On 2/6/2016 2:09 PM, Dana Burd wrote:
>> On 1/29/2016 1:38 AM, Dana Burd wrote:
>>> There¹s a new ³high severity² vulnerability in OpenSSL 1.0.2:
>>> https://www.openssl.org/news/secadv/20160128.txt
>>>
>>> I¹m curious if curl-7.40.0 is affected at all. I poked around the
>>> source, but it¹s a bit over my head. Any insights appreciatedŠ
>>> If curl-7.40.0 is affected, pointers on how to patch with the right
>>> OpenSSL option is even more appreciated!
>>>
>> CVE-2016-0701 looks primarily like a server issue. The server generated
>> the weak primes and libcurl doesn't have anything to do with that as far
>> as I can tell [1]. The responsibility to fix this seems to me to be on
>> the server. In other words you updating libcurl w/OpenSSL isn't going to
>> fix this or stop someone from possibly decrypting your traffic to a
>> vulnerable server. But you should update anyway, for every other
>> security reason. I'd hoped someone more knowledgeable about this would
>> reply, but it's been a week...
>>
>>
>> [1]:
>> http://intothesymmetry.blogspot.com/2016/01/openssl-key-recovery-attack-on
>> -dh-small.html
>
> Thanks for the note & link, Ray.
>
> I, too, figured this was mostly a server issue, but have a nagging
> concern: an attacker could impersonate the server, and force the curl
> client to give up its private key. This is obviously a much harder attack
> vector than with a server vulnerability, but... is it possible???
> Perhaps, if curl plays into the OpenSSL flaw, which requires curl to both:
> 1. reuse the key for DHE ciphers suites or use static DH cipher suites,
> and
> 2. Have DH configured with non-safe primes
>
>
> Looking at the curl source, I can¹t figure out if the above two things are
> done. To be honest, I barely understand what they mean!
> I am hoping someone familiar with the curl security model can weigh in,
> and say ³nope, curl doesn¹t do those 2 things so you¹re safe,² or ³yep,
> curl is vulnerable, you need to add SSL_OP_SINGLE_DH_USE (or something
> else) at such and such a place.²
>
> (I would happily upgrade OpenSSL to solve this issue, but for a variety of
> reasons this isn¹t an option.)
>

As far as I'm aware SSL_OP_SINGLE_DH_USE is a server option. Whether or
not a key could be recovered from your client certificate information if
an attacker is able to impersonate a vulnerable server I don't know. I
think you should ask at openssl-dev_at_openssl.org and see what they have
to say about it.
-------------------------------------------------------------------
List admin: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2016-02-06