低危 OpenSSL:CVE-2021-3449 signature_algorithms 处理中存在空指针间接引用

CVE编号

CVE-2021-3449

利用情况

POC 已公开

补丁情况

官方补丁

披露时间

2021-10-12
漏洞描述
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).
解决建议
厂商已发布了漏洞修复程序,请及时关注更新:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd
参考链接
http://www.openwall.com/lists/oss-security/2021/03/27/1
http://www.openwall.com/lists/oss-security/2021/03/27/2
http://www.openwall.com/lists/oss-security/2021/03/28/3
http://www.openwall.com/lists/oss-security/2021/03/28/4
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=fb9fa6b51def...
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845
https://kc.mcafee.com/corporate/index?page=content&id=SB10356
https://lists.debian.org/debian-lts-announce/2021/08/msg00029.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-3449
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0013
https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc
https://security.gentoo.org/glsa/202103-03
https://security.netapp.com/advisory/ntap-20210326-0006/
https://security.netapp.com/advisory/ntap-20210513-0002/
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-s...
https://www.debian.org/security/2021/dsa-4875
https://www.openssl.org/news/secadv/20210325.txt
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujul2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.tenable.com/security/tns-2021-05
https://www.tenable.com/security/tns-2021-06
https://www.tenable.com/security/tns-2021-09
https://www.tenable.com/security/tns-2021-10
受影响软件情况
# 类型 厂商 产品 版本 影响面
1
运行在以下环境
应用 openssl openssl * From
(including)
1.1.1 		Up to
(excluding)
1.1.1k
运行在以下环境
系统 alibaba_cloud_linux_3 openssl * Up to
(excluding)
1.1.1g-15.1.al8
运行在以下环境
系统 alpine_3.10 openssl * Up to
(excluding)
1.1.1k-r0
运行在以下环境
系统 alpine_3.11 openssl * Up to
(excluding)
1.1.1k-r0
运行在以下环境
系统 alpine_3.12 openssl * Up to
(excluding)
1.1.1k-r0
运行在以下环境
系统 alpine_3.13 openssl * Up to
(excluding)
1.1.1k-r0
运行在以下环境
系统 alpine_3.14 openssl * Up to
(excluding)
1.30.1-r0
运行在以下环境
系统 alpine_3.15 openssl * Up to
(excluding)
1.1.1k-r0
运行在以下环境
系统 alpine_3.16 openssl * Up to
(excluding)
1.1.1k-r0
运行在以下环境
系统 alpine_3.17 openssl * Up to
(excluding)
1.1.1k-r0
运行在以下环境
系统 alpine_3.18 openssl * Up to
(excluding)
1.1.1k-r0
运行在以下环境
系统 alpine_3.19 openssl * Up to
(excluding)
1.30.1-r0
运行在以下环境
系统 alpine_3.9 openssl * Up to
(excluding)
1.1.1k-r0
运行在以下环境
系统 amazon_2 openssl11 * Up to
(excluding)
1.1.1g-12.amzn2.0.3
运行在以下环境
系统 anolis_os_8 openssl * Up to
(excluding)
1.1.1c-18
运行在以下环境
系统 debian_10 openssl * Up to
(excluding)
1.1.1d-0+deb10u6
运行在以下环境
系统 debian_11 openssl * Up to
(excluding)
1.1.1k-1
运行在以下环境
系统 debian_12 openssl * Up to
(excluding)
1.1.1k-1
运行在以下环境
系统 debian_9 openssl * Up to
(excluding)
1.1.0f-3+deb9u2
运行在以下环境
系统 fedora_34 openssl * Up to
(excluding)
1.1.1k-1.fc34
运行在以下环境
系统 fedora_EPEL_7 openssl11 * Up to
(excluding)
1.1.1g-3.el7
运行在以下环境
系统 kylinos_aarch64_V10SP1 openssl * Up to
(excluding)
1.1.1f-4.p01.ky10
运行在以下环境
系统 kylinos_aarch64_V10SP2 openssl * Up to
(excluding)
1.1.1f-4.p01.ky10
运行在以下环境
系统 kylinos_x86_64_V10SP1 openssl * Up to
(excluding)
1.1.1f-4.p01.ky10
运行在以下环境
系统 kylinos_x86_64_V10SP2 openssl * Up to
(excluding)
1.1.1f-4.p01.ky10
运行在以下环境
系统 opensuse_Leap_15.2 npm10 * Up to
(excluding)
10.24.1-lp152.2.15.1
运行在以下环境
系统 opensuse_Leap_15.3 npm10 * Up to
(excluding)
10.24.1-1.36.1
运行在以下环境
系统 oracle_8 openssl * Up to
(excluding)
1.1.1g-15.el8_3
运行在以下环境
系统 redhat_8 openssl * Up to
(excluding)
1.1.1g-15.el8_3
运行在以下环境
系统 rocky_linux_8 openssl * Up to
(excluding)
1.1.1g-15.el8_3
运行在以下环境
系统 suse_12_SP5 openssl-1_1 * Up to
(excluding)
1.1.1d-2.33.1
运行在以下环境
系统 ubuntu_18.04 openssl * Up to
(excluding)
1.1.1-1ubuntu2.1~18.04.9
运行在以下环境
系统 ubuntu_20.04 openssl * Up to
(excluding)
1.1.1f-1ubuntu2.3
运行在以下环境
系统 ubuntu_21.04 openssl * Up to
(excluding)
1.1.1j-1ubuntu3
运行在以下环境
系统 ubuntu_21.10 openssl * Up to
(excluding)
1.1.1j-1ubuntu3
运行在以下环境
系统 ubuntu_22.04 openssl * Up to
(excluding)
1.1.1j-1ubuntu3
运行在以下环境
系统 ubuntu_22.10 openssl * Up to
(excluding)
1.1.1j-1ubuntu3
阿里云评分
3.6
  • 攻击路径
    本地
  • 攻击复杂度
    困难
  • 权限要求
    普通权限
  • 影响范围
    有限影响
  • EXP成熟度
    POC 已公开
  • 补丁情况
    官方补丁
  • 数据保密性
    无影响
  • 数据完整性
    无影响
  • 服务器危害
    DoS
  • 全网数量
    N/A
CWE-ID 漏洞类型
CWE-476 空指针解引用
阿里云安全产品覆盖情况