OpenSSL CVE-2 0 1 6-0 8 0 0 and CVE-2 0 1 6-0 7 0 3 bug fixes the details of pick-up fun-vulnerability warning-the black bar safety net

ID MYHACK58:62201672154
Type myhack58
Reporter 佚名
Modified 2016-03-03T00:00:00


1. Primer Have been recently and 3 6 0 Nirvan Team DQ430 happy to participate in a encryption vendors of the annual General meeting, the results of openssl is also out of touch lively, maybe really in order to DH brother sent the gift, bitter us these security operations. Thanks to Shawn for pointing! hf! 2. Details 3 6 0 including a portion of the information security practice of course, the“3 6 0 Information Security Department”progressively adhering to best security practices in the https and other ssl fields gradually made significant changes. Such as important system to prohibit unsafe cipher Suite to use, to reduce the ssl's attack surface. We in today's internal transport repair complex were found interesting or that try to, we want to determine the prohibition of insecure cipher Suite will be on the Today of two high-risk vulnerabilities. CVE-2 0 1 6-0800CVE-2 0 1 6-0 7 0 3 0 8 0 0 vulnerability official has describes if it is a cipher none can be guaranteed to be not affected, or say that this is one of the mitigation measures. However 0 7 0 3 is not the same, we spent a few hours trying to prove that if ciphernone words does is also not affected. 0 7 0 3 process is roughly as follows: client: send hello msg ( including ciphers, and a random number cr ) server: send hello msg, including ciphers, and a random number sr ) client: send masterkey msg specifies a cipher, and contains the masterkey part of the plaintext mkc and a portion of the ciphertext, mks, mkc length to 0 server: send verify msg client: send finish msg server: send finish msg This process since the client can specify the unsafe algorithm, RC4-MD5 SSLv2 Kx=RSA(5 1 2) Au=RSA Enc=RC4(4 0) Mac=MD5 export cause that the ciphertext part of the only 40 client according to the cr, mk = mkc||mks, and received the verify msg, can be calculated server key server_key =MD5(mk||"0"||cr||sr) So we believe that the attacks of conditions still need similar RC4_128_WITH_MD5 kit. a, The key is the client specifies the export cipher, the resulting mks is only 5 bytes b, more than RC4_128_WITH_MD5 an export, by default, openssl is compiled out of a total of two exportcipher: the EXP-RC2-CBC-MD5 SSLv2Kx=RSA(5 1 2) Au=RSA Enc=RC2(4 0) Mac=MD5 export EXP-RC4-MD5 SSLv2 Kx=RSA(5 1 2) Au=RSA Enc=RC4(4 0) Mac=MD5 export c, The calculated server_key is the session key, the parties can each calculate the server_key = MD5(mk||"0"||cr||sr) client_key = MD5(mk||"1"||cr||sr) The“||”see RSA PKCS1#v1. 5) d, the server response to verify the msg in the great mystery, is the ultimate use of the key, with sslv2 standard about, stay tuned. 3. At the end Although able to show that“3 6 0 information security Department”a safe practice can effectively resist the CVE-2 0 1 6-0 7 0 3 attacks, but still want everyone to follow the official recommendation to upgrade the corresponding patch. gl! The following is our basic repair suggestions: Vulnerability ID: CVE-2 0 1 6-0 7 0 3 Vulnerability description: used OpenSSL and supported SSLv2 Protocol the server can accept the pointer to the length of the non-zero non-export key components of the SSLv2 connection handshake, an attacker may use this flaw to decrypt the already established encrypted session. Vulnerability rating: high Vulnerability ID: CVE-2 0 1 6-0 8 0 0 Vulnerability Description: The SSLv2 Protocol in the presence of a filled content of the defect, an attacker could use this flaw to decrypt using the new version of the SSL/TLS Protocol session by the RSA algorithm to encrypt the content. By this use, can be caused by DROWN attacks(Decrypting RSA usingObsolete and Weakened eNcryption) Vulnerability rating: high Vulnerability details: address The services affected versions: Apache: non-2. 4. x version of Nginx: 0.7.64, a 0.8.18 and earlier versions of Postfix: earlier than 2. 9. 1 4、2.10.8、2.11.6、3.0.2 the version (in 2 0 1 5. 0 7. 2 0 before released)Openssl: 1.0.2 a, 1.0.1 m, 1.0.0 r, 0.9.8 zf and earlier versions Detection mode OpenSSL version detection: openssl version if the version is lower than the fixed version, please update the openssl For the web server: openssl s_client-connect test domain or IP:4 4 3-ssl2 For the SMTP server: openssl s_client-connect test domain or IP:2 5-starttls smtp-ssl2 If appear the following error message, then SSLv2 disabled: 4 1 9:error:1407F0E5:SSL routines:SSL2_WRITE:ssl handshake failure:s2_pkt. c:4 2 8: Repair steps (1). Upgrade the OpenSSL package CentOS, Redhat can use the following command to upgrade

yum clean#yum update openssl

The corresponding RPM package: CentOS5: openssl-0.9.8 e-3 9. el5_11 and openssl-devel-0.9.8 e-3 9. el5_11, the openssl-perl-0.9.8 e-3 9. el5_11CentOS6: openssl-1.0.1 e-4 2. el6_7. 4, the openssl-devel-1.0.1 e-4 2. el6_7. 4, the openssl-perl-1.0.1 e-4 2. el6_7. 4, the openssl-static-1.0.1 e-4 2. el6_7. 4CentOS7: openssl-1.0.1 e-5 1. el7_2. 4, the openssl-devel-1.0.1 e-5 1. el7_2. 4, the openssl-libs-1.0.1 e-5 1. el7_2. 4, the openssl-perl-1.0.1 e-5 1. el7_2. 4, the openssl-static-1.0.1 e-5 1. el7_2. 4

[1] [2] next