water treatment and distribution, mining and building and automation industries. 

    The most serious security flaws include remote code execution (RCE) and firmware vulnerabilities. If exploited, these holes could potentially allow miscreants to shut down electrical and water systems, disrupt the food supply, change the ratio of ingredients to result in toxic mixtures, and … OK, you get the idea.

    Continue reading
  • Zero Trust: What does it actually mean – and why would you want it?
    'Narrow and specific access rights after authentication' wasn't catchy enough

    Systems Approach Since publishing our article and video on APIs, I’ve talked with a few people on the API topic, and one aspect that keeps coming up is the importance of security for APIs.

    In particular, I hear the term “zero trust” increasingly being applied to APIs, which led to the idea for this post. At the same time, I’ve also noticed what might be called a zero trust backlash, as it becomes apparent that you can’t wave a zero trust wand and instantly solve all your security concerns.

    Zero trust has been on my radar for almost a decade, as it was part of the environment that enabled network virtualization to take off. We’ve told that story briefly in our SDN book – the rise of microsegmentation as a widespread use-case was arguably the critical step that took network virtualization from a niche technology to the mainstream.

    Continue reading
  • 1Password's Insights tool to help admins monitor users' security practices
    Find the clown who chose 'password' as a password and make things right

    1Password, the Toronto-based maker of the identically named password manager, is adding a security analysis and advice tool called Insights from 1Password to its business-oriented product.

    Available to 1Password Business customers, Insights takes the form of a menu addition to the right-hand column of the application window. Clicking on the "Insights" option presents a dashboard for checking on data breaches, password health, and team usage of 1Password throughout an organization.

    "We designed Insights from 1Password to give IT and security admins broader visibility into potential security risks so businesses improve their understanding of the threats posed by employee behavior, and have clear steps to mitigate those issues," said Jeff Shiner, CEO of 1Password, in a statement.

    Continue reading

Biting the hand that feeds IT © 1998–2022