‘SSL Death Alert’ (CVE-2016-8610) Can Cause Denial of Service to OpenSSL Servers

By on

Recently we noticed a security patch has been published for the OpenSSL vulnerability called SSL Death Alert. As with other serious security vulnerabilities, this one grabbed our attention because the discoverer of the vulnerability says that it may cause a denial of service to an OpenSSL web server. To better protect our customers from this attack and provide detection and prevention for this vulnerability, the McAfee Labs IPS Vulnerability Research team looked into this issue.

Our analysis started with the patch differences report of the newly pushed code.

2016-12-13-openssl-death-alert-1

As we can see in the diffing results, a couple of files have been modified to fix this problem.

The patch diff of include/openssl/ssl.h reveals the new error code SSL_R_TOO_MANY_WARN_ALERTS (409) has been introduced.

2016-12-13-openssl-death-alert-2

In ssl/record/record_locl.h, we can see the directive MAX_WARN_ALERT_COUNT has been introduced and is set to 5.

2016-12-13-openssl-death-alert-3

Now let’s look into the actual patch, which sits in the files ssl/record/rec_layer_d1.c and ssl/record/rec_layer_s3.c.

The following screen shots show the patch changes in the two files.

ssl/record/rec_layer_d1.c

2016-12-13-openssl-death-alert-4

ssl/record/rec_layer_s3.c

2016-12-13-openssl-death-alert-5

As we can see, the patch is pretty simple and straightforward. It simply counts the layers of consecutive SSL3_AL_WARNING alert packets and checks if the count exceeds five. If the count is greater than five, it raises an error.

Exploiting this issue

To provide detection and prevention for this DoS attack, we created a minimal proof of concept. Although there is no public exploit, the advisory provides a lot of technical details. To exploit this bug, we must initiate the SSL handshake. As a part of the handshake the attacker has to send a genuine Client Hello packet to the server. The following screen shot shows a packet capture of the first stage of the exploit, a normal Client Hello packet.

2016-12-13-openssl-death-alert-6

As described in the security advisory, to exhaust the CPU, we need to send a large number of crafted cleartext SSL3_AL_WARNING alert packets to the server. To do this, we must understand the structure of an alert packet. The message looks like the following, from this TLS protocol memo.

2016-12-13-openssl-death-alert-7

An alert message can be encrypted, but in this case we have to send a cleartext alert to the vulnerable server.

The following screen shot shows captured SSL3_AL_WARNING packets in our test environment.

2016-12-13-openssl-death-alert-8

Next we see multiple alerts packed inside a single record.

2016-12-13-openssl-death-alert-9

The alert packet structure looks like this:

2016-12-13-openssl-death-alert-10

To test the developed exploit, we configured a test server with OpenSSL and self-signed certificate and private key. The following screen shot shows the server listening to port 4433 and communicating with an SSL client.

2016-12-13-openssl-death-alert-11

During normal SSL communications between server and client, we see nothing abnormal with CPU consumption of server processes.

2016-12-13-openssl-death-alert-12

As soon as we run the exploit against the server, however, we immediately see the server process stops responding as CPU usage reaches 99% and then 100% after a few seconds.

2016-12-13-openssl-death-alert-13

The CPU spike causes a denial of service by the OpenSSL Server as it becomes inaccessible. In our test environment, we noticed the SSL service resumes as soon as we stop the exploit from sending malicious packets.

Server administrators should apply the patch to OpenSSL servers as soon as possible. McAfee Network Security Platform (IPS) signature 0x45c09000 provides detection and prevention for this attack.

Categories: McAfee Labs
Tags: ,

Leave a Comment

Similar articles

It’s no secret that technological advancements and online threats are directly proportional to each other. So now more than ever, it’s imperative that users prioritize the security of their digital presence, especially in the face of advanced malware attacks and massive data leaks. Speaking of the latter — less than two months after the Collection ...
Read Blog
FaceTime is a popular way for people of all ages to connect with long-distance loved ones. The feature permits Apple users to video chat with other device owners from essentially anywhere at any time. And now, a bug in the software takes that connection a step further – as it permits users calling via FaceTime ...
Read Blog
As the cybersecurity landscape evolves to match new trends in technology, it’s important for consumers to prioritize the protection of their online presence. That means remaining aware of the internet’s more common cyberthreats, including malware, phishing, and data breaches, and how they could potentially affect you. And while most of us already know about the ...
Read Blog