Re: [vox] [Fwd: Vulnerability in OpenSSL]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [vox] [Fwd: Vulnerability in OpenSSL]
According to the posted followup paper (link to the paper), the latest
verison of OpenSSL does support methods to avoid many of the risks
associated with timing based attacks, *but* mod_ssl, stunnel, bind, etc.
do not utilize this new feature of OpenSSL - suggesting that even though
OpenSSL may be patched, those apps that compile against/link with OpenSSL
may not be insulated from timing based attacks.
The paper goes on to ref testing against OpenSSL 0.9.7 and a later 0.9.6
("g" I think, but can't recall since I am on 0.9.7a.)
-ME
Mike Simons said:
> On Fri, Mar 14, 2003 at 10:58:59AM -0800, ME wrote:
>> An item that may have implications for other packages that compile
>> against
>> OpenSSL that include mod_ssl, openssh, and if you specified it in a bind
>> install (or your package was so configured) BIND too.
> [...]
>> If this attack is addressed, then expect many new packages and package
>> upgrades for your boxes from your Linux vendor for several packages
>> related to encryption.
>
> There area patched ssl that went into Debian Feb 21... which fixes
> timing-based attacks.
>
> ====
> openssl (0.9.6c-2.woody.2) stable-security; urgency=high
>
> * Non-maintainer upload by the Security Team
> * Applied patch to fix vulnerability to timing-based attacks
> (see CAN-2003-0078)
> * Applied preventative measure patch by Richard Levitte
> <levitte@openssl.org>
>
> -- Martin Schulze <joey@infodrom.org> Fri, 21 Feb 2003 16:34:17 +0100
> ====
>
> The people given credit for the paper leading to the patch are not
> the people in your report...
>
> http://lists.debian.org/debian-security-announce/debian-security-announce-2003/msg00035.html
> ===
> A vulnerability has been discovered in OpenSSL, a Secure Socket Layer
> (SSL) implementation. In an upcoming paper, Brice Canvel (EPFL),
> Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and Martin Vuagnoux (EPFL,
> Ilion) describe and demonstrate a timing-based attack on CBC cipher
> suites used in SSL and TLS. OpenSSL has been found to vulnerable to
> this attack.
> ===
>
> David Brumley, doesn't report which version of ssl he was using in
> his tests... so it's hard to tell if these two things are the same
> issue or not.
>
> - is there any indication on your list if this problem has already
> been fixed?
>
>> -------- Original Message --------
>> Subject: Vulnerability in OpenSSL
>> From: David Brumley <dbrumley@stanford.edu>
>> Date: Thu, March 13, 2003 3:59 pm
>> To: bugtraq@securityfocus.com
>>
>> Dan Boneh and I have been researching timing attacks against software
> [...]
>> To our knowledge, OpenSSL and derived crypto libraries are vulnerable.
> [...]
>> The results indicate that all crypto implementations should defend
>> against timing attacks.
> [...]
>> http://crypto.stanford.edu/~dabo/abstracts/ssl-timing.html
> [...]
>> -David Brumley
> _______________________________________________
> vox mailing list
> vox@lists.lugod.org
> http://lists.lugod.org/mailman/listinfo/vox
>
>
_______________________________________________
vox mailing list
vox@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox
|
