Security restrictions bypass in OpenSSL for Windows



Published: 2019-07-30
Risk Low
Patch available NO
Number of vulnerabilities 1
CVE-ID CVE-2019-1552
CWE-ID CWE-276
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe
OpenSSL
Server applications / Encryption software

Vendor OpenSSL Software Foundation

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Incorrect default permissions

EUVDB-ID: #VU19563

Risk: Low

CVSSv3.1: 4.1 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:U/RC:C]

CVE-ID: CVE-2019-1552

CWE-ID: CWE-276 - Incorrect Default Permissions

Exploit availability: No

Description

The vulnerability allows a local user to bypass security restrictions.

The vulnerability exists due to OpenSSL uses insecure by default directory with potentially insecure permissions for the OPENSSLDIR on Windows. A local user can modify OpenSSL's default configuration within the 'C:/usr/local' folder, insert CA certificates, modify (or even replace) existing engine modules and bypass security restrictions, based on OpenSSL security mechanisms. 

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

As a mitigation, before official software release, it is recommended to use these commits:

- For 1.1.1, commit 54aa9d51b09d67e90db443f682cface795f5af9e
- For 1.1.0, commit e32bc855a81a2d48d215c506bdeb4f598045f7e9 and
  b15a19c148384e73338aa7c5b12652138e35ed28
- For 1.0.2, commit d333ebaf9c77332754a9d5e111e2f53e1de54fdd

Vulnerable software versions

OpenSSL: 1.0.2 - 1.1.1c

External links

http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=54aa9d51b09d67e90db443f682cface795f5af9e
http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b15a19c148384e73338aa7c5b12652138e35ed28
http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=d333ebaf9c77332754a9d5e111e2f53e1de54fdd
http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e32bc855a81a2d48d215c506bdeb4f598045f7e9
http://www.openssl.org/news/secadv/20190730.txt


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###