开发者俱乐部

标题: CVE-2016-080 又一个“心脏滴血”漏洞（附检测工具） [打印本页]

作者: jack 时间: 2016-3-2 13:21
标题: CVE-2016-080 又一个“心脏滴血”漏洞（附检测工具）
漏洞编号

CVE-2016-0800

漏洞介绍

DROWN, a new vulnerability in OpenSSL that affects servers using SSLv2, was revealed today as an attack that could decrypt your secure HTTPS communications, such as passwords or credit card numbers. More than 33 percent of servers are vulnerable — significantly less than Heartbleed, but still a surprisingly high number.

“溺水”漏洞在去年十二月份被发现，在昨天OpenSSL官方发布的3月安全公告中被公开，通过该漏洞，攻击者可以发起“中间人劫持攻击”窃取被HTTPS加密的会话内容，包括雅虎，阿里巴巴，微博，Flicker,百度，奇虎360等大型网站在内，预计全球超过33%的网站受此漏洞影响。

影响范围

https://drownattack.com/top-sites.html

漏洞修复

To protect against DROWN, server operators need to ensure that their private keys are not used anywhere with server software that allows SSLv2 connections. This includes web servers, SMTP servers, IMAP and POP servers, and any other software that supports SSL/TLS. You can use the form above to check whether your server appears to be exposed to the attack.

1.DROWN的定义和解释：

DROWN stands for Decrypting RSA with Obsolete and Weakened eNcryption.
DROWN是一种SSL/TLS新型的攻击方式（Bleichenbacher padding oracle attack），全称是破解使用弱RSA加密漏洞。

Do I need to get a new certificate for my server?
Probably not. As the attacker does not learn the server’s private key, there’s no need to obtain new certificates. The only action required is disabling SSLv2 as per the countermeasures explained above. If you cannot confidently determine that SSLv2 is disabled on every device or server that uses your server’s private key, you should generate a fresh key for the server and obtain a new certificate.

这个漏洞目前来看不会因此泄露加密、解密过程中用到的“私钥”，所以目前的解决方案就是禁用SSLv2。

In technical terms, DROWN is a new form of cross-protocol Bleichenbacher padding oracle attack. It allows an attacker to decrypt intercepted TLS connections by making specially crafted connections to an SSLv2 server that uses the same private key.

漏洞本质上是属于Bleichenbacher padding oracle attack漏洞，Bleichenbacher 是谷歌的一位工程师，他在2006年最先发现了这种形式的漏洞，具体的描述可以看这里：

http://crypto.stackexchange.com/questions/12688/can-you-explain-bleichenbachers-cca-attack-on-pkcs1-v1-5

影响范围是HTTPS服务器和其他依赖SSL、TLS的服务。

2. 攻击成本

How easy is it to carry out the attack? Is it practical?
Yes. We’ve been able to execute the attack against OpenSSL versions that are vulnerable to CVE-2016-0703 in under a minute using a single PC. Even for servers that don’t have these particular bugs, the general variant of the attack, which works against any SSLv2 server, can be conducted in under 8 hours at a total cost of $440.

3.MitM

Can DROWN be also used to perform MitM attacks?
Yes. Some variants of the attack can be used to perform MitM attacks against TLS or QUIC.

中间人劫持攻击通过这个漏洞可以破解经过TLS或是QUIC加密的流量数据。

标题说是又一个“心脏滴血”漏洞，是因为事件影响范围广，所以类似于“心脏滴血”，参考了HackerNews的报道，所以标题这么起~禁用SSLv2链接，更多修复细节参考：
https://www.openssl.org/blog/blog/2016/03/01/an-openssl-users-guide-to-drown/

技术文档

https://drownattack.com/drown-attack-paper.pdf

漏洞检测：

1.Python Scanner:

https://github.com/nimia/public_drown_scanner

2.Web Scanner

This tool uses data collected during February 2016. It does not immediately update as servers patch.
https://drownattack.com/#check

欢迎光临开发者俱乐部 (http://xodn.com/)