[OpenWrt-Devel] Security Advisory 2019-11-05-3 - ustream-ssl information disclosure (CVE-2019-5101, CVE-2019-5102)
Hauke Mehrtens
hauke at hauke-m.de
Wed Nov 13 17:33:49 EST 2019
Security Advisory 2019-11-05-3 - ustream-ssl information disclosure
(CVE-2019-5101, CVE-2019-5102)
DESCRIPTION
An exploitable information leak vulnerability exists in the ustream-ssl
library of OpenWrt. When connecting to a remote server, the server's
SSL certificate is checked but no action is taken when the certificate
is invalid. An attacker could exploit this behavior by performing a
man-in-the-middle attack, providing any certificate, leading to the
theft of all the data sent by the client during the first request.
REQUIREMENTS
In order to exploit this vulnerability, a malicious actor needs to
perform a man-in-the-middle attack, presenting a requesting ustream-ssl
client with any invalid certificate. The ustream-ssl client will
eventually tear down the SSL connection due to that, but only after
flushing pending data, e.g. the HTTP request payload in case of an
HTTPS client application.
MITIGATIONS
To fix this issue, update the affected ustream-ssl packages using
the command below.
`opkg update; opkg upgrade libustream-mbedtls libustream-openssl`
The fix is contained in the following and later versions:
- OpenWrt master: 2019-11-05-c9b66682-1
- OpenWrt 19.07: 2019-08-17-e8f9c22d-2
- OpenWrt 18.06: 2018-07-30-23a3f283-2
AFFECTED VERSIONS
To our knowledge, OpenWrt versions 18.06.0 to 18.06.4 are affected.
The fixed packages are integrated in the OpenWrt 18.06.5, OpenWrt
19.07.0-rc1 and subsequent releases. Older versions of OpenWrt (e.g.
OpenWrt 15.05 and LEDE 17.01) are end of life and not supported any more.
CREDITS
The issue has been reported by the Claudio Bozzato of Cisco Talos on
11th September 2019.
http://talosintelligence.com/vulnerability-reports/
The issue has been fixed by Jo-Philipp Wich <jo at mein.io>
REFERENCES
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5101
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5102
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0893
https://git.openwrt.org/?p=project/ustream-ssl.git;a=commitdiff;h=c9b6668215a27f2346d5eedd6f29cc720985b448
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list