Re: Nessus security alert issued in error against OpenSSL v0.9.7d?
George, My apologies, in my haste to provide the network trace results I reviewed the wrong TCP connection. In the real TCP connection for this Nessus test (I promise I got it right this time...), my server responds to the initial Client Hello with a Server Hello in which the server reports a fatal error (0x02) whose description is (0x28) "Handshake Failure". On reception of the TCP ACK for the Server Hello, my server then issues a FIN to initiate connection termination. However, Nessus then sends the server the malicious certificate. Since my server already issued a FIN, there is no further response from the server and, after attempting to retransmit the certificate 2 more times, Nessus finally issues a FIN on the connection and the connection is closed. ---> Here's the interesting part <--- According to my review of the plug-in source, Nessus will skip issuing the certificate if the server issues a fatal error (0x02) whose description is (0x28) "Handshake Failure" - which is what my server responds with - however, the plug-in is looking for the response at the wrong offset in the reply. The plug-in expects it to be at the very start of the reply (at byte offset 5) but in the response my server actually sends, the error is much further into the packet (at byte offset 981). In the servers response, the error is at the very end and is preceded by a Server Hello and a Certificate record layer, but the plug-in is either expecting those records to be absent or to come after the error. My revised question is, do you have any idea why the server bothers to put the Server Hello and Certificate records into the response only to follow them with a fatal error? Is this the expected behavior? If so, the plug-in logic is faulty. If not, is there something I can do to make my server behave better in its response? Thanks, - Andrew From: "Andrew Kraslavsky" <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: Nessus security alert issued in error against OpenSSL v0.9.7d? Date: Wed, 01 Dec 2004 18:40:20 -0800 George, Thanks for the help. I took a network trace and it appears my server either issues a RST or a FIN on the connection so the first case you mentioned must apply. I understand that the author of the Nessus plug-in decided that no response is bad, but is that decision really valid here? I.e., does a lack of response from my server indicate that the ASN.1 parsing problem exists in the version of the OpenSSL library (0.9.7d) I am using? At the server level, I do not see any errors so, if there is indeed a buffer overflow, it must be happening within the OpenSSL library and in such a way as to be transparent to the application. This is the specific area I am hoping to have clarified. Thanks again, - Andrew From: George Theall <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: Nessus security alert issued in error against OpenSSL v0.9.7d? Date: Tue, 30 Nov 2004 20:50:40 -0500 On Tue, Nov 30, 2004, Andrew Kraslavsky wrote: > To test the security of my proprietary HTTPS server, built with OpenSSL > library version 0.9.7d, I ran Nessus version 2.2 against it and it reported > the following alert (as issued by Nessus plug-in ID 11875, described at: > http://cgi.nessus.org/plugins/dump.php3?id=11875 ): ... > ---> My question is, why does Nessus report this alert The why is fairly straightforward based on the plugin source -- in response to a corrupt client certificate sent by the plugin, your server sent either nothing or something other than an "unexpected_message" or "bad_record_mac" alert (by assumption) message. Now if your web server is on a different network than your Nessus server or was busy, this may have occured simply because the plugin timed out. Have you sniffed the traffic or added some display() statements to the plugin to learn exactly what's being returned? George -- [EMAIL PROTECTED] << attach3 >> _ Express yourself instantly with MSN Messenger! Download today - it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] _ Dont just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/ __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Nessus security alert issued in error against OpenSSL v0.9.7d?
George, Thanks for the help. I took a network trace and it appears my server either issues a RST or a FIN on the connection so the first case you mentioned must apply. I understand that the author of the Nessus plug-in decided that no response is bad, but is that decision really valid here? I.e., does a lack of response from my server indicate that the ASN.1 parsing problem exists in the version of the OpenSSL library (0.9.7d) I am using? At the server level, I do not see any errors so, if there is indeed a buffer overflow, it must be happening within the OpenSSL library and in such a way as to be transparent to the application. This is the specific area I am hoping to have clarified. Thanks again, - Andrew From: George Theall <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: Nessus security alert issued in error against OpenSSL v0.9.7d? Date: Tue, 30 Nov 2004 20:50:40 -0500 On Tue, Nov 30, 2004, Andrew Kraslavsky wrote: > To test the security of my proprietary HTTPS server, built with OpenSSL > library version 0.9.7d, I ran Nessus version 2.2 against it and it reported > the following alert (as issued by Nessus plug-in ID 11875, described at: > http://cgi.nessus.org/plugins/dump.php3?id=11875 ): ... > ---> My question is, why does Nessus report this alert The why is fairly straightforward based on the plugin source -- in response to a corrupt client certificate sent by the plugin, your server sent either nothing or something other than an "unexpected_message" or "bad_record_mac" alert (by assumption) message. Now if your web server is on a different network than your Nessus server or was busy, this may have occured simply because the plugin timed out. Have you sniffed the traffic or added some display() statements to the plugin to learn exactly what's being returned? George -- [EMAIL PROTECTED] << attach3 >> _ Express yourself instantly with MSN Messenger! Download today - it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Nessus security alert issued in error against OpenSSL v0.9.7d?
Thanks for the explanantion and the recommendation. I am still wondering: 1) Why does nessus claim I have an older version of OpenSSL than I really do? AND 2) Is the problem Nessus reports actually fixed in 0.9.7d? - Andrew From: "Dr. Stephen Henson" <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] CC: [EMAIL PROTECTED] Subject: Re: Nessus security alert issued in error against OpenSSL v0.9.7d? Date: Tue, 30 Nov 2004 21:57:42 +0100 On Tue, Nov 30, 2004, Andrew Kraslavsky wrote: > Howdy, > > To test the security of my proprietary HTTPS server, built with OpenSSL > library version 0.9.7d, I ran Nessus version 2.2 against it and it reported > the following alert (as issued by Nessus plug-in ID 11875, described at: > http://cgi.nessus.org/plugins/dump.php3?id=11875 ): > > > The remote host seem to be running a version of OpenSSL which is older than > 0.9.6k or 0.9.7c. > > There is a heap corruption bug in this version which might be exploited by > an > attacker to gain a shell on this host. > > Solution : If you are running OpenSSL, Upgrade to version 0.9.6k or 0.9.7c > or newer > Risk factor : High > > > However, as mentioned above, the version of OpenSSL I am using is in fact > newer than what Nessus suggests it to be (although just barely newer than > 0.9.7c). > > ---> My question is, why does Nessus report this alert and, gulp, should I > be worried about the associated shell access possibility? > > More specifically, does this mean that one of the ASN.1 parsing problems > described in CAN-2003-0543, CAN-2003-0544, and CAN-2003-0545 occurred > somewhere in the OpenSSL library? > > Also, I am not sure if this matters or not, but my HTTPS server does not > require clients to provide their certificates so at server initialization > time I invoke (among the other various start up calls): > > SSL_CTX_set_verify( sslCtx, SSL_VERIFY_NONE, NULL ); > > As I am about to release my product, I do not want to update the version of > the OpenSSL library I am using but, of course, if there is a legitimate > security concern here I will have to do so. > > Any help and advice you can provide would be greatly appreciated. > None of those ASN1 parsing problems have a known exploit AFAIK and the nature of them would make it difficult to do so. However they can be used for nasty DoS attacks on servers, even those which don't request client certificates so using a later versioin is advisable. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] _ Dont just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/ __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Nessus security alert issued in error against OpenSSL v0.9.7d?
Howdy, To test the security of my proprietary HTTPS server, built with OpenSSL library version 0.9.7d, I ran Nessus version 2.2 against it and it reported the following alert (as issued by Nessus plug-in ID 11875, described at: http://cgi.nessus.org/plugins/dump.php3?id=11875 ): The remote host seem to be running a version of OpenSSL which is older than 0.9.6k or 0.9.7c. There is a heap corruption bug in this version which might be exploited by an attacker to gain a shell on this host. Solution : If you are running OpenSSL, Upgrade to version 0.9.6k or 0.9.7c or newer Risk factor : High However, as mentioned above, the version of OpenSSL I am using is in fact newer than what Nessus suggests it to be (although just barely newer than 0.9.7c). ---> My question is, why does Nessus report this alert and, gulp, should I be worried about the associated shell access possibility? More specifically, does this mean that one of the ASN.1 parsing problems described in CAN-2003-0543, CAN-2003-0544, and CAN-2003-0545 occurred somewhere in the OpenSSL library? Also, I am not sure if this matters or not, but my HTTPS server does not require clients to provide their certificates so at server initialization time I invoke (among the other various start up calls): SSL_CTX_set_verify( sslCtx, SSL_VERIFY_NONE, NULL ); As I am about to release my product, I do not want to update the version of the OpenSSL library I am using but, of course, if there is a legitimate security concern here I will have to do so. Any help and advice you can provide would be greatly appreciated. Thanks, - Andrew The complete source to the Nessus plug-in is available at: http://cvsweb.nessus.org/cgi-bin/cvsweb.cgi/~checkout~/nessus-plugins/scripts/ssltest.nasl?content-type=text/plain _ Express yourself instantly with MSN Messenger! Download today - it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Crypto hardware integration with OpenSSL
Thanks Michal! That is in fact the road on which I have already begun to travel. Still, I think it woudl be helpful for the engine stuff to get documented a bit. - AJK From: Michal Ludvig <[EMAIL PROTECTED]> To: Andrew Kraslavsky <[EMAIL PROTECTED]> CC: [EMAIL PROTECTED] Subject: Re: Crypto hardware integration with OpenSSL Date: Mon, 26 Jul 2004 14:18:19 +0200 -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Andrew Kraslavsky told me that: > I am looking to integrate some crypto hardware with OpenSSL but am > having a tough time finding documentation on how to go about doing this. > > I see where OpenSSL is designed to allow this with its "ENGINE" > approach, but just what do I have to do to create my own hardware > specific engine? > > I'm hoping there's a HOWTO on this lurking somewhere that I was simply > too inept to find... Do it as I did - take the sources of one of the "simpler" engines and modify to fit your needs ;-) It is not *that* difficult and after stripping off the original engine specific parts you'll end up with a skeleton ready to fill with your own code. Michal Ludvig - -- * A mouse is a device used to point at the xterm you want to type in. * Personal homepage - http://www.logix.cz/michal -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBBPaEDDolCcRbIhgRAuylAKCFkZ5QDKd6viuqxn8N9z3kHKnSsACeN26T p8rIixdtaNBni4LaGoEASBM= =BAFC -END PGP SIGNATURE- _ Dont just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/ __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Crypto hardware integration with OpenSSL
Hello, I am looking to integrate some crypto hardware with OpenSSL but am having a tough time finding documentation on how to go about doing this. I see where OpenSSL is designed to allow this with its "ENGINE" approach, but just what do I have to do to create my own hardware specific engine? I'm hoping there's a HOWTO on this lurking somewhere that I was simply too inept to find... Thanks, - Andy _ Discover the best of the best at MSN Luxury Living. http://lexus.msn.com/ __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]