OpenSSL Patches Critical Certificate Forgery Bug

← Back to Stories (view on slashdot.org)

OpenSSL Patches Critical Certificate Forgery Bug

Posted by timothy on Thursday July 9, 2015 @03:40AM from the quick-fixes-are-good-fixes dept.

msm1267 writes: The mystery OpenSSL patch released today addresses a critical certificate validation issue where anyone with an untrusted TLS certificate can become a Certificate Authority. While serious, the good news according to the OpenSSL Project is that few downstream organizations have deployed the June update where the bug was introduced. From the linked piece: The vulnerability allows an attacker with an untrusted TLS certificate to be treated as a certificate authority and spoof another website. Attackers can use this scenario to redirect traffic, set up man-in-the-middle attacks, phishing schemes and anything else that compromises supposedly encrypted traffic. [Rich Salz, one of the developers] said there are no reports of public exploits.

45 comments

Min score:

Reason:

Sort:

Trusted certificate owners by psergiu · 2015-07-09 03:43 · Score: 1

So i understand from this that o don't need to rush & patch my web servers who all have Trusted certs.
Right ?

--
1% APY, No fees, Online Bank https://captl1.co/2uIErYq Don't let your $$$ sit in a no-interest acct.
1. Re:Trusted certificate owners by Lunix+Nutcase · 2015-07-09 03:43 · Score: 1
  
  Did you install the version of OpenSSL that introduced the bug?
2. Re:Trusted certificate owners by XanC · 2015-07-09 03:46 · Score: 1
  
  Does 1.0.1e-2+deb7u16 qualify?
3. Re:Trusted certificate owners by psergiu · 2015-07-09 03:52 · Score: 1
  
  Latest one i have in production is 1.0.1m - the release before the LogJam fix in 1.0.1n that introduced this bug.
  
  --
  1% APY, No fees, Online Bank https://captl1.co/2uIErYq Don't let your $$$ sit in a no-interest acct.
4. Re:Trusted certificate owners by Anonymous Coward · 2015-07-09 03:53 · Score: 1
  
  No, that was released 19th of March.
  The June update is 1.0.1e-2+deb7u17
5. Re:Trusted certificate owners by Qzukk · 2015-07-09 03:58 · Score: 1
  
  It sounds like if you are not verifying certificates then it's not critical, but if you've got client certificates to identify/authenticate users you need to update.
  If you're running any kind of client connection (for instance, consuming a https webservice) then you'll need to update (unless they're using gnutls or nss instead of openssl)
  
  --
  If I have been able to see further than others, it is because I bought a pair of binoculars.
6. Re:Trusted certificate owners by kthreadd · 2015-07-09 03:58 · Score: 2
  
  So i understand from this that o don't need to rush & patch my web servers who all have Trusted certs. Right ?
  You may want to rush if your web server validates client certificates? That is, does any of your users have to present a certificate to the web server instead of just the opposite way around?
7. Re:Trusted certificate owners by petermgreen · 2015-07-09 04:10 · Score: 3, Informative
  
  Debian claims that their patched versions of openssl for squeeze/wheezy/jessie are not affected by this issue.
  
  --
  note: i'm known as plugwash most places but i screwd up registering that here somehow in the past and now can't register
8. Re:Trusted certificate owners by petermgreen · 2015-07-09 04:29 · Score: 1
  
  AIUI this is mostly a client issue, servers do not normally validate certs presented to them (client certs do exist but they are rarely used and even where they are used afaict it'susually with a "known cert for each user" model rather than a CA based model).
  
  --
  note: i'm known as plugwash most places but i screwd up registering that here somehow in the past and now can't register
9. Re:Trusted certificate owners by Iarwain+Ben-adar · 2015-07-09 05:08 · Score: 1
  
  Reference please!
10. Re:Trusted certificate owners by Anonymous Coward · 2015-07-09 05:47 · Score: 0
  
  Here is the reference you asked for.
11. Re:Trusted certificate owners by Anonymous Coward · 2015-07-09 06:21 · Score: 0
  
  Unless you're running on sid you're fine:
  https://security-tracker.debian.org/tracker/CVE-2015-1793
12. Re:Trusted certificate owners by Anonymous Coward · 2015-07-09 08:10 · Score: 0
  
  I actually had 1.0.2c in production, mostly on old Solaris 10 servers and a few clients. It actually has OpenSSL 0.9.7 but that is too old for some of the features that we want to use, and since we already build the server software from source we might as well build OpenSSL as well. We don't use client certificates so we were safe, but upgraded to 1.0.2d anyway.
13. Re:Trusted certificate owners by kthreadd · 2015-07-09 08:13 · Score: 1
  
  Unless you're running on sid you're fine: https://security-tracker.debia...
  According to that page testing (stretch) is also vulnerable, and a few people might actually use that.
14. Re:Trusted certificate owners by antdude · 2015-07-11 06:32 · Score: 1
  
  If true, that explains why the lack of updated OpenSSL packages on my oldstable Debian.
  
  --
  Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
Compromise Window by xdor · 2015-07-09 03:51 · Score: 1, Funny

Apparently the NSA/FBI needed collect someone's encrypted data in the last year. Now that they have what they want, they are sewing it back up again.
Though with the NSA's purported computing capability and back doors it doesn't seem like they would need this -- unless some lesser player on the intelligence field got this in -- but then I'm positing corroboration with the OpenSSL folks, so it seems like only a government would be capable of coercing this kind of flaw. But with the underhanded C contest, maybe someone at OpenSSL would make a "mistake" for the right price.
1. Re:Compromise Window by fustakrakich · 2015-07-09 03:59 · Score: 1
  
  There are too many secrets in the system to trust anyone. Wipe the word from your memories. It's over, Johnny.
  
  --
  “He’s not deformed, he’s just drunk!”
Bugs are like cockroaches by fustakrakich · 2015-07-09 03:57 · Score: 1

For every one you see, there are tens of thousands more under the cabinet. Outside single user mode this whole certificate thing is not trustworthy in any sense...

--
“He’s not deformed, he’s just drunk!”
SubjectsInCommentsAreStupid by lesincompetent · 2015-07-09 04:02 · Score: 0

Don't wanna sound like a witch hunter here but why don't we start checking who and when introduced critical bugs like these?
Background checks and all...
1. Re:SubjectsInCommentsAreStupid by fisted · 2015-07-09 05:33 · Score: 1
  
  Yes well why don't you start checking then?
  
  --
  CLI paste? paste.pr0.tips!
2. Re:SubjectsInCommentsAreStupid by lesincompetent · 2015-07-09 06:05 · Score: 1
  
  I did mr. smartass, turns out the reviewer is the same guy who reviewed the heardbleed 'patch' too.
3. Re:SubjectsInCommentsAreStupid by fisted · 2015-07-09 06:13 · Score: 1
  
  mr. smartass
  Where did that come from?
  
  turns out the reviewer is the same guy who reviewed the heardbleed 'patch' too.
  And who introduced the problems (rather than reviewing the fixes)?
  
  --
  CLI paste? paste.pr0.tips!
4. Re:SubjectsInCommentsAreStupid by lesincompetent · 2015-07-10 00:33 · Score: 1
  
  Can't be arsed to check again. They're both equally culpable in my view though.
5. Re:SubjectsInCommentsAreStupid by fisted · 2015-07-10 02:18 · Score: 1
  
  Okay, so you're an idiot. Thanks for clearing that up beyond doubt.
  
  --
  CLI paste? paste.pr0.tips!
WTF is a "TLS certificate"? by xxxJonBoyxxx · 2015-07-09 04:23 · Score: 1

Hey editors - did you mean an "X.509 certificate?"
LibreSSL and BoringSSL? by tepples · 2015-07-09 04:43 · Score: 3, Interesting

If you're running any kind of client connection (for instance, consuming a https webservice) then you'll need to update (unless they're using gnutls or nss instead of openssl)
Are LibreSSL and BoringSSL also affected? The article mentions that a BoringSSL contributor found the problem, but it doesn't say one way or the other whether this misbehavior made it into any releases of BoringSSL or any other OpenSSL fork.
1. Re:LibreSSL and BoringSSL? by QuietLagoon · 2015-07-09 05:22 · Score: 2
  
  According to a posting on the OpenBSD tech mailing list, LibreSSL is not affected.
  .
  http://marc.info/?l=openbsd-te...
  
  We have received several emails asking if we are impacted by the latest CVE-2015-1793. We are not impacted. The code related to that CVE was added after we forked 1.0.1g and we did not merge these changes from upstream. This CVE only concerns newer OpenSSL releases.
X.509 cert with hostname as common name by tepples · 2015-07-09 04:50 · Score: 4, Informative

A TLS certificate is an X.509 certificate whose common name identifies a hostname in the manner specified by TLS. All TLS certificates are X.509 certificates, but not all X.509 certificates are TLS certificates because not every X.509 certificate's common name identifies a hostname.
1. Re:X.509 cert with hostname as common name by madbrain · 2015-07-09 14:49 · Score: 1
  
  Also, SSL/TLS certificates are X.509 certificates with the proper key usage / extended key usage.
  
  --
  -- Julien Pierre http://www.madbrain.com/blog
How the bug was introduced by bitwise+counselor · 2015-07-09 05:05 · Score: 2

This bug was introduced recently in https://github.com/openssl/ope... to add support for "In certain situations the server provided certificate chain may no longer be valid" This bug doesn't affect libressl, boringssl, or vigortls.
1. Re:How the bug was introduced by Anonymous Coward · 2015-07-09 07:16 · Score: 0
  
  You do realize that you can look at the history of patch submissions on GitHub, right? It's kind of one of the reasons people use project management software in the first place. I can't be bothered to go searching around myself because I'm not that paranoid, sometimes people make mistakes too. Yes, the NSA and other conspicuously public "secret" agencies these days have a lot of vested interest in a bug like this being worked into OpenSSL or similar packages. No, that doesn't mean you need to conduct a torch-and-pitchfork lynching of any developer who happens to screw something up either.
  One of the few lines of dialogue that didn't make me roll my eyes in TRON Legacy was when CLU was talking about the desire to build the "perfect system..." By the end of the movie we understand CLU never _could_ have designed a perfect system because he was essentially a carbon copy of his creator...and his creator wasn't perfect. Nobody is. Neither are the people writing the browser you're using, the OS that's running it, nor OpenSSL. That being said, if you're so paranoid about the letter-agencies _intentionally_ introducing bugs...like I said, GitHub tracks just about every change made that I can think of, line by line and by user. I sincerely doubt that there's "anonymous" patches accepted into OpenSSL, so you want to lynch somebody, use the search engine and get your rope out.
2. Re:How the bug was introduced by Anonymous Coward · 2015-07-09 10:54 · Score: 0
  
  Who introduced it? What about some background checking on this guy\gal?
  The patch seems to be created by Matt Caswell (matt@openssl.org) and reviewed by Stephen Henson (steve@openssl.org).
3. Re:How the bug was introduced by Slayer · 2015-07-09 12:20 · Score: 1
  
  AFAIK Stephen Henson was the guy who also approved the patch that ultimately led to the heart bleed exploit. Call me paranoid all you want, but I'm getting nervous about OpenSSL at this point.
4. Re:How the bug was introduced by Anonymous Coward · 2015-07-09 12:43 · Score: 0
  
  > but I'm getting nervous about OpenSSL at this point.
  Welcome to a year ago.
  Anyone who has ever even looked at OpenSSL's codebase can see that it is a clusterfuck of spaghetti, not well-thought out, security conscious code. Hack after hack after hack after cludge. I would not trust any of that to be secure.
Thats one way of looking at it by coop247 · 2015-07-09 05:11 · Score: 1

the good news according to the OpenSSL Project is that few downstream organizations have deployed the June update where the bug was introduced
Good news everybody, people aren't installing our broken and insecure updates!

--
//TODO: Insert catchy phrase
Re:How could this happen? by rubycodez · 2015-07-09 05:30 · Score: 1

OpenSSL problems are due to proprietary company controlling the project for certain proprietary interests.
Why don't we call you a CorporateSlaveTard?
Re:Too Many Secrets by sconeu · 2015-07-09 05:38 · Score: 1

That's why I get my crypto from SETEC Astronomy

--
General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
Re:How could this happen? by Anonymous Coward · 2015-07-09 05:39 · Score: 0

OpenSSL problems are due to proprietary company controlling the project for certain proprietary interests.
Not really, OpenSSL is open-source, anyone can modify it.
The problem is the complete shittyness of the OpenSSL code.
Here's 49 pages of the stupidities that the LibreSSL people ( http://www.libressl.org/ ) found while going through the OpenSSL code: http://opensslrampage.org/
Re:How could this happen? by rubycodez · 2015-07-09 07:19 · Score: 1

No, anyone can submit a contribution which may or may not get accepted by those controlling the project. Your understanding is so flawed
Re:Too Many Secrets by Last+Warrior · 2015-07-09 08:51 · Score: 1

too many secrets
ill have some of that world peace about now.
Test suite by Anonymous Coward · 2015-07-09 13:23 · Score: 0

Is it me or is there close to zero test harnesses for regression tests? And wasn't there money raised as well?
Fund LibreSSL, not OpenSSL by RR · 2015-07-09 15:42 · Score: 1

Theo de Raadt:

OpenSSL is not developed by a responsible team.
Understatement.

--
Have a nice time.
RHEL/CentOS/etc not vulnerable by whitroth · 2015-07-10 04:40 · Score: 1

There was an announcement by RH in response to this, noting that the vulnerabilities were included in a recent release by openSSL, and that they had not gone into RHEL updates, so RHEL is not vulnerable, nor are it's children, like CentOS.
mark