<email@example.com> Fri, Jun 6, 2014 at 2:38 AM
Remember back in April, when a large portion of the Internet was suddenly exposed to a grave bug (‘Heartbleed’) in the OpenSSL crypto libraries? Back then, it turned out upon examination that most systems using OpenSSL ducked the bullet because only the very most recent OpenSSL releases (1.0.1 through 1.0.1f) included the buggy and mostly pointless feature.
Well, it’s a new day, and an… old bug has been discovered. That is,
a very grave coding error (CVE-2014-0224) has been discovered that’s
been present in -every- release of OpenSSL since the very beginning –
all 16 years of releases.
Thursday, a coder named Masashi Kikuchi was working on a project to
write his own SSL/TLS code, and one of the uncertain parts was a
protocol spec called ChangeCipherSpec (CCS), whereby an SSL or TLS client and server can, at specified times and carefully controlled ways, negotiate change from one cipher suite to another.
So, Masashi studied the way OpenSSL implemented CCS – and quickly
noticed that OpenSSL does it wrong. OpenSSL doesn’t merely accept CCS
requests at the specified times and carefully controlled ways, but also
at pretty much any time and any manner – with the consquence that
attackers can exploit this nonstandard behaviour so that they can
decrypt and/or modify data in the communication channel.
Which OpenSSL versions, you ask? As I mentioned above, all of them.
Every single release of OpenSSL over the past 16 years has had
exploitably buggy CCS.
Reemmber how many sites were quietly relieved that the Heartbleed bug didn’t affect SSH, only SSL-wrapped HTTP? No such luck, this time. I see offhand no reason why this bug cannot also be used to attack
OpenSSH. (I could be wrong.)
Both server-side and client-side uses of OpenSSL are threatened by this bug.
The major distros have rushed out new packages already. You know what
svlug mailing list