Conversation

OpenSSL security fixes dropped. CVE-2021-3450 is a complete certificate verification bypass in niche non-standard configurations. CVE-2021-3449 is a NULL pointer dereference crash in default server configurations. openssl.org/news/secadv/20

129

236

Filippo Valsorda

@FiloSottile

Mar 25, 2021

CVE-2021-3450 is kinda delightful because it was introduced by a change that rejects custom curve parameters (which is what broke Windows last year), and it only affects X509_V_FLAG_X509_STRICT mode. Complexity is killer.

Filippo Valsorda

@FiloSottile

Mar 25, 2021

CVE-2021-3449 looks like it could have been found easily if anyone figured out how to fuzz renegotiation, but renegotiation is sadness. Anyway, sounds like you can crash most OpenSSL servers on the Internet today.

Replying to

Depends..... things like Apache HTTP server will handle a child crash (in default mpm) just it'll cause a lot of extra process forking

Replying to

and

That's a recipe for a DOS anyway, it just requires some little extra effort

Replying to

and

You certainly need sustained and repeated requests against such a service (and generally when the attack stops they'd recover). But of course any server not designed to handle child crashes could be a DoS from a single request.

Replying to

and

This architecture makes it significantly easier to exploit RCE vulnerabilities without entirely reliable exploit chains when respawning isn't appropriately throttled. Handling unexpected crashes by spawning new processes at full throttle is a higher risk approach than it seems.

3:01 PM · Mar 25, 2021Twitter Web App

Replying to

DoS is a lot better than RCE. An exploit with a small chance of success due to probabilistic mitigations and other obstacles is a lot scarier with this kind of architecture. That's particularly true when the processes are spawned with fork rather than fork + exec. It's not ideal.