OpenSSL Patches Introducing New Vulnerabilities Technical Analysis and Solution

On September 22, 2016, OpenSSL released an update advisory for three branch products to fix multiple vulnerabilities. The versions after update are 1.1.0a, 1.0.2i, and 1.0.1u. However, the security update introduced new vulnerabilities: 1.1.0a introduced CVE-2016-6309, and 1.0.2i introduced CVE-2016-7052.

  1. CVE-2016-6309

Submitted on: Sept 23, 2016

Description: if a message larger than approx. 16k is received then the underlying buffer to store the incoming message is reallocated and moved. Unfortunately a dangling pointer to the old location is left which results in an attempt to write to the previously freed location. This could potentially lead to execution of arbitrary code.

Severity: Critical

2. CVE-2016-7052

Submitted on: Sept 22, 2016

Description: A bug fix which included a CRL sanity check was omitted from OpenSSL 1.0.2i, which allows remote attacker to cause program crash via a null pointer and potentially leads to a DoS attack.

Severity: Moderate

For details, see the advisory released by OpenSSL at the following link: https://www.openssl.org/news/secadv/20160926.txt

What Is OpenSSL

SSL stands for Secure Sockets Layer. It implements encrypted transmission of data over the Internet, preventing the communication data between users and the server from being intercepted by attackers. Also, it consistently provides server authentication and conditional user authentication. The SSL protocol must run above the reliable TCP protocol to implement encrypted transmission of data at the application layer as well as integrity protection.

OpenSSL is a powerful open-source cryptography library at the security socket layer. It involves main cryptographic algorithms, commonly used passwords, certificate encapsulation management function and SSL protocols, and provides a lot of applications for test or other purposes.

Most websites encrypted via SSL/TLS protocols have used the open-source software package of OpenSSL. Vulnerabilities exposed in OpenSSL will affect all applications that use the open-source package of OpenSSL.

Affected Versions

  • OpenSSL Project OpenSSL 1.1.0a
  • OpenSSL Project OpenSSL 1.0.2i

Unaffected Versions

  • OpenSSL Project OpenSSL 1.1.0b
  • OpenSSL Project OpenSSL 1.0.2j

Vulnerability Analysis

  1. CVE-2016-6309

In OpenSSL 1.1.0a released on Sept 22, the patch applied to address CVE-2016-6307 introduced a new vulnerability CVE-2016-6309. This is a use-after-free vulnerability and exists because the buffer responsible for receiving messages is initialized to 16 KB. If a message larger than 16 KB is received, the underlying buffer to store the incoming message is reallocated and moved. The old location will be freed, and an attacker can write new data to the location, finally causing arbitrary code execution.

The patch code for CVE-2016-6307 is:
openssl%e8%a1%a5%e4%b8%811

A dangling pointer is generated when the BUF_MEM_grow_clean() function frees buffer s->init_buf, allowing an attacker to use this memory location after it is freed. The patch code of CVE-2016-6309 is:

openssl%e8%a1%a5%e4%b8%812

The grow_init_buf() function was newly added and implements as follows:

openssl%e8%a1%a5%e4%b8%813

This function encapsulates the previous BUF_MEM_grow_clean() function. Using the “size_t msg_offset=(char *)s->init_msg – s->init_buf->data” and “s->init_msg=s->init_buf->data + msg_offset” statements, it ensures that the buffer’s starting address s->init_msg remains unchanged during the reallocation of buffer. In this way, it becomes an expansion of the original buffer, preventing the memory from being maliciously used after being freed.

  1. CVE-2016-7052

This vulnerability is caused by null pointer exception and affects 1.0.2i. We compared the code of the two versions and found two patch code:

The first one is:

openssl%e8%a1%a5%e4%b8%814

The new version optimizes the “if (dstate->ac_data == NULL)” condition to “if (dstate->mac_data == NULL)”. When dstate->mac_data is null, the memory allocation fails. Before the patch, however, the system does not check “dstate->mac_data”, and this may cause a null pointer dereference.

The second one is:

openssl%e8%a1%a5%e4%b8%815

First, after the patch, the check of “crl_score == 0” is added. If it is null, the current for loop is skipped, and the subsequent license update is also skipped, avoiding updating an empty license to the CRLS list. Second, the check of “best_crl != NULL” is added. Before the patch, if best_crl is null, a problem occurs during subsequent code execution: the ASN1_TIME_diff function is invoked to update the CRLS list, adding an empty license to the list. An attacker can utilize a null pointer dereference to cause the program to crash, leading to a denial of service. After the patch, the check of whether best_crl is null is added, avoiding the problem.

Recommended Solutions

  • The update packages have been available on OpenSSL’s website. We advise users of 1.1.0a to upgrade to 1.1.0b and those of 1.0.2i to upgrade to 1.0.2j as soon as possible. The update packages can be downloaded at:

https://www.openssl.org/source/

  • Authorize NSFOCUS RSAS to check services.
  • Short-term service: Contact NSFOCUS for onsite handling to ensure that risk points are immediately eliminated in the network and the event impact is minimized. After the handling, an event analysis report is provided.
  • Mid-term service: NSFOCUS provides 3- to 6-month risk monitoring and preventive maintenance inspection (PMI) services to eradicate risks and prevent events from recurring.
  • Long-term service: NSFOCUS provides industry-specific risk mitigation solutions (threat intelligence + attack traceback + professional security service).

Statement

===============

This advisory is only used to describe a potential risk. NSFOCUS does not provide any commitment or promise on this advisory. Both NSFOCUS and the author shall not bear any liability for any direct and/or indirect consequences and losses caused by transmitting and/or using this advisory. NSFOCUS reserves the rights to modify and interpret this advisory. Please include this statement paragraph when reproducing or transferring this advisory. Do not add, delete, or modify this advisory or use this advisory for commercial purposes without permission from NSFOCUS.

About NSFOCUS

================

NSFOCUS IB is a wholly owned subsidiary of NSFOCUS, an enterprise application and network security provider, with operations in the Americas, Europe, the Middle East, Southeast Asia and Japan. NSFOCUS IB has a proven track record of combatting the increasingly complex cyber threat landscape through the construction and implementation of multi-layered defense systems. The company’s Intelligent Hybrid Security strategy utilizes both cloud and on-premises security platforms, built on a foundation of real-time global threat intelligence, to provide unified, multi-layer protection from advanced cyber threats.

For more information about NSFOCUS, please visit http://www.nsfocusglobal.com.

NSFOCUS, NSFOCUS IB, and NSFOCUS, INC. are trademarks or registered trademarks of NSFOCUS, Inc. All other names and trademarks are property of their respective firms.

 

发表评论