DoS holes in OpenSSL eliminated
According to the developers of OpenSSL, version 0.9.8h eliminates two flaws that were revealed in tests by the Finnish CERT (CERT-Fi). An application based on OpenSSL crashes if it receives a TLS 1.0 Client Hello packet in which the server name extension is set to zero. By default, however, TLS Extension Handling is disabled – it can only be activated at compile time – so most server applications are probably unaffected.
An error in the handling of Server Key Exchange Messages can cause a null pointer dereference in the Client, making it crash. CERT-Fi says the problem only occurs if Anonymous Diffie-Hellman key exchange is used. The developers advise users of OpenSSL 0.9.8f or 0.9.8g to change to the current version. Linux distributors are likely to issue updated packets shortly.
Distributors often adapt the official sources to their own requirements, which can allow errors to creep in. In 2006, for example, Debian patched the OpenSSL libraries with the intention of plugging what they saw as an ugly memory leak. Unfortunately, an error in the patch meant that until recently Debian systems generated weak cryptographic keys. This enabled attackers to listen in on and manipulate SSL IPv4 connections and obtain unauthorised access to SSH servers.
- CERT-FI Vulnerability advisory on OpenSSL, CERT-Fi advisory
- OpenSSL Security Advisory, OpenSSL advisory