THREAT LEVEL - HIGH
02-11-2022
New High-Severity Vulnerabilities in OpenSSL
Threat Level Description
Threat Level: High – An attack is highly likely. Additional and sustainable protective security measures reflecting the broad nature of the threat combined with specific business and geographical vulnerabilities and judgments on acceptable risk.
Description
We have observed that two high-severity vulnerabilities in OpenSSL’s widely used cryptography library have been identified.
A remote unauthenticated attacker could leverage these issues in order to perform remote code execution and denial-of-service (DoS) attacks. This could result in breaching the confidentiality, integrity, and availability of the data hosted on the server.
These vulnerabilities, tracked as CVE-2022-3602 and CVE-2022-3786, have been described as buffer overrun issues, that can be triggered during X.509 certificate verification.
The CVE-2022-3602 issue consists a buffer overrun vulnerability that can be triggered in X.509 certificate verification, specifically in name constraint checking. An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in causing a denial of service or potentially remote code execution.
The CVE-2022-3786 bug is also a buffer overrun vulnerability that can be triggered in X.509 certificate verification in name constraint checking. An attacker can craft a malicious email address in a certificate to overflow an arbitrary number of bytes containing the `.’ character (decimal 46) on the stack. This buffer overflow could result in a crash (causing a denial of service).
Both these issues can be triggered, in a TLS client, by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects.
The OpenSSL Project noted that these bugs were introduced in OpenSSL 3.0.0 as part of punycode decoding functionality that’s currently used for processing email address name constraints in X.509 certificates.
Note that the exploitability of these vulnerabilities is significantly limited as these flaws occur after certificate verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification, despite failure to construct a path to a trusted issuer.
CVE(s)
A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code execution. Many platforms implement stack overflow protections which would mitigate against the risk of remote code execution. The risk may be further mitigated based on stack layout for any given platform/compiler. Pre-announcements of CVE-2022-3602 described this issue as CRITICAL. Further analysis based on some of the mitigating factors described above have led this to be downgraded to HIGH. Users are still encouraged to upgrade to a new version as soon as possible. In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects. Fixed in OpenSSL 3.0.7 (Affected 3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6).
A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address in a certificate to overflow an arbitrary number of bytes containing the `.’ character (decimal 46) on the stack. This buffer overflow could result in a crash (causing a denial of service). In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects.
Affected Systems
- OpenSSL versions 3.0.0 through 3.0.6
Recommendation(s)
You should immediately proceed and upgrade the OpenSSL to its latest secure version, provided by the vendor.
Note that the implementation of stack overflow protections would mitigate against the risk of remote code execution. The risk may be further mitigated based on stack layout for any given platform/compiler.
You should understand the importance of security updates, and the urgency with which they should be applied, no matter how large or small your organization is. It is very important to apply an efficient patch management solution and always have enabled an active event security logging and practice event monitoring. To protect the valuable assets of your business and be compliant with the relevant industry regulations requires a comprehensive approach to the management of risk, including Penetration Testing at least annually and upon significant changes.
