Shulou(Shulou.com)06/01 Report--

In this issue, the editor will bring you about how to analyze openssl denial of service vulnerabilities. The article is rich in content and analyzes and narrates it from a professional point of view. I hope you can get something after reading this article.

0x00 vulnerability background

On April 21, 2020, 360CERT Monitoring found that openssl officially issued a risk notice for a denial of service vulnerability in TLS 1.3 components, the vulnerability number is CVE-2020-1967, vulnerability level: high risk.

Openssl is an open source library package that applications can use for secure communication. This package is widely used on web servers on the Internet. The main library is written in C language, which realizes the basic encryption function and the protocols of SSL and TLS. Openssl can run on OpenVMS, Microsoft Windows, and most Unix-like operating systems (including Solaris,Linux,MacOS and various versions of the open source BSD operating system).

TLS (Transport Layer Security) is a security protocol that aims to provide security and data integrity for Internet communications. This protocol is widely supported in browsers, e-mail, instant messaging, VoIP, web fax and other applications. At present, the protocol has become the industry standard for secure communication on the Internet.

There is a denial of service vulnerability in openssl. By sending a specially made request packet, an attacker can cause the target host's service to crash or deny service.

In this regard, 360CERT recommends that the majority of users timely install the latest patches, do a good job of asset self-examination and prevention work, so as to avoid hacker attacks.

0x01 risk rating

360CERT's assessment of the vulnerability is as follows

Assessment methods, threat levels, high risk impact areas, a wide range of 0x02 vulnerability details

Official description

The server or client program handles the TLS 1.3 handshake before and after the SSL_check_chain () function. A null pointer dereferencing may be triggered, resulting in incorrect handling of the tls extension signature_algorithms_cert. A crash or denial of service vulnerability may occur when the server or client program receives an invalid or unrecognized signature algorithm.

0x03 affects version

Openssl:1.1.1d

Openssl:1.1.1e

Openssl:1.1.1f

0x04 repair recommendations General patching recommendations:

Upgrade to version 1.1.1g, download from:

Https://www.openssl.org/source/

Users of 1.0.2 and previous versions are not affected by this vulnerability, but such versions have lost their support. It is recommended that users upgrade to 1.1.1g.

0x05 related spatial mapping data

Through surveying and mapping the assets of the whole network, it is found that openssl is widely used all over the world, as shown in the following figure.

0x06 product side solution 360city-level network security monitoring service

The QUAKE asset mapping platform of the security brain monitors such vulnerabilities by means of asset mapping technology, and asks users to contact the relevant product area leaders to obtain the corresponding products.

The above is the analysis of openssl denial of service vulnerabilities shared by the editor. If you happen to have similar doubts, you might as well refer to the above analysis to understand. If you want to know more about it, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.