¡¾Îó²îͨ¸æ¡¿OpenSSL»º³åÇøÒç³öÎó²î (CVE-2021-3711)

Ðû²¼Ê±¼ä 2021-08-25

0x00 Îó²î¸ÅÊö

CVE     ID

CVE-2021-3711

ʱ      ¼ä

2021-08-24

Àà      ÐÍ

»º³åÇøÒç³ö

µÈ      ¼¶

¸ßΣ

Ô¶³ÌʹÓÃ


Ó°Ïì¹æÄ£


¹¥»÷ÖØƯºó


¿ÉÓÃÐÔ


Óû§½»»¥


ËùÐèȨÏÞ


PoC/EXP


ÔÚҰʹÓÃ


 

0x01 Îó²îÏêÇé

image.png

2021Äê8ÔÂ24ÈÕ£¬£¬£¬£¬£¬£¬ £¬£¬OpenSSL ÏîÄ¿Ðû²¼Ç徲ͨ¸æ£¬£¬£¬£¬£¬£¬ £¬£¬ÐÞ¸´ÁËOpenSSLÖеÄÒ»¸ö»º³åÇøÒç³öÎó²î£¨CVE-2021-3711£©ºÍÒ»¸ö¾Ü¾øЧÀÍÎó²î£¨CVE-2021-3712£¬£¬£¬£¬£¬£¬ £¬£¬ÖÐΣ£©£¬£¬£¬£¬£¬£¬ £¬£¬¹¥»÷Õß¿ÉÒÔʹÓÃÕâЩÎó²î¸ü¸ÄÓ¦ÓóÌÐòµÄÐÐΪ»òʹӦÓóÌÐòÍ߽⣬£¬£¬£¬£¬£¬ £¬£¬µ¼Ö¾ܾøЧÀÍ»òÃô¸ÐÐÅϢй¶¡£¡£¡£¡£¡£¡£¡£¡£

OpenSSL»º³åÇøÒç³öÎó²î£¨CVE-2021-3711£©

SM2½âÃÜ´úÂëÖб£´æÇå¾²ÎÊÌ⣬£¬£¬£¬£¬£¬ £¬£¬µÚÒ»´ÎŲÓà EVP_PKEY_decrypt() ·µ»ØµÄÃ÷ÎÄËùÐèµÄ»º³åÇø¾ÞϸµÄÅÌËã¿ÉÄÜСÓÚµÚ¶þ´ÎŲÓÃËùÐèµÄÏÖʵ¾Þϸ¡£¡£¡£¡£¡£¡£¡£¡£µ±Ó¦ÓóÌÐòµÚ¶þ´ÎʹÓýÏСµÄ»º³åÇøŲÓà EVP_PKEY_decrypt() ʱ£¬£¬£¬£¬£¬£¬ £¬£¬¿ÉÄܻᵼÖ»º³åÇøÒç³ö¡£¡£¡£¡£¡£¡£¡£¡£¶ñÒâ¹¥»÷ÕßÈôÊÇÄܹ»ÏòÓ¦ÓóÌÐòÌṩÓÃÓÚ½âÃܵÄSM2ÄÚÈÝ£¬£¬£¬£¬£¬£¬ £¬£¬½«µ¼Ö¹¥»÷ÕßÑ¡ÔñµÄÊý¾ÝÒç³ö»º³åÇø×î¶à 62 ¸ö×Ö½Ú£¬£¬£¬£¬£¬£¬ £¬£¬¸Ä±ä»º³åÇøºóµÄÆäËüÊý¾ÝÄÚÈÝ£¬£¬£¬£¬£¬£¬ £¬£¬Õ⽫¸Ä±äÓ¦ÓóÌÐòµÄÐÐΪ»òµ¼ÖÂÓ¦ÓóÌÐòÍ߽⣬£¬£¬£¬£¬£¬ £¬£¬µ«»º³åÇøµÄλÖÃÈ¡¾öÓÚÓ¦ÓóÌÐò£¬£¬£¬£¬£¬£¬ £¬£¬Í¨³£ÊǶѷÖÅɵÄ¡£¡£¡£¡£¡£¡£¡£¡£

Ó°Ïì¹æÄ£

OpenSSL 1.1.1-1.1.1k

 

OpenSSL¾Ü¾øЧÀÍÎó²î£¨CVE-2021-3712£©

ÈôÊÇÓ¦ÓóÌÐòÒªÇó´òÓ¡Ò»¸öASN.1½á¹¹£¬£¬£¬£¬£¬£¬ £¬£¬¶ø¸ÃASN.1½á¹¹°üÀ¨ÓÉÓ¦ÓóÌÐòÖ±½Ó¹¹½¨µÄASN1_STRING£¬£¬£¬£¬£¬£¬ £¬£¬¶øûÓÐÒÔNUL¿¢Ê "data "×ֶΣ¬£¬£¬£¬£¬£¬ £¬£¬ÄÇô¾Í»á±¬·¢¶ÁÈ¡»º³åÇøÒç³ö£¬£¬£¬£¬£¬£¬ £¬£¬Í¬ÑùµÄÎÊÌâÒ²¿ÉÄܱ¬·¢ÔÚÖ¤ÊéµÄÃû³ÆÔ¼Êø´¦Öóͷ£Àú³ÌÖС£¡£¡£¡£¡£¡£¡£¡£ÈôÊǶñÒâ¹¥»÷Õß¿ÉÒÔʹһ¸öÓ¦ÓóÌÐòÖ±½Ó¹¹½¨Ò»¸öASN1_STRING£¬£¬£¬£¬£¬£¬ £¬£¬È»ºóͨ¹ýÊÜÓ°ÏìµÄOpenSSLº¯ÊýÖ®Ò»¾ÙÐд¦Öóͷ££¬£¬£¬£¬£¬£¬ £¬£¬ÔòÄܹ»´¥·¢´ËÎó²î£¬£¬£¬£¬£¬£¬ £¬£¬²¢Ôì³É¾Ü¾øЧÀÍ»òµ¼ÖÂÃÜÔ¿»òÃô¸ÐÐÅϢй¶¡£¡£¡£¡£¡£¡£¡£¡£

Ó°Ïì¹æÄ£

OpenSSL 1.1.1-1.1.1k

OpenSSL 1.0.2-1.0.2y

 

0x02 ´¦Öóͷ£½¨Òé

ÏÖÔÚÕâЩÎó²îÒѾ­ÐÞ¸´£¬£¬£¬£¬£¬£¬ £¬£¬½¨ÒéʵʱÉý¼¶¸üС£¡£¡£¡£¡£¡£¡£¡£

Õë¶ÔCVE-2021-3711£¬£¬£¬£¬£¬£¬ £¬£¬Éý¼¶µ½OpenSSL 1.1.1l»ò¸ü¸ß°æ±¾¡£¡£¡£¡£¡£¡£¡£¡£

Õë¶ÔCVE-2021-3712£¬£¬£¬£¬£¬£¬ £¬£¬Éý¼¶µ½ OpenSSL 1.1.1j¡¢OpenSSL 1.0.2za»ò¸ü¸ß°æ±¾¡£¡£¡£¡£¡£¡£¡£¡£

ÏÂÔØÁ´½Ó£º

https://www.openssl.org/source/

 

²¹¶¡Á´½Ó£º

CVE-2021-3711£¨OpenSSL 1.1.1l£©£º

https://github.com/openssl/openssl/commit/59f5e75f3bced8fc0e130d72a3f582cf7b480b46

 

CVE-2021-3712£¨OpenSSL 1.1.1j£©£º

https://github.com/openssl/openssl/commit/94d23fcff9b2a7a8368dfe52214d5c2569882c11

 

CVE-2021-3712£¨OpenSSL 1.0.2za£©£º

https://github.com/openssl/openssl/commit/ccb0a11145ee72b042d10593a64eaf9e8a55ec12

 

0x03 ²Î¿¼Á´½Ó

https://www.openssl.org/news/vulnerabilities.html#CVE-2021-3711

https://securityaffairs.co/wordpress/121426/hacking/cve-2021-3711-openssl-flaws.html?

https://nvd.nist.gov/vuln/detail/CVE-2021-3711

 

0x04 ¸üа汾

°æ±¾

ÈÕÆÚ

ÐÞ¸ÄÄÚÈÝ

V1.0

2021-08-25

Ê×´ÎÐû²¼

 

0x05 Îĵµ¸½Â¼

CNVD£ºwww.cnvd.org.cn

CNNVD£ºwww.cnnvd.org.cn

CVE£ºcve.mitre.org

NVD£ºnvd.nist.gov

CVSS£ºwww.first.org

 

0x06 ¹ØÓÚ¿­·¢k8

¹Ø×¢ÒÔϹ«Öںţ¬£¬£¬£¬£¬£¬ £¬£¬»ñÈ¡¸ü¶à×ÊѶ£º

image.png