OpenSSL 3.0.16, 3.1.8, 3.2.4, 3.3.3, and 3.4.1 are now available for patch release. Versions 3.2.4, 3.3.3, and 3.4.1 address a vulnerability (CVE-2024-12797), which has been assigned a high severity level. This vulnerability allows for a man-in-the-middle attack on TLS and DTLS connections. The issue only affects systems that use Raw Public Key (RPK, RFC 7250) for client authentication. By default, RPK support is disabled on the client side. Server.
The vulnerability is caused by OpenSSL not returning information to the client about server authentication failure when establishing a connection using the SSL_VERIFY_PEER verification mode, as the connection negotiation process is not properly terminated. An attacker can perform a man-in-the-middle attack and redirect traffic to their host instead of the target server, and the client will not receive the information that server Not authenticated. The issue has been present since OpenSSL 3.2, which introduced the ability to use RPKs instead of X.509 certificates.
In addition, OpenSSL updates fix vulnerability CVE-2024-13176, which allows a side-channel attack to recreate an ECDSA private key by analyzing the delays that occur when generating a digital signature. The essence of the vulnerability is that for some types of elliptic curves, such as NIST P-521, calculations with zero senior bits of the inverted initialization vector (nonce) value can be distinguished from the general mass, the processing time of which differs by 300 nanoseconds.
In the case of ECDSA, determining even a few bits of information about the initialization vector is enough to perform an attack to sequentially recover the entire private key. To successfully perform this attack, the attacker must have access to the local system running the application that generates the digital signatures, or high-speed network access to the application with very low latency. The attacker must also be able to analyze with great accuracy the generation time of a large number of digital signatures created on data known to him.
Source: opennet.ru
