Slashdot Mirror

← Back to Stories (view on slashdot.org)

'Severe Bug' To Be Patched In OpenSSL

Posted by timothy on from the best-kind dept.

An anonymous reader writes: The Register reports that upcoming OpenSSL versions 1.0.2d and 1.0.1p are claimed to fix a single security defect classified as "high" severity. It is not yet known what this mysterious vulnerability is — that would give the game away to attackers hoping to exploit the hole before the patch is released to the public. Some OpenSSL's examples of "high severity" vulnerabilities are a server denial-of-service, a significant leak of server memory, and remote code execution. If you are a system administrator, get ready to patch your systems this week. The defect does not affect the 1.0.0 or 0.9.8 versions of the library.

42 of 69 comments (clear)

  1. thanks Hacked Team! by SethJohnson · · Score: 4, Funny

    Your audit of OpenSSL has already contributed back to the Open Source community, whether voluntary or not.

    --
    $5 / month hosted VPS on linux = awesome!
  2. Security! by ArcadeMan · · Score: 5, Funny

    Always keep your software up-to-date for security reasons!

    OpenSSL versions 1.0.2d and 1.0.1p are claimed to fix a single security defect classified as "high" severity. [...] The defect does not affect the 1.0.0 or 0.9.8 versions of the library.

    Unless of course the up-to-date versions are less secure than the old versions...

    --
    Get free satoshi (Bitcoin) and Dogecoins
    1. Re:Security! by Anonymous Coward · · Score: 1

      The major differences between the 1.0.0, 1.0.1 and 1.0.2 branches is the addition of features (as can be seen here: https://en.wikipedia.org/wiki/...). This means that the vulnerability is likely to be in one of those new features, rather than in the older code. It also illustrates the old adage that every feature is just an unexploited code path.

    2. Re:Security! by Trongy · · Score: 1

      The 1.0.0 and 0.9.8 version of openssl do not have support for TLS 1.1 or 1.2.
      If you want to stick to using SSLV3 and TLS 1.0, good luck to you. Have you heard of the POODLE attack?

    3. Re:Security! by Demonoid-Penguin · · Score: 1

      This is not the first time that has happened either. Making me think the same thing.

      Good to hear your satire inoculation is working.

    4. Re:Security! by Dan541 · · Score: 1

      Always keep your software up-to-date for security reasons!

      I hear the NSA have taken over development of OpenSSL. Oh look.... a new patch...

      --
      An SQL query goes to a bar, walks up to a table and asks, "Mind if I join you?"
  3. boring boring boring booooooooooring by Anonymous Coward · · Score: 2, Insightful

    So tired of these pre-announcements. What's next, pre-pre-announcements? Just publish already, doofuses.

    1. Re:boring boring boring booooooooooring by Anonymous Coward · · Score: 5, Funny

      It gives some extra time to make up a catchy name for the vulnerability and print some t-shirts.

    2. Re:boring boring boring booooooooooring by wardrich86 · · Score: 1

      "...pre-pre-announcements?" Valve to announce the release of Half-Life 3 eventually!

    3. Re:boring boring boring booooooooooring by beh · · Score: 1

      Sorry, the pre-announcement does have a point - if the security hole is major, then you want admins to be ready to patch their systems pretty much immediately.

      If you just released the "fixed" version together with a description of the vulnerability - it might give extra time to potential attackers to figure out how to exploit the problem before an admin becomes aware that there even IS a new version.

      In this case, the certificate verification might not have sounded like a big thing to you - but think where client certificates are being used - not that many places, but usually "important" ones, and often ones that have real economic consequences for the parties involved if they were to be broken (like many VPNs between businesses; or protected services that require client certificates for authentication. If it were "easy" to forge one, the protection would be harder to maintain (if it were even still possible to maintain).

  4. Use the diffs by Dwedit · · Score: 1

    I guess you could use the diffs to find the hole.

    1. Re:Use the diffs by Anonymous Coward · · Score: 3, Interesting

      Well lets assume it's the PSK allowing the buffer overflow

      We can see the fix here, so lets look at the code they are replacing.. specifically:

      - s->ctx->psk_identity_hint = BUF_strdup(tmp_id_hint);
      - if (s->ctx->psk_identity_hint == NULL) {
      + s->session->psk_identity_hint = BUF_strndup((char *)p, i);
      + if (s->session->psk_identity_hint == NULL) {

      Looks like they went from strdup() to strndup(). Lets look when strdup() was introduced


        git grep "BUF_strdup(" $(git rev-list --all) | grep s3_clnt |awk -F':' '{print $1}' | uniq

      returns ddac197404f585b8da58df794fc3beb9d08e8cd2

      add initial support for RFC 4279 PSK SSL ciphersuites

      PR: 1191
      Submitted by: Mika Kousa and Pasi Eronen of Nokia Corporation
      Reviewed by: Nils Larsch

              OpenSSL_0_9_8k

      Nils Larsch authored on Mar 10, 2006

      Since this was added in 2006 and 0.9.8 is not vulnerable it is possible this is not the urgent vulnerability. But similar analysis can be done against the 1.0.2 branch and then looking back at the history of commits as I showed here. Good luck.

      -dk

  5. Monoculture... by Bugler412 · · Score: 4, Interesting

    Remember when everyone thought Windows was the biggest monoculture? Not on the web server side of the business....

  6. Do what Amazon did... by Karmashock · · Score: 3, Interesting

    Offer up a version of the the package that is small enough to be audited in detail so that there are very very very few bugs with it.

    I think they said they had it down to 6k? So do that. Obviously that strips out a lot of features people like. So decide what is more important to you.

    security or covering your car with stickers and truck nuts.

    good security has to be simple. you get complicated and you get something that can't be fully understood well enough to debug.

    --
    I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
    1. Re:Do what Amazon did... by Anonymous Coward · · Score: 1

      Amazon's s2n repo is cool, but it's only a lightweight TLS library. It does not have the crypto routines included and instead relies upon other libraries for that. It can use OpenSSL, LibreSSL, or some others... it would be nice if they just stripped OpenSSL down to a few crypto and hash sets as a light crypto package too.

    2. Re:Do what Amazon did... by Kiwikwi · · Score: 1

      Offer up a version of the the package that is small enough to be audited in detail so that there are very very very few bugs with it.

      I think they said they had it down to 6k?

      Amazon's package depends on OpenSSL. What they've essentially done is to build an OpenSSL version that's 6k bigger than the existing monster.

    3. Re:Do what Amazon did... by StikyPad · · Score: 1

      security or covering your car with stickers and truck nuts.

      A "Sophie's Choice," if ever there was one.

      --
      https://www.eff.org/https-everywhere
    4. Re:Do what Amazon did... by Karmashock · · Score: 1

      Only aspects of it and they can use other liberaries if they want.

      The point remains that the code base can be simplified.

      A big issue I see with a lot of these projects is that they get too complicated. Rather than adding new features they should simply compartmentalize the code so that portions of it can do these things but they exist at seperately audited components... and should only be used if actually needed.

      I've no interest in getting involved in a tit for tat with you. We know there are problems maintaining the integrity of security code against hackers.

      You know that. This is not disputable.

      The world is changing and the standards upon which security is judged are changing with them. Business as usual is not acceptable. We're coming to adapt or die time.

      I choose life and relevance. Anyone that wishes to choose obsolescence and death is welcome to do so. Those that remain will make all future decisions.

      --
      I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
  7. No more! by Aethedor · · Score: 4, Interesting

    Every software developer, please stop using OpenSSL. It was crap then, it is crap now and it will be crap tomorrow. And LibreSSL is not the solution. You can't turn crap into something nice. You want a decent SSL library, try mbed TLS. Unlike OpenSSL, this library has good documentation (example programs included), has a logical and sane API (no ugly callback shit) and its code is clean and secure.

    I switched from OpenSSL to mbed TLS (named PolarSSL back then) in my open source project some time ago. I should have done it more early! The migration was easy and only cost me a few days. So, stop punishing yourself and give mbed TLS a try. You won't regret it!!

    Disclaimer:
    No, I'm in no way connected to mbed TLS. Just a happy mbed TLS user who doesn't understand why people keep on torturing themselves and their users.

    --
    It doesn't have to be like this. All we need to do is make sure we keep talking.
    1. Re:No more! by Anonymous Coward · · Score: 4, Informative

      GPLv2 (not LGPL) will be a big showstopper for some projects.

    2. Re:No more! by Anonymous Coward · · Score: 2, Insightful

      How about this: mbed TLS is under either a pay-for commercial license or the GPL, none of which are suitable to everyone's need, as opposed to Open/LibreSSL BSD or BSD-like licenses.

      Granted they have a disclaimer at the end about "FOSS License Exception" that makes it *seem* like you can at least use it with most FOSS. But for proprietary software, nothing beats BSD, Apache and the likes.

      This being said, thanks, I'll take a look at it next time I need a TLS library for an open source project.

    3. Re:No more! by serviscope_minor · · Score: 1

      You can't turn crap into something nice.

      Yes you can.

      OpenSSL has good implementations of the core algorithms surrounded by a mountain of crap. LibreSSL strips that out leaving a goo, solid system.

      --
      SJW n. One who posts facts.
    4. Re:No more! by Anonymous Coward · · Score: 1

      LibreSSL strips that out leaving a goo, solid system.

      Incredible how human brain and subconscious will speak the truth even if the human attached to the brain is not aware of it.

    5. Re:No more! by operagost · · Score: 1

      LibreSSL strips that out leaving a goo, solid system.

      Mmm... free goo.

      --

      Gamingmuseum.com: Give your 3D accelerator a rest.
    6. Re:No more! by phantomfive · · Score: 2

      Eventually. In the June 11th OpenSSL bug fix, LibreSSL was found to be vulnerable to 3 out 7 of the same vulnerabilities. Source. LibreSSL is better, but still has a lot of weaknesses.

      --
      "First they came for the slanderers and i said nothing."
    7. Re:No more! by WaffleMonster · · Score: 1

      Every software developer, please stop using OpenSSL

      It was crap then, it is crap now and it will be crap tomorrow. And LibreSSL is not the solution. You can't turn crap into something nice.

      You need to provide a coherent reason if you want people to do what you ask. "Cuz it's crap" does not convey objectively useful information.

      You want a decent SSL library, try mbed TLS.

      Lost me at GPL. Lack of SRP and DTLS also deal breakers.

      No, I'm in no way connected to mbed TLS. Just a happy mbed TLS user who doesn't understand why people keep on torturing themselves and their users.

      I'm happy it works for you.

    8. Re:No more! by Eythian · · Score: 1

      It can be GPLv3 too, so that's OK.

    9. Re:No more! by Kiwikwi · · Score: 1

      Before complaining about mbed TLS's GPLv2 license, you should probably be aware that OpenSSL uses its own application-specific license, which is not OSI approved. The license contains an advertising clause similar to the original BSD license; that makes OpenSSL both GPL-incompatible and a general PITA to work with.

      In fact, I'd wager that almost every time OpenSSL is redistributed, it's done in violation of the license. When was the last time you saw a product advertising that "This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit"? That text has to appear whenever you advertise any OpenSSL-based crypto functionality.

      The license is technically libre, but only by the skin of its teeth...

    10. Re:No more! by dotancohen · · Score: 1

      GPLv2 (not LGPL) will be a big showstopper for some projects.

      So those open source projects that ensure that code is contributed back to the community, will enjoy this code contribution and be secure. GPL cuts both ways, sure, and I'm actually glad that the secure option requires code to be contributed back.

      --
      It is dangerous to be right when the government is wrong.
  8. Re:Sick of this shit by Eravnrekaree · · Score: 1

    PAE and x86-64 and probably other CPUs now have page table flags for protecting against buffer overrun by non-executable, readonly memory sections and such. An overrun will cause a segfault rather than an actual overrun. This significantly improve things. So what is the status of this in major Linux distros?

  9. Re: Sick of this shit by Anonymous Coward · · Score: 1

    Rust? The language that hit 1.0 only about two months ago, so very long after it was first promised? The language with only one quasi-usable implementation? The language whose one quasi-usable implementation is riddled with bugs (its GitHub isse tracker is full of them)? The language that hasn't been used for anything significant, other than its own bug-riddled quasi-usable implementation? The language that is more hype than substance? The language that the Ruby on Rails fanboys jumped ship to after Rails and Ruby started sinking fast? The language with convoluted ownership semantics that make C++'s easy to comprehend and use by comparison? No thanks!

  10. Re:Sick of this shit by Eravnrekaree · · Score: 1

    You are right. Data could also be leaked, which would be awful. Guard pages are another feature often used, when a buffer overflow occurs it would often hit the guard page which being unallocated space will segfault, but its not perfect. Its a lot easier to protect code than it is to protect data.

  11. Re:Freetards Assemble! by rubycodez · · Score: 1

    with a solid foundation of systemd under it, openssl can be robust, secure and unstoppable!

  12. Hu? by stackOVFL · · Score: 1

    Why not just fix it using a carbon nanotube? They use them to fix everything else.

  13. We, Gods of OpenSSL by Nikademus · · Score: 1

    We, Gods of OpenSSL are announcing that there will be a patch in 2 days. We will not tell you what it is as you could patch it yourself or use any of the forks that we dislike like LibreSSL. Surely we will not reveal what it is as bad people could use it (trust us, we tell you they cannot already). The only thing we will say is that it was introduced after 1.0.0,so we are sure you won't find out and that The Big Vendors who pay us will be able to deliver a patch when they are ready. And bad guys won't be able to annoy you because we know they are morons and won't find out...

    --
    I gave up with the idea of an useful sig...
  14. Wanna know the vulnerability? by barbariccow · · Score: 1

    Want to know the vulnerability? Diff the latest from last version without - 1.0.0. Compare. :)

    1. Re: Wanna know the vulnerability? by Zero__Kelvin · · Score: 1

      man git-bisect

      --
      Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
  15. FIPS certification by thegarbz · · Score: 1

    The comment title says it all. Many developers don't torture themselves. Other people do the torturing by specifying OpenSSL effectively as a requirement. mbed TLS is not FIPS compliant based on a quick google search.

    1. Re: FIPS certification by Aethedor · · Score: 1

      If mbed TLS isn't and OpenSSL is, than it says more about FIPS than about mbed TLS.

      --
      It doesn't have to be like this. All we need to do is make sure we keep talking.
    2. Re: FIPS certification by thegarbz · · Score: 1

      Regulations and certification rarely make sense.

  16. better cancel your weekend plans by SchroedingersCat · · Score: 1

    ... and clean the coffee machine

  17. Mysterious?!! (much ado about nothing) by Demonoid-Penguin · · Score: 1

    When processing an ECParameters structure OpenSSL enters an infinite loop if the curve specified is over a specially malformed binary polynomial field. This can be used to perform denial of service against any system which processes public keys, certificate requests or certificates. This includes TLS clients and TLS servers with client authentication enabled.
    original advisory Hidden in plain sight. (sigh)

    Isn't The Register a news satire site? [if not it needs reclassifying]