OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error. OpenSSL version 1.0.2b-1.0.2m are affected. Fixed in OpenSSL 1.0.2n. OpenSSL 1.1.0 is not affected.
OpenSSL 1.0.2 (comenzando desde la versión 1.0.2b) introdujo un mecanismo de "error state" (estado de error). La intención era que, si ocurría un error fatal durante una negociación, OpenSSL entraría en el estado de error y fallaría automáticamente si se intentase continuar la negociación. Esto funciona tal y como se ha diseñado para las funciones de negociación explícitas (SSL_do_handshake(), SSL_accept() y SSL_connect()); sin embargo, debido a un error, no funciona correctamente si se llama directamente a SSL_read() o a SSL_write(). En ese caso, si la negociación fracasa, se devolverá un error fatal en la llamada de función inicial. Si, posteriormente, la aplicación llama a SSL_read()/SSL_write() para el mismo objeto SSL, tendrá éxito y los datos se pasarán sin cifrarse/descifrarse directamente desde la capa de registro SSL/TLS. Para explotar esta vulnerabilidad, debería existir un error de aplicación que resulte en una llamada a SSL_read()/SSL_write() que se realiza una vez ya se ha recibido un error fatal. Las versiones 1.0.2b-1.0.2m de OpenSSL se han visto afectadas. Se ha solucionado en OpenSSL 1.0.2n. OpenSSL 1.1.0 no se ha visto afectada.
AV:N/AC:M/Au:N/C:P/I:N/A:N
| Access Vector | NETWORK |
|---|---|
| Access Complexity | MEDIUM |
| Authentication | NONE |
| Confidentiality Impact | PARTIAL |
| Integrity Impact | NONE |
| Availability Impact | NONE |
| Source | Type | Description |
|---|---|---|
| [email protected] | Primary |
en
CWE-125
en
CWE-787
|
| Vendor | Product | Version | Update | Type |
|---|---|---|---|---|
| openssl | openssl | 1.0.2b | <built-in method update of dict object at 0x72a9b0b6a640> | Application |
| openssl | openssl | 1.0.2c | <built-in method update of dict object at 0x72a9ccd29a00> | Application |
| openssl | openssl | 1.0.2d | <built-in method update of dict object at 0x72a9b0b38400> | Application |
| openssl | openssl | 1.0.2e | <built-in method update of dict object at 0x72a9ccf9f240> | Application |
| openssl | openssl | 1.0.2f | <built-in method update of dict object at 0x72a9b0b6bd00> | Application |
| openssl | openssl | 1.0.2g | <built-in method update of dict object at 0x72a9b0b6a800> | Application |
| openssl | openssl | 1.0.2h | <built-in method update of dict object at 0x72a9b0b38ac0> | Application |
| openssl | openssl | 1.0.2i | <built-in method update of dict object at 0x72a9b0b39880> | Application |
| openssl | openssl | 1.0.2j | <built-in method update of dict object at 0x72a9b0b3a0c0> | Application |
| openssl | openssl | 1.0.2k | <built-in method update of dict object at 0x72a9b0b68a40> | Application |
| openssl | openssl | 1.0.2l | <built-in method update of dict object at 0x72a9b0b3b340> | Application |
| openssl | openssl | 1.0.2m | <built-in method update of dict object at 0x72a9ccd2a6c0> | Application |
| debian | debian_linux | 9.0 | <built-in method update of dict object at 0x72a9b0b3b480> | Operating System |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:openssl:openssl:1.0.2g:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:openssl:openssl:1.0.2h:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:openssl:openssl:1.0.2i:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:openssl:openssl:1.0.2j:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:openssl:openssl:1.0.2k:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:openssl:openssl:1.0.2l:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:openssl:openssl:1.0.2m:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* |