OpenSSL issues new patches as Heartbleed still lurks

The latest OpenSSL update may only address moderate-severity vulnerabilities, but admins shouldn't get lax about staying current with the patches

OpenSSL issues new patches as Heartbleed still lurks
OpenClipart-Vectors (CC0)

The OpenSSL Project has addressed some moderate-severity security flaws, and administrators should be particularly diligent about applying the patches since there are still 200,000 systems vulnerable to the Heartbleed flaw.

OpenSSL updated the 1.0.2 and 1.1.0 branches and released versions 1.1.0d and 1.0.2k. The 1.0.1 branch stopped receiving security updates Dec. 31, while support for OpenSSL 0.9.8 and 1.0.0 ended a year ago, on Dec. 31, 2015.

The vulnerabilities are considered moderate severity because of the challenges in exploiting the flaws directly. If successfully triggered, they do not let attackers remotely execute code. However, they can cause server and client software to crash, causing availability issues. For example, a carry propagation flaw in the x86_64 Montgomery squaring procedure (CVE-2017-3732) could result in an attacker recovering encryption keys, except for the fact that EC (elliptic curve) algorithms are not affected and attacks against RSA and DSA algorithms would be difficult to carry out, the OpenSSL project team said.

"Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline," the OpenSSL Project said in its advisory. "The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients."

An attacker could send a truncated packet to an SSL/TLS server or client running on a 32-bit host and cause an out-of-bounds read (CVE-2017-3731), resulting in a crash. The likelihood of a crash depends on the cipher being used, namely the ChaCha20/Poly1305 cipher for the OpenSSL 1.1.0 branch, and RC4-MD5 for the OpenSSL 1.0.2 branch. A malicious server providing bad parameters for a Diffie-Hellman Exchange or Elliptical Curve Diffie-Hellman Exchange key exchange (CVE-2017-3730) can cause the client to crash, if it's running the 1.1.0 branch.

The OpenSSL update comes on the heels of the report that nearly 200,000 servers and devices worldwide are still vulnerable to Heartbleed (CVE-2014-0160), the critical vulnerability in the encryption library that OpenSSL patched in April 2014. The flaw, which affected millions of Linux, Unix, and Apple systems running OpenSSL, could be exploited to steal information residing in memory, including passwords, login cookies, private cryptographic keys, and other secrets, researchers found.

Search engine Shodan found in its Heartbleed Report this week that 199,594 services were still running outdated versions of OpenSSL and were vulnerable to Heartbleed. HTTPS accounted for a large majority of impacted services, with 148,420 vulnerable servers, followed by HTTPS port 8443 with 23,600 servers. Nearly 75,000 of the affected services have expired SSL certificates.

A disproportionate number of systems on this list were servers hosted on Amazon Web Services. That may have more to do with the fact that it's easy for anyone to spin up new AWS instances, than with an actual issue in AWS. With IT security out of the loop, there's no one enforcing security controls on what types of software to install when setting up the server, which means there's nothing stopping the server owner from adding the vulnerable version of OpenSSL to the stack. Some of the virtual servers may be abandoned and forgotten, and since they were created outside of the IT process, no one knows to look for them to check the OpenSSL version.

"If there are servers that are vulnerable, then it's because people aren't aware they have them," said Mike Pittenger, vice president of strategy for Black Duck Software.

The issue could also be getting reintroduced every time a new virtual instance or Docker container is created. If the base image contains the older version of OpenSSL, then every new instance built off the image will be vulnerable.

"If the stack has problems, you're just propagating the error," Pittenger said.

Update all applications wherever OpenSSL is used as a dependency, check repositories to make sure developers are grabbing the latest version of the library and not relying on an older one, and verify all container and virtual machine images have the patched version of OpenSSL.

Shodan's report found that almost 52,000 Apache HTTPD servers, especially versions 2.2.22 and 2.2.15, currently exposed on the Internet were still vulnerable to Heartbleed. Considering there's been a dozen or so critical and high-severity issues patched since Heartbleed, administrators now have to worry about several other serious vulnerabilities impacting these systems.