OpenSSL has announced a high severity vulnerability, CVE-2015-1793 which will require an upgrade to some OpenSSL installations.

The vulnerability was discovered by Google personnel Adam Langley and David Benjamin on June 24, 2015. Google has been working on an alternative to OpenSSL called BoringSSL. This has allowed Google to reduce vulnerabilities in their installations, but is also a benefit to OpenSSL as issues have been reported. Note that BoringSSL is not impacted.

OpenSSL states that “during certificate verification, OpenSSL (starting from version 1.0.1n and 1.0.2b) will attempt to find an alternative certificate chain if the first attempt to build such a chain fails. An error in the implementation of this logic can mean that an attacker could cause certain checks on untrusted certificates to be bypassed, such as the CA flag, enabling them to use a valid leaf certificate to act as a CA and “issue” an invalid certificate.” The vulnerability will impact any application that verifies certificates including SSL, TLS and DTLS clients and servers when using client authentication.

This means that an attacker can then become trusted the same as a certification authority (CA) and issue invalid publicly trusted SSL/TLS certificates for any domain. Such a vulnerability would support man-in-the-middle (MitM) attacks.

This issue impacts OpenSSL versions 1.0.2b, 1.0.2c, 1.0.1n and 1.0.1o.

  • OpenSSL 1.0.2b/1.0.2c users should upgrade to 1.0.2d
  • OpenSSL 1.0.1n/1.0.1o users should upgrade to 1.0.1p

Server administrators should consider checking there servers for the version of OpenSSL, then upgrading as required. We expect to see patch announcements from vendors within the next day or so.

Please note that Red Hat has announced that no Red Hat products are affected by the flaw described in CVE-2015-1793. It is expected that CentOS and Ubuntu are also not impacted.

Update July 9, 2015 – Updated impact to state “The vulnerability will impact any application that verifies certificates including SSL, TLS and DTLS clients and servers when using client authentication.”