current-users: Re: what is the threat of the openssl advisory?

Subject: Re: what is the threat of the openssl advisory?
To: None <current-users@netbsd.org>
From: George Georgalis <george@galis.org>
List: current-users
Date: 09/29/2006 12:10:48
On Fri, Sep 29, 2006 at 08:50:29AM -0400, Jeff Quast wrote:
>On 9/28/06, George Georgalis <george@galis.org> wrote:
>> There was an openssl advisory today
>>
>> http://www.openssl.org/news/secadv_20060928.txt
>> http://security.freebsd.org/advisories/FreeBSD-SA-06:23.openssl.asc
>>
>> my primary concern is
>>
>>  A buffer overflow was discovered in the SSL_get_shared_ciphers()
>>  utility function.  An attacker could send a list of ciphers to an
>>  application that uses this function and overrun a buffer
>>  (CVE-2006-3738).
>>
>> there is no comment on if an exploit is known to exist or how
>> difficult (or easy) it would be to create one based on the patch.
>> http://security.freebsd.org/patches/SA-06:23/
>>
>> In fact the netbsd openssl looks pretty different than freebsd
>> in the context of applying the patch. Can we determine a level
>> of risk?  Are all ssl, openvpn, ssh, https, etc servers needing
>> access restricted to friendly IPs or is the threat just one bit
>> inside "astronomically possible?" -- I cannot tell.
>>
>> // George
>
>For OpenSSH, to cite
>http://www.undeadly.org/cgi?action=article&sid=20060928025817&mode=expanded
>
>> Re: OpenSSH 4.4 released (mod 10/10)
>> by djm@ (IP 206.59.235.113) on Thu Sep 28 05:17:36 2006 (GMT)
>> > It is my understanding that OpenSSH relies on OpenSSL,
>> > but can we really trust OpenSSL? [etc...]
>>
>> OpenSSH doesn't trust OpenSSL for anything more than cryptographic
>> primitives. In particular, it avoids its default RSA signature verification
>> code that depends on the OpenSSL ASN.1 code - we use our own
>> minimal implementation instead (ssh-rsa.c).
>>
>> IIRC this has saved us from at least two bugs so far: an ASN.1 bug a
>> while ago and the new Bleichenbacher attack.
>>
>> Thanks Markus Friedl for this code :)
>
>of course, you should always review code yourself if this is such a
>serious issue. System administrators should be proficient in C for
>this very reason (and why I think recent 'network security' roles
>coming into corperations are full of smoke)


Thanks, I didn't realize openssh didn't depend on openssl for
this. (but aparently RedHat thinks it does)

Nobody seems concerned apache-ssl and openvpn servers are
vulnerable to "SSL_get_shared_ciphers() buffer overflow
(CVE-2006-3738)" though.
http://www.frsirt.com/english/CVE-2006-3738.php

What the function does:
http://www.mail-archive.com/openssl-dev@openssl.org/msg17001.html

It is not clear to me if this is a server issue at all,
or only a client issue (eg firefox or other applications
that use ssl, https etc). seems the latter. Anyway the
ASN.1/Bleichenbacher issue is not the CVE-2006-3738 issue I'm
concerned with. Though it seems a client not a server issue.
http://www.frsirt.com/english/CVE-2006-3738.php

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-3738
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738

Agree?

// George


-- 
George Georgalis, systems architect, administrator <IXOYE><