Announcement Announcement Module
Collapse
No announcement yet.
Advisory - Multiple Vulnerabilities in OpenSSL Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Advisory - Multiple Vulnerabilities in OpenSSL

    Multiple Vulnerabilities in OpenSSL

    Severity Rating: High

    System Affected
    • OpenSSL versions prior to 0.9.8za
    • OpenSSL versions 1.0.0 prior to 1.0.0m
    • OpenSSL versions 1.0.1 prior to 1.0.1h

    Overview:
    Multiple vulnerabilities have been reported in OpenSSL which could be exploited by remote attackers to cause denial of service conditions (DoS), disclose potentially sensitive information, execute arbitrary code or conduct man-in-middle (MITM) attacks.

    Description:

    1. Denial of Service Vulnerability

    This vulnerability exists in "do_ssl3_write()" function in "s3_pkt.c" in OpenSSL due to improper management of a buffer pointer during certain recursive calls, when SSL_MODE_RELEASE_BUFFERS is enabled.
    A remote attacker could exploit this vulnerability via vectors which trigger a NULL pointer dereference.
    Successful exploitation of this vulnerability could allow the attacker to cause denial of service conditions.

    2. DTLS recursion Vulnerability

    This vulnerability exists in "dtls1_get_message_fragment()" function in "d1_both.c" in OpenSSL.
    A remote attacker could exploit this vulnerability by submitting an invalid DTLS handshake to an OpenSSL DTLS client.

    Successful exploitation of this vulnerability could allow the code to recurse leading to denial of service conditions.

    3. SSL/TLS Man In The Middle Vulnerability

    This vulnerability exists in "dtls1_get_message_fragment()" function in "d1_both.c" in OpenSSL due to improper restriction of processing of the ChangeCipherSpec messages.
    Successful exploitation of this vulnerability could allow a remote attacker to conduct Man In The Middle attacks in order to obtain sensitive information via crafted TLS handshake.

    4. ECDH cipher suite Denial Of Service Vulnerability

    This vulnerability exists in "ssl3_send_client_key_exchange()" function in"s3_clnt.c" in OpenSSL due to improper use of an anonymous ECDH ciphersuite.
    A remote attacker could exploit this vulnerability by submitting aspecially crafted certificate to trigger NULL pointer dereference.
    Successful exploitation of this vulnerability could allow the attacker to cause a denial of service conditions.

    5. Denial Of Service / Session Injection Vulnerability :
    This vulnerability occurs due to improper management of SSL connection in a multithreaded environment in "ssl3_read_bytes()" function in "s3_pkt.c".
    Successful exploitation of this vulnerability could allow a remote attackers to cause a denial of service or Data Injection.

    DTLS invalid fragment vulnerability

    The ‘dtls1_reassemble_fragment’ function in ‘d1_both.c’ in OpenSSL does not properly validate the length fields in the DTLS fragments.

    A remote attacker could exploit this issue by sending a long non-initial fragment to trigger a buffer overflow leading to execution of execute arbitrary code or cause a denial of service


    Solution

    Apply appropriate updates as mentioned in Security Advisory
    https://www.openssl.org/news/secadv_20140605.txt

    Vendor Information

    Openssl
    https://www.openssl.org/news/secadv_20140605.txt

    References:

    Openssl
    https://www.openssl.org/news/secadv_20140605.txt

    RedHat
    https://rhn.redhat.com/errata/RHSA-2014-0625.html
    https://rhn.redhat.com/errata/RHSA-2014-0626.html

    Ubuntu
    http://www.ubuntu.com/usn/usn-2232-1/
    FreeBSD
    http://www.freebsd.org/security/advi...14.openssl.asc

    Cisco
    http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-
    sa-20140605-openssl


    Securelist
    https://www.securelist.com/en/advisories/58403/

    Security tracker
    http://www.securitytracker.com/id/1030337
Tag Cloud Tag Cloud Module
Collapse
Working...
X