Investigation of the Heartbleed vulnerability in some versions of OpenSSL has led to the discovery of six more...
vulnerabilities in the open source encryption software.
Ivan Ristic, director of Qualys SSL Labs, said the vulnerabilities are serious, but will have far less impact than Heartbleed.
The vulnerabilities could allow a range of malicious activity, including denial of service, information disclosure and potential remote code execution.
Security experts agree that the most serious of the new flaws is CVE-2014-0224, which can be exploited by a man-in-the-middle (MITM) attack in which the attacker can decrypt and modify traffic from the attacked client and server.
All versions of OpenSSL acting as a client are vulnerable, but the flaw relies on both the client and the server running vulnerable versions of OpenSSL and the server version being 1.01 or higher, to be exploited.
This is good news, said Chester Wisniewski, senior security adviser at Sophos, Canada, because the most common use of SSL/TLS on the web is the web browser.
“None of the most popular browsers (Firefox, Chrome and Internet Explorer) use OpenSSL for their cryptographic functions, leaving them unscathed,” he wrote in a blog post.
Ristic said that although there are situations where OpenSSL talks to OpenSSL, the conditions for exploitation are fairly hard to find.
Vulnerable situations include commandline tools, server-to-server communication, and in Android browsers (Chrome and native) which use OpenSSL.
Wisniewski said another bit of good news is that to perform a MITM attack, “the aggressor must be between you and the server you are communicating with”.
This means people will be most vulnerable when using unencrypted public Wi-Fi, but Wisniewski said this is another reason always to use a VPN or not trust open Wi-Fi hotspots for important communications.
Read more on OpenSSL
But Ristic warned that as better tools are developed, automation might enable easy mass-exploitation on Wi-Fi networks and similar environments.
“For example, password and session identifier harvesting from popular websites could be easily automated in this scenario,” he said.
The second most critical flaw is CVE-2014-0195, which is described as “a buffer overrun attack that can be triggered by sending invalid DTLS [Datagram Transport Layer Security] fragments to an OpenSSL DTLS client or server”.
According to the advisory, this flaw is potentially exploitable to run arbitrary code on a vulnerable client or server.
Again, there is both good and bad news, said Wisniewski. The bad news is that it can result in remote code execution, but the good news is that DTLS is not widely deployed.
Wisniewski said DTLS is used by some VPN and VoIP solutions, but has limited deployment.
“There are a whole lot of applications using OpenSSL, as we learned from Heartbleed, so it is still a big deal,” he said. “Many of them are particularly sensitive to privacy issues, like the Tor project.”
According to Wisniewski, businesses should patch “early and often” and should expect updates for many applications on computer and Android smartphones in the next few weeks.
Updates for Linux and Unix servers or workstations should already be available from the OS distributors, which should be applied immediately and affected services restarted, he said.
Ristic said all OpenSSL users should update to the latest version, and “prepare for frequent updates in OpenSSL’s future as these are not the last bugs that will be found in this software package”.
Unlike Heartbleed, said Ristic, all versions of OpenSSL are affected – 1.0.1, 1.0.0 and 0.9.8 – and so even the laggards that were not affected by Heartbleed need to update this time.
But Dawn Smeaton, director of web application security at Trend Micro, said many websites remain vulnerable to exploitation of the Heartbleed flaw.
“Despite the publicity around Heartbleed, many organisations have still not done everything necessary to protect them from attacks using this vulnerability,” she told the annual Directions London 2014 conference.
Smeaton said that for organisations to be protected, they need to follow through the whole process of updating to the latest version of OpenSSL, revoking compromised cryptographic keys, reissuing X.509 certificates with new keys, applying fixes for all affected software and appliances, and advising users to change their passwords once the vulnerability is patched.