OpenSSL Security Advisory 20110906 - Under certain circumstances OpenSSL's internal certificate verification routines can incorrectly accept a CRL whose nextUpdate field is in the past. OpenSSL server code for ephemeral ECDH ciphersuites is not thread-safe, and furthermore can crash if a client violates the protocol by sending handshake messages in incorrect order.
e9da132d7cfdd0e58bfe790f480f808942afb787408b07fb33a003fc57c5a491
OpenSSL Security Advisory [6 September 2011]
Two security flaws have been fixed in OpenSSL 1.0.0e
CRL verification vulnerability in OpenSSL
=========================================
Under certain circumstances OpenSSL's internal certificate verification
routines can incorrectly accept a CRL whose nextUpdate field is in the past.
(CVE-2011-3207)
This issue applies to OpenSSL versions 1.0.0 through 1.0.0d. Versions of
OpenSSL before 1.0.0 are not affected.
Users of affected versions of OpenSSL should update to the OpenSSL 1.0.0e
release, which contains a patch to correct this issue.
Thanks to Kaspar Brand <ossl@velox.ch> for identifying this bug and
suggesting a fix.
TLS ephemeral ECDH crashes in OpenSSL
=====================================
OpenSSL server code for ephemeral ECDH ciphersuites is not thread-safe, and
furthermore can crash if a client violates the protocol by sending handshake
messages in incorrect order. (CVE-2011-3210)
This issue applies to OpenSSL 0.9.8 through 0.9.8r (experimental "ECCdraft"
ciphersuites) and to OpenSSL 1.0.0 through 1.0.0d.
Affected users of OpenSSL should update to the OpenSSL 1.0.0e release, which
contains a patch to correct this issue. If you cannot immediately upgrade,
we recommend that you disable ephemeral ECDH ciphersuites if you have enabled
them.
Thanks to Adam Langley <agl@chromium.org> for identifying and fixing this
issue.
Which applications are affected
===============================
Applications are only affected by the CRL checking vulnerability if they enable
OpenSSL's internal CRL checking which is off by default. For example by setting
the verification flag X509_V_FLAG_CRL_CHECK or X509_V_FLAG_CRL_CHECK_ALL.
Applications which use their own custom CRL checking (such as Apache) are not
affected.
Only server-side applications that specifically support ephemeral ECDH
ciphersuites are affected by the ephemeral ECDH crash bug and only if
ephemeral ECDH ciphersuites are enabled in the configuration. You can check
to see if application supports ephemeral ECDH ciphersuites by looking for
SSL_CTX_set_tmp_ecdh, SSL_set_tmp_ecdh, SSL_CTRL_SET_TMP_ECDH,
SSL_CTX_set_tmp_ecdh_callback, SSL_set_tmp_ecdh_callback,
SSL_CTRL_SET_TMP_ECDH_CB in the source code.
References
==========
URL for this Security Advisory:
https://www.openssl.org/news/secadv_20110906.txt