OpenSSL has released an advisory urging users to update their systems in the wake of a high-severity alternative chains certificate forgery bug.
"During certificate verification, OpenSSL (starting from version 1.0.1n and 1.0.2b) will attempt to find an alternative certificate chain if the first attempt to build such a chain fails," the advisory reads. "An error in the implementation of this logic can mean that an attacker could cause certain checks on untrusted certificates to be bypassed, such as the CA flag, enabling them to use a valid leaf certificate to act as a CA and 'issue' an invalid certificate."
The issue, which was reported to OpenSSL on June 24th, 2015 by Adam Langley and David Benjamin of Google/BoringSSL, is known to affect versions 1.0.2c, 1.0.2b, 1.0.1n, and 1.0.1o. It can be used to compromise any application that verifies certificates including SSL and TLS.
"This type of vulnerability poses a large risk for connections secured by OpenSSL as it potentially allows an attacker to forge 'trusted' certificates opening the door for man in the middle attacks," warns Craig Young, a Computer Security Researcher with Tripwire's Vulnerability and Exposures Research Team (VERT). "Fortunately consumers generally don't need to worry about this as much as it may seem. Most web browsers do not use OpenSSL and so are unaffected."
While consumers might not be at too great of a risk, Young goes on to state that his chief concern involves system update processes being subverted, which might allow malicious code to be sent to a victim manipulating the update communication. This could allow attackers to compromise embedded Unix/Linux-derived systems as well as target IoT devices for data access or MiTM attacks against update servers. Tim Erlin, Director of Product Management at Tripwire, agrees with Young's assessment that the severity of the issue, while great, should be kept in context. "There’s an interesting cycle with OpenSSL vulnerabilities after Heartbleed. OpenSSL pre-announces a high severity vulnerability, which causes the information security community to start making noise about the ‘next Heartbleed,'" Erlin explains. "When the vulnerability is actually published, it always seems so much less severe because of all that pre-announcement hype. For example, this issue only affects newer versions of OpenSSL, whereas Heartbleed was very widespread. It could never have been the next Heartbleed because it was pre-announced." OpenSSL 1.0.2b/1.0.2c users are urged to upgrade to 1.0.2d, whereas those with OpenSSL 1.0.1n/1.0.1o should upgrade to 1.0.1p.
