SSL CBC IV vulnerability
Project curl Security Advisory, January 24th 2012 permalink
VULNERABILITY
curl is vulnerable to a SSL CBC IV vulnerability when built to use OpenSSL for the SSL/TLS layer.
This vulnerability has been identified (CVE-2011-3389 aka the "BEAST" attack) and is addressed by OpenSSL already as they have made a work-around to mitigate the problem. When doing so, they figured out that some servers didn't work with the work-around and offered a way to disable it.
The bit used to disable the workaround was then added to the generic SSL_OP_ALL bitmask that SSL clients may use to enable work-arounds for better compatibility with servers. libcurl uses the SSL_OP_ALL bitmask.
While SSL_OP_ALL is documented to enable "rather harmless" work-arounds, it does in this case effectively enable this security vulnerability again.
There is no known exploit for this problem.
CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel
AFFECTED VERSIONS
Only curl and libcurl builds that use OpenSSL are affected.
Not affected versions: curl < 7.10.6 and >= 7.24.0
Also note that libcurl is used by many applications, and not always advertised as such.
SOLUTION
libcurl 7.24.0 never sets the SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS bit
RECOMMENDATIONS
We suggest you take one of the following actions immediately, in order of preference:
A - Upgrade to curl and libcurl 7.24.0
B - Apply this patch and rebuild libcurl
https://curl.se/curl-dont-insert-empty-fragments.patch
C - Rebuild curl with another SSL library
D - Change the option within your application by using the CURLOPT_SSL_CTX_FUNCTION callback
TIME LINE
product-security at Apple reported this problem to us on January 19th 2012.
We discussed solutions and a first patch was written on the same day.
curl 7.24.0 was released on January 24th 2012, coordinated with the publication of this this flaw.
CREDITS
- Reported-by: product-security at Apple
- Help-by: Yang Tse
- Patched-by: Daniel Stenberg
Thanks a lot!