OpenSSL has released a Security Advisory [on 8th of December 2020] regarding the vulnerability CVE-2020-1971 which is called EDIPARTYNAME NULL pointer de-reference.
What is the vulnerability?
X.509 digital certificate’s GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName.
OpenSSL’s function GENERAL_NAME_cmp compares different instances of a GENERAL_NAME to see if they are equal or not.
It is found that this operation malfunctions when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer de-reference and a crash may occur leading to a possible denial of service attack which is illustrated in gbhackers.
Risk assignment:
If an attacker controls the functions of the GENERAL_NAME_cmp, he can crash the entire system.
This GENERAL_NAME_cmp is used for the below two main purposes:
1) GENERAL_NAME_cmp compares the CRL distribution point names between an available CRL and a CRL (where CRL is the Certificate Revocation list)distribution point embedded in an X509 certificate
2) GENERAL_NAME_cmp verifies whether a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token)
Suppose if the attacker tricks a client machine or a server machine to check for a malicious certificate against a malicious CRL, then Attacker can exploit this and cause denial of service attack . It is also to be noted that some applications automatically download CRLs based on a URL embedded in a certificate. OpenSSL’s s_server, s_client and verify tools have support for the “-crl_download” option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools.
Affected versions:
Proposed advise:
In a new wave of cyberattacks, the Russia-aligned hacking group "RomCom" has been found exploiting…
Earth Estries, a Chinese APT group, has been actively targeting critical sectors like telecommunications and…
A critical security vulnerability has been discovered in the popular WordPress plugin Anti-Spam by CleanTalk, which…
SpyLoan apps, a type of PUP, are rapidly increasing, exploiting social engineering to deceive users…
CyberVolk, a politically motivated hacktivist group, has leveraged readily available ransomware builders like AzzaSec, Diamond,…
A ransomware attack on Blue Yonder, a leading supply chain management software provider, has created…