curl / Docs / Security Problems / SSL CBC IV vulnerability

SSL CBC IV vulnerability

Project curl Security Advisory, January 24th 2012 permalink

VULNERABILITY

curl is vulnerable to a SSL CBC IV vulnerability when built to use OpenSSL for the SSL/TLS layer.

This vulnerability has been identified (CVE-2011-3389 aka the "BEAST" attack) and is addressed by OpenSSL already as they have made a work-around to mitigate the problem. When doing so, they figured out that some servers didn't work with the work-around and offered a way to disable it.

The bit used to disable the workaround was then added to the generic SSL_OP_ALL bitmask that SSL clients may use to enable work-arounds for better compatibility with servers. libcurl uses the SSL_OP_ALL bitmask.

While SSL_OP_ALL is documented to enable "rather harmless" work-arounds, it does in this case effectively enable this security vulnerability again.

There is no known exploit for this problem.

CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel

AFFECTED VERSIONS

Only curl and libcurl builds that use OpenSSL are affected.

SOLUTION

libcurl 7.24.0 never sets the SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS bit

RECOMMENDATIONS

We suggest you take one of the following actions immediately, in order of preference:

A - Upgrade to curl and libcurl 7.24.0

B - Apply this patch and rebuild libcurl

  https://curl.se/curl-dont-insert-empty-fragments.patch

C - Rebuild curl with another SSL library

D - Change the option within your application by using the CURLOPT_SSL_CTX_FUNCTION callback

TIME LINE

product-security at Apple reported this problem to us on January 19th 2012.

We discussed solutions and a first patch was written on the same day.

curl 7.24.0 was released on January 24th 2012, coordinated with the publication of this this flaw.

CREDITS

Thanks a lot!