-----BEGIN PGP SIGNED MESSAGE-----
AUSCERT Security Bulletin
Multiple vulnerabilities in OpenSSL have been discovered
within various McAfee products
12 June 2014
AusCERT Security Bulletin Summary
Product: McAfee ePolicy Orchestrator (ePO)
McAfee Web Gateway (MWG)
McAfee Security Information and Event Management (SIEM) / Nitro
Operating System: Windows
Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Access Privileged Data -- Remote/Unauthenticated
Denial of Service -- Remote/Unauthenticated
Provide Misleading Information -- Remote/Unauthenticated
CVE Names: CVE-2014-3470 CVE-2014-0224 CVE-2014-0221
CVE-2014-0198 CVE-2014-0195 CVE-2014-0076
Member content until: Saturday, July 12 2014
Revision History: June 12 2014: Updated title
June 12 2014: Initial Release
Multiple vulnerabilities in OpenSSL have been discovered within various
McAfee products. 
The vendor has provided the following details on the
"CVE-2014-0224: Man-in-the-Middle (MITM) attack
An attacker using a carefully crafted handshake can force the use of
weak keying material in OpenSSL SSL/TLS clients and servers. This
can be exploited by a Man-in-the-middle (MITM) attack where the
attacker can decrypt and modify traffic from the attacked client and
The attack can only be performed between a vulnerable client *and*
server. OpenSSL clients are vulnerable in all versions of OpenSSL.
Servers are only known to be vulnerable in OpenSSL 1.0.1 and
1.0.2-beta1. Users of OpenSSL servers earlier than 1.0.1 are advised
to upgrade as a precaution.
CERT/CC Vulnerability Note VU#978508
OpenSSL is vulnerable to a man-in-the-middle attack
How I discovered CCS Injection Vulnerability (Lepidum Engineers'
NET SECURITY Article
CVE-2014-0221: DoS attack
By sending an invalid DTLS handshake to an OpenSSL DTLS client the
code can be made to recurse eventually crashing in a DoS attack.
CVE-2014-0195: Arbitrary code execution on a vulnerable client or
A buffer overrun attack can be triggered by sending invalid DTLS
fragments to an OpenSSL DTLS client or server. This is potentially
exploitable to run arbitrary code on a vulnerable client or server.
CVE-2014-0198: DoS attack
A flaw in the do_ssl3_write function can allow remote attackers to
cause a denial of service via a NULL pointer dereference. This flaw
only affects OpenSSL 1.0.0 and 1.0.1 where SSL_MODE_RELEASE_BUFFERS
is enabled, which is not the default and not common.
CVE-2010-5298: DoS attack or session injection
A race condition in the ssl3_read_bytes function can allow remote
attackers to inject data across sessions or cause a denial of
service. This flaw only affects multithreaded applications using
OpenSSL 1.0.0 and 1.0.1, where SSL_MODE_RELEASE_BUFFERS is enabled,
which is not the default and not common.
CVE-2014-3470: DoS attack
OpenSSL TLS clients enabling anonymous ECDH ciphersuites are subject
to a denial-of-service attack.
CVE-2014-0076: Side-channel Attack
The Montgomery ladder implementation in OpenSSL through 1.0.0l does
not ensure that certain swap operations have a constant-time
behavior, which makes it easier for local users to obtain ECDSA
nonces via a FLUSH+RELOAD cache side-channel attack. (Fixed earlier
in OpenSSL 1.0.1g)
The vendor recommends applying the available patches or hotfixes for
the relevant product. 
 McAfee Security Bulletin - Seven OpenSSL vulnerabilities patched in
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
Australian Computer Emergency Response Team
The University of Queensland
Internet Email: firstname.lastname@example.org
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----