OpenSSL CAÖ¤ÊéÈÆ¹ýÎó²î£¨CVE-2021-3450£©

Ðû²¼Ê±¼ä 2021-03-26

0x00 Îó²î¸ÅÊö

CVE  ID

CVE-2021-3450

ʱ    ¼ä

2021-03-26

Àà   ÐÍ


µÈ    ¼¶

¸ßΣ

Ô¶³ÌʹÓÃ

ÊÇ

Ó°Ïì¹æÄ£


PoC/EXP

δ¹ûÕæ

ÔÚҰʹÓÃ


 

0x01 Îó²îÏêÇé

image.png

 

OpenSSLÊÇÒ»¸ö¿ª·ÅÔ´´úÂëµÄÈí¼þ¿â°ü£¬£¬£¬£¬£¬£¬Ó¦ÓóÌÐò¿ÉÒÔʹÓÃÕâ¸ö°üÀ´¾ÙÐÐÇ徲ͨѶ£¬£¬£¬£¬£¬£¬×èÖ¹ÇÔÌý£¬£¬£¬£¬£¬£¬Í¬Ê±È·ÈÏÁíÒ»¶ËÅþÁ¬ÕßµÄÉí·Ý£¬£¬£¬£¬£¬£¬Ëü±»ÆÕ±éÓ¦ÓÃÔÚ»¥ÁªÍøµÄÍøÒ³Ð§ÀÍÆ÷ÉÏ¡£¡£¡£¡£¡£

2021Äê03ÔÂ25ÈÕ£¬£¬£¬£¬£¬£¬OpenSSLÏîÄ¿Ðû²¼Ç徲ͨ¸æ£¬£¬£¬£¬£¬£¬¹ûÕæÁËOpenSSL²úÆ·ÖеÄÒ»¸ö¾Ü¾øÐ§ÀÍÎó²îºÍÒ»¸öÖ¤ÊéÑéÖ¤ÈÆ¹ýÎó²î£¨CVE-2021-3449ºÍCVE-2021-3450£©¡£¡£¡£¡£¡£

 

OpenSSL ¾Ü¾øÐ§ÀÍÎó²î£¨CVE-2021-3449£©

¸ÃÎó²îÊÇÓÉÓÚNULLÖ¸Õë×÷·ÏÒýÓõ¼ÖµľܾøÐ§ÀÍ(DoS)Îó²î£¬£¬£¬£¬£¬£¬½öÓ°ÏìOpenSSLЧÀÍÆ÷ʵÀý£¬£¬£¬£¬£¬£¬¶ø²»Ó°Ïì¿Í»§¶Ë¡£¡£¡£¡£¡£

ÈôÊÇ´Ó¿Í»§¶Ë·¢ËÍÁ˶ñÒâµÄÖØÐÂЭÉÌClientHelloÐÂÎÅ£¬£¬£¬£¬£¬£¬ÔòOpenSSL TLSЧÀÍÆ÷¿ÉÄÜ»áÍ߽⡣¡£¡£¡£¡£ÈôÊÇTLSv1.2ÖØÐÂЭÉÌClientHelloÊ¡ÂÔÁËsignature_algorithmsÀ©Õ¹Ãû£¨ÔÚ×î³õµÄClientHelloÖб£´æ£©£¬£¬£¬£¬£¬£¬µ«°üÀ¨ÁËsignature_algorithms_certÀ©Õ¹Ãû£¬£¬£¬£¬£¬£¬Ôò½«µ¼ÖÂNULLÖ¸Õë×÷·ÏÒýÓ㬣¬£¬£¬£¬£¬´Ó¶øµ¼ÖÂÍß½âºÍ¾Ü¾øÐ§À͹¥»÷¡£¡£¡£¡£¡£

ÒÔÏÂÊÇGitHubÉ϶ԸÃÎó²îµÄÐÞ¸´£º

image.png


Ó°Ïì¹æÄ£

ÔËÐдøÓÐTLS 1.2²¢ÆôÓÃÁËÖØÐÂЭÉÌ£¨Ä¬ÈÏÉèÖ㩵ÄOpenSSL 1.1.1

 

OpenSSL CAÖ¤ÊéÑéÖ¤ÈÆ¹ýÎó²î£¨CVE-2021-3450£©

¸ÃÎó²îÊÇÖ¤Êé½ÒÏþ»ú¹¹£¨CA£©Ö¤ÊéÑéÖ¤ÈÆ¹ýÎó²î£¬£¬£¬£¬£¬£¬Ó°ÏìЧÀÍÆ÷ºÍ¿Í»§¶ËʵÀý¡£¡£¡£¡£¡£

X509_V_FLAG_X509_STRICT±ê¼Ç¿É¶ÔÖ¤ÊéÁ´Öб£´æµÄÖ¤Êé¾ÙÐÐÆäËüÇå¾²¼ì²é£¬£¬£¬£¬£¬£¬Ä¬ÈÏÇéÐÎÏÂδÉèÖᣡ£¡£¡£¡£´ÓOpenSSL°æ±¾1.1.1h×îÏÈ£¬£¬£¬£¬£¬£¬Ìí¼ÓÁËÒ»Ïî¼ì²éÒÔեȡÔÚÁ´ÖÐÏÔʽ±àÂëÍÖÔ²ÇúÏß²ÎÊýµÄÖ¤Ê飬£¬£¬£¬£¬£¬ÕâÊǸ½¼ÓµÄÑÏ¿á¼ì²é¡£¡£¡£¡£¡£Ö´Ðд˼ì²éʱ·ºÆðÒ»¸ö¹ýʧ£¬£¬£¬£¬£¬£¬ÕâÒâζ×ÅÏÈǰ¼ì²éµÄЧ¹û»á±»ÁýÕÖ£¬£¬£¬£¬£¬£¬¸Ã¼ì²éÓÃÓÚÈ·ÈÏÁ´ÖеÄÖ¤ÊéÊÇÓÐÓõÄCAÖ¤Êé¡£¡£¡£¡£¡£

Ó°Ïì¹æÄ£

OpenSSL 1.1.1h¼°¸ü¸ß°æ±¾

 

±ðµÄ£¬£¬£¬£¬£¬£¬½ñÄê2Ô£¬£¬£¬£¬£¬£¬OpenSSL ÏîĿҲÐû²¼ÁËÇå¾²¸üУ¬£¬£¬£¬£¬£¬ÐÞ¸´ÁËOpenSSLÖеÄ2¸ö¾Ü¾øÐ§ÀÍ£¨DoS£©Îó²îºÍ1¸ö²»×¼È·µÄSSLv2»Ø¹ö±£»£»£»£»£»£»£»¤Îó²î¡£¡£¡£¡£¡£

 

0x02 ´¦Öóͷ£½¨Òé

ÏÖÔÚ¹Ù·½ÒÑÐÞ¸´ÁËÕâÁ½¸öÎó²î£¬£¬£¬£¬£¬£¬½¨Òéʵʱ¸üÐÂÖÁOpenSSL 1.1.1k£¨OpenSSL 1.0.2²»ÊÜÕâÁ½¸öÎó²îÓ°Ï죩¡£¡£¡£¡£¡£

ÏÂÔØÁ´½Ó£º

https://openssl.en.softonic.com/


0x03 ²Î¿¼Á´½Ó

https://www.openssl.org/news/secadv/20210325.txt

https://www.bleepingcomputer.com/news/security/openssl-fixes-severe-dos-certificate-validation-vulnerabilities/

https://securityaffairs.co/wordpress/115968/security/openssl-flaws-2.html?

https://github.com/openssl/openssl/commit/2a40b7bc7b94dd7de897a74571e7024f0cf0d63b

 

0x04 ʱ¼äÏß

2021-03-25  OpenSSLÐû²¼Ç徲ͨ¸æ

2021-03-26  VSRCÐû²¼Ç徲ͨ¸æ

 

0x05 ¸½Â¼

 

CVSSÆÀ·Ö±ê×¼¹ÙÍø£ºhttp://www.first.org/cvss/

image.png