OpenSSL Flaw Would Allow Attackers to Cause a denial-of-service Condition

OpenSSL has released a Security Advisory [on 8th of December 2020] regarding the vulnerability CVE-2020-1971 which is called EDIPARTYNAME NULL pointer de-reference.

What is the vulnerability?

X.509 digital certificate’s GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName.

OpenSSL’s function GENERAL_NAME_cmp compares different instances of a GENERAL_NAME to see if they are equal or not.

It is found that this operation malfunctions when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer de-reference and a crash may occur leading to a possible denial of service attack which is illustrated in gbhackers.

Risk assignment:

If an attacker controls the functions of the GENERAL_NAME_cmp, he can crash the entire system.

This GENERAL_NAME_cmp is used for the below two main purposes:

1) GENERAL_NAME_cmp compares the CRL distribution point names between an available CRL and a CRL (where CRL is the Certificate Revocation list)distribution point embedded in an X509 certificate

2) GENERAL_NAME_cmp verifies whether a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token)

Suppose if the attacker tricks a client machine or a server machine to check for a malicious certificate against a malicious CRL, then Attacker can exploit this and cause denial of service attack . It is also to be noted that some applications automatically download CRLs based on a URL embedded in a certificate. OpenSSL’s s_server, s_client and verify tools have support for the “-crl_download” option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools.

Affected versions:

  • OpenSSL 1.1.1 and 1.0.2
  • This is not yet tested on the unsupported versions yet

Proposed advise:

  • OpenSSL 1.1.1 users are advised to upgrade to 1.1.1i with immediate effect.
  • Premium support customers of OpenSSL 1.0.2 have been asked to upgrade to 1.0.2x also other users are requested to upgrade to OpenSSL 1.1.1i right away.
Gurubaran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Recent Posts

RomCom Hackers Exploits Windows & Firefox Zero-Day in Advanced Cyberattacks

In a new wave of cyberattacks, the Russia-aligned hacking group "RomCom" has been found exploiting…

8 hours ago

Chinese APT Hackers Using Multiple Tools And Vulnerabilities To Attack Telecom Orgs

Earth Estries, a Chinese APT group, has been actively targeting critical sectors like telecommunications and…

10 hours ago

200,000 WordPress Sites Exposed to Cyber Attack, Following Plugin Vulnerability

A critical security vulnerability has been discovered in the popular WordPress plugin Anti-Spam by CleanTalk, which…

15 hours ago

Beware Of SpyLoan Apps Exploits Social Engineering To Steal User Data

SpyLoan apps, a type of PUP, are rapidly increasing, exploiting social engineering to deceive users…

17 hours ago

Researchers Detailed Tools Used By Hacktivists Fueling Ransomware Attacks

CyberVolk, a politically motivated hacktivist group, has leveraged readily available ransomware builders like AzzaSec, Diamond,…

17 hours ago

Blue Yonder Ransomware Attack Impacts Starbucks & Multiple Supermarkets

A ransomware attack on Blue Yonder, a leading supply chain management software provider, has created…

19 hours ago