Amazon Linux 2023 : openssl, openssl-devel, openssl-libs (ALAS2023-2023-181)

medium Nessus Plugin ID 176345

Synopsis

The remote Amazon Linux 2023 host is missing a security update.

Description

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-181 advisory.

A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function. (CVE-2023-0464)

Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. Invalid certificate policies in leaf certificates are silently ignored by OpenSSL and other certificate policy checks are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies in order to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function. (CVE-2023-0465)

The function X509_VERIFY_PARAM_add0_policy() is documented to implicitly enable the certificate policy check when doing certificate verification. However the implementation of the function does not enable the check which allows certificates with invalid or incorrect policies to pass the certificate verification.
As suddenly enabling the policy check could break existing deployments it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. Instead the applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument.
Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications.
(CVE-2023-0466)

Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARMplatform contains a bug that could cause it to read past the input buffer,leading to a crash.

Impact summary: Applications that use the AES-XTS algorithm on the 64 bit ARMplatform can crash in rare circumstances. The AES-XTS algorithm is usuallyused for disk encryption.

The AES-XTS cipher decryption implementation for 64 bit ARM platform will readpast the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in 16byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after the ciphertextbuffer is unmapped, this will trigger a crash which results in a denial ofservice.

If an attacker can control the size and location of the ciphertext bufferbeing decrypted by an application using AES-XTS on 64 bit ARM, theapplication is affected. This is fairly unlikely making this issuea Low severity one. (CVE-2023-1255)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Run 'dnf update openssl --releasever 2023.0.20230517' to update your system.

See Also

https://alas.aws.amazon.com/AL2023/ALAS-2023-181.html

https://alas.aws.amazon.com/cve/html/CVE-2023-0464.html

https://alas.aws.amazon.com/cve/html/CVE-2023-0465.html

https://alas.aws.amazon.com/cve/html/CVE-2023-0466.html

https://alas.aws.amazon.com/cve/html/CVE-2023-1255.html

https://alas.aws.amazon.com/faqs.html

Plugin Details

Severity: Medium

ID: 176345

File Name: al2023_ALAS2023-2023-181.nasl

Version: 1.2

Type: local

Agent: unix

Published: 5/24/2023

Updated: 12/11/2024

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS Score Source: CVE-2023-0466

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 4.6

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:amazon:linux:openssl-debugsource, p-cpe:/a:amazon:linux:openssl-perl, p-cpe:/a:amazon:linux:openssl-libs-debuginfo, p-cpe:/a:amazon:linux:openssl-devel, p-cpe:/a:amazon:linux:openssl-debuginfo, p-cpe:/a:amazon:linux:openssl, cpe:/o:amazon:linux:2023, p-cpe:/a:amazon:linux:openssl-libs

Required KB Items: Host/local_checks_enabled, Host/AmazonLinux/release, Host/AmazonLinux/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 5/11/2023

Vulnerability Publication Date: 3/22/2023

Reference Information

CVE: CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-1255

IAVA: 2023-A-0158-S