The annual curl user survey is up. Please donate a few minutes and answer some questions!
curl / Docs / Security Problems / SSL CBC IV vulnerability

SSL CBC IV vulnerability

Project curl Security Advisory, January 24th 2012 permalink

VULNERABILITY

curl is vulnerable to a SSL CBC IV vulnerability when built to use OpenSSL for the SSL/TLS layer.

This vulernability has been identified (CVE-2011-3389 aka the "BEAST" attack) and is addressed by OpenSSL already as they have made a work-around to mitigate the problem. When doing so, they figured out that some servers didn't work with the work-around and offered a way to disable it.

The bit used to disable the workaround was then added to the generic SSLOPALL bitmask that SSL clients may use to enable work-arounds for better compatibility with servers. libcurl uses the SSLOPALL bitmask.

While SSLOPALL is documented to enable "rather harmless" work-arounds, it does in this case effectively enable this security vulnerability again.

There is no known exploit for this problem.

CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel

AFFECTED VERSIONS

Only curl and libcurl builds that use OpenSSL are affected.

SOLUTION

libcurl 7.24.0 never sets the SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS bit

RECOMMENDATIONS

We suggest you take one of the following actions immediately, in order of preference:

A - Upgrade to curl and libcurl 7.24.0

B - Apply this patch and rebuild libcurl

  https://curl.haxx.se/curl-dont-insert-empty-fragments.patch

C - Rebuild curl with another SSL library

D - Change the option within your application by using the CURLOPTSSLCTX_FUNCTION callback

TIME LINE

product-security at Apple reported this problem to us on January 19th 2012.

We discussed solutions and a first patch was written on the same day.

curl 7.24.0 was released on January 24th 2012, coordinated with the publication of this this flaw.

CREDITS

product-security at Apple reported it, Yang Tse helped analyzing the issue