OpenSSL Multiple Vulnerabilities (Feb 10, 2017)


OpenSSL is a widely-used software library in applications that need to secure communications over computer networks against eavesdropping or need to ascertain the identity of the party at the other end. It contains an open-source implementation of the SSL and TLS protocols. OpenSSL is available for most Unix and Unix-like operating systems (including Solaris, Linux, macOS, QNX, and the various open-source BSD operating systems), OpenVMS and Microsoft Windows.

Multiple vulnerabilities have been discovered in OpenSSL library. An advisory has been released by the vendor here. Among them CVE-2017-3731 is an integer underflow vulnerability leading to an out of bounds read of truncated packet, usually resulting in a crash. CVE-2017-3730 is a NULL pointer dereference vulnerability of bad parameters for a DHE or ECDHE key exchange from malicious server.

The vendor has patched the vulnerabilities. For OpenSSL 1.1.0, please upgrade to 1.1.0d. For Openssl 1.0.2, please upgrade to update to 1.0.2k.

SonicWall threat team has researched these vulnerabilities and released the following IPS signatures to protect their customers:

  • IPS:12606 OpenSSL ChaCha20-Poly1305 and RC4-MD5 Integer Underflow 1
  • IPS:12607 OpenSSL ChaCha20-Poly1305 and RC4-MD5 Integer Underflow 2
  • IPS:12608 OpenSSL DHE and ECDHE Parameters NULL Pointer Dereference 1
  • IPS:12609 OpenSSL DHE and ECDHE Parameters NULL Pointer Dereference 2
Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.