Amazon Linux AMI update for openssl

1) Infinite loop

EUVDB-ID: #VU61391

Risk: Medium

CVSSv4.0: 7.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Green]

CVE-ID: CVE-2022-0778

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the BN_mod_sqrt() function when processing an ASN.1 certificate that contains elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. A remote attacker can supply a specially crafted certificate to the TLS server or client, consume all available system resources and cause denial of service conditions.

Mitigation

Update the affected packages:

aarch64:
    openssl-libs-debuginfo-3.0.5-1.amzn2023.0.4.aarch64
    openssl-perl-3.0.5-1.amzn2023.0.4.aarch64
    openssl-debuginfo-3.0.5-1.amzn2023.0.4.aarch64
    openssl-libs-3.0.5-1.amzn2023.0.4.aarch64
    openssl-3.0.5-1.amzn2023.0.4.aarch64
    openssl-debugsource-3.0.5-1.amzn2023.0.4.aarch64
    openssl-devel-3.0.5-1.amzn2023.0.4.aarch64

src:
    openssl-3.0.5-1.amzn2023.0.4.src

x86_64:
    openssl-libs-debuginfo-3.0.5-1.amzn2023.0.4.x86_64
    openssl-perl-3.0.5-1.amzn2023.0.4.x86_64
    openssl-debuginfo-3.0.5-1.amzn2023.0.4.x86_64
    openssl-libs-3.0.5-1.amzn2023.0.4.x86_64
    openssl-3.0.5-1.amzn2023.0.4.x86_64
    openssl-debugsource-3.0.5-1.amzn2023.0.4.x86_64
    openssl-devel-3.0.5-1.amzn2023.0.4.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

openssl: before 3.0.5-1

CPE2.3

• cpe:2.3:o:amazon_web_services:amazon_linux_ami:*:*:*:*:*:*:*:*
• cpe:2.3:o:amazon_web_services:openssl:*:*:*:*:*:amazon_linux_ami:*:*

External links

https://alas.aws.amazon.com/AL2023/ALAS-2023-051.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

2) OS Command Injection

EUVDB-ID: #VU62765

Risk: Medium

CVSSv4.0: 8.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Green]

CVE-ID: CVE-2022-1292

CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation in the c_rehash script distributed by some operating systems. A remote attacker with ability to pass data to c_rehash script can and execute arbitrary OS commands with the privileges of the script.

Mitigation

Update the affected packages:

aarch64:
    openssl-libs-debuginfo-3.0.5-1.amzn2023.0.4.aarch64
    openssl-perl-3.0.5-1.amzn2023.0.4.aarch64
    openssl-debuginfo-3.0.5-1.amzn2023.0.4.aarch64
    openssl-libs-3.0.5-1.amzn2023.0.4.aarch64
    openssl-3.0.5-1.amzn2023.0.4.aarch64
    openssl-debugsource-3.0.5-1.amzn2023.0.4.aarch64
    openssl-devel-3.0.5-1.amzn2023.0.4.aarch64

src:
    openssl-3.0.5-1.amzn2023.0.4.src

x86_64:
    openssl-libs-debuginfo-3.0.5-1.amzn2023.0.4.x86_64
    openssl-perl-3.0.5-1.amzn2023.0.4.x86_64
    openssl-debuginfo-3.0.5-1.amzn2023.0.4.x86_64
    openssl-libs-3.0.5-1.amzn2023.0.4.x86_64
    openssl-3.0.5-1.amzn2023.0.4.x86_64
    openssl-debugsource-3.0.5-1.amzn2023.0.4.x86_64
    openssl-devel-3.0.5-1.amzn2023.0.4.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

openssl: before 3.0.5-1

CPE2.3

• cpe:2.3:o:amazon_web_services:amazon_linux_ami:*:*:*:*:*:*:*:*
• cpe:2.3:o:amazon_web_services:openssl:*:*:*:*:*:amazon_linux_ami:*:*

External links

https://alas.aws.amazon.com/AL2023/ALAS-2023-051.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

3) Security features bypass

EUVDB-ID: #VU62766

Risk: Medium

CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-1343

CWE-ID: CWE-254 - Security Features

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to an error when validating OCSP response within the OCSP_basic_verify function. In the case where the (non-default) flag OCSP_NOCHECKS is used then the response will be positive (meaning a successful verification) even in the case where the response signing certificate fails to verify. A remote attacker can perform MitM attack.

Mitigation

Update the affected packages:

aarch64:
    openssl-libs-debuginfo-3.0.5-1.amzn2023.0.4.aarch64
    openssl-perl-3.0.5-1.amzn2023.0.4.aarch64
    openssl-debuginfo-3.0.5-1.amzn2023.0.4.aarch64
    openssl-libs-3.0.5-1.amzn2023.0.4.aarch64
    openssl-3.0.5-1.amzn2023.0.4.aarch64
    openssl-debugsource-3.0.5-1.amzn2023.0.4.aarch64
    openssl-devel-3.0.5-1.amzn2023.0.4.aarch64

src:
    openssl-3.0.5-1.amzn2023.0.4.src

x86_64:
    openssl-libs-debuginfo-3.0.5-1.amzn2023.0.4.x86_64
    openssl-perl-3.0.5-1.amzn2023.0.4.x86_64
    openssl-debuginfo-3.0.5-1.amzn2023.0.4.x86_64
    openssl-libs-3.0.5-1.amzn2023.0.4.x86_64
    openssl-3.0.5-1.amzn2023.0.4.x86_64
    openssl-debugsource-3.0.5-1.amzn2023.0.4.x86_64
    openssl-devel-3.0.5-1.amzn2023.0.4.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

openssl: before 3.0.5-1

CPE2.3

• cpe:2.3:o:amazon_web_services:amazon_linux_ami:*:*:*:*:*:*:*:*
• cpe:2.3:o:amazon_web_services:openssl:*:*:*:*:*:amazon_linux_ami:*:*

External links

https://alas.aws.amazon.com/AL2023/ALAS-2023-051.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Man-in-the-Middle (MitM) attack

EUVDB-ID: #VU62767

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-1434

CWE-ID: CWE-300 - Channel Accessible by Non-Endpoint ('Man-in-the-Middle')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists in OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite due to incorrect usage of AAD data as the MAC key. This makes the MAC key trivially predictable. An attacker can perform a man-in-the-middle (MitM) attack to modify data being sent from one endpoint to an OpenSSL 3.0 recipient such that the modified data would still pass the MAC integrity check.

Mitigation

Update the affected packages:

aarch64:
    openssl-libs-debuginfo-3.0.5-1.amzn2023.0.4.aarch64
    openssl-perl-3.0.5-1.amzn2023.0.4.aarch64
    openssl-debuginfo-3.0.5-1.amzn2023.0.4.aarch64
    openssl-libs-3.0.5-1.amzn2023.0.4.aarch64
    openssl-3.0.5-1.amzn2023.0.4.aarch64
    openssl-debugsource-3.0.5-1.amzn2023.0.4.aarch64
    openssl-devel-3.0.5-1.amzn2023.0.4.aarch64

src:
    openssl-3.0.5-1.amzn2023.0.4.src

x86_64:
    openssl-libs-debuginfo-3.0.5-1.amzn2023.0.4.x86_64
    openssl-perl-3.0.5-1.amzn2023.0.4.x86_64
    openssl-debuginfo-3.0.5-1.amzn2023.0.4.x86_64
    openssl-libs-3.0.5-1.amzn2023.0.4.x86_64
    openssl-3.0.5-1.amzn2023.0.4.x86_64
    openssl-debugsource-3.0.5-1.amzn2023.0.4.x86_64
    openssl-devel-3.0.5-1.amzn2023.0.4.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

openssl: before 3.0.5-1

CPE2.3

• cpe:2.3:o:amazon_web_services:amazon_linux_ami:*:*:*:*:*:*:*:*
• cpe:2.3:o:amazon_web_services:openssl:*:*:*:*:*:amazon_linux_ami:*:*

External links

https://alas.aws.amazon.com/AL2023/ALAS-2023-051.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Uncontrolled Memory Allocation

EUVDB-ID: #VU62768

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-1473

CWE-ID: CWE-789 - Uncontrolled Memory Allocation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform denial of service (DoS) attack.

The vulnerability exists due to memory reuse is not possible in the OPENSSL_LH_flush() function, which empties a hash table when decoding certificates or keys. If a long lived process periodically decodes certificates or keys its memory usage will expand without bounds and the process might be terminated by the operating system causing a denial of service.

Mitigation

Update the affected packages:

aarch64:
    openssl-libs-debuginfo-3.0.5-1.amzn2023.0.4.aarch64
    openssl-perl-3.0.5-1.amzn2023.0.4.aarch64
    openssl-debuginfo-3.0.5-1.amzn2023.0.4.aarch64
    openssl-libs-3.0.5-1.amzn2023.0.4.aarch64
    openssl-3.0.5-1.amzn2023.0.4.aarch64
    openssl-debugsource-3.0.5-1.amzn2023.0.4.aarch64
    openssl-devel-3.0.5-1.amzn2023.0.4.aarch64

src:
    openssl-3.0.5-1.amzn2023.0.4.src

x86_64:
    openssl-libs-debuginfo-3.0.5-1.amzn2023.0.4.x86_64
    openssl-perl-3.0.5-1.amzn2023.0.4.x86_64
    openssl-debuginfo-3.0.5-1.amzn2023.0.4.x86_64
    openssl-libs-3.0.5-1.amzn2023.0.4.x86_64
    openssl-3.0.5-1.amzn2023.0.4.x86_64
    openssl-debugsource-3.0.5-1.amzn2023.0.4.x86_64
    openssl-devel-3.0.5-1.amzn2023.0.4.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

openssl: before 3.0.5-1

CPE2.3

• cpe:2.3:o:amazon_web_services:amazon_linux_ami:*:*:*:*:*:*:*:*
• cpe:2.3:o:amazon_web_services:openssl:*:*:*:*:*:amazon_linux_ami:*:*

External links

https://alas.aws.amazon.com/AL2023/ALAS-2023-051.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) OS Command Injection

EUVDB-ID: #VU64559

Risk: Medium

CVSSv4.0: 7.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-2068

CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation in the c_rehash script distributed by some operating systems. A remote attacker with ability to pass data to c_rehash script can and execute arbitrary OS commands with the privileges of the script.

The vulnerability exists due to incomplete fix for #VU62765 (CVE-2022-1292).

Mitigation

Update the affected packages:

aarch64:
    openssl-libs-debuginfo-3.0.5-1.amzn2023.0.4.aarch64
    openssl-perl-3.0.5-1.amzn2023.0.4.aarch64
    openssl-debuginfo-3.0.5-1.amzn2023.0.4.aarch64
    openssl-libs-3.0.5-1.amzn2023.0.4.aarch64
    openssl-3.0.5-1.amzn2023.0.4.aarch64
    openssl-debugsource-3.0.5-1.amzn2023.0.4.aarch64
    openssl-devel-3.0.5-1.amzn2023.0.4.aarch64

src:
    openssl-3.0.5-1.amzn2023.0.4.src

x86_64:
    openssl-libs-debuginfo-3.0.5-1.amzn2023.0.4.x86_64
    openssl-perl-3.0.5-1.amzn2023.0.4.x86_64
    openssl-debuginfo-3.0.5-1.amzn2023.0.4.x86_64
    openssl-libs-3.0.5-1.amzn2023.0.4.x86_64
    openssl-3.0.5-1.amzn2023.0.4.x86_64
    openssl-debugsource-3.0.5-1.amzn2023.0.4.x86_64
    openssl-devel-3.0.5-1.amzn2023.0.4.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

openssl: before 3.0.5-1

CPE2.3

• cpe:2.3:o:amazon_web_services:amazon_linux_ami:*:*:*:*:*:*:*:*
• cpe:2.3:o:amazon_web_services:openssl:*:*:*:*:*:amazon_linux_ami:*:*

External links

https://alas.aws.amazon.com/AL2023/ALAS-2023-051.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Missing Encryption of Sensitive Data

EUVDB-ID: #VU64922

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-2097

CWE-ID: CWE-311 - Missing Encryption of Sensitive Data

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to an error in AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimized implementation. Under specific circumstances OpenSSL does not encrypt the entire message and can reveal sixteen bytes of data that was preexisting in the memory that wasn't written. A remote attacker can gain access to potentially sensitive information.

Mitigation

Update the affected packages:

aarch64:
    openssl-libs-debuginfo-3.0.5-1.amzn2023.0.4.aarch64
    openssl-perl-3.0.5-1.amzn2023.0.4.aarch64
    openssl-debuginfo-3.0.5-1.amzn2023.0.4.aarch64
    openssl-libs-3.0.5-1.amzn2023.0.4.aarch64
    openssl-3.0.5-1.amzn2023.0.4.aarch64
    openssl-debugsource-3.0.5-1.amzn2023.0.4.aarch64
    openssl-devel-3.0.5-1.amzn2023.0.4.aarch64

src:
    openssl-3.0.5-1.amzn2023.0.4.src

x86_64:
    openssl-libs-debuginfo-3.0.5-1.amzn2023.0.4.x86_64
    openssl-perl-3.0.5-1.amzn2023.0.4.x86_64
    openssl-debuginfo-3.0.5-1.amzn2023.0.4.x86_64
    openssl-libs-3.0.5-1.amzn2023.0.4.x86_64
    openssl-3.0.5-1.amzn2023.0.4.x86_64
    openssl-debugsource-3.0.5-1.amzn2023.0.4.x86_64
    openssl-devel-3.0.5-1.amzn2023.0.4.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

openssl: before 3.0.5-1

CPE2.3

• cpe:2.3:o:amazon_web_services:amazon_linux_ami:*:*:*:*:*:*:*:*
• cpe:2.3:o:amazon_web_services:openssl:*:*:*:*:*:amazon_linux_ami:*:*

External links

https://alas.aws.amazon.com/AL2023/ALAS-2023-051.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Buffer overflow

EUVDB-ID: #VU68895

Risk: High

CVSSv4.0: 8.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]

CVE-ID: CVE-2022-3602

CWE-ID: CWE-119 - Memory corruption

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing the email address field inside  X.509 certificate. A remote attacker can supply a specially crafted certificate to the application, trigger a 4-byte buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system but requires that either a CA signs the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer.

Mitigation

Update the affected packages:

aarch64:
    openssl-libs-debuginfo-3.0.5-1.amzn2023.0.4.aarch64
    openssl-perl-3.0.5-1.amzn2023.0.4.aarch64
    openssl-debuginfo-3.0.5-1.amzn2023.0.4.aarch64
    openssl-libs-3.0.5-1.amzn2023.0.4.aarch64
    openssl-3.0.5-1.amzn2023.0.4.aarch64
    openssl-debugsource-3.0.5-1.amzn2023.0.4.aarch64
    openssl-devel-3.0.5-1.amzn2023.0.4.aarch64

src:
    openssl-3.0.5-1.amzn2023.0.4.src

x86_64:
    openssl-libs-debuginfo-3.0.5-1.amzn2023.0.4.x86_64
    openssl-perl-3.0.5-1.amzn2023.0.4.x86_64
    openssl-debuginfo-3.0.5-1.amzn2023.0.4.x86_64
    openssl-libs-3.0.5-1.amzn2023.0.4.x86_64
    openssl-3.0.5-1.amzn2023.0.4.x86_64
    openssl-debugsource-3.0.5-1.amzn2023.0.4.x86_64
    openssl-devel-3.0.5-1.amzn2023.0.4.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

openssl: before 3.0.5-1

CPE2.3

• cpe:2.3:o:amazon_web_services:amazon_linux_ami:*:*:*:*:*:*:*:*
• cpe:2.3:o:amazon_web_services:openssl:*:*:*:*:*:amazon_linux_ami:*:*

External links

https://alas.aws.amazon.com/AL2023/ALAS-2023-051.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

9) Buffer overflow

EUVDB-ID: #VU68896

Risk: Medium

CVSSv4.0: 6.9 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Green]

CVE-ID: CVE-2022-3786

CWE-ID: CWE-119 - Memory corruption

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error when processing the email address field length inside a X.509 certificate. A remote attacker can supply a specially crafted certificate to the application, trigger a buffer overflow and crash the application.

Mitigation

Update the affected packages:

aarch64:
    openssl-libs-debuginfo-3.0.5-1.amzn2023.0.4.aarch64
    openssl-perl-3.0.5-1.amzn2023.0.4.aarch64
    openssl-debuginfo-3.0.5-1.amzn2023.0.4.aarch64
    openssl-libs-3.0.5-1.amzn2023.0.4.aarch64
    openssl-3.0.5-1.amzn2023.0.4.aarch64
    openssl-debugsource-3.0.5-1.amzn2023.0.4.aarch64
    openssl-devel-3.0.5-1.amzn2023.0.4.aarch64

src:
    openssl-3.0.5-1.amzn2023.0.4.src

x86_64:
    openssl-libs-debuginfo-3.0.5-1.amzn2023.0.4.x86_64
    openssl-perl-3.0.5-1.amzn2023.0.4.x86_64
    openssl-debuginfo-3.0.5-1.amzn2023.0.4.x86_64
    openssl-libs-3.0.5-1.amzn2023.0.4.x86_64
    openssl-3.0.5-1.amzn2023.0.4.x86_64
    openssl-debugsource-3.0.5-1.amzn2023.0.4.x86_64
    openssl-devel-3.0.5-1.amzn2023.0.4.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

openssl: before 3.0.5-1

CPE2.3

• cpe:2.3:o:amazon_web_services:amazon_linux_ami:*:*:*:*:*:*:*:*
• cpe:2.3:o:amazon_web_services:openssl:*:*:*:*:*:amazon_linux_ami:*:*

External links

https://alas.aws.amazon.com/AL2023/ALAS-2023-051.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.