In an advisory notice published on Thursday, the group issued a total of 14 security fixes including two rated as ‘high priority', nine as ‘moderate' and three as ‘low priority'.
The two urgent fixes resolve around a revised fix (CVE-2015-0204) for the Freak SSL flaw, which is more prominent than first thought, as well as a new OpenSSL bug (CVE-2015-0291) which could be potentially exploited by attackers launching DoS attacks to make the servers crash. This was, however, not as bad as had been predicted in the days leading up to the release of the fixes.
“If a client connects to an OpenSSL 1.0.2 server and renegotiates with an invalid signature algorithms extension a NULL pointer dereference will occur. This can be exploited in a DoS attack against the server,” reads the advisory on the DoS flaw.
“This issue affects OpenSSL version: 1.0.2…OpenSSL 1.0.2 users should upgrade to 1.0.2a.”
A blog post by OpenSSL Project member Mark Cox reveals there has been no evidence that the bug - reported to OpenSSL Project on 26th February 2015 - has been exploited publicly – with this perhaps owing to the fact that it affects only 1.0.2 OpenSSL, which was only released earlier this year.
On the Freak flaw, the project notes: “"This was classified low because it was originally thought that server RSA export cipher suite support was rare: a client was only vulnerable to a MiTM attack against a server which supports an RSA export cipher suite," it said.
"Recent studies have shown that RSA export cipher suites support is far more common."
Rapid 7 global security strategist Trey Ford said in an email to SCMagazineUK.com and other journalists: “Fourteen OpenSSL vulnerabilities were announced and addressed this morning. Two specific issues were classified as High Severity, one exposing the service to what appears to be an easy-to-execute Denial of Service attack; the other exposing the surprisingly common RSA export cipher suites to “man in the middle” attacks. Incidentally the highest severity issue (a crash via NULL pointer dereference) only affects version 1.0.2, and many users are still on versions 0.9.8 and 1.0.1.
“We expect to see corresponding attack code quickly built by those reverse engineering the published patches - steps to push these fixes to internet exposed systems should be prioritised. Export ciphers are overdue for retirement, and organisations using them should look for ways to upgrade to more stringent encryption standards.”
Ashley Stephenson, CEO at Corero, added in another email to SC: “This exploit falls into the “killer packet” category of DDoS attacks and there are only a few practical methods available to protect against this kind of threat.
“First, upgrade the vulnerable system (obvious, but not always practical) in this case [to] OpenSSL 1.0.2a. Second, is to utilise real-time in-line DDoS inspection of the untrusted packet stream for possible signatures that identify the exploit (looking for the killer packet). If as reported, this vulnerability can be readily triggered by invalid renegotiation requests it will be a real DDoS weapon. However, there are two things that should limit the long term risk of this exploit; it will be easy to observe (reason for crash of SSL will be indicated – sigalgs) [and the] server patch is already available.”
Stephenson continued: “End users that do not follow the upgrade recommendation, or take advantage of real-time DDoS defence mechanisms, are at significant risk for the exploitation of those servers for the use of Denial of Service. Any OpenSSL server that had already been patched for Heartbleed is also vulnerable to this threat, which gives us a sense of the magnitude of this vulnerability.”