OpenSSL OCSP status request extension there is a serious vulnerability-a vulnerability warning-the black bar safety net

2016-09-23T00:00:00
ID MYHACK58:62201679573
Type myhack58
Reporter 佚名
Modified 2016-09-23T00:00:00

Description

Overview OpenSSL OCSP status request extension there is a serious vulnerability, the vulnerability to make a malicious client can exhaust server memory. The use of the vulnerability, to make the default configuration of the server on each Protocol heavy commercial division with a period of OCSP ids memory, constantly repeated negotiation can make a server with unlimited RAM consumption, even if the server is not configured OCSP. Theoretically, an OCSP id up to 65,535 bytes, the attacker can continue weight manufacturers make the server every time the memory consumption is near 64K. But from the implementation in OpenSSL 1.0.2 version in the ClientHello length of a 16,384 byte limit, so each weight provider can only make server memory consumption to about 16K. But in the latest 1.1.0 version of the ClientHello length limit increased to 131,396 bytes, then to use the 1.1.0 version of the server, each time the reproduction of the Chamber of Commerce to make the memory consumption is near 64K. This vulnerability from the 360Gear Team of Benji (3 6 0 information security Department)in reading the OpenSSL source code when found. A vulnerability is discovered after reported to the OpenSSL official. Responses Upgrade to the latest version to avoid being attacked. No need to unregister the private key or certificate, the attacker cannot steal the private key. Patch address: https://www.openssl.org/source/ The problem An attacker can send a large number of OCSP status request extension causes the server to refuse service. How to use The attacker using TLS extensions "TLSEXT_TYPE_status_request", filled OCSP ids does not cross the retransmission request providers. The affected version Affected versions: OpenSSL 0.9.8 h through 0.9.8 v OpenSSL 1.0.1 through 1.0.1 t OpenSSL 1.0.2 through 1.0.1 h OpenSSL 1.1.0 Not affected version: OpenSSL 1.0.1 u OpenSSL 1.0.2 i OpenSSL 1.1.0 a Vulnerability hazard The attacker by constantly re-manufacturers, to send a large number of OCSP status request extension, causing the server memory to grow indefinitely, eventually causing the server to denial of service. The default OpenSSL configuration the server will be affected, even if it does not support OCSP, unless at compile time using the“no-ocsp”compile option. Exploit the range of influence We only tested a small section to use OpenSSL OCSP functions of the components, including the OpenSSL Server, Nginx, and Apache. Wherein the default configuration of OpenSSL server is affected(including:OpenSSL 0.9.8 h through 0.9.8 v and OpenSSL 1.0.1 through 1.0.1 t, OpenSSL 1.0.2 through 1.0.1 h and OpenSSL 1.1.0 a). Nginx 0.8.23 previous versions are affected by this, Apache 2.0 before and SSLInsecureRenegotiation configuration items to on is will be affected by this. All versions (SSL3. 0, TLS1. 0, TLS1. 1, TLS1. 2) are affected. All encryption algorithms are affected.