[Bro] Uodate: OpenSSL security issue affecting Bro

Johanna Amann johanna at icir.org
Fri Dec 4 15:51:03 PST 2015


we just posted an updated blog post describing the problem to

Please note, that different from the original descriptions, default
installations of Bro that use broctl are vulnerable; a quick fix is to not
load protocols/ssl/validate-certs.bro in local.bro.

The blog post also contains instructions on how to test if your local
openssl installation is vulnerable.


On Thu, Dec 03, 2015 at 12:01:28PM -0800, Johanna Amann wrote:
> Hello,
> The OpenSSL Project today published a security advisory, that affects
> users of Bro that are using the X.509 certificate validation functionality
> of Bro. Note that this functionality is not enabled by default - typically
> it is enabled by either loading the policy script
> protocols/ssl/validate-certs.bro or protocols/ssl/validate-ocsp.bro.
> The OpenSSL bug can cause a null-pointer exception when parsing certain
> malformed X.509 certificates and can potentially be used for DOS attacks.
> The issue affects OpenSSL 1.0.1 and 1.0.2 and was fixed in OpenSSL 1.0.1q
> and 1.0.2e respectively. If you use Bro and perform certificate
> validation, you should update as soon as possible.
> The original OpenSSL security advisory is available at
> https://www.openssl.org/news/secadv/20151203.txt. It also contains a few
> other issues that are not directly applicable to Bro.
> Johanna
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro

More information about the Bro mailing list