¡¾Îó²îͨ¸æ¡¿OpenSSL»º³åÇøÒç³öÎó²î (CVE-2021-3711)

Ðû²¼Ê±¼ä 2021-08-25

0x00 Îó²î¸ÅÊö

CVE     ID

CVE-2021-3711

ʱ      ¼ä

2021-08-24

Àà      ÐÍ

»º³åÇøÒç³ö

µÈ      ¼¶

¸ßΣ

Ô¶³ÌʹÓÃ


Ó°Ïì¹æÄ£


¹¥»÷ÖØƯºó


¿ÉÓÃÐÔ


Óû§½»»¥


ËùÐèȨÏÞ


PoC/EXP


ÔÚҰʹÓÃ


 

0x01 Îó²îÏêÇé

image.png

2021Äê8ÔÂ24ÈÕ£¬£¬£¬£¬£¬£¬OpenSSL ÏîÄ¿Ðû²¼Ç徲ͨ¸æ£¬£¬£¬£¬£¬£¬ÐÞ¸´ÁËOpenSSLÖеÄÒ»¸ö»º³åÇøÒç³öÎó²î£¨CVE-2021-3711£©ºÍÒ»¸ö¾Ü¾øЧÀÍÎó²î£¨CVE-2021-3712£¬£¬£¬£¬£¬£¬ÖÐΣ£©£¬£¬£¬£¬£¬£¬¹¥»÷Õß¿ÉÒÔʹÓÃÕâЩÎó²î¸ü¸ÄÓ¦ÓóÌÐòµÄÐÐΪ»òʹӦÓóÌÐòÍ߽⣬£¬£¬£¬£¬£¬µ¼Ö¾ܾøЧÀÍ»òÃô¸ÐÐÅϢй¶¡£ ¡£¡£

OpenSSL»º³åÇøÒç³öÎó²î£¨CVE-2021-3711£©

SM2½âÃÜ´úÂëÖб£´æÇå¾²ÎÊÌ⣬£¬£¬£¬£¬£¬µÚÒ»´ÎŲÓà EVP_PKEY_decrypt() ·µ»ØµÄÃ÷ÎÄËùÐèµÄ»º³åÇø¾ÞϸµÄÅÌËã¿ÉÄÜСÓÚµÚ¶þ´ÎŲÓÃËùÐèµÄÏÖʵ¾Þϸ¡£ ¡£¡£µ±Ó¦ÓóÌÐòµÚ¶þ´ÎʹÓýÏСµÄ»º³åÇøŲÓà EVP_PKEY_decrypt() ʱ£¬£¬£¬£¬£¬£¬¿ÉÄܻᵼÖ»º³åÇøÒç³ö¡£ ¡£¡£¶ñÒâ¹¥»÷ÕßÈôÊÇÄܹ»ÏòÓ¦ÓóÌÐòÌṩÓÃÓÚ½âÃܵÄSM2ÄÚÈÝ£¬£¬£¬£¬£¬£¬½«µ¼Ö¹¥»÷ÕßÑ¡ÔñµÄÊý¾ÝÒç³ö»º³åÇø×î¶à 62 ¸ö×Ö½Ú£¬£¬£¬£¬£¬£¬¸Ä±ä»º³åÇøºóµÄÆäËüÊý¾ÝÄÚÈÝ£¬£¬£¬£¬£¬£¬Õ⽫¸Ä±äÓ¦ÓóÌÐòµÄÐÐΪ»òµ¼ÖÂÓ¦ÓóÌÐòÍ߽⣬£¬£¬£¬£¬£¬µ«»º³åÇøµÄλÖÃÈ¡¾öÓÚÓ¦ÓóÌÐò£¬£¬£¬£¬£¬£¬Í¨³£ÊǶѷÖÅɵġ£ ¡£¡£

Ó°Ïì¹æÄ£

OpenSSL 1.1.1-1.1.1k

 

OpenSSL¾Ü¾øЧÀÍÎó²î£¨CVE-2021-3712£©

ÈôÊÇÓ¦ÓóÌÐòÒªÇó´òÓ¡Ò»¸öASN.1½á¹¹£¬£¬£¬£¬£¬£¬¶ø¸ÃASN.1½á¹¹°üÀ¨ÓÉÓ¦ÓóÌÐòÖ±½Ó¹¹½¨µÄASN1_STRING£¬£¬£¬£¬£¬£¬¶øûÓÐÒÔNUL¿¢Ê "data "×ֶΣ¬£¬£¬£¬£¬£¬ÄÇô¾Í»á±¬·¢¶ÁÈ¡»º³åÇøÒç³ö£¬£¬£¬£¬£¬£¬Í¬ÑùµÄÎÊÌâÒ²¿ÉÄܱ¬·¢ÔÚÖ¤ÊéµÄÃû³ÆÔ¼Êø´¦Öóͷ£Àú³ÌÖС£ ¡£¡£ÈôÊǶñÒâ¹¥»÷Õß¿ÉÒÔʹһ¸öÓ¦ÓóÌÐòÖ±½Ó¹¹½¨Ò»¸öASN1_STRING£¬£¬£¬£¬£¬£¬È»ºóͨ¹ýÊÜÓ°ÏìµÄOpenSSLº¯ÊýÖ®Ò»¾ÙÐд¦Öóͷ££¬£¬£¬£¬£¬£¬ÔòÄܹ»´¥·¢´ËÎó²î£¬£¬£¬£¬£¬£¬²¢Ôì³É¾Ü¾øЧÀÍ»òµ¼ÖÂÃÜÔ¿»òÃô¸ÐÐÅϢй¶¡£ ¡£¡£

Ó°Ïì¹æÄ£

OpenSSL 1.1.1-1.1.1k

OpenSSL 1.0.2-1.0.2y

 

0x02 ´¦Öóͷ£½¨Òé

ÏÖÔÚÕâЩÎó²îÒѾ­ÐÞ¸´£¬£¬£¬£¬£¬£¬½¨ÒéʵʱÉý¼¶¸üС£ ¡£¡£

Õë¶ÔCVE-2021-3711£¬£¬£¬£¬£¬£¬Éý¼¶µ½OpenSSL 1.1.1l»ò¸ü¸ß°æ±¾¡£ ¡£¡£

Õë¶ÔCVE-2021-3712£¬£¬£¬£¬£¬£¬Éý¼¶µ½ OpenSSL 1.1.1j¡¢OpenSSL 1.0.2za»ò¸ü¸ß°æ±¾¡£ ¡£¡£

ÏÂÔØÁ´½Ó£º

https://www.openssl.org/source/

 

²¹¶¡Á´½Ó£º

CVE-2021-3711£¨OpenSSL 1.1.1l£©£º

https://github.com/openssl/openssl/commit/59f5e75f3bced8fc0e130d72a3f582cf7b480b46

 

CVE-2021-3712£¨OpenSSL 1.1.1j£©£º

https://github.com/openssl/openssl/commit/94d23fcff9b2a7a8368dfe52214d5c2569882c11

 

CVE-2021-3712£¨OpenSSL 1.0.2za£©£º

https://github.com/openssl/openssl/commit/ccb0a11145ee72b042d10593a64eaf9e8a55ec12

 

0x03 ²Î¿¼Á´½Ó

https://www.openssl.org/news/vulnerabilities.html#CVE-2021-3711

https://securityaffairs.co/wordpress/121426/hacking/cve-2021-3711-openssl-flaws.html?

https://nvd.nist.gov/vuln/detail/CVE-2021-3711

 

0x04 ¸üа汾

°æ±¾

ÈÕÆÚ

ÐÞ¸ÄÄÚÈÝ

V1.0

2021-08-25

Ê×´ÎÐû²¼

 

0x05 Îĵµ¸½Â¼

CNVD£ºwww.cnvd.org.cn

CNNVD£ºwww.cnnvd.org.cn

CVE£ºcve.mitre.org

NVD£ºnvd.nist.gov

CVSS£ºwww.first.org

 

0x06 ¹ØÓÚÄϹ¬NGÓéÀÖ

¹Ø×¢ÒÔϹ«Öںţ¬£¬£¬£¬£¬£¬»ñÈ¡¸ü¶à×ÊѶ£º

image.png