OpenSSL Patches Critical Certificate Forgery Bug

msm1267 writes: The mystery OpenSSL patch released today addresses a critical certificate validation issue where anyone with an untrusted TLS certificate can become a Certificate Authority. While serious, the good news according to the OpenSSL Project is that few downstream organizations have deployed the June update where the bug was introduced. From the linked piece: The vulnerability allows an attacker with an untrusted TLS certificate to be treated as a certificate authority and spoof another website. Attackers can use this scenario to redirect traffic, set up man-in-the-middle attacks, phishing schemes and anything else that compromises supposedly encrypted traffic. [Rich Salz, one of the developers] said there are no reports of public exploits.

Trusted certificate owners

[psergiu]

So i understand from this that o don't need to rush & patch my web servers who all have Trusted certs.
Right ?

Re:

[Lunix Nutcase]

Did you install the version of OpenSSL that introduced the bug?

Re:

[XanC]

Does 1.0.1e-2+deb7u16 qualify?

Re:

[Anonymous Coward]

No, that was released 19th of March.
The June update is 1.0.1e-2+deb7u17

Re:Trusted certificate owners

[petermgreen]

Debian claims that their patched versions of openssl for squeeze/wheezy/jessie are not affected by this issue.

Re:

[Iarwain Ben-adar]

Reference please!

Re:

[kthreadd]

Unless you're running on sid you're fine: https://security-tracker.debia... [debian.org]

According to that page testing (stretch) is also vulnerable, and a few people might actually use that.

Re:

[antdude]

If true, that explains why the lack of updated OpenSSL packages on my oldstable Debian.

Re:

[psergiu]

Latest one i have in production is 1.0.1m - the release before the LogJam fix in 1.0.1n that introduced this bug.

Re:

[Qzukk]

It sounds like if you are not verifying certificates then it's not critical, but if you've got client certificates to identify/authenticate users you need to update.

If you're running any kind of client connection (for instance, consuming a https webservice) then you'll need to update (unless they're using gnutls or nss instead of openssl)

LibreSSL and BoringSSL?

[tepples]

If you're running any kind of client connection (for instance, consuming a https webservice) then you'll need to update (unless they're using gnutls or nss instead of openssl)

Are LibreSSL and BoringSSL also affected? The article mentions that a BoringSSL contributor found the problem, but it doesn't say one way or the other whether this misbehavior made it into any releases of BoringSSL or any other OpenSSL fork.

Re:

[QuietLagoon]

According to a posting on the OpenBSD tech mailing list, LibreSSL is not affected.

.
http://marc.info/?l=openbsd-te... [marc.info]

We have received several emails asking if we are impacted by the latest CVE-2015-1793. We are not impacted. The code related to that CVE was added after we forked 1.0.1g and we did not merge these changes from upstream. This CVE only concerns newer OpenSSL releases.

Re:

[kthreadd]

So i understand from this that o don't need to rush & patch my web servers who all have Trusted certs. Right ?

You may want to rush if your web server validates client certificates? That is, does any of your users have to present a certificate to the web server instead of just the opposite way around?

Re:

[petermgreen]

AIUI this is mostly a client issue, servers do not normally validate certs presented to them (client certs do exist but they are rarely used and even where they are used afaict it'susually with a "known cert for each user" model rather than a CA based model).

Compromise Window

[xdor]

Apparently the NSA/FBI needed collect someone's encrypted data in the last year. Now that they have what they want, they are sewing it back up again.

Though with the NSA's purported computing capability and back doors it doesn't seem like they would need this -- unless some lesser player on the intelligence field got this in -- but then I'm positing corroboration with the OpenSSL folks, so it seems like only a government would be capable of coercing this kind of flaw. But with the underhanded C contest, ma

Re:

[fustakrakich]

There are too many secrets in the system to trust anyone. Wipe the word from your memories. It's over, Johnny.

Re:Too Many Secrets

[sconeu]

That's why I get my crypto from SETEC Astronomy

Re:

[Last Warrior]

too many secrets

ill have some of that world peace about now.

Bugs are like cockroaches

[fustakrakich]

For every one you see, there are tens of thousands more under the cabinet. Outside single user mode this whole certificate thing is not trustworthy in any sense...

SubjectsInCommentsAreStupid

[lesincompetent]

Don't wanna sound like a witch hunter here but why don't we start checking who and when introduced critical bugs like these?
Background checks and all...

Re:

[fisted]

Yes well why don't you start checking then?

Re:

[lesincompetent]

I did mr. smartass, turns out the reviewer is the same guy who reviewed the heardbleed 'patch' too.

Re:

[fisted]

mr. smartass

Where did that come from?

turns out the reviewer is the same guy who reviewed the heardbleed 'patch' too.

And who introduced the problems (rather than reviewing the fixes)?

Re:

[lesincompetent]

Can't be arsed to check again. They're both equally culpable in my view though.

Re:

[fisted]

Okay, so you're an idiot. Thanks for clearing that up beyond doubt.

WTF is a "TLS certificate"?

[xxxJonBoyxxx]

Hey editors - did you mean an "X.509 certificate?"

X.509 cert with hostname as common name

[tepples]

A TLS certificate is an X.509 certificate whose common name identifies a hostname in the manner specified by TLS. All TLS certificates are X.509 certificates, but not all X.509 certificates are TLS certificates because not every X.509 certificate's common name identifies a hostname.

Re:

[madbrain]

Also, SSL/TLS certificates are X.509 certificates with the proper key usage / extended key usage.

How the bug was introduced

[bitwise counselor]

This bug was introduced recently in https://github.com/openssl/ope... [github.com] to add support for "In certain situations the server provided certificate chain may no longer be valid" This bug doesn't affect libressl, boringssl, or vigortls.

Re:

[Slayer]

AFAIK Stephen Henson was the guy who also approved the patch that ultimately led to the heart bleed exploit. Call me paranoid all you want, but I'm getting nervous about OpenSSL at this point.

Thats one way of looking at it

[coop247]

the good news according to the OpenSSL Project is that few downstream organizations have deployed the June update where the bug was introduced

Good news everybody, people aren't installing our broken and insecure updates!

Re:

[rubycodez]

OpenSSL problems are due to proprietary company controlling the project for certain proprietary interests.

Why don't we call you a CorporateSlaveTard?

Re:

[rubycodez]

No, anyone can submit a contribution which may or may not get accepted by those controlling the project. Your understanding is so flawed

Fund LibreSSL, not OpenSSL

[RR]

Theo de Raadt: [theregister.co.uk]

OpenSSL is not developed by a responsible team.

Understatement.

RHEL/CentOS/etc not vulnerable

[whitroth]

There was an announcement by RH in response to this, noting that the vulnerabilities were included in a recent release by openSSL, and that they had not gone into RHEL updates, so RHEL is not vulnerable, nor are it's children, like CentOS.

                mark