Four buffer-overflow vulnerabilities have been found in OpenSSL that could allow an attacker to gain remote control of a system. Experts urge users to upgrade or patch immediately.
OpenSSL is an open-source application that provides the SSL (Secure Sockets Layer) and TLS (Transport Layer Security) protocols to clients and servers, in many cases to support secured HTTP connections. It is also used with secure versions of other protocols such as POP and IMAP.
SSL was developed by Netscape, but became the de facto standard for secured Web transmissions. TLS is the successor to the SSL. OpenSSL can also function as a cryptography library.
In addition to the remotely exploitable buffer overflows, there are encoding problems in the ASN.1 library that OpenSSL uses, CERT said in an advisory.
At worse, a few of the vulnerabilities could allow a remote attacker to run code on an vulnerable system. All of the flaws could be used to create denial-of-service conditions, CERT said.
Affected versions for clients and servers include OpenSSL 0.9.6d or earlier and 0.9.7beta2 or earlier, according to an OpenSSL Project advisory. Affected users should patch OpenSSL 0.9.6d or upgrade to OpenSSL 0.9.6e. A patch for 0.9.7 is also available.
"They are, as far as I'm aware, the most serious problems OpenSSL has ever had," said Ben Laurie, technical director at U.K.-based A.L. Digital Ltd and a member of the OpenSSL core and development teams. Laurie wrote the advisory and patch for the flaws.
The vulnerabilities are buffer overflows but they are harder to exploit as they involve buffers on the heap, Laurie said. "Of course, as always, it only takes one technically savvy person to write the exploit, which can then be employed by script kiddies the world over," he said.
There is only one known exploit of the vulnerabilities. Network and security consulting company Neohapsis has exploited one internally but has not released the exploit code, the OpenSSL Project said.
Here is a list of the specific vulnerabilities from the OpenSSL Project advisory:
- A buffer overflow could occur on OpenSSL servers during the SSLv2 handshake process. This affects servers using 0.9.7-beta2 and versions prior to 0.9.6e. In essence, an attacker can exploit the vulnerability by using a malformed key during the handshake process with an affected SSL server.
- A buffer overflow could occur on OpenSSL clients during the SSLv3 handshake process. This affects servers running 0.9.7-beta2 and versions prior to 0.9.6e. An attacker using a server could exploit the flaw by sending a large session ID to the client.
- OpenSSL servers using Kerberos also contain a buffer overflow that can be exploited during the SSLv3 handshake process. This issue only affects OpenSSL pre-release 0.9.7 on servers running Kerberos. The flaw can be exploited by an attacker when a special key is sent during the SSLv3 handshake process.
- There are also multiple buffer overflows in how OpenSSL hold ASCII integers. This affects OpenSSL servers and clients pre-release 0.9.7-beta2 and before version 0.9.6e.
- Additionally, the ASN.1 library contains encoding errors that could allow it to parse malformed certificates. Such action could allow denial of service attacks.
Laurie isn't worried about the vulnerabilities affecting how people regard OpenSSL. "I don't believe that responsible handling of vulnerabilities ever tarnishes the image of a product," he said.
"What causes the damage is failure to address vulnerabilities when found, and the consistent introduction of new ones."