¡¾·ì϶¹«¸æ¡¿OpenSSL»º³åÇøÒç¶Âí½Å (CVE-2021-3711)

°ä²¼¹¦·ò 2021-08-25

0x00 ·ì϶¸ÅÊö

CVE     ID

CVE-2021-3711

ʱ      ¼ä

2021-08-24

Àà      ÐÍ

»º³åÇøÒç³ö

µÈ      ¼¶

¸ßΣ

Ô¶³ÌÀûÓÃ


Ó°ÏìÁìÓò


¹¥»÷¸´ÔÓ¶È


¿ÉÓÃÐÔ


Óû§½»»¥


ËùÐèȨÏÞ


PoC/EXP


ÔÚÒ°ÀûÓÃ


 

0x01 ·ì϶ÏêÇé

image.png

2021Äê8ÔÂ24ÈÕ£¬£¬£¬£¬£¬£¬OpenSSL ÏîÄ¿°ä²¼°²È«²¼¸æ£¬£¬£¬£¬£¬£¬½¨¸´ÁËOpenSSLÖеÄÒ»¸ö»º³åÇøÒç¶Âí½Å£¨CVE-2021-3711£©ºÍÒ»¸ö»Ø¾ø·þÎñ·ì϶£¨CVE-2021-3712£¬£¬£¬£¬£¬£¬ÖÐΣ£©£¬£¬£¬£¬£¬£¬¹¥»÷ÕßÄܹ»ÀûÓÃÕâЩ·ì϶¸ü¸ÄÀûÓ÷¨Ê½µÄÐÐΪ»òʹÀûÓ÷¨Ê½±ÀÀ££¬£¬£¬£¬£¬£¬µ¼Ö»ؾø·þÎñ»òÃô¸ÐÐÅϢй¶¡£¡£¡£¡£¡£

OpenSSL»º³åÇøÒç¶Âí½Å£¨CVE-2021-3711£©

SM2½âÃÜ´úÂëÖдæÔÚ°²È«ÎÊÌ⣬£¬£¬£¬£¬£¬µÚÒ»´ÎŲÓà EVP_PKEY_decrypt() ·µ»ØµÄÃ÷ÎÄËùÐèµÄ»º³åÇø´óÓ×µÄÍÆËã¿ÉÄÜÓ×ÓÚµÚ¶þ´ÎŲÓÃËùÐèµÄÏÖʵ´óÓס£¡£¡£¡£¡£µ±ÀûÓ÷¨Ê½µÚ¶þ´ÎʹÓýÏÓ׵Ļº³åÇøŲÓà EVP_PKEY_decrypt() ʱ£¬£¬£¬£¬£¬£¬¿ÉÄܻᵼÖ»º³åÇøÒç³ö¡£¡£¡£¡£¡£¶ñÒâ¹¥»÷ÕßÈôÊÇ¿ÉÄÜÏòÀûÓ÷¨Ê½ÌṩÓÃÓÚ½âÃܵÄSM2ÄÚÈÝ£¬£¬£¬£¬£¬£¬½«µ¼Ö¹¥»÷ÕßÑ¡ÔñµÄÊý¾ÝÒç³ö»º³åÇø×î¶à 62 ¸ö×Ö½Ú£¬£¬£¬£¬£¬£¬Å¤×ª»º³åÇøºóµÄÆäËüÊý¾ÝÄÚÈÝ£¬£¬£¬£¬£¬£¬Õ⽫ŤתÀûÓ÷¨Ê½µÄÐÐΪ»òµ¼ÖÂÀûÓ÷¨Ê½±ÀÀ££¬£¬£¬£¬£¬£¬µ«»º³åÇøµÄµØλȡ¾öÓÚÀûÓ÷¨Ê½£¬£¬£¬£¬£¬£¬Í¨³£ÊǶѷÖÅäµÄ¡£¡£¡£¡£¡£

Ó°ÏìÁìÓò

OpenSSL 1.1.1-1.1.1k

 

OpenSSL»Ø¾ø·þÎñ·ì϶£¨CVE-2021-3712£©

ÈôÊÇÀûÓ÷¨Ê½ÒªÇó´òÓ¡Ò»¸öASN.1½á¹¹£¬£¬£¬£¬£¬£¬¶ø¸ÃASN.1½á¹¹Ô̺¬ÓÉÀûÓ÷¨Ê½Ö±½Ó¹¹½¨µÄASN1_STRING£¬£¬£¬£¬£¬£¬¶øûÓÐÒÔNULʵÏÖ "data "×ֶΣ¬£¬£¬£¬£¬£¬ÄÇô¾Í»á²úÉú¶ÁÈ¡»º³åÇøÒç³ö£¬£¬£¬£¬£¬£¬Í¬ÑùµÄÎÊÌâÒ²¿ÉÄܲúÉúÔÚÖ¤ÊéµÄÃû³ÆÔ¼Êø´¦Öùý³ÌÖС£¡£¡£¡£¡£ÈôÊǶñÒâ¹¥»÷ÕßÄܹ»Ê¹Ò»¸öÀûÓ÷¨Ê½Ö±½Ó¹¹½¨Ò»¸öASN1_STRING£¬£¬£¬£¬£¬£¬¶øºóͨ¹ýÊÜÓ°ÏìµÄOpenSSLº¯ÊýÖ®Ò»½øÐд¦Ö㬣¬£¬£¬£¬£¬Ôò¿ÉÄÜ´¥·¢´Ë·ì϶£¬£¬£¬£¬£¬£¬²¢Ôì³É»Ø¾ø·þÎñ»òµ¼ÖÂÃÜÔ¿»òÃô¸ÐÐÅϢй¶¡£¡£¡£¡£¡£

Ó°ÏìÁìÓò

OpenSSL 1.1.1-1.1.1k

OpenSSL 1.0.2-1.0.2y

 

0x02 ´ëÖý¨Òé

Ä¿Ç°ÕâЩ·ì϶ÒѾ­½¨¸´£¬£¬£¬£¬£¬£¬½¨ÒéʵʱÉý¼¶¸üС£¡£¡£¡£¡£

Õë¶ÔCVE-2021-3711£¬£¬£¬£¬£¬£¬Éý¼¶µ½OpenSSL 1.1.1l»ò¸ü¸ß°æ±¾¡£¡£¡£¡£¡£

Õë¶ÔCVE-2021-3712£¬£¬£¬£¬£¬£¬Éý¼¶µ½ OpenSSL 1.1.1j¡¢OpenSSL 1.0.2za»ò¸ü¸ß°æ±¾¡£¡£¡£¡£¡£

ÏÂÔØÁ´½Ó£º

https://www.openssl.org/source/

 

²¹¶¡Á´½Ó£º

CVE-2021-3711£¨OpenSSL 1.1.1l£©£º

https://github.com/openssl/openssl/commit/59f5e75f3bced8fc0e130d72a3f582cf7b480b46

 

CVE-2021-3712£¨OpenSSL 1.1.1j£©£º

https://github.com/openssl/openssl/commit/94d23fcff9b2a7a8368dfe52214d5c2569882c11

 

CVE-2021-3712£¨OpenSSL 1.0.2za£©£º

https://github.com/openssl/openssl/commit/ccb0a11145ee72b042d10593a64eaf9e8a55ec12

 

0x03 ²Î¿¼Á´½Ó

https://www.openssl.org/news/vulnerabilities.html#CVE-2021-3711

https://securityaffairs.co/wordpress/121426/hacking/cve-2021-3711-openssl-flaws.html?

https://nvd.nist.gov/vuln/detail/CVE-2021-3711

 

0x04 ¸üа汾

°æ±¾

ÈÕÆÚ

Åú¸ÄÄÚÈÝ

V1.0

2021-08-25

³õ´Î°ä²¼

 

0x05 Îĵµ¸½Â¼

CNVD£ºwww.cnvd.org.cn

CNNVD£ºwww.cnnvd.org.cn

CVE£ºcve.mitre.org

NVD£ºnvd.nist.gov

CVSS£ºwww.first.org

 

0x06 ¹ØÓÚ8827Ì«Ñô¼¯ÍÅ

¹Ø×¢ÒÔϹ«¼ÒºÅ£¬£¬£¬£¬£¬£¬»ñÈ¡¸ü¶à×ÊѶ£º

image.png