OpenSSL Flaw Weakens Secure Web Connections

Severity: Medium

11 October, 2005

Summary:

 This makes it easier for the attacker to decrypt and intercept sensitive SSL transactions. If you use OpenSSL to secure your e-commerce Web servers, you should upgrade to OpenSSL 0.9.7h or 0.9.8a at your earliest convenience.

Exposure:

OpenSSL is a free, open-source toolkit that implements the Secure Socket Layer (SSL) and Transport Layer Security (TLS) protocols, and offers a full cryptographic library. Web administrators can use OpenSSL in conjunction with a Web server to create secure e-commerce pages that protect sensitive customer information, such as credit card numbers, as the data passes over the Internet.

The OpenSSL team's advisory describes a new security vulnerability affecting all versions of OpenSSL earlier than 0.9.7h and 0.9.8a. OpenSSH's default SSL/TLS server implementation enables an option (SSL_OP_MSIE_SSLV2_RSA_PADDING) intended to provide better interoperability with third-party SSL clients. Unfortunately, enabling this option also disables a security feature. When the security feature is disabled, an attacker can force your SSL clients to negotiate a weaker SSL v2.0 connection with your server, rather than a stronger SSL v3.0 connection. SSL v2.0 suffers from security flaws that make it easier for attackers to decrypt and read your sensitive SSL-secured, Web transactions.

Fortunately, an attacker must first execute a successful Man-in-the-Middle (MitM) attack before she can exploit this OpenSSL weakness. This means the attacker must find some means to intercept and redirect all traffic between your SSL server and an intended victim. In most cases, this requires the attacker to gain root access to your gateway router; a very difficult task. This one mitigating factor significantly reduces the "real-world" risk this OpenSSL flaw poses. Nonetheless, you should update OpenSSH at your earliest convenience.

Solution Path:

The OpenSSL team has released new versions that fix this issue. Depending on the OpenSSL branch you use, upgrade either to 0.9.7h or 0.9.8a at your earliest convenience.

Upgrading packages such as OpenSSL often involves recompiling all applications that statically map to the OpenSSL libraries; therefore, you might find it easier to contact your Linux distributor directly and ask if new OpenSSL packages are available for your specific distribution of Linux or Unix.