Re: [Openvpn-devel] Windows build fix for CVE-2015-4000
Might an in-depth investigation on these issues take more time than building an updated installer? Indeed. I will produce new Windows installers later today. From now on I'll produce new installers for every OpenSSL release, whether OpenVPN is affected or not. -- Samuli Seppänen Community Manager OpenVPN Technologies, Inc irc freenode net: mattock
Re: [Openvpn-devel] Windows build fix for CVE-2015-4000
On 06/26/2015 07:48 AM, Jan Just Keijser wrote: On 26/06/15 13:28, Gert Doering wrote: Hi, On Fri, Jun 26, 2015 at 12:16:43PM +0200, David Sommerseth wrote: * Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789) This might be an issue on OpenVPN on the server side. However, --tls-auth will reduce the attack vector to one of your own users. As we're not using X509_cmp_time()... that was my initial thought as well, but X509_cmp_time might be (is) called by OpenSSL internally to check the dates on certificates and perhaps CRLs. It would need further investigation, I guess. Might an in-depth investigation on these issues take more time than building an updated installer? Also, while David Sommerseth suggested in another email that --tls-auth provides good mitigation, note that not everyone is using that option. When I recently set up pfSense router, I couldn't get tls-auth working for some reason (probably quirks on the pfSense side). Personally, I'd feel better with an updated client since I have customers using it to access patient health information. OpenVPN is the only entry point into their networks, which worries me because the other proprietary software they have is riddled with security holes (unfortunately I have no control over this). One successful OpenSSL exploit is all it would take to cause a disaster. I'd offer to help update the installer, but... you don't typically want to accept help from a stranger for building binaries... - Joe
Re: [Openvpn-devel] Windows build fix for CVE-2015-4000
On 26/06/15 13:28, Gert Doering wrote: Hi, On Fri, Jun 26, 2015 at 12:16:43PM +0200, David Sommerseth wrote: * Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789) This might be an issue on OpenVPN on the server side. However, --tls-auth will reduce the attack vector to one of your own users. As we're not using X509_cmp_time()... that was my initial thought as well, but X509_cmp_time might be (is) called by OpenSSL internally to check the dates on certificates and perhaps CRLs. It would need further investigation, I guess. JJK
Re: [Openvpn-devel] Windows build fix for CVE-2015-4000
Hi, On Fri, Jun 26, 2015 at 12:16:43PM +0200, David Sommerseth wrote: > * Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789) > This might be an issue on OpenVPN on the server side. However, > --tls-auth will reduce the attack vector to one of your own users. As we're not using X509_cmp_time()... gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de pgpQYRJERXZp_.pgp Description: PGP signature
Re: [Openvpn-devel] Windows build fix for CVE-2015-4000
On 25/06/15 17:42, Joseph S. Testa II wrote: > On 06/25/2015 10:46 AM, Jan Just Keijser wrote: >> Joseph S. Testa II wrote: >>> Hi all, >>> >>> I was wondering if an updated Windows build is being planned for >>> release soon to fix CVE-2015-4000, et. al, as described in >>> http://www.openssl.org/news/secadv_20150611.txt. >>> >>> I haven't seen anyone talk about this on the mailing list since >>> the advisory came out two weeks ago, so I thought I'd ask. [...snip...] > Thanks for the info. How about the other CVE's listed in that OpenSSL > advisory? I'm not able to tell if they're an issue in conjunction with > OpenVPN. Has anyone done a review on them as well? I'm no security expert, so bear that in mind. But I believe I have been poking long enough in the OpenVPN code base to have a certain overview of the SSL/TLS stack used by OpenVPN. * Malformed ECParameters causes infinite loop (CVE-2015-1788) Elliptic curves support is very limited in OpenVPN and not widely used, so I doubt this will be an issue on the client side. Use of --tls-auth should at least reduce the attack vector to one of your own users. * Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789) This might be an issue on OpenVPN on the server side. However, --tls-auth will reduce the attack vector to one of your own users. On the client side, I don't see how it could get a bad CRL file installed and configured, and I don't recall any authentication callbacks being used on the client side. In addition, if the client got a problem - there is an even bigger problem how the client managed to connect to a faulty OpenVPN server. * PKCS7 crash with missing EnvelopedContent (CVE-2015-1790) AFAIR, we don't do much PKCS#7 handling, so most likely not an issue for OpenVPN. But this one should be double checked. * CMS verify infinite loop with unknown hash function (CVE-2015-1792) I haven't studied how OpenVPN verifies signed data, so this is unknown at the moment - unless Steffan or James have investigated this. * Race condition handling NewSessionTicket (CVE-2015-1791) This is not an issue for OpenVPN in normal situations. However, if an attacker writes a special attack client using the OpenVPN protocol and it uses multiple connections in parallel to the server, this might be an issue. But again, --tls-auth to the rescue, which reduces the possible attacker to one of your own users. * Invalid free in DTLS (CVE-2014-8176) OpenVPN does not implement DTLS, so this isn't an issue for OpenVPN. Bottom line: --tls-auth is a fairly good protection layer against OpenSSL (or PolarSSL/mbedTLS) issues. And I would sleep quite well at night if clients aren't updated to openssl 1.0.2b or 1.0.1n. -- kind regards, David Sommerseth signature.asc Description: OpenPGP digital signature
Re: [Openvpn-devel] Windows build fix for CVE-2015-4000
On 06/25/2015 10:46 AM, Jan Just Keijser wrote: Joseph S. Testa II wrote: Hi all, I was wondering if an updated Windows build is being planned for release soon to fix CVE-2015-4000, et. al, as described in http://www.openssl.org/news/secadv_20150611.txt. I haven't seen anyone talk about this on the mailing list since the advisory came out two weeks ago, so I thought I'd ask. I think you're referring to the logjam bug. We've a short discussion on this on May 21st when the vulnerability was announced: the main gist of this vulnerability is to use DH param files (on the server) that are at least 1024, preferable 2048 or even 3072 bits in length. As Steffan wrote: 1) OpenVPN encourages users to generate their own DH-group using 'openssl dhparam', instead of using common groups. The man page / examples used to provide 1024 bits DH keys (updated to 2048 recently), and although 1024 bits dh params *can* be broken, that is still *very* expensive. Probably too expensive for your data if you don't share the group with others. 2) OpenVPN's tls-auth feature can prevent the downgrade attack on TLS from happening (but, only if you use tls-auth, of course). Still, use DH params of at least 2048 bits, please! Upgrading is easy and only needs a change on the server. Generate new params using e.g.: openssl dhparam -out dh3072.pem 3072 update your server config to use this file: dh dh3072.pem and restart the server. So, in view of this I don't think a rebuild of the client is in order, as this bug can be easily circumvented (server-side) by using the appropriate DH file. HTH, JJK Thanks for the info. How about the other CVE's listed in that OpenSSL advisory? I'm not able to tell if they're an issue in conjunction with OpenVPN. Has anyone done a review on them as well? - Joe
Re: [Openvpn-devel] Windows build fix for CVE-2015-4000
Joseph S. Testa II wrote: Hi all, I was wondering if an updated Windows build is being planned for release soon to fix CVE-2015-4000, et. al, as described in http://www.openssl.org/news/secadv_20150611.txt. I haven't seen anyone talk about this on the mailing list since the advisory came out two weeks ago, so I thought I'd ask. I think you're referring to the logjam bug. We've a short discussion on this on May 21st when the vulnerability was announced: the main gist of this vulnerability is to use DH param files (on the server) that are at least 1024, preferable 2048 or even 3072 bits in length. As Steffan wrote: 1) OpenVPN encourages users to generate their own DH-group using 'openssl dhparam', instead of using common groups. The man page / examples used to provide 1024 bits DH keys (updated to 2048 recently), and although 1024 bits dh params *can* be broken, that is still *very* expensive. Probably too expensive for your data if you don't share the group with others. 2) OpenVPN's tls-auth feature can prevent the downgrade attack on TLS from happening (but, only if you use tls-auth, of course). Still, use DH params of at least 2048 bits, please! Upgrading is easy and only needs a change on the server. Generate new params using e.g.: openssl dhparam -out dh3072.pem 3072 update your server config to use this file: dh dh3072.pem and restart the server. So, in view of this I don't think a rebuild of the client is in order, as this bug can be easily circumvented (server-side) by using the appropriate DH file. HTH, JJK