On 2/6/2016 2:09 PM, Dana Burd wrote:
On 1/29/2016 1:38 AM, Dana Burd wrote:
There¹s a new ³high severity² vulnerability in OpenSSL 1.0.2:
https://www.openssl.org/news/secadv/20160128.txt
I¹m curious if curl-7.40.0 is affected at all. I poked around the
source, but it¹s a bit over my head. Any insights appreciatedŠ
If curl-7.40.0 is affected, pointers on how to patch with the right
OpenSSL option is even more appreciated!
CVE-2016-0701 looks primarily like a server issue. The server generated
the weak primes and libcurl doesn't have anything to do with that as far
as I can tell [1]. The responsibility to fix this seems to me to be on
the server. In other words you updating libcurl w/OpenSSL isn't going to
fix this or stop someone from possibly decrypting your traffic to a
vulnerable server. But you should update anyway, for every other
security reason. I'd hoped someone more knowledgeable about this would
reply, but it's been a week...
[1]:
http://intothesymmetry.blogspot.com/2016/01/openssl-key-recovery-attack-on
-dh-small.html
Thanks for the note & link, Ray.
I, too, figured this was mostly a server issue, but have a nagging
concern: an attacker could impersonate the server, and force the curl
client to give up its private key. This is obviously a much harder attack
vector than with a server vulnerability, but... is it possible???
Perhaps, if curl plays into the OpenSSL flaw, which requires curl to both:
1. reuse the key for DHE ciphers suites or use static DH cipher suites,
and
2. Have DH configured with non-safe primes
Looking at the curl source, I can¹t figure out if the above two things are
done. To be honest, I barely understand what they mean!
I am hoping someone familiar with the curl security model can weigh in,
and say ³nope, curl doesn¹t do those 2 things so you¹re safe,² or ³yep,
curl is vulnerable, you need to add SSL_OP_SINGLE_DH_USE (or something
else) at such and such a place.²
(I would happily upgrade OpenSSL to solve this issue, but for a variety of
reasons this isn¹t an option.)
As far as I'm aware SSL_OP_SINGLE_DH_USE is a server option. Whether or
not a key could be recovered from your client certificate information if
an attacker is able to impersonate a vulnerable server I don't know. I
think you should ask at openssl-...@openssl.org and see what they have
to say about it.
-------------------------------------------------------------------
List admin: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
