1. 미들웨어이야기/04. Nginx

Nginx와 OpenSSL 보완 취약점

알 수 없는 사용자 2014. 7. 31. 00:46


2014년 4월 8일 에는 OpenSSL HeartBleed(CVE-2014-0160)버그 인해 긴급하게 OpenSSL버전을 최신버전으로 업그레이드를 하였었는데, 이후에 6월 5일 추가적인 보안 이슈가 생겨서 다시 긴급하게 OpenSSL버전을 업그레이드 하였습니다.



1. 권장하는 openSSL 버전

    OpenSSL 0.9.8 SSL/TLS -> 0.9.8za

    OpenSSL 1.0.0 SSL/TLS -> 1.0.0m

    OpenSSL 1.0.1 SSL/TLS -> 1.0.1h



2. OpenSSL버전 확인하는 방법

   1) 'openssl version' 명령어를 사용 (적합하지 않음)
       다양한 버전의 openssl이 설치가 되어 있을 경우 버전을 명확하게 확인을 할 수가 없습니다.

   2) Nginx가 사용하는 library 확인
      $ ldd `which nginx` | grep ssl
      libssl.so.1.0.0 => /lib/x86_64-linux-gnu/libssl.so.1.0.0 (0x00007f82e62bf000)
      $ strings /lib/x86_64-linux-gnu/libssl.so.1.0.0 | grep "^OpenSSL "
     OpenSSL 1.0.1f 6 Jan 2014

    3) Nginx Configuration 확인
      nginx 설치할때의 configuration 옵션을 확인하여 참조하고 있는 OpenSSL의 위치를 확인 할 수 있습니다.
     $ ./objs/nginx -V
     nginx version: nginx/1.7.1

     built by gcc 4.6.3 (Ubuntu/Linaro 4.6.3-1ubuntu5)

     configure arguments: --with-cc-opt=-I../openssl-1.0.1f/include 
       --with-ld-opt='-L../openssl-1.0.1f -Wl,-Bstatic -lssl -lcrypto -Wl,-Bdynamic -ldl' 
       --with-openssl=../openssl-1.0.1f

참고 URL : http://nginx.com/blog/nginx-05-june-2014-openssl-security-advisory/

6월 5일 추가된 보안 취약점 리스트

DTLS recursion flaw (CVE-2014-0221)

====================================


By sending an invalid DTLS handshake to an OpenSSL DTLS client the code

can be made to recurse eventually crashing in a DoS attack.


Only applications using OpenSSL as a DTLS client are affected.


OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8za

OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0m.

OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1h.


Thanks to Imre Rad (Search-Lab Ltd.) for discovering this issue.  This

issue was reported to OpenSSL on 9th May 2014.


The fix was developed by Stephen Henson of the OpenSSL core team.


DTLS invalid fragment vulnerability (CVE-2014-0195)

====================================================


A buffer overrun attack can be triggered by sending invalid DTLS fragments

to an OpenSSL DTLS client or server. This is potentially exploitable to

run arbitrary code on a vulnerable client or server.


Only applications using OpenSSL as a DTLS client or server affected.


OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8za

OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0m.

OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1h.


Thanks to Jüri Aedla for reporting this issue.  This issue was

reported to OpenSSL on 23rd April 2014 via HP ZDI.


The fix was developed by Stephen Henson of the OpenSSL core team.


SSL_MODE_RELEASE_BUFFERS NULL pointer dereference (CVE-2014-0198)

=================================================================


A flaw in the do_ssl3_write function can allow remote attackers to

cause a denial of service via a NULL pointer dereference.  This flaw

only affects OpenSSL 1.0.0 and 1.0.1 where SSL_MODE_RELEASE_BUFFERS is

enabled, which is not the default and not common.


OpenSSL 1.0.0 users should upgrade to 1.0.0m.

OpenSSL 1.0.1 users should upgrade to 1.0.1h.


This issue was reported in public.  The fix was developed by

Matt Caswell of the OpenSSL development team.


SSL_MODE_RELEASE_BUFFERS session injection or denial of service (CVE-2010-5298)

===============================================================================

 

A race condition in the ssl3_read_bytes function can allow remote

attackers to inject data across sessions or cause a denial of service.

This flaw only affects multithreaded applications using OpenSSL 1.0.0

and 1.0.1, where SSL_MODE_RELEASE_BUFFERS is enabled, which is not the

default and not common.


OpenSSL 1.0.0 users should upgrade to 1.0.0m.

OpenSSL 1.0.1 users should upgrade to 1.0.1h.


This issue was reported in public.  


Anonymous ECDH denial of service (CVE-2014-3470)

================================================


OpenSSL TLS clients enabling anonymous ECDH ciphersuites are subject to a

denial of service attack.


OpenSSL 0.9.8 users should upgrade to 0.9.8za

OpenSSL 1.0.0 users should upgrade to 1.0.0m.

OpenSSL 1.0.1 users should upgrade to 1.0.1h.


Thanks to Felix Gröbert and Ivan Fratrić at Google for discovering this

issue.  This issue was reported to OpenSSL on 28th May 2014.


The fix was developed by Stephen Henson of the OpenSSL core team.


Other issues

============


OpenSSL 1.0.0m and OpenSSL 0.9.8za also contain a fix for

CVE-2014-0076: Fix for the attack described in the paper "Recovering

OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"

Reported by Yuval Yarom and Naomi Benger.  This issue was previously

fixed in OpenSSL 1.0.1g.



by. 김현수(8월)