OpenSSL and GLIBC Security Advisories
Thursday, March 3rd, 2016
It has been a busy month for security vulnerabilities. We’d like to take a moment to call three of them to your attention to make sure you are addressing them. The first two relate to OpenSSL and what you may have heard referred to as the DROWN attack. The last, slightly older, vulnerability is in glibc, a central part of the Linux operating system. While we are not yet aware of attacks on the vulnerabilities yet, systems administrators should take action to remediate these vulnerabilities on their systems.
Technical Details regarding OpenSSL:
The OpenSSL development team recently published a security advisory [1] regarding two high-impact TLS/SSL vulnerabilities along with several others and have announced that with this update they are disabling the SSLv2 protocol by default, as well as removing SSLv2 EXPORT ciphers.
The first high severity vulnerability, CVE-2016-0800 and nicknamed “DROWN” (Decrypting RSA with Obsolete and Weakened eNcryption), allows for a cross-protocol attack whereby an attacker could decrypt TLS sessions between clients and hosts that support SSLv2 and “export” cipher suites [2]. CVE-2016-0800 also allows for the decryption of traffic between clients and even non-vulnerable servers, if another server supporting SSLv2 and export ciphers shares the RSA keys of the non-vulnerable server. SSLv2 was deprecated in 1996, but millions of servers around the world continue to support it due to mis-configuration. Export-grade cipher suites use deliberately weakened cryptographic techniques mandated by U.S. government restrictions in the late ’90s, but many servers continue to support their use [3].
The second severe vulnerability, CVE-2016-0703, dramatically increases the efficiency and danger of the DROWN attack by making it effective against even the stronger, non-export-grade cipher suites with very little computation time required [4]. This vulnerability affects OpenSSL 1.0.2, 1.0.1l, 1.0.0q, 0.9.8ze and all earlier versions. It was fixed in OpenSSL 1.0.2a, 1.0.1m, 1.0.0r and 0.9.8zf [5].
Suggested Remediation for OpenSSL:
+ Servers using OpenSSL should be upgraded to 1.0.2g or 1.0.1s, which disables SSLv2 and the export cipher suites by default.
+ Servers using IIS (prior to 7.0), NSS (prior to 3.13), Apache (2.2.x), and other software should ensure that SSLv2 is fully disabled [8].
+ Ensure your server’s private keys are not used on *any* server (HTTP, SMTP, IMAP, POP, etc.) that allows SSLv2 connections.
There are no practical steps that can be taken on client applications, such as web browsers, to protect them from this vulnerability [9].
Technical Details regarding glibc:
A glibc vulnerability was announced on February 17th resulting from a buffer overflow in the getaddrinfo function. CVE-2015-7547 [10] was announced in February reporting buffer overflow exists in all glibc versions since 2.9. It is believed that a successful attack could result in a system compromise, though an exploit has not been seen in the wild yet.
Suggested Remediation for glibc:
All major Linux vendors have supplied patches for this vulnerability. Please insure that any installations of glibc have been updated to the latest release and reboot the system to ensure the changes have been properly applied.
Please see the reference section below for additional information.
—
References:
[1] https://www.openssl.org/news/secadv/20160301.txt
[2] https://www.drownattack.com/
[3] https://drownattack.com/#faq-factors
[5] https://www.openssl.org/news/secadv/20160301.txt
[7] https://drownattack.com/#faq-mitm
[8] https://www.bu.edu/tech/about/security-resources/bestpractice/web/
[9] https://drownattack.com/#faq-update
[10] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7547