Last update: Monday, 26 October 2016 14:00:00 +0800
OpenSSL SSL/TLS SSL3_AL_WARNING undefined alert flood remote DoS
It was found that function "ssl3_read_bytes" in ssl/s3_pkt.c might lead to higher CPU usage due to improper handling of warning packets.
An attacker could repeat the undefined plaintext warning packets of "SSL3_AL_WARNING" during the handshake, which will cause a 100% CPU usage on the server.
It is an implementation problem in OpenSSL that OpenSSL would ignore undefined warning, and continue dealing with the remaining data(if exist).
So the attacker could pack multiple alerts inside a single record and send a large number of these large records.
Then the server will be fallen in a meaningless cycle, and not available to any others.
BTW, Huzaifa Sidhpurwala from the Red Hat Product Security Team was found that the same issue may also affect gnutls servers.
You can apply software updates from each software vendors. Refer to the URLs below.
A. The attacker could send an excessively large overlapping alert packets (multiple alerts inside a single record) to cause a Denial of Service attack to the server.
Q. What is the impact of the vulnerability?
A. The vulnerability affects most versions of OpenSSL. Any ssl supported server which used OpenSSL may be influenced. Nginx
in particularly could be easily made to deny service( e.g: Loopback , 1G NIC ).
Q. What versions of OpenSSL are affected?
A. Affected Versions:
- OpenSSL All 0.9.8
- OpenSSL All 1.0.1
- OpenSSL 1.0.2 through 1.0.2h
- OpenSSL 1.1.0
Not Affected Versions:
- OpenSSL 1.0.2i, 1.0.2j
- OpenSSL 1.1.0a, 1.1.0b
Q. How to prevent the attacks?
A. Upgrade to the latest version.
Q. Do I need to regenerate my private keys or certificates?
A. No. Attackers could not steal your private keys through this vulnerability.
Q. Is this because of an SSL/TLS specification defect?
A. It's not sure.
Q. What protocol versions are affected?
A. All versions (SSL3.0, TLS1.0, TLS1.1, TLS1.2) are affected.
Q. What encryption algorithms are affected?
A. All encryption algorithms are affected. This bug is not related to any specific algorithms.
Q. Can I be aware of this kind of attack when it is happening?
A. It's hard to say.
Q. How did you find this bug?
A. This bug was discovered by Shi Lei of the Gear Team, Information Security Department, Qihoo 360 Inc. while doing code review.
Huzaifa Sidhpurwala from the Red Hat Product Security Team was found the same issue also in gnutls servers.
Q. How did you handle this vulnerability?
A. We reported it to the official after we found this vulnerability, and they tell us they won't treat it as security issue.
Then we discuss with the Red Hat Product Security Team after the official release a fixed version.
- We were very grateful to Huzaifa Sidhpurwala from the Red Hat Product Security Team for his professional help.
- We were very grateful to the Red Hat Product Security Team and the OpenSSL Team for their help.
- We were very grateful to the Qihoo360 related teams for their help.
- We were very grateful to the CCS Injection team for sharing us their template.
- First Version: ( Monday, 24 October 2016 15:40:00 +0800)