Six Security Vulnerabilities Addressed in OpenSSL

News

Added 9th Jan 2012

Lucian Constantin

Versions 1.0.0f and 0.9.8s of the popular OpenSSL library, released this week, address six security flaws, including one that allows DTLS (Datagram Transport Layer Security) communications to be decrypted.

The "padding oracle attack," which can recover plaintext information encrypted with DTLS, was devised by Nadhem Alfardan and Kenny Paterson of the Information Security Group at Royal Holloway, University of London (RHUL), who plan to present it at the 19th Annual Network & Distributed System Security (NDSS) Symposium in February.

The Alfardan-Paterson DTLS attack builds on previous RHUL research into CBC-based encryption weaknesses. When the CBC (Cipher-block chaining) mode of operation is used, each block of plaintext is XORed with the ciphertext of the previous block, making them dependable on each other.

Alfardan and Paterson discovered a way of recovering plaintext without knowing the initial encryption key (initialization vector) by analyzing timing differences that arise during the decryption process. The vulnerability facilitating this attack was addressed in OpenSSL versions 1.0.0f and 0.9.8s, which were released on Wednesday.

Another vulnerability addressed by these updates could result in a potential leak of non-ecrypted information when SSL 3.0 is used. The severity of the issue is limited by the special conditions required for successful exploitation and the small number of potentially exposed bytes.

One flaw that only affects the 0.9.8 OpenSSL branch stems from a policy check failure when the X509_V_FLAG_POLICY_CHECK flag is set. Its discovery is credited to core OpenSSL team member Ben Laurie and was fixed in version 0.9.8s.

Three denial-of-service conditions have also been addressed in the new releases. They were the result of an assertion failure triggered by malformed RFC 3779 data being included in certificates, a bug in the support for handshake restarts for server gated cryptography (SGC) and the lack of error checking when GOST parameters are set by TLS clients.

Users are advised to upgrade to the newly released OpenSSL versions for their corresponding platform or wait for the operating system vendors who integrate the library by default to issue updates through their regular channels.

latest news

Gearing IT for the Rains: What CIOs Need to Know

Here's how CIOs can prepare their organizations for monsoons, when faced by flooded basements, stranded employees, and disrupted services.
Why Microsoft Office for iPad is Inevitable

New reports have surfaced that Microsoft is developing Office apps for iOS and Android. If true, it's a very smart move by Microsoft.
Mobile Workers Work Longer Hours

Almost two-thirds of mobile employees say they are working 50 to 60 hour-plus weeks, with most working weekends too, according to research.
IBM: Only 16% CEOs Using Social Media to Connect with Customers

IBM says a study it did of some 1,700 Chief Executive Officers worldwide found that many indeed - or should be -- grasping social media as a key enabler of collaboration and innovation.