OpenSSL vulnerability details
When the conditions are met, the vulnerability can be exploited. First, the vulnerability exists in OpenSSL v1.0.2. Applications that depend on it must be based on the use of digital signature algorithm to generate a temporary key DH key exchange. By default, the class server will reuse the same DH private key, which will make it more vulnerable to attack key cover. DSA-based DH (Diffie Hellman) configuration (depending on the static DH cipher suites), also be affected.
Fortunately, many mainstream applications based on OpenSSL + DSA configuration is not the DH. Such as Apache server, turned SSL_OP_SINGLE_DH_USE option, which will use a different private key. Derived by the OpenSSL extending BoringSSL code base, in a few months ago to abandon support for SSL_OP_SINGLE_DH_USE. And LibreSSL earlier this week also has the option deprecated. However, the use of a static cipher suite, these applications and libraries are still vulnerable.
When the other additional conditions are met, a hacker can send a large number of handshake request packets to a vulnerable server or PC. Were calculated enough, hackers will get part of the key values. Finally, Chinese remainder theorem, it is possible to derive the complete decryption key. No. This vulnerability CVE-2016-0701, Adobe Systems researcher Antonio Sanso on Wednesday released a blog post, which stresses the relevant content and details of the report to the official. In addition, OpenSSL official warning, this solution may affect machine performance.
OpenSSL fix the vulnerability surprising speed, Sanso is the official report of January 12 the vulnerability, which means that the official restoration, distribute only took more than two weeks. Interestingly, when the researchers reported vulnerabilities, the resolve DH key reuse fixes were updated. But officials have not yet released the new version, they completed part by a patch repair.
Remember what Logjam
Thursday's release also includes an HTTPS-crippling flaw for a solution, this is called the first time disclosed vulnerabilities Logjam in May last year, affect thousands of servers. It allows hackers to downgrade DH encrypted connection, use the more fragile 512-bit key. Here, the hacker can use precalculated data to infer the key communication between the two sides.
If the DH parameters, OpenSSL will refuse to fewer than 1,024 key communications, after a patch has been added OpenSSL limit of 768.
Note that using OpenSSL v1.0.2 should upgrade to 1.0.2f, and should be installed with version 1.0.1 1.0.1r. Thursday's announcement OpenSSL alert the user, their support for 1.0.1 will end at the end of this year follow-up there will be no security patches. And 0.9.8 and 1.0.0 support ended in December.
没有评论:
发表评论