[svlug] OpenSSL bug strikes back

[Rick Moen]

Remember back in April, when a large portion of the Internet was
suddenly exposed to a grave bug ('Heartbleed') in the OpenSSL crypto
libraries?  Back then, it turned out upon examination that most systems
using OpenSSL ducked the bullet because only the very most recent
OpenSSL releases (1.0.1 through 1.0.1f) included the buggy and mostly
pointless feature.

Well, it's a new day, and an... old bug has been discovered.  That is, 
a very grave coding error (CVE-2014-0224) has been discovered that's
been present in -every- release of OpenSSL since the very beginning -
all 16 years of releases.

Thursday, a coder named Masashi Kikuchi was working on a project to
write his own SSL/TLS code, and one of the uncertain parts was a
protocol spec called ChangeCipherSpec (CCS), whereby an SSL or TLS
client and server can, at specified times and carefully controlled ways,
negotiate change from one cipher suite to another.

So, Masashi studied the way OpenSSL implemented CCS - and quickly
noticed that OpenSSL does it wrong.  OpenSSL doesn't merely accept CCS
requests at the specified times and carefully controlled ways, but also
at pretty much any time and any manner - with the consquence that
attackers can exploit this nonstandard behaviour so that they can
decrypt and/or modify data in the communication channel.

Which OpenSSL versions, you ask?  As I mentioned above, all of them.
Every single release of OpenSSL over the past 16 years has had
exploitably buggy CCS.


Reemmber how many sites were quietly relieved that the Heartbleed bug
didn't affect SSH, only SSL-wrapped HTTP?  No such luck, this time.  I
see offhand no reason why this bug cannot also be used to attack
OpenSSH.  (I could be wrong.)

Both server-side and client-side uses of OpenSSL are threatened by this
bug.


The major distros have rushed out new packages already.  You know what
to do!