Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2014.1334
OpenSSL Security Advisory [6 Aug 2014]
7 August 2014
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: OpenSSL
Publisher: OpenSSL
Operating System: UNIX variants (UNIX, Linux, OSX)
Windows
Impact/Access: Access Privileged Data -- Remote/Unauthenticated
Denial of Service -- Remote/Unauthenticated
Reduced Security -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2014-5139 CVE-2014-3512 CVE-2014-3511
CVE-2014-3510 CVE-2014-3509 CVE-2014-3508
CVE-2014-3507 CVE-2014-3506 CVE-2014-3505
Original Bulletin:
https://www.openssl.org/news/secadv_20140806.txt
- --------------------------BEGIN INCLUDED TEXT--------------------
OpenSSL Security Advisory [6 Aug 2014]
========================================
Information leak in pretty printing functions (CVE-2014-3508)
=============================================================
A flaw in OBJ_obj2txt may cause pretty printing functions such as
X509_name_oneline, X509_name_print_ex et al. to leak some information from the
stack. Applications may be affected if they echo pretty printing output to the
attacker. OpenSSL SSL/TLS clients and servers themselves are not affected.
OpenSSL 0.9.8 users should upgrade to 0.9.8zb
OpenSSL 1.0.0 users should upgrade to 1.0.0n.
OpenSSL 1.0.1 users should upgrade to 1.0.1i.
Thanks to Ivan Fratric (Google) for discovering this issue. This issue
was reported to OpenSSL on 19th June 2014.
The fix was developed by Emilia Käsper and Stephen Henson of the OpenSSL
development team.
Crash with SRP ciphersuite in Server Hello message (CVE-2014-5139)
==================================================================
The issue affects OpenSSL clients and allows a malicious server to crash
the client with a null pointer dereference (read) by specifying an SRP
ciphersuite even though it was not properly negotiated with the client. This can
be exploited through a Denial of Service attack.
OpenSSL 1.0.1 SSL/TLS client users should upgrade to 1.0.1i.
Thanks to Joonas Kuorilehto and Riku Hietamäki (Codenomicon) for discovering and
researching this issue. This issue was reported to OpenSSL on 2nd July 2014.
The fix was developed by Stephen Henson of the OpenSSL core team.
Race condition in ssl_parse_serverhello_tlsext (CVE-2014-3509)
==============================================================
If a multithreaded client connects to a malicious server using a resumed session
and the server sends an ec point format extension it could write up to 255 bytes
to freed memory.
OpenSSL 1.0.0 SSL/TLS client users should upgrade to 1.0.0n.
OpenSSL 1.0.1 SSL/TLS client users should upgrade to 1.0.1i.
Thanks to Gabor Tyukasz (LogMeIn Inc) for discovering and researching this
issue. This issue was reported to OpenSSL on 8th July 2014.
The fix was developed by Gabor Tyukasz.
Double Free when processing DTLS packets (CVE-2014-3505)
========================================================
An attacker can force an error condition which causes openssl to crash whilst
processing DTLS packets due to memory being freed twice. This can be exploited
through a Denial of Service attack.
OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8zb
OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0n.
OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1i.
Thanks to Adam Langley and Wan-Teh Chang (Google) for discovering and
researching this issue. This issue was reported to OpenSSL on 6th June
2014.
The fix was developed by Adam Langley.
DTLS memory exhaustion (CVE-2014-3506)
======================================
An attacker can force openssl to consume large amounts of memory whilst
processing DTLS handshake messages. This can be exploited through a Denial of
Service attack.
OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8zb
OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0n.
OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1i.
Thanks to Adam Langley (Google) for discovering and researching this
issue. This issue was reported to OpenSSL on 6th June 2014.
The fix was developed by Adam Langley.
DTLS memory leak from zero-length fragments (CVE-2014-3507)
===========================================================
By sending carefully crafted DTLS packets an attacker could cause openssl to
leak memory. This can be exploited through a Denial of Service attack.
OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8zb
OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0n.
OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1i.
Thanks to Adam Langley (Google) for discovering and researching this
issue. This issue was reported to OpenSSL on 6th June 2014.
The fix was developed by Adam Langley.
OpenSSL DTLS anonymous EC(DH) denial of service (CVE-2014-3510)
===============================================================
OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject to a
denial of service attack. A malicious server can crash the client with a null
pointer dereference (read) by specifying an anonymous (EC)DH ciphersuite and
sending carefully crafted handshake messages.
OpenSSL 0.9.8 DTLS client users should upgrade to 0.9.8zb
OpenSSL 1.0.0 DTLS client users should upgrade to 1.0.0n.
OpenSSL 1.0.1 DTLS client users should upgrade to 1.0.1i.
Thanks to Felix Gröbert (Google) for discovering and researching this issue.
This issue was reported to OpenSSL on 18th July 2014.
The fix was developed by Emilia Käsper of the OpenSSL development team.
OpenSSL TLS protocol downgrade attack (CVE-2014-3511)
=====================================================
A flaw in the OpenSSL SSL/TLS server code causes the server to negotiate
TLS 1.0 instead of higher protocol versions when the ClientHello message is
badly fragmented. This allows a man-in-the-middle attacker to force a
downgrade to TLS 1.0 even if both the server and the client support a higher
protocol version, by modifying the client's TLS records.
OpenSSL 1.0.1 SSL/TLS server users should upgrade to 1.0.1i.
Thanks to David Benjamin and Adam Langley (Google) for discovering and
researching this issue. This issue was reported to OpenSSL on 21st July 2014.
The fix was developed by David Benjamin.
SRP buffer overrun (CVE-2014-3512)
==================================
A malicious client or server can send invalid SRP parameters and overrun
an internal buffer. Only applications which are explicitly set up for SRP
use are affected.
OpenSSL 1.0.1 SSL/TLS users should upgrade to 1.0.1i.
Thanks to Sean Devlin and Watson Ladd (Cryptography Services, NCC
Group) for discovering this issue. This issue was reported to OpenSSL
on 31st July 2014.
The fix was developed by Stephen Henson of the OpenSSL core team.
References
==========
URL for this Security Advisory:
http://www.openssl.org/news/secadv_20140806.txt
Note: the online version of the advisory may be updated with additional
details over time.
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBU+L5WhLndAQH1ShLAQJQNA/+L08y35Sa/ebaFb9rDQtwGBPs0bON6j30
9PV0Neuesp0wqhnEow/UlHzwRXv499OijiWp4a23wF8wxRUO5k3RgL+yegK4xTBj
aF0j2PXy+1lGBZTRmrO8CFfvt8mS6mLIG3N+Zc+NJa8U+U+yid4Koe0AgUtGjFwH
VI1qPiVlrICdvyt63VQOlDf5kdm8z5yNAsWXy0bz+O49llwFcAAotmtJ+9MEGIbC
QAMuc2PQ42vCicTQpu6vRECG2Sm1E72vQT1gM+dMwq5GhOeyoiyjwU8P09dJntPc
3bx9vMplbfNQfOk3m7zAuUpINq2NN2TvK9NRFmOZ/UFwj2JunKV2tDTJWVNRQ/Le
TcTUT359hxAV4sCwczMWVXguwol0yMZA3ufwHTnzPgQCBiSmhhwXHKB49cY4u9Zc
EwhRj70Hzh2oVQwT8RIbBSJNyWSXrRRnwWF3kOc2tQYFnPGOtHNhmvixUyYEn7h2
HBfoTR7ISnyTd4Q0MFbyA3DZMZJoDHqZAsx3iUo/rbBt/MRhxCgJrkTK5grJk74t
9/yJdr8rkv4MlwIHTZn0gE8/B4qlpPpxAwPDDz/lr/02nnkZM86a1bxeYYiQRxjB
yeGrtUJDFyQANBLqRmrpCOXDiW8+jLNKewNix4shdl0EcmQXK8x9r4opgoJCgRuv
hozXeIvJgyQ=
=i7SG
-----END PGP SIGNATURE-----