低危 OpenSSL 1.1.1d/1.1.1e/1.1.1f TLS 1.3 Handshake SSL_check_chain() Application 拒绝服务漏洞

CVE编号

CVE-2020-1967

利用情况

POC 已公开

补丁情况

官方补丁

披露时间

2020-04-22
漏洞描述
在TLS 1.3握手期间或之后调用SSL_check_chain()函数的服务器或客户端应用程序可能会崩溃,原因是对“signature_algorithms_cert”TLS扩展的错误处理导致NULL指针取消引用。如果从对等方接收到无效或无法识别的签名算法,则会发生崩溃。这可能被恶意的对等点在拒绝服务攻击中利用。OpenSSL版本1.1.1d、1.1.1e和1.1.1f都受到这个问题的影响。这个问题不影响1.1.1之前的OpenSSL版本。在OpenSSL 1.1.1g中修复(受1.1.1d-1.1.1f影响)。
解决建议
目前厂商已发布升级补丁以修复漏洞,补丁获取链接:
https://www.openssl.org/news/secadv/20200421.txt
参考链接
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00011.html
http://packetstormsecurity.com/files/157527/OpenSSL-signature_algorithms_cert...
http://seclists.org/fulldisclosure/2020/May/5
http://www.openwall.com/lists/oss-security/2020/04/22/2
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=eb563247aef3...
https://github.com/irsl/CVE-2020-1967
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44440
https://lists.apache.org/thread.html/r66ea9c436da150683432db5fbc8beb8ae01886c...
https://lists.apache.org/thread.html/r94d6ac3f010a38fccf4f432b12180a13fa1cf30...
https://lists.apache.org/thread.html/r9a41e304992ce6aec6585a87842b4f2e692604f...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://security.FreeBSD.org/advisories/FreeBSD-SA-20:11.openssl.asc
https://security.gentoo.org/glsa/202004-10
https://security.netapp.com/advisory/ntap-20200424-0003/
https://security.netapp.com/advisory/ntap-20200717-0004/
https://www.debian.org/security/2020/dsa-4661
https://www.openssl.org/news/secadv/20200421.txt
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpujan2021.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.synology.com/security/advisory/Synology_SA_20_05
https://www.synology.com/security/advisory/Synology_SA_20_05_OpenSSL
https://www.tenable.com/security/tns-2020-03
https://www.tenable.com/security/tns-2020-04
https://www.tenable.com/security/tns-2020-11
https://www.tenable.com/security/tns-2021-10
受影响软件情况
# 类型 厂商 产品 版本 影响面
1
运行在以下环境
应用 netapp active_iq_unified_manager * From
(including)
7.3
运行在以下环境
应用 netapp active_iq_unified_manager * From
(including)
9.5
运行在以下环境
应用 netapp e-series_performance_analyzer - -
运行在以下环境
应用 netapp oncommand_insight - -
运行在以下环境
应用 netapp oncommand_workflow_automation - -
运行在以下环境
应用 netapp smi-s_provider - -
运行在以下环境
应用 netapp snapcenter - -
运行在以下环境
应用 netapp steelstore_cloud_integrated_storage - -
运行在以下环境
应用 openssl openssl * From
(including)
1.1.1d 		Up to
(including)
1.1.1f
运行在以下环境
应用 oracle enterprise_manager_for_storage_management 13.3.0.0 -
运行在以下环境
应用 oracle enterprise_manager_for_storage_management 13.4.0.0 -
运行在以下环境
应用 oracle enterprise_manager_ops_center 12.4.0 -
运行在以下环境
应用 oracle http_server 12.2.1.4.0 -
运行在以下环境
应用 oracle mysql * Up to
(including)
5.6.48
运行在以下环境
应用 oracle mysql * From
(including)
5.7.0 		Up to
(including)
5.7.30
运行在以下环境
应用 oracle mysql * From
(including)
8.0.0 		Up to
(including)
8.0.20
运行在以下环境
应用 oracle mysql_connectors * Up to
(including)
8.0.20
运行在以下环境
应用 oracle mysql_enterprise_monitor * Up to
(including)
4.0.12
运行在以下环境
应用 oracle mysql_enterprise_monitor * From
(including)
8.0.0 		Up to
(including)
8.0.20
运行在以下环境
应用 oracle mysql_workbench * Up to
(including)
8.0.21
运行在以下环境
应用 oracle peoplesoft_enterprise_peopletools 8.56 -
运行在以下环境
应用 oracle peoplesoft_enterprise_peopletools 8.57 -
运行在以下环境
应用 oracle peoplesoft_enterprise_peopletools 8.58 -
运行在以下环境
系统 alpine_3.10 openssl * Up to
(excluding)
1.1.1g-r0
运行在以下环境
系统 alpine_3.11 openssl * Up to
(excluding)
1.1.1g-r0
运行在以下环境
系统 alpine_3.12 openssl * Up to
(excluding)
1.1.1g-r0
运行在以下环境
系统 alpine_3.13 openssl * Up to
(excluding)
1.1.1g-r0
运行在以下环境
系统 alpine_3.14 openssl * Up to
(excluding)
1.1.1g-r0
运行在以下环境
系统 alpine_3.15 openssl * Up to
(excluding)
1.1.1g-r0
运行在以下环境
系统 alpine_3.16 openssl * Up to
(excluding)
1.1.1g-r0
运行在以下环境
系统 alpine_3.17 openssl * Up to
(excluding)
1.1.1g-r0
运行在以下环境
系统 alpine_3.18 openssl * Up to
(excluding)
1.1.1g-r0
运行在以下环境
系统 alpine_3.19 openssl * Up to
(excluding)
1.1.1g-r0
运行在以下环境
系统 alpine_3.9 openssl * Up to
(excluding)
1.1.1g-r0
运行在以下环境
系统 debian debian_linux 10.0 -
运行在以下环境
系统 debian debian_linux 9.0 -
运行在以下环境
系统 debian_10 openssl * Up to
(excluding)
1.1.1d-0+deb10u3
运行在以下环境
系统 debian_11 openssl * Up to
(excluding)
1.1.1g-1
运行在以下环境
系统 debian_12 openssl * Up to
(excluding)
1.1.1g-1
运行在以下环境
系统 fedoraproject fedora 30 -
运行在以下环境
系统 fedoraproject fedora 31 -
运行在以下环境
系统 fedoraproject fedora 32 -
运行在以下环境
系统 fedora_30 openssl * Up to
(excluding)
1.1.1g-1.fc30
运行在以下环境
系统 fedora_31 openssl * Up to
(excluding)
1.1.1g-1.fc31
运行在以下环境
系统 fedora_32 openssl * Up to
(excluding)
1.1.1g-1.fc32
运行在以下环境
系统 freebsd freebsd 12.1 -
运行在以下环境
系统 kylinos_aarch64_V10SP1 openssl * Up to
(excluding)
1.1.1f-2.ky10
运行在以下环境
系统 kylinos_x86_64_V10SP1 openssl * Up to
(excluding)
1.1.1f-2.ky10
运行在以下环境
系统 netapp brocade_fabric_operating_system_firmware - -
运行在以下环境
系统 opensuse leap 15.1 -
运行在以下环境
系统 opensuse leap 15.2 -
运行在以下环境
系统 opensuse_Leap_15.1 rls * Up to
(excluding)
1.43.1-lp151.5.13.1
运行在以下环境
系统 opensuse_Leap_15.2 rls * Up to
(excluding)
1.43.1-lp152.3.5.1
运行在以下环境
系统 suse_12_SP4 openssl-1_1 * Up to
(excluding)
1.1.1d-2.23.1
运行在以下环境
系统 suse_12_SP5 openssl-1_1 * Up to
(excluding)
1.1.1d-2.23.1
运行在以下环境
系统 ubuntu_20.04 openssl * Up to
(excluding)
1.1.1f-1ubuntu2
阿里云评分
3.1
  • 攻击路径
    远程
  • 攻击复杂度
    复杂
  • 权限要求
    无需权限
  • 影响范围
    有限影响
  • EXP成熟度
    POC 已公开
  • 补丁情况
    官方补丁
  • 数据保密性
    无影响
  • 数据完整性
    无影响
  • 服务器危害
    无影响
  • 全网数量
    100
CWE-ID 漏洞类型
CWE-476 空指针解引用
阿里云安全产品覆盖情况