Stamus-Networks-Blog

Impact of OpenSSL CVE-2022-3602 and CVE-2022-3786 on SSP and SELKS Users

Written by Stamus Networks Team | Nov 1, 2022 7:49:21 PM

TL;DR

Stamus Networks uses OpenSSL in the Stamus Security Platform (SSP) as well as our open source SELKS ISO versions. The vulnerabilities identified in today’s disclosure and CVE announcement do NOT impact this particular version of OpenSSL. Therefore, Stamus Security Platform and SELKS are not susceptible to exploits against these vulnerabilities.

In addition, Stamus Networks is working with its threat intelligence partners to develop mechanisms for detecting attempted exploits of these vulnerabilities. We will notify our customers immediately as soon as we can share information on these solutions.

Background

On October 25, 2022, the OpenSSL Project announced they will be releasing an update to OpenSSL in order to address a “CRITICAL” vulnerability. The vulnerability was not disclosed at this time.

On November 1, 2022, the OpenSSL Project published an advisory (https://www.openssl.org/news/secadv/20221101.txt) in which they shared more information about these buffer overflow vulnerabilities which affect versions 3.0.0 to 3.0.6 of OpenSSL:

  • CVE-2022-3602 - X.509 Email Address 4-byte Buffer Overflow
  • CVE-2022-3786 - X.509 Email Address Variable Length Buffer Overflow

Based on evidence gathered since the pre-announcement was made, OpenSSL downgraded the severity level of both CVEs to “HIGH.”

Read more on the OpenSSL blog here: https://www.openssl.org/blog/blog/2022/11/01/email-address-overflows/ 

Impact on Stamus Networks Customers

Stamus Networks includes OpenSSL in the operating system which is embedded in its Stamus Security Platform (SSP) as well in the ISO versions of its open source system, SELKS

In each of these systems, an earlier version of OpenSSL is installed. The vulnerabilities identified in the 1-November-2022  disclosure and CVE announcement do NOT impact this particular version of OpenSSL. 

Therefore, Stamus Security Platform and the ISO versions of SELKS are not susceptible to exploits against these vulnerabilities.

Users of the SELKS 7 Docker Compose package (which runs on the user’s host operating system environment) should make sure their host OS and associated applications are up to date and using a patched OpenSSL version.

If you have any questions or concerns about Stamus Security Platform, please contact Stamus Networks Support or your account manager.

SELKS users should engage the community on the Stamus Networks Discord Server here: https://discord.gg/dbaAcT6BF7

Detecting Attempted Exploits with Stamus Security Platform

Stamus Networks is working with its threat intelligence partners to develop mechanisms for detecting attempted exploits of these vulnerabilities. We will notify our customers immediately as soon as we can share information on these solutions.