-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
                         AUSCERT Security Bulletin

                              ASB-2014.0069.2
         Multiple vulnerabilities in OpenSSL have been discovered
                      within various McAfee products
                               12 June 2014

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              McAfee ePolicy Orchestrator (ePO)
                      McAfee Web Gateway (MWG)
                      McAfee Security Information and Event Management (SIEM) / Nitro
Operating System:     Windows
                      Network Appliance
Impact/Access:        Execute Arbitrary Code/Commands -- Remote/Unauthenticated
                      Access Privileged Data          -- Remote/Unauthenticated
                      Denial of Service               -- Remote/Unauthenticated
                      Provide Misleading Information  -- Remote/Unauthenticated
Resolution:           Patch/Upgrade
CVE Names:            CVE-2014-3470 CVE-2014-0224 CVE-2014-0221
                      CVE-2014-0198 CVE-2014-0195 CVE-2014-0076
                      CVE-2010-5298  
Member content until: Saturday, July 12 2014

Revision History:     June 12 2014: Updated title
                      June 12 2014: Initial Release

OVERVIEW

        Multiple vulnerabilities in OpenSSL have been discovered within various
        McAfee products. [1]


IMPACT

        The vendor has provided the following details on the 
        vulnerabilities:
        
        "CVE-2014-0224: Man-in-the-Middle (MITM) attack
        
        An attacker using a carefully crafted handshake can force the use of
        weak keying material in OpenSSL SSL/TLS clients and servers. This 
        can be exploited by a Man-in-the-middle (MITM) attack where the 
        attacker can decrypt and modify traffic from the attacked client and
        server.
        
        The attack can only be performed between a vulnerable client *and* 
        server. OpenSSL clients are vulnerable in all versions of OpenSSL. 
        Servers are only known to be vulnerable in OpenSSL 1.0.1 and 
        1.0.2-beta1. Users of OpenSSL servers earlier than 1.0.1 are advised
        to upgrade as a precaution.
        
        http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0224
        
        CERT/CC Vulnerability Note VU#978508
        
        OpenSSL is vulnerable to a man-in-the-middle attack
        
        http://www.kb.cert.org/vuls/id/978508
        
        How I discovered CCS Injection Vulnerability (Lepidum Engineers' 
        Blog)
        
        http://ccsinjection.lepidum.co.jp/blog/2014-06-05/CCS-Injection-en/index.html
        
        https://www.imperialviolet.org/2014/06/05/earlyccs.html
        
        NET SECURITY Article
        
        http://www.net-security.org/secworld.php?id=16966
        
        CVE-2014-0221: DoS attack
        
        By sending an invalid DTLS handshake to an OpenSSL DTLS client the 
        code can be made to recurse eventually crashing in a DoS attack.
        
        http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0221
        
        CVE-2014-0195: Arbitrary code execution on a vulnerable client or 
        server
        
        A buffer overrun attack can be triggered by sending invalid DTLS 
        fragments to an OpenSSL DTLS client or server. This is potentially 
        exploitable to run arbitrary code on a vulnerable client or server.
        
        http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0195
        
        CVE-2014-0198: DoS attack
        
        A flaw in the do_ssl3_write function can allow remote attackers to 
        cause a denial of service via a NULL pointer dereference. This flaw
        only affects OpenSSL 1.0.0 and 1.0.1 where SSL_MODE_RELEASE_BUFFERS
        is enabled, which is not the default and not common.
        
        http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0198
        
        CVE-2010-5298: DoS attack or session injection
        
        A race condition in the ssl3_read_bytes function can allow remote 
        attackers to inject data across sessions or cause a denial of 
        service. This flaw only affects multithreaded applications using 
        OpenSSL 1.0.0 and 1.0.1, where SSL_MODE_RELEASE_BUFFERS is enabled,
        which is not the default and not common.
        
        http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5298
        
        CVE-2014-3470: DoS attack
        
        OpenSSL TLS clients enabling anonymous ECDH ciphersuites are subject
        to a denial-of-service attack.
        
        http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3470
        
        CVE-2014-0076: Side-channel Attack
        
        The Montgomery ladder implementation in OpenSSL through 1.0.0l does
        not ensure that certain swap operations have a constant-time 
        behavior, which makes it easier for local users to obtain ECDSA 
        nonces via a FLUSH+RELOAD cache side-channel attack. (Fixed earlier
        in OpenSSL 1.0.1g)
        
        http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0076" [1]


MITIGATION

        The vendor recommends applying the available patches or hotfixes for
        the relevant product. [1]


REFERENCES

        [1] McAfee Security Bulletin - Seven OpenSSL vulnerabilities patched in
            McAfee products
            https://kc.mcafee.com/corporate/index?page=content&id=SB10075

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBU5kwsBLndAQH1ShLAQJhGg//Syqyx8+RAuQ7rLCqp4ZUlpTR/PIl+AS4
vO0Vaer94NuoNY42glNetXKfq3qotgE9eW3q/ZsW+1YxRaCVsqUQdtUGOvxfYmWi
5zvL6QXy2w8D4kdQ9BctZV6Lc42U3P210ell3BhwHTAL7+c9anC3Jz5zkLA0Fd5Q
MzQ899VWvETSFbC4qUe4WfF7BfMaQT22KI9vGLp+37g8a5xy9DvcBGf1KmweLneB
7uyeVoKMzX9CrwSMTSptWD9VBX5CGkCO7Ac/YwHpXWl8j8ayEm6O43l6T1g5gaMb
9nVUtqGbeo7VEX8yXI9S31whMb6shS/9tsMubofWqXrn7MO5FhNsFK0YxyXu0eUp
tifjw+cJwPZ4Wm20IPnTu8O5ySuJN9sTO0mZ1ko7KSDTjpnltxN2ZDosJO16DZI0
lU8bb4LlteMjawf0syDBDkBc5nOXlzrQFRBYfsha8Tn17Lby8IVAKpnMOqap4t/k
4qCuKa9Q3CnaNPntsX7u4hxFh8wGxd8Jabq+MOHa12H8Y4BmGHM5Q+RSKnqR6NC4
CiJXVddEJtteVIbTDstQn/1QGRENv+0U+iHNkbSsTEXJ7SZYJfRG1C8nuNKBFIwk
FWMEqzFw7Uq90fN0t/dvn0Y/t2WCmH/m/7nOLushHf2ipTaJUJTMtWgqcfKJ161B
hYLK9A/VmNE=
=HAGR
-----END PGP SIGNATURE-----