Is it next HeartBleed or even more Severe?
OPEN SOURCE SOFTWARE OUTFIT OpenSSL has issued a patch for the ‘high severity’ bug it warned about earlier in July 1st week, and has advised that firms apply the patch as soon as possible. While fears were raised that we could have another HeartBleed on our hands, it’s thought that the bug was not exploited. Still, OpenSSL was quick to push out of a fix for the issue, and has provided information on the nature of the problem.
Organizations that installed the June 11 OpenSSL update need to pull it back immediately after a serious certificate validation error was discovered and patched.
An error in the implementation of the alternative certificate chain logic could allow an attacker to cause certain checks on untrusted certificates to be bypassed, such as the CA flag, enabling them to use a valid leaf certificate to act as a CA and “issue” an invalid certificate. Reported by Adam Langley and David Benjamin (Google/BoringSSL).
Fixed in OpenSSL 1.0.2d (Affected 1.0.2c, 1.0.2b)
Fixed in OpenSSL 1.0.1p (Affected 1.0.1o, 1.0.1n)
The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints CA values during identification of alternative certificate chains, which allows remote attackers to spoof a Certification Authority role and trigger unintended certificate verifications via a valid leaf certificate.
While serious, the good news according to the OpenSSL Project is that few downstream organizations have deployed the June update where the bug was introduced.
“It’s a bad bug, but only affects anyone who installed the release from June,” said Rich Salz, a member of the OpenSSL development team. The bug was introduced during that update and affected relatively few organizations. “It’s a bad bug, but the impact is low. We haven’t heard any reports of it being used in production.”
OpenSSL developers are in the midst of a massive cleanup of the codebase. Funding from a number of areas, principally the Core Infrastructure Initiative, has beefed up the project’s resources, allowing them to fund a number of full- and part-time hires who can wade through not only bug fixes, but makeover gnarly, patchwork code, including the TLS state machine and other sources of vulnerabilities such as FREAK, Logjam, POODLE and Heartbleed.
The June OpenSSL update patched Logjam, along with a host of other memory corruption and denial of service issues. That release also fixed an exploitable issue that could allow an attacker to create malformed certificates and CRLs.
This is the second time OpenSSL has issued a pre-notification about a high-severity bug, which is in accordance with its security policy, published last September. Like the first time, the alert set off alarm bells that another Internet-wide bug such as Heartbleed might have been found. Instead, the bug was a denial-of-service condition that affected only version 1.0.2 of the crypto library. A dozen other vulnerabilities (nine ranked moderate, and three low) in older versions were also patched.