Vulnerability DescriptionThe CVE-2015-0291 vulnerability introduces the possibility of a denial of service attack against a system running OpenSSL 1.0.2. If a malicious client connects to an OpenSSL server and the server requests a certificate from the malicious client, the malicious client can return a malformed cert that may trigger a NULL pointer dereference causing software reliability problems on the server, resulting in disruption of services. CVE-2015-0204 is a reclassification of the well-known FREAK attack which relies on a few key pieces falling into place. On the server side, this means that export ciphers are supported. When export ciphers are used, a 512-bit RSA key is used. This key can be factored in less than a day using popular cloud hosting services. Once this is accomplished, the attacker could then man-in-the-middle a victim using the factored key. On the client side, an attacker must be able to force the client to accept a weak key, even if a strong cipher has been requested. This can be accomplished in clients that use OpenSSL, SChannel, and other libraries.
Exposure and ImpactAt this time the potential impact for the CVE-2015-0291 vulnerability is minor, there is no evidence that the NULL pointer dereference can be used for remote exploits to circumvent security logic or reveal additional debugging information that can be used for remote code execution or information collection. Any exploit would also require that the server request the client’s certificate which is a rare occurrence and not a common implementation, as it is usually the client requesting the server’s certificate. As we have written about in previous VERT Threat Alerts, the impact of CVE-2015-0204 is that and attacker that successfully executed this attack could man-in-the-middle a victim’s connection. Users are most susceptible when using open, public wireless networks like those found in hotels and coffee shops.
Remediation & MitigationAs patches are now available for both of these high impact vulnerabilities as well as several others it is recommended that organizations patch systems as soon as possible. An attack against CVE-2015-0204 requires that both the server and client be vulnerable. Servers that don’t use export ciphers and clients that have been patched atgainst the appropriate CVE are not vulnerable and would mitigate this attack.
DetectionTripwire IP360 provides the following detection for server-side export ciphers:
|V6174||SSL Server Supports Weak Encryption for SSLv3|
|V79208||SSL Server Supports Weak Encryption for SSLv2|
|V79210||SSL Server Supports Weak Encryption for TLSv1|
|V81883||SSL Server Supports Weak Encryption for TLSv1.1|
|V81884||SSL Server Supports Weak Encryption for TLSv1.2|