OpenSSL Version Rollback and Weak Cryptographic Algorithm Vulnerabilities

2005-10-12T15:54:57
ID CISCO-SA-20051012-CVE-2005-2969
Type cisco
Reporter Cisco
Modified 2015-01-31T09:00:00

Description

OpenSSL contains vulnerabilities that could allow an unauthenticated, remote attacker to bypass security restrictions.

The first vulnerability (CVE-2005-2969) affects any application using a SL/TLS server implementation provided by OpenSSL versions 0.9.7g and prior. If these implementations have options designed to mitigate third party bugs enabled, a remote attacker conducting a man-in-the-middle attack could force connections between the hosts to use the 2.0 version of the SSL protocol. A known cryptographic weaknesses exists in the SSL 2.0 protocol.

The second vulnerability (CVE-2005-2946) exists in the default configuration of OpenSSL versions prior to 0.9.8a. This configuration creates message digests using MD5. Weaknesses in the cryptographic algorithm could allow a remote attacker to forge certificates with valid certificate authority signatures.

OpenSSL confirmed this vulnerability in a security advisory and released updates.

Attackers are unlikely to exploit these vulnerabilities due to the man-in-the-middle attack vector. Such attacks are very difficult to perform due to the requirement of intercepting and modifying traffic between two hosts in real time. Man-in-the-middle attack are typically only useable by an attacker with physical access to the devices or connections between a customer and service provider.

There have been a number of demonstrations recently of weaknesses in the MD5 algorithm. While MD5 is technically broken, it is not insecure. It is unlikely that an attacker could successfully create an MD5 collision for use in signing a fake certificate.

Administrators should not take particular concern with either of these issues. Administrators may consider waiting to update productions systems until full testing of the updated version is complete. If concern of these issues does arise, administrators may consider removing the IE 3.x compatibility flag.