At first glance, you might not think that the latest set of OpenSSL security patches are that important. Sure, there's a dozen of them and two are serious, but are they really that bad? Yes, actually they're not just bad, they're awful.
True, some operating systems, such as Red Hat Linux Enterprise (RHEL), aren't greatly impacted by these latest problems. But if you're using any operating system that uses OpenSSL 1.0.2 or OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8, it's another story.
In the case of OpenSSL 1.0.2, the first problem child is "ClientHello sigalgs DoS (CVE-2015-0291)." With this bug a client, while looking as if it were trying to negotiate a Transport Layer Security (TLS) or Secure Sockets Layer (SSL) connection, can actually provoke a NULL pointer result. As anyone who's ever done much programing can guess that NULL pointer can, in turn, be used to knock the target program off the server. Typically this would be used as a Denial of Service (DoS) attack on a Web server.
No hackers have exploited this hole... yet. At least one researcher, David Ramos has reported that, "I have [a] working exploit for upcoming CVE-2015-0291 1.0.2 server DoS. As far as I know not active in wild."
Give it time. It will be used against servers soon enough.
Several other problems have also been fixed which can lead to DoS attacks. True, it's hard to make such attacks against these secuirty holes, but so what? Crackers love nothing more than to work on difficult problems. To avoid being their latest plaything, no matter what version of OpenSSL you're using, patch it now.
The other serious bug, "RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204)," is just as ugly and more insidious. This one builds on top of the FREAK/SMACK OpenSSL security hole.
FREAK caused many web servers to call on lower, crackable, export cryptographic codes that dated back to the 1990s. Once a FREAK attack got a vulnerable web server to handshake with a breakable cypher, it was just a matter of cracking the code and the server's "secure" communications were open for a hacker's reading pleasure. Typically, such attacks were made with a Man-in-the-Middle (MitM) attack.
But the FREAK security holes were patched, right? Well, yes, but it turns out that, as the OpenSSL developers put it, while they "originally thought that server RSA export ciphersuite support was rare: A client was only vulnerable to a MITM attack against a server which supports an RSA export ciphersuite. Recent studies have shown that RSA export ciphersuites support is far more common."
Far, far more common, I might add.
In other words, if you're using any of the below, you should upgrade immediately.
- OpenSSL 1.0.1 users should upgrade to 1.0.1k.
- OpenSSL 1.0.0 users should upgrade to 1.0.0p.
- OpenSSL 0.9.8 users should upgrade to 0.9.8zd.
Just because you're not using OpenSSL doesn't meant that the old RSA export, which had been hiding in our code for almost 15 years still can't get you. Some Android apps are still open to FREAK attacks. If you're running Windows Internet Information Server (IIS), you must implement the March 10th Windows patches. Apple and Cisco users must also patch against FREAK problems.
The NCC Group and the Linux Foundation's Core Infrastructure Initiative (CII) are all working on improving OpenSSL's security. But as this latest OpenSSL patch points out, FREAK has turned out to be far more than just an OpenSSL problem. Regardless of what web server or operating system you're using, you must make certain your systems are protected against FREAK.
It hasn't gone away. It's still just hiding in old code.