Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 24 Oct 2016 07:44:27 +0000
From: 石磊 <>
To: "" <>
Subject: CVE-2016-8610: SSL Death Alert: OpenSSL SSL/TLS SSL3_AL_WARNING
 undefined alert Remote DoS

In August, Shi Lei from Gear Team, Qihoo 360 Inc., found a Denial of Service issue in OpenSSL while openssl is handling "SSL3_AL_WARNING" undefined alerts.
This issue has been assigned with CVE number, CVE-2016-8610, and it was called 'SSL-Death-Alert'.

The story is as follow.

We reported this issue to OpenSSL team in early September, and they told us they won't treat it as a security issue, but they allowed us to discuss it with whomever we wish.

BTW, the issue has been fixed in the official release on September 22nd.

As the saying goes in 'The X Files', the truth is out there. Security researchers write exploits because they like the truth.

With further research in this flaw, we found that it could easily cause a DoS to those which use OpenSSL to support SSL(e.g, Nginx). For instance, visitors couldn't open the website powered by nginx until the attack stops.

Considering the widely deployment of the combination of nginx with OpenSSL in nowaday's web servers, we believe this is an important issue that has a huge influence.

After internal team discussion,we choose to disclose the details together with the Red Hat Product Security Team.

With the help of Huzaifa Sidhpurwala from Red Hat Product Security Team, this issue has been further confirmed and has been informed to both the nginx team and other Linux distros.

At last, we were very grateful to the Red Hat Security Team and the OpenSSL Team for their help!

Details about the security flaw:


Product: OpenSSL

Affected Versions: 1.1.0, 1.0.2 - 1.0.2h, All 1.0.1, All 0.9.8

Vulnerability Type: DoS

Vendor URL:

CVE ID: CVE-2016-8610

Name: SSL Death Alert



It was found that function "ssl3_read_bytes" in ssl/s3_pkt.c might lead to higher CPU usage due to improper handling of warning packets.

An attacker could repeat the undefined plaintext warning packets of "SSL3_AL_WARNING" during the handshake, which will easily make to consume 100% CPU on the server. It is an implementation problem in OpenSSL that OpenSSL would ignore undefined warning, and continue dealing with the remaining data(if exist). So the attacker could pack multiple alerts inside a single record and send a large number of there large records. Then the server will be fallen in a meaningless cycle, and not available to any others.

Any ssl supported server which used OpenSSL may be influenced.

A successful exploitation of this vulnerability could easy cause a DoS attack to the server (such as openssl s_server, nginx, etc).

Shi Lei from Gear Team, Qihoo 360 Inc., reported this vulnerability.



Upgrade to the latest version(1.0.2j, 1.1.0b):

Patch link:;a=commit;h=af58be768ebb690f78530f796e92b8ae5c9a4401







An attack scenarios(Without PoC):


# uname -a

Linux localhost.localdomain 4.4.7-300.fc23.x86_64 #1 SMP Wed Apr 13 02:52:52 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux

#yum install nginx

# nginx -V

nginx version: nginx/1.8.1

built by gcc 5.3.1 20160406 (Red Hat 5.3.1-6) (GCC)

built with OpenSSL 1.0.2h-fips  3 May 2016 (running with OpenSSL 1.0.2g-fips  1 Mar 2016)

TLS SNI support enabled

configure arguments: --prefix=/usr/share/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --http-client-body-temp-path=/var/lib/nginx/tmp/client_body --http-proxy-temp-path=/var/lib/nginx/tmp/proxy --http-fastcgi-temp-path=/var/lib/nginx/tmp/fastcgi --http-uwsgi-temp-path=/var/lib/nginx/tmp/uwsgi --http-scgi-temp-path=/var/lib/nginx/tmp/scgi --pid-path=/run/ --lock-path=/run/lock/subsys/nginx --user=nginx --group=nginx --with-file-aio --with-ipv6 --with-http_ssl_module --with-http_spdy_module --with-http_realip_module --with-http_addition_module --with-http_xslt_module --with-http_image_filter_module --with-http_geoip_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_degradation_module --with-http_stub_status_module --with-http_perl_module --with-mail --with-mail_ssl_module --with-pcre --with-pcre-jit --with-google_perftools_module --with-debug --with-cc-opt='-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic' --with-ld-opt='-Wl,-z,relro -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,-E'

#cat /etc/nginx/nginx.conf

user nginx;

worker_processes 4;

error_log /var/log/nginx/error.log;

pid /run/;

events {

    worker_connections 1024;


# netstat -ntlp

Active Internet connections (only servers)

Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name

tcp       15      0   *               LISTEN      103334/nginx: maste

tcp        0      0    *               LISTEN      103334/nginx: maste

Running the PoC…


And then we will found that nginx was out of service.

#curl https://x.x.x.x/

curl: (28) Operation timed out after 0 milliseconds with 0 out of 0 bytes received




103336 nginx     20   0  126920   9984   6876 R 100.0  0.5   0:32.65 nginx

103337 nginx     20   0  126920   9984   6876 R  99.7  0.5   0:32.00 nginx

103335 nginx     20   0  126920   9984   6876 R  99.3  0.5   0:32.54 nginx
103338 nginx     20   0  126920   9984   6876 R  98.7  0.5   0:30.64 nginx


Shi Lei / Gear Team, Qihoo 360 Inc.
GPG Key ID 37048936 / 5C4C 85C6 068C A5A0 23FA  0294 D9CE 9C25 3704 8936

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.