What's Old Is New Again
From the OpenSSL mailing list:
A potentially exploitable vulnerability has been discovered in the OpenSSL function asn1_d2i_read_bio.
Any application which uses BIO or FILE based functions to read untrusted DER format data is vulnerable. Affected functions are of the form d2i_bio or d2i_fp, for example d2i_X509_bio or d2i_PKCS12_fp.
Applications using the memory based ASN1 functions (d2i_X509, d2i_PKCS12 etc) are not affected. In particular the SSL/TLS code of OpenSSL is not affected.
Applications only using the PEM routines are not affected.
S/MIME or CMS applications using the built in MIME parser SMIME_read_PKCS7 or SMIME_read_CMS are affected.
The OpenSSL command line utility is also affected if used to process untrusted data in DER format.
Note: although an application using the SSL/TLS portions of OpenSSL is not automatically affected it might still call a function such as d2i_X509_bio on untrusted data and be vulnerable.
Thanks to Tavis Ormandy, Google Security Team, for discovering this issue and to Adam Langley [email protected] for fixing it.
Affected users should upgrade to OpenSSL 1.0.1a, 1.0.0i or 0.9.8v.
This was posted in response to a security advisory posted by Tavis Ormandy earlier today.
The funny thing about this is that, not only has this problem been known for a while, it’s included in Mark Dowd’s book, “The Art of Software Security Assessment - Identifying and Preventing Software Vulnerabilities”, which was published in 2006:
Mark Dowd wrote on Twitter earlier, “I published that bug in our book (TAOSSA) in 2006. I just neglected to mention it was 0day.”
It’s interesting to consider how many security vulnerabilities might have existed for many years—known ones, too. It’s not the first time this happens, either—earlier this year, the algorithmic complexity attacks against the hash table implementations in many different programming languages garnered widespread attention, but that problem was highlighted by Scott Crosby and Dan Wallach at USENIX in 2003! (The hash function was subsequently randomized in Perl, but not many others until years later.)