A Collection of Cryptographic Vulnerabilities.
The rustic origins of the English language are evident in the words left to us by our agricultural ancestors. Many words developed to distinguish groups of different animals, presumably to indicate their relevant importance. A ‘flock’ of sheep was more valuable than a single sheep, a ‘pack’ of wolves posed more danger than a single wolf. With respect to security vulnerabilities, we have yet to develop such collective nouns to indicate what is important, and to indicate that which poses danger.
The world of Transport Layer Security has been rattled once again with the identification of a “swarm” of vulnerabilities in OpenSSL and GnuTLS. A total of seven new vulnerabilities ranging from a potential man in the middle attack, allowing an attacker to eavesdrop on an encrypted conversation, to vulnerabilities that could be used to allow attackers to remotely exploit code on a client have been identified in the popular open source libraries.
TRAC has recently illustrated previous cryptographic vulnerabilities in video format and produced a video discussing the recent Heartbleed bug in more detail. Colleagues have published further details regarding Heartbleed.
The significance of Heartbleed has prompted developers to scrutinise the code base within open source cryptographic libraries to search for other potential vulnerabilities. Indeed, Cisco is supporting the Linux foundation’s effort to devote resources to support critical open source software, such as OpenSSL. Scrutinising code inevitably brings to light bugs and issues that had previously been missed. One of the advantages of open source software is that anyone is able to review the code to identify issues and contribute remedies. Implementing cryptography correctly and securely in software is difficult, discussed in more detail here. Increased analysis of code by researchers specifically looking for weaknesses which may subtle in nature is a good thing, since once vulnerabilities are identified, they can be fixed.
This recent set of published vulnerabilities is indicative of the code reviews prompted by the interest and alarm generated by Heartbleed. As the code is reviewed by more researchers, in more detail, and with more effective testing tools, we can expect more vulnerabilities to be discovered, though it is likely that the rate of discovery will decrease over time.
As with any vulnerability, organisations need to identify their assets in terms of hardware and software that are impacted, and patch systems as soon as possible. Hopefully, organisations will have recent experience of patching their cryptographic libraries following Heartbleed.
The current vulnerabilities are:
|Vulnerability||Affected Software||Versions||Possible Attack|
|CVE-2014-0224||OpenSSL||All client software, server versions 1.0.1 & 1.0.2-beta1||Man-in-the-middle.|
|CVE-2014-0221||OpenSSL||DTLS users for versions 0.9.8, 1.0.0, 1.0.1||Denial of service.|
|CVE-2014-0195||OpenSSL||DTLS users for versions 0.9.8, 1.0.0, 1.0.1||Remote code execution.|
|CVE-2014-0198||OpenSSL||Where SSL_MODE_RELEASE_BUFFERS is enabled for 1.0.0 & 1.0.1||Denial of service.|
|CVE-2010-5298||OpenSSL||Where SSL_MODE_RELEASE_BUFFERS is enabled for 1.0.0 & 1.0.1||Denial of service, session data injection.|
|CVE-2014-3470||OpenSSL||Where ECDH ciphersuites are enabled for 0.9.8, 1.0.0, 1.0.1||Denial of service.|
|CVE-2014-3466||GnuTLS||All versions before 3.1.25, versions 3.2.x before 3.2.15, versions 3.3.x before 3.3.4||Denial of service, remote code execution.|
Cisco has released an advisory on the effect of these vulnerabilities on Cisco products.
At the time of writing, we have no evidence that any of these vulnerabilities are being exploited in the wild. As with any published vulnerability, we will continue to monitor and research the issue.
Cisco has released signatures to detect exploitation attempts for CVE-2014-0195 & CVE-2014-0221 with Snort rules 31180, 31181 and for CVE-2014-3466 with Snort rules 31176 – 31179.
UPDATE: Included IntelliShield alerts for CVE-2014-0198 & CVE-2014-3466.