(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

I recorded an updated Internet Storm Center Briefing for today's OpenSSL patches. It corrects a couple of mistakes from this afternoon's live presentation and adds additional details to CVE-2014-0195.


Presentation Slides (PDF)

Johannes B. Ullrich, Ph.D.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
The U.S. Congress would endanger the nation's security by passing even watered-down legislation to limit the National Security Agency's bulk collection of domestic phone records, several U.S. senators said Thursday.
Fusion-io's new generation of ioMemory flash components can pack in twice as much capacity, and according to the company, they know how to use it.
Google has unveiled its experimental "Project Tango" tablet for advanced imaging applications, and it wants developers to get to work on it.
Without a fully baked advertising platform, Instagram is building a business with old-school pricing models and direct relationships with agencies and brands. However, Instagram could soon make changes that will negatively impact the reach and efficiency of ad campaigns.
With reports saying that Sprint and T-Mobile US plan to announce a $32 billion merger this summer, two big questions linger: Would federal regulators approve the deal? And would T-Mobile CEO John Legere run the combined company?
Research reveals that people don't want more apps in their vehicles, but they do want apps that are as intuitive and work as well as the ones on their smartphones.
Microsoft plans to deliver seven security updates to customers next week, including an almost-habitual one for Internet Explorer, and others for Windows, Office and Lync.

HP's Zero Day Initiative released a few more details about this bug explaining the nature of the problem. It is actually remarkably similar to some of the IP fragmentation bug we have see in the past.

DTLS attempts to avoid IP fragmentation. But many SSL related messages contain data (for example certificates) that exceed common network MTUs. As a result, DTLS fragments the messages. Each message fragment contains 3 length related fields:

- Message size (Length) - this is the total size after reassembly. Should be same for all fragments 
- Fragment Offset - where does this fragment fit in the original message.
- Fragment Length - how much data does this fragment contain.

If there is no fragmentation, the fragment length is equal to the message size. However, if the fragment length is less then the message size, we do have fragmentation. Each fragment should indicate the same message size.

This is different from IP. In IP, the fragment does not know how large the original package was, and we use the "more fragment" flag to figure out when all fragments are received.

Once OpenSSL receives a fragment, it allocates "Length" bytes to reassemble the entire message. However, the trick is that the next fragment may actually indicate a larger message size, and as a result, deliver more data then OpenSSL reserved, leading to a typical buffer overflow.

You can see the complete source code at HP's blog, including a Wireshark display of a PoC packet. This essentially provides a PoC for this vulnerability. Interestingly Wireshark does recognize this as an error.

[1] http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/ZDI-14-173-CVE-2014-0195-OpenSSL-DTLS-Fragment-Out-of-Bounds/ba-p/6501002#.U5C78BYXk2-


(this is different, but sort of reminds me of the OpenBSD mbuf problem in IPv6, CVE-2007-1365)

Johannes B. Ullrich, Ph.D.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Googles autonomous car is expected to boost not only robotics research but the semiconductor industry as well.
The takedown earlier this week of a major malware-spewing botnet has crippled the distribution of Cryptolocker, one of the world's most sophisticated examples of ransomware.

The Linux operating system kernel has been patched against yet another flaw that leaves servers in some shared Web hosting environments susceptible to hijacking.

The vulnerability, formally cataloged as CVE-2014-3153, is located in the futex subsystem of Linux, according to an advisory published Thursday by Debian, a distributor of the open source OS. The flaw allows untrusted users with unprivileged system access to escalate their control. From there, they can crash the system or do other nefarious things, including possibly executing malicious code.

"Pinkie Pie discovered an issue in the futex subsystem that allows a local user to gain ring 0 control via the futex syscall," the advisory stated. "An unprivileged user could use this flaw to crash the kernel (resulting in denial of service) or for privilege escalation."

Read 3 remaining paragraphs | Comments

OpenSSL CVE-2014-3470 Denial of Service Vulnerability
OpenSSL CVE-2014-0195 Memory Corruption Vulnerability
OpenSSL DTLS CVE-2014-0221 Remote Denial of Service Vulnerability
OpenSSL CVE-2014-0224 Man in the Middle Security Bypass Vulnerability
Details for CVE-2014-0220
ESA-2014-046: EMC Documentum Content Server Multiple Vulnerabilities
[security bulletin] HPSBMU03029 rev.2 - HP Insight Control Server Migration running OpenSSL, Remote Disclosure of Information
[security bulletin] HPSBMU03028 rev.2 - HP Matrix Operating Environment and HP CloudSystem Matrix Software Components running OpenSSL, Remote Disclosure of Information

Johannes B. Ullrich, Ph.D.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
A newly discovered vulnerability that allows spying on encrypted SSL/TLS communications has been identified and fixed in the widely used OpenSSL library.

A researcher has uncovered another severe vulnerability in the OpenSSL cryptographic library. It allows attackers to decrypt and modify Web, e-mail, and virtual private network traffic protected by the transport layer security (TLS) protocol, the Internet's most widely used method for encrypting traffic traveling between end users and servers.

The TLS bypass exploits work only when traffic is sent or received by a server running OpenSSL 1.0.1 and 1.0.2-beta1, maintainers of the open-source library warned in an advisory published Thursday. The advisory went on to say that servers running a version earlier than 1.0.1 should update as a precaution. The vulnerability has existed since the first release of OpenSSL, some 16 years ago. Library updates are available on the front page of the OpenSSL website. People who administer servers running OpenSSL should update as soon as possible.

The underlying vulnerability, formally cataloged as CVE-2014-0224, resides in the ChangeCipherSpec processing, according to an overview published Thursday by Lepidum, the software developer that discovered the flaw and reported it privately to OpenSSL. It makes it possible for attackers who can monitor a connection between an end user and server to force weak cryptographic keys on client devices. Attackers can then exploit those keys to decrypt the traffic or even modify the data before sending it to its intended destination.

Read 6 remaining paragraphs | Comments

[RT-SA-2014-006] Directory Traversal in DevExpress ASP.NET File Manager
Re: Bug in bash <= 4.3 [security feature bypassed]
LinuxSecurity.com: Updated openssl packages that fix one security issue are now available for Red Hat Enterprise Linux 4 Extended Life Cycle Support, Red Hat Enterprise Linux 5.6 Long Life, Red Hat Enterprise Linux 5.9 Extended Update Support, Red Hat Enterprise Linux 6.2 Advanced Update Support, and Red Hat [More...]
LinuxSecurity.com: Updated openssl097a and openssl098e packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having [More...]
LinuxSecurity.com: Updated openssl packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having [More...]
LinuxSecurity.com: Several security issues were fixed in OpenSSL.
LinuxSecurity.com: Security Report Summary
LinuxSecurity.com: Security Report Summary
LinuxSecurity.com: A vulnerability in Mutt could allow remote attackers to execute arbitrary code or cause a Denial of Service condition.
LinuxSecurity.com: A vulnerability in SystemTap could allow a local attacker to create a Denial of Service condition.
LinuxSecurity.com: Updated kernel packages that fix three security issues and several bugs are now available for Red Hat Enterprise Linux 6.4 Extended Update Support. The Red Hat Security Response Team has rated this update as having [More...]
LinuxSecurity.com: Security Report Summary
LinuxSecurity.com: Security Report Summary
LinuxSecurity.com: Security Report Summary
There can be only one.

The Defense Advanced Research Projects Agency is preparing to kick off the Cyber Grand Challenge, a tournament that will pit 30 teams of security researchers from industry, academia, and “the larger security community” against each other in a capture-the-flag style battle of network warfare domination. The contest, which is designed to help DARPA identify the best in automated network and computer security defense systems, will culminate in a final battle to be held at the DEF CON security conference in Las Vegas in 2016.

The winning team of the tournament will take home a cash prize of $2 million. The second and third place teams will be awarded $1 million and $750,000, respectively.

“DARPA anticipates that the two-year Challenge and its culmination in an event synchronized with DEF CON will not only accelerate the development of capable, automated network defense systems, but also encourage the diverse communities now working on computer and network security issues in the public and private sectors to work together in new ways,” an agency spokesperson said in an official statement on the event. “This dynamic is crucial if information security practitioners are to pull ahead of adversaries persistently looking to take advantage of network weaknesses.”

Read 5 remaining paragraphs | Comments

Aurich Lawson / Metro-Goldwyn-Mayer

Chrome, Internet Explorer, and Firefox are vulnerable to easy-to-execute techniques that allow unscrupulous websites to construct detailed histories of sites visitors have previously viewed, an attack that revives a long-standing privacy threat many people thought was fixed.

Until a few years ago, history-sniffing attacks were accepted as an unavoidable consequence of Web surfing, no matter what browser someone used. By abusing a combination of features in JavaScript and cascading style sheets, websites could probe a visitor's browser to check if it had visited one or more sites. In 2010, researchers at the University of California at San Diego caught YouPorn.com and 45 other sites using the technique to determine if visitors viewed other pornographic sites. Two years later, a widely used advertising network settled federal charges that it illegally exploited the weakness to infer if visitors were pregnant.

Until about four years ago, there was little users could do other than delete browsing histories from their computers or use features such as incognito or in-private browsing available in Google Chrome and Microsoft Internet Explorer respectively. The privacy intrusion was believed to be gradually foreclosed thanks to changes made in each browser. To solve the problem, browser developers restricted the styles that could be applied to visited links and tightened the ways JavaScript could interact with them. That allowed visited links to show up in purple and unvisited links to appear in blue without that information being detectable to websites.

Read 6 remaining paragraphs | Comments

The ransomware model is increasingly being adopted by cybercriminals who target mobile users, one of their latest creations being able to encrypt files stored on the SD memory cards of Android devices.
It is almost summertime, and while the livin' supposedly gets a bit easier, it remains risky. As the vacation season approaches and everybody is planning travel, socializing with friends and family and relaxing, people in the "always connected" world should add one more item to their list: Don't relax when it comes to online security.
OS X Yosemite will run on about eight out of every ten Macs, a boon for customers who want to upgrade this fall, but also another proof point that 'good enough' has contributed to the personal computer business's stagnation.
DIR-505 and DIR-505L Stack Buffer Overflow Vulnerability
Drupal Addressfield Tokens Module HTML Injection Vulnerability

Johannes B. Ullrich, Ph.D.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
AT&T plans to test a service allowing payment card providers to access the location of a customer's phone to improve the accuracy of fraud prevention systems for transactions made abroad.
If you want to take your pick of the plum jobs of the future, you need experience in the languages that will be in demand. Learning one of these six will put you ahead of the pack.
All laptops run on batteries and all batteries eventually run out -- especially when you use your device throughout the day. Here are some tips to help keep it going.
GM has its share of challenges creating mobile apps for cars in China, but the R&D team there has come up with quite a few, including one that'll let you scan another driver's license plate and then message them.
Adobe's Creative Cloud outage inconvenienced its users, but future cloud failures could damage the global economy.
China's blistering attacks on U.S. tech firms is more than quid pro quo over cyberspying charges. It's a signal of China's growing confidence in its own technology capabilities.
Edward Snowden remains a polarizing figure in the U.S. on the one-year anniversary of the first published story based on his leaks about the NSA's surveillance practices.

[Webcast Correction] Important correction to the webcast. The MITM attack does not just affect DTLS. It does affect TLS (TCP) as well. 

Quick Q&A Summary from the webcast:

- The MITM vulnerablity only affects servers that run OpenSSL 1.0.1 but all clients. Both have to be vulnerable to exploit this problem.
- The MITM vulnerability is not just DTLS (sorry, had that wrong during the webcast)
- Common DTLS applications: Video/Voice over IP, LDAP, SNMPv3, WebRTC
​- Web servers (https) can not use DTLS.
- OpenVPN's "auth-tls" feature will likely mitigate all these vulnerabilities
- Even if you use "commercial software", it may still use OpenSSL.


The OpenSSL team released a critical security update today. The update patches 6 flaws. 1 of the flaws (CVE-2014-0195) may lead to arbitrary code execution. [1]

All versions of OpenSSL are vulnerable to CVE-2014-0195, but this vulnerability only affects DTLS clients or servers (look for SSL VPNs... not so much HTTPS).

I also rated CVE-2014-0224 critical, since it does allow for MiTM attacks, one of the reasons you use SSL. But in order to exploit this issue, both client and server have to be vulnerable, and only openssl 1.0.1 is vulnerable on servers (which is why I stuck with "important" for servers). The discoverer of this vulnerability released details here: http://ccsinjection.lepidum.co.jp/blog/2014-06-05/CCS-Injection-en/index.html .

CVE-2010-5298 does allow third parties to inject data into existing SSL connections. This could be a big deal, but according to the OpenSSL advisory, the SSL_MODE_RELEASE_BUFFERS feature is usually not enabled. 

Make sure you update to one of these OpenSSL versions:

OpenSSL 0.9.8za   (openssl ran out of letters, so instead of calling this one 'z' they call it 'za' to allow for future releases. However, this *may* be the last 0.9.8 release).
OpenSSL 1.0.0m
OpenSSL 1.0.1h

CVE Name Impact Vulnerable Versions Client Server
CVE-2014-0224 SSL/TLS MITM Vulnerability MiTM Server: 1.0.1, Client: 0.9.8,1.0.0,1.0.1 (both have to be vulnerable) Critical Important
CVE-2014-0221 DTLS recursion flaw DoS 0.9.8,1.0.0,1.0.1 Important Not Affected
CVE-2014-0195 DTLS invalid fragment vulnerability Code Exec. 0.9.8,1.0.0,1.0.1 Critical Critical
CVE-2014-0198 SSL_MODE_RELEASE_BUFFERS NULL pointer dereference DoS 1.0.0,1.0.1
(neither affected in default config)
Important Important
CVE-2010-5298 SSL_MODE_RELEASE_BUFFERS session injection DoS or Data Injection 1.0.0, 1.0.1
(in multithreaded applications, not in default config)
Important Important
CVE-2014-3470 Anonymous ECDH Denial of Service DoS 0.9.8, 1.0.0, 1.0.1 Important Not Affected

Vendor Information:

Redhat https://rhn.redhat.com/errata/RHSA-2014-0625.html
Ubuntu http://www.ubuntu.com/usn/usn-2232-1/
FreeBSD http://www.freebsd.org/security/advisories/FreeBSD-SA-14:14.openssl.asc
Debian http://www.debian.org/security/2014/dsa-2950
OpenSuse http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00003.html
Amazon AWS http://aws.amazon.com/security/security-bulletins/openssl-security-advisory/

[1] https://www.openssl.org/news/secadv_20140605.txt

Johannes B. Ullrich, Ph.D.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
A look back at the security fallout following the NSA spying disclosures that began a year ago after Edward Snowden fled the U.S.
Microsoft released Bing -- meant to be the great challenger to Google's ubiquitous search engine -- in June 2009. And while it remains mired in second place to Google, it's still looking for ways to grow.
Glossaire Module for XOOPS '/modules/glossaire/glossaire-aff.php' SQL Injection Vulnerability
PHP-Nuke 'Submit_News' Component SQL Injection Vulnerability
TYPO3 Unspecified PHP Object Injection Vulnerability
TYPO3 HTTP Host Header Spoofing Vulnerability
Multiple F5 BIG-IP and Enterprise Manager 'list.jsp' Multiple Cross Site Scripting Vulnerabilities
Re: [FD] [oss-security] Bug in bash <= 4.3 [security feature bypassed]
Re: [FD] [oss-security] Bug in bash <= 4.3 [security feature bypassed]
[security bulletin] HPSBMU03033 rev.3 - HP Insight Control Software Components running OpenSSL, Remote Disclosure of Information
[SECURITY] [DSA 2946-1] python-gnupg security update
TYPO3 Extbase Framework Information Disclosure Vulnerability
[SECURITY] [DSA 2947-1] libav security update
ESA-2014-024: EMC Documentum Digital Asset Manager Blind DQL Injection Vulnerability
If the thought of a humanoid robot in your home makes your skin crawl, meet the friendly Pepper.
Small Chinese tablet makers continue to experiment with dual-boot tablets running Windows or Android, a market that big device makers have shied from.
TYPO3 Authentication Subcomponent Security Bypass Vulnerability
TYPO3 Session Hijacking Vulnerability
TYPO3 Backend Subcomponent Unspecified Cross Site Scripting Vulnerability
The future of wearables is still anyone's guess. But at this year's Computex show, more Taiwanese vendors are embracing the gadgets, and hoping to bring some clarity to a market that could lift the local tech industry.
It was the briefest of chances to pick up the new Asus Transformer Book T300 Chi, a laptop and tablet hybrid that looks to rival the Macbook Air for thinness, but it was the only all week to examine one of the hottest products to be revealed at Computex.
Microsoft has asked the U.S. government to recognize that its search warrants should end at the country's borders, reflecting growing concern that surveillance by the U.S. National Security Agency could impact business abroad for tech companies.
Internet Storm Center Infocon Status