Re: Patch to mitigate CVE-2014-3566 ("POODLE")

Thu, 16 Oct 2014 05:03:23 -0700 

On 10/16/2014 10:41 AM, Salz, Rich wrote:

Note that the CVE identifier was assigned to the SSL 3.0 protocol issue
related to CBC padding.  The new SCSV does not help with that at all.


What?  It prevents silently falling back to the broken protocol.

Perhaps we can keep this battle-thread just in the TLS WG mail?



It's unrelated to the TLS WG discussion.  MITRE has assigned the CVE 
name to the SSL 3.0 protocol issue, specifically:



“The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other 
products, uses nondeterministic CBC padding, which makes it easier for 
man-in-the-middle attackers to obtain cleartext data via a 
padding-oracle attack, aka the "POODLE" issue.”


<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3566>


Securing fallback is a workaround, but does not address the issue.  You 
are still vulnerable if you use SSL 3.0 directly (because one of the 
peers supports only that), even if both peers implement SCSV.  The 
proper fix comes with TLS 1.0+, and OpenSSL has implemented a 
transparent protocol upgrade for a long time.  Don't be shy—you fixed 
POODLE before it was discovered, which is great!



I had already asked for assignment of a separate CVE for the insecure 
browser fallback, but I was told that MITRE does not consider *that* a 
vulnerability because it is expected, documented behavior.  This means 
that fallback-SCSV-related patches do not fix any CVE-named 
vulnerability, and certainly not CVE-2014-3566.



Again, this is not related to the question whether the fallback SCSV is 
a good idea.  It is a procedural issue with CVE naming.



Curiously, we recently had the same problem with the bash prefix/suffix 
patch, which did not fix any concrete CVE-named vulnerability, either. 
It is confusing, and I think it shows a limitation of the CVE authority 
file in the light of its current applications.


--
Florian Weimer / Red Hat Product Security
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org






















					Reply via email to