Serious new flaws discovered in OpenSSL

Researchers have discovered new flaws in the popular open source OpenSSL cryptographic library, at least two of which are considered to be serious.

A security advisory from OpenSSL describes the flaw as:

"An attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. This can be exploited by a Man-in-the-middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server."

Masahi Kikuchi of Japanese software company Lepidum discovered the bug, and said it has existed since the first release of OpenSSL.

Kikuchi believes the reason the bug hasn't been discovered over the past 16 years is insufficient code reviews, especially by experts with Transport Layer Security/Secure Sockets Layer (TLS/SSL) implementation experience.

He also believes the SSL protocol version 3.0 specification document could be clearer on how to implement the ChangeCipherSpec content type, so as to verify certain conditions before it is secure to accept it during a handshake or connection negotiation between client and server.

OpenSSL is used in millions of servers around the world to authenticate and secure communications.

In the wake of the severe Heartbleed security hole that left systems open to undetectable attacks,  the OpenSSL project has received funding and support from the Linux Foundation’s Core Infrastructure Initiative in an effort to tighten security reviews.

Another OpenSSL flaw affecting the handling of Datagram Transport Layer Security (DTLS) fragments means it's possible to send a single specially crafted User Datagram Protocol (UDP) packet, causing application crashes and a denial of service, writes HP security researcher Brian Gorenc.

Gorenc said a more serious attack is possible, and that it is also theoretically possible to inject malicious code, and possibly execute it with the privileges of the process that is running and using OpenSSL.

The code in question was committed to OpenSSL by Robin Seggelman, the same person who introduced the recent massive Heartbleed vulnerability, Gorenc notes.

"Seggelmann is not completely to blame, of course. OpenSSL is an open source project. The ‘many eyes’ that look at this code failed to catch this bug, but a new breed of individuals are looking at this code…especially at Seggelmann’s code. This code is now known for having vulnerabilities. There is blood in the water," Gorenc said.

Three other bugs that could be used in denial of service attacks against applications using OpenSSL are also fixed with the latest set of patches.

OpenSSL suggests that users of its software upgrade it according to the guide below:

• OpenSSL 0.9.8 users should upgrade to 0.9.8za
• OpenSSL 1.0.0 users should upgrade to 1.0.0m
• OpenSSL 1.0.1 users should upgrade to 1.0.1h

Google, which uses OpenSSL in some of its applications, has already released a new version of the Chrome web browser for Android, and will make it available in its Play app store over the next few days.