security ssl

Published on December 12th, 2017 | Post Views: 450  Hits Post Views

CVE-2017-3737: OpenSSL Security Bypass Vulnerability

Recently, OpenSSL Security Bypass Vulnerability was found by a security researcher. An attacker who successfully exploited this vulnerability could circumvent security restrictions and perform unauthorized operations, which may help to launch further attacks.

Affected version

OpenSSL Project OpenSSL 1.0.2
OpenSSL Project OpenSSL 1.0.2m
OpenSSL Project OpenSSL 1.0.2l
OpenSSL Project OpenSSL 1.0.2k
OpenSSL Project OpenSSL 1.0.2j
OpenSSL Project OpenSSL 1.0.2i
OpenSSL Project OpenSSL 1.0.2h
OpenSSL Project OpenSSL 1.0.2g
OpenSSL Project OpenSSL 1.0.2f
OpenSSL Project OpenSSL 1.0.2e
OpenSSL Project OpenSSL 1.0.2d
OpenSSL Project OpenSSL 1.0.2c
OpenSSL Project OpenSSL 1.0.2b
OpenSSL Project OpenSSL 1.0.2a

▼Advertisements

Unafftected version

OpenSSL Project OpenSSL 1.0.2n

Vulnerability number

CVE-2017-3737

Impact

Moderate

Vulnerability description

OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an “error state” mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error.

This issue was reported to OpenSSL on 10th November 2017 by David Benjamin (Google). The fix was proposed by David Benjamin and implemented by Matt Caswell of the OpenSSL development team.

Solusion

Update to OpenSSL Project OpenSSL 1.0.2n.

Reference: openssl












Leave a Reply

Back to Top ↑

Read previous post:
o-saft-768x626
O-Saft – OWASP SSL advanced forensic tool

OWASP SSL advanced forensic tool / OWASP SSL audit for testers O-Saft is easy to use tool to show information about SSL...

Close