[vox] [Fwd: Vulnerability in OpenSSL]

ME vox@lists.lugod.org
Fri, 14 Mar 2003 13:41:13 -0800 (PST)


According to the posted followup paper (link to the paper), the latest
verison of OpenSSL does support methods to avoid many of the risks
associated with timing based attacks, *but* mod_ssl, stunnel, bind, etc.
do not utilize this new feature of OpenSSL - suggesting that even though
OpenSSL may be patched, those apps that compile against/link with OpenSSL
may not be insulated from timing based attacks.

The paper goes on to ref testing against OpenSSL 0.9.7 and a later 0.9.6
("g" I think, but can't recall since I am on 0.9.7a.)

-ME

Mike Simons said:

> On Fri, Mar 14, 2003 at 10:58:59AM -0800, ME wrote:
>> An item that may have implications for other packages that compile
>> against
>> OpenSSL that include mod_ssl, openssh, and if you specified it in a bind
>> install (or your package was so configured) BIND too.
> [...]
>> If this attack is addressed, then expect many new packages and package
>> upgrades for your boxes from your Linux vendor for several packages
>> related to encryption.
>
>   There area patched ssl that went into Debian Feb 21... which fixes
> timing-based attacks.
>
> ====
> openssl (0.9.6c-2.woody.2) stable-security; urgency=high
>
>   * Non-maintainer upload by the Security Team
>   * Applied patch to fix vulnerability to timing-based attacks
>     (see CAN-2003-0078)
>   * Applied preventative measure patch by Richard Levitte
>     <levitte@openssl.org>
>
>  -- Martin Schulze <joey@infodrom.org>  Fri, 21 Feb 2003 16:34:17 +0100
> ====
>
>   The people given credit for the paper leading to the patch are not
> the people in your report...
>
> http://lists.debian.org/debian-security-announce/debian-security-announce-2003/msg00035.html
> ===
> A vulnerability has been discovered in OpenSSL, a Secure Socket Layer
> (SSL) implementation.  In an upcoming paper, Brice Canvel (EPFL),
> Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and Martin Vuagnoux (EPFL,
> Ilion) describe and demonstrate a timing-based attack on CBC cipher
> suites used in SSL and TLS.  OpenSSL has been found to vulnerable to
> this attack.
> ===
>
>   David Brumley, doesn't report which version of ssl he was using in
> his tests... so it's hard to tell if these two things are the same
> issue or not.
>
> - is there any indication on your list if this problem has already
>   been fixed?
>
>> -------- Original Message --------
>> Subject: Vulnerability in OpenSSL
>> From: David Brumley <dbrumley@stanford.edu>
>> Date: Thu, March 13, 2003 3:59 pm
>> To: bugtraq@securityfocus.com
>>
>> Dan Boneh and I have been researching timing attacks against software
> [...]
>> To our knowledge, OpenSSL and derived crypto libraries are vulnerable.
> [...]
>> The results indicate that all crypto implementations should defend
>> against timing attacks.
> [...]
>> http://crypto.stanford.edu/~dabo/abstracts/ssl-timing.html
> [...]
>> -David Brumley
> _______________________________________________
> vox mailing list
> vox@lists.lugod.org
> http://lists.lugod.org/mailman/listinfo/vox
>
>