ITS IA Notice: OpenSSL

02/14/2023

This message is intended for U-M IT staff who are responsible for updating university systems. OpenSSL discovered eight security flaws, seven of which are memory-related. A timing bug and seven memory vulnerabilities were discovered.

  • When certificate revocation list (CRL) checking is enabled, the timing vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and certificate revocation list (CRL), neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to affect only applications which have implemented their own functionality for retrieving CRLs over a network.

  • Memory bugs of this type are prone to denial-of-service (DoS) attacks, where a cybercriminal deliberately provokes the vulnerability to force the program to crash, possibly over and over again. This sort of bug generally doesn’t corrupt anything, but what an attacker gets is the ability to view what might include decrypted information that they’re not supposed to see, or cryptographic material, such as passwords or private keys. 

AFFECTED VERSIONS:

  • OpenSSL versions 3.0.0 to 3.0.7

  • OpenSSL versions 1.1.1 and 1.0.2

ACTION ITEMS: Upgrade today:

  • OpenSSL 3.0 users should upgrade to OpenSSL 3.0.8. 

  • OpenSSL 1.1.1 users should upgrade to OpenSSL 1.1.1t.

  • OpenSSL 1.0.2 users should upgrade to OpenSSL 1.0.2zg (premium support customers only).

Note: Some apps may even include two different versions of OpenSSL, both of which will need patching.

THREATS: High to moderate threat of exploitation. 

TECHNICAL DETAILS: One timing related bug found: CVE-2022-4304: Timing Oracle in RSA Decryption. 

The seven memory-related bugs are:

  • CVE-2023-0286: X.400 address type confusion in X.509 GeneralName. High severity; bug affects all versions (3.0, 1.1.1 and 1.0.2).

  • CVE-2023-0215: Use-after-free following BIO_new_NDEF. Moderate severity; bug affects all versions (3.0, 1.1.1, 1.0.2).

  • CVE-2022-4450: Double free after calling PEM_read_bio_ex. Moderate severity; bug affects versions 3.0 and 1.1.1 only.

  • CVE-2022-4203: X.509 Name Constraints read buffer overflow. Moderate severity; bug affects version 3.0 only.

  • CVE-2023-0216: Invalid pointer dereference in d2i_PKCS7 functions. Moderate severity; bug affects version 3.0 only.

  • CVE-2023-0217: NULL dereference validating DSA public key. Moderate severity; bug affects version 3.0 only.

  • CVE-2023-0401: NULL dereference during PKCS7 data verification. Moderate severity; bug affects version 3.0 only.

HOW WE PROTECT U-M:ITS provides CrowdStrike Falcon to units, which should be installed on all U-M owned systems (Windows, macOS, and Linux operating systems, whether workstations or servers). Falcon administrators in ITS and in U-M units use the Falcon console to investigate and remediate issues.

QUESTIONS, CONCERNS, REPORTS: Please contact ITS Information Assurance through the ITS Service Center.

Sincerely,

ITS Information Assurance

REFERENCES: