Full Disclosure mailing list archives
Re: Openssl proof of concept code? / Neoteris
From: petard <petard () freeshell org>
Date: Thu, 15 Jan 2004 20:30:57 +0000
On Wed, Jan 14, 2004 at 04:34:53PM -0500, Lachniet, Mark wrote:
I did search packetstorm (as always) prior to posting, but came up short. I also spent a lot of time googling the usual suspects. There was some older gobbles openssl code but nothing that seemed to be appropriate to the most recent issues. Its possible I missed something, but I would think someone would have pointed out my error by now if that were the case. FWIW, since posting I have not received a single positive lead on an OpenSSL PoC at all. There are plenty of folks who have one, but they aren't talkin' Hence, I think there are still some products out there that are vulnerable, vendors who aren't fixing it, and a small subset of individuals with the ability to exploit it. Not exactly a great recipe for risk management IMO. One device that I'm particularly interested in getting more information on is the Neoteris SSL VPN appliance. It fingerprints as Apache 1.3.26 or thereabouts, and has SSL support, so I am guessing that it is running the OpenSSL code base. Yet, I don't see them listed in any of the advisories. It could be a "silent patch" but it could still be vulnerable. Anyone know?
This isn't as good as ./ready-to-run PoC code, but it may help you just the same... I've caught out a few products this way myself. First, modify a copy of openssl such that it sends a client certificate regardless of whether the server requests one. This is a one-line modification and should be trivial if you understand the client-server SSL handshake. Then configure your server such that it does not request client certificates. Generate a throw-away self-signed client certificate and key, and drop them into a PEM file. Using a standalone openssl application built against your modified openssl tree, connect to the server in question. For example: openssl s_client -connect host:443 -cert throwawayclientcert.pem Carefully observe the error that results from this connection. Also look in the server logs for messages similar to: depth=0 /CN=tiny-client/C=US/O=throwaway-pki verify error:num=20:unable to get local issuer certificate verify return:1 which indicate an attempt to parse a client certificate... the server should not try to parse certificates it doesn't request. This is the reason the ASN.1 parser bugs affect so many servers. Here's an example of my modified client running against a vulnerable (0.9.7b) server: $ apps/openssl s_client -connect localhost:4433 -cert client.pem CONNECTED(00000003) depth=0 /CN=tiny/C=US/O=throwaway-pki verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 /CN=tiny/C=US/O=throwaway-pki verify error:num=27:certificate not trusted verify return:1 depth=0 /CN=tiny/C=US/O=throwaway-pki verify error:num=21:unable to verify the first certificate verify return:1 !!! s3_clnt.c [326] Sending a client cert even though the server didn't ask for one! 2312:error:140943F2:SSL routines:SSL3_READ_BYTES:sslv3 alert unexpected message: s3_pkt.c:1052:SSL alert number 10 2312:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:226: $ By contrast, here it is running against a patched (0.9.7c) server: $ apps/openssl.exe s_client -connect localhost:4433 -cert client.pem CONNECTED(00000003) depth=0 /CN=tiny/C=US/O=throwaway-pki verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 /CN=tiny/C=US/O=throwaway-pki verify error:num=27:certificate not trusted verify return:1 depth=0 /CN=tiny/C=US/O=throwaway-pki verify error:num=21:unable to verify the first certificate verify return:1 !!! s3_clnt.c [326] Sending a client cert even though the server didn't ask for one! write:errno=104 $ What happened here is that the patched server shut the connection down in an orderly fashion without parsing the client certificate, while the unpatched one parsed the cert and reacted badly. Hope this helps, petard -- If your message really might be confidential, download my PGP key here: http://petard.freeshell.org/petard.asc and encrypt it. Otherwise, save bandwidth and lose the disclaimer. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Openssl proof of concept code? / Neoteris Lachniet, Mark (Jan 14)
- Re: Openssl proof of concept code? / Neoteris petard (Jan 15)
- <Possible follow-ups>
- RE: Openssl proof of concept code? / Neoteris Lachniet, Mark (Jan 15)