(info) Page non traduite. Anglais uniquement.

What happened?

OpenSSL versions 1.0.2i and 1.0.1u have been published on 22th September, 2016, to correct one high, one moderate and several low vulnerabilities.

Four days later, new OpenSSL versions have been immediately released to fix 2 issues introduced in version 1.0.2i and 1.1.0a.

Details of the vulnerabilities fixed on 22th September

Source: https://www.openssl.org/news/secadv/20160922.txt

CVE-2016-6304: OCSP Status Request extension unbounded memory growth (high)

An issue has been discovered on the implementation of OCSP Status Request extension in OpenSSL. An attacker could request many renegotiations with a large OCSP Status Request extension to allow unbounded memory allocations. This could lead to a Denial of Service (DoS).

Servers with default configuration are impacted even if they do not support OCSP. Build using the 'no-ocsp' option are not affected.

DenyAll Statement: Impacted products are

  • DenyAll WAF 6.X LVS
  • i-Suite 5.5.X LTS
  • rWeb 4.X

CVE-2016-6305: SSL_peek() hand on record (moderate)

OpenSSL 1.1.0 SSL/TLS will hang during a call to SSL_peek() if the peer sends an empty record. This could be exploited by a malicious peer in a Denial Of Service attack.

DenyAll Statement: Products are not affected. OpenSSL version 1.1.0 is not used by DenyAll products.

CVE-2016-2183: SWEET32 Mitigation (low)

SWEET32 (https://sweet32.info) is an attack on older block cipher algorithms that use a block size of 64 bits. In mitigation for the SWEET32 attack DES based ciphersuites have been moved from the HIGH cipherstring group to MEDIUM in OpenSSL 1.0.1 and OpenSSL 1.0.2. OpenSSL 1.1.0 since release has had these ciphersuites disabled by default.

This attack can allow man-in-the-middle attackers to decrypt the traffic.

DenyAll Statement: Configurations using DES and 3DES ciphers are impacted but an attacker needs to capture at least 32GB of data by sending many millions of HTTP requests from a single SSL/TLS session, which should never happen.

  • DenyAll WAF 6.X LVS and i-Suite 5.5.X LTS: tunnel configurations using the “Old compatibility cipher” SSL cipher profile are impacted.
    To mitigate the attack, use the “strong” or “compatibility” profile or remove DES and 3DES ciphers from profiles.
  • rWeb 4.X: remove DES and 3DES ciphers from the cipher list “-DES:-3DES”

List of DES and 3DES ciphers:

  • ECDHE-RSA-DES-CBC3-SHA
  • ECDHE-ECDSA-DES-CBC3-SHA
  • SRP-DSS-3DES-EDE-CBC-SHA
  • SRP-RSA-3DES-EDE-CBC-SHA
  • SRP-3DES-EDE-CBC-SHA
  • EDH-RSA-DES-CBC3-SHA
  • EDH-DSS-DES-CBC3-SHA
  • DH-RSA-DES-CBC3-SHA
  • DH-DSS-DES-CBC3-SHA
  • AECDH-DES-CBC3-SHA
  • ADH-DES-CBC3-SHA
  • ECDH-RSA-DES-CBC3-SHA
  • ECDH-ECDSA-DES-CBC3-SHA
  • PSK-3DES-EDE-CBC-SHA
  • DES-CBC3-SHA
  • DES-CBC3-MD5

Other vulnerabilities are minors and have no practical impact on DenyAll products :

  • CVE-2016-6303: OOB write in MDC2_Update()
  • CVE-2016-6302: Malformed SHA512 ticket DoS
  • CVE-2016-2182: OOB write in BN_bn2dec()
  • CVE-2016-2180: OOB read in TS_OBJ_print_bio
  • CVE-2016-2177: Pointer arithmetic undefined behavior
  • CVE-2016-2178: Constant time flag not preserved in DSA signing
  • CVE-2016-2179: DTLS buffered message DoS (not impacted, DLTS only)
  • CVE-2016-2181: DTLS replay protection DoS (not impacted, DLTS only)
  • CVE-2016-6306: Certificate message OOB reads
  • CVE-2016-6307: Excessive allocation of memory in tls_get_message_header() (not impacted, 1.1.0 only)
  • CVE-2016-6308: Excessive allocation of memory in dtls_preprocess_fragment() (not impacted, 1.1.0 and DTLS only)

Details of the vulnerabilities fixed on 26th September

Products are not affected because they have not been released with impacted OpenSSL versions (1.1.0a or 1.0.2i from the 22th September).

Source: https://www.openssl.org/news/secadv/20160926.txt

CVE-2016-6309: Fix Use After Free for large message sizes (high)

An attempt to write on a previously freed location has been included in the 1.1.0a version release on 22th September. This could lead to a crash of the application or potentially lead to an execution of arbitrary code.

CVE-2016-7052: Missing CRL sanity check (moderate)

A bug fix which included a CRL sanity check was added to OpenSSL 1.1.0 but was omitted from OpenSSL 1.0.2i. As a result any attempt to use CRLs in OpenSSL 1.0.2i will crash with a null pointer exception.

Products statement

DenyAll pays attention to the OCSP issue that can lead to a Denial of Service attack and the SWEET32 attack.

Patches are available for i-Suite 5.5.10 LTS and rWeb 4.1.3.2 to 4.2.2. Go to your my.denyall.com space, in the Support menu and Download.

OpenSSL will be updated to the latest version in future product versions:

  • DenyAll WAF 6.2 LVS (with OpenSSL 1.0.2j)
  • i-Suite 5.5.11 LTS (with OpenSSL 1.0.1u)
  • rWeb 4.2.3 (with OpenSSL 1.0.1u)
  • Vulnerability Manager 6.3: update available. In the administration interface, go to Configuration and Check for updates.

For more information on SSL configurations, we invite you to see your SSL Cipher Profiles documentation and the best practices for DenyAll WAF.

  • No labels