novaBBS - comp.sys.tandem - Why CVE-2022-0778 is bad

Why CVE-2022-0778 is bad

<1b4d0278-e7c5-40e1-99fb-2746175f49a0n@googlegroups.com>

https://www.novabbs.com/computers/article-flat.php?id=389&group=comp.sys.tandem#389

X-Received: by 2002:a05:620a:1279:b0:67e:e60:1bc4 with SMTP id b25-20020a05620a127900b0067e0e601bc4mr22167596qkl.374.1648595645014;
Tue, 29 Mar 2022 16:14:05 -0700 (PDT)
X-Received: by 2002:a81:652:0:b0:2e9:d3be:2f29 with SMTP id
79-20020a810652000000b002e9d3be2f29mr23580320ywg.249.1648595644760; Tue, 29
Mar 2022 16:14:04 -0700 (PDT)
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!news.misty.com!border2.nntp.dca1.giganews.com!nntp.giganews.com!news-out.google.com!nntp.google.com!postnews.google.com!google-groups.googlegroups.com!not-for-mail
Newsgroups: comp.sys.tandem
Date: Tue, 29 Mar 2022 16:14:04 -0700 (PDT)
Injection-Info: google-groups.googlegroups.com; posting-host=2607:fea8:3ddf:f2b0:e072:a1a2:4ed4:1b49;
posting-account=6VebZwoAAAAgrpUtsowyjrKRLNlqxnXo
NNTP-Posting-Host: 2607:fea8:3ddf:f2b0:e072:a1a2:4ed4:1b49
User-Agent: G2/1.0
MIME-Version: 1.0
Message-ID: <1b4d0278-e7c5-40e1-99fb-2746175f49a0n@googlegroups.com>
Subject: Why CVE-2022-0778 is bad
From: rsbec...@nexbridge.com (Randall)
Injection-Date: Tue, 29 Mar 2022 23:14:05 +0000
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Lines: 42

by: Randall - Tue, 29 Mar 2022 23:14 UTC

So you've probably (hopefully) read about this, but I figured I'd summarize..

CVE-2022-0778 is an OpenSSL critical vulnerability that has been in the code a long time, but was recently found. It is fixed in the latest ITUGLIB builds, so you can feel safe there.

Simply, OpenSSL loads certificate parameters before doing the evaluation of whether they key exchange is possible. If a specific parameter is wrong - and this can be done deliberately either on a client or server, the OpenSSL BN_mod_sqrt() function can go into a loop. This can be used as a DoS attack on a web server or can be used by a hostile redirect to crash a client, like an SSL-based POS device. Because this happens before the key exchange is done in TLS 1.2, a man-in-the-middle attack may not succeed, but the edge device can still hang. It is entirely possible that this attack has been previously used by hackers trying to cause problems.

A surprising finding today - it is not my fault, I just found it, so do not shoot the messenger - is that this can also happen if you are using SSL signed content verification. Specifically, the openssl dgst command, with a key from an outside hostile source. That good part is you can detect this if the verification process does not complete quickly or drops to priority 1. As with any OpenSSL key, be careful where you get your certificates, trust only who should be trusted, and maintain current and hardened processes for maintaining your key stores.

Please upgrade your version of OpenSSL to 1.1.1n or 3.0.2 at a minimum (as of 2022-Mar-29, these are the latest builds). Disabling TLS 1.2, 1.1, and 1..0 may help to reduce the likelihood of hitting this problem, because TLS 1..3 handles kex differently, but does not guarantee safety. If you need 1.0.2 patched, the fix is available from OpenSSL (with my help to apply it), but is not free - OpenSSL requires a premium support contract to get the fix - reply to me directly if you need help with that.

Also note that many other platforms do not have fixes in their update repositories for this CVE. Check your public systems carefully. We do know of some Linux distribution versions that are definitely vulnerable because the fixes are not available to them by default - you might need that support contract I mentioned above.

Please be careful out there and do not ignore this CVE,
Randall Becker
On Behalf of the ITUGLIB Technical Committee

Even bytes get lonely for a little bit.

computers / comp.sys.tandem / Why CVE-2022-0778 is bad