OpenSSL update addressed vulnerabilities including MitM attack


OpenSSL released an update that addresses seven vulnerabilities – including one that could enable a man-in-the-middle (MitM) attack and another that could potentially be exploited to run arbitrary code. Client and server – are advised to upgrade to OpenSSL 0.9.8za from OpenSSL 0.9.8, to OpenSSL 1.0.0m from OpenSSL 1.0.0, and to OpenSSL 1.0.1h from OpenSSL 1.0.1.

[ad]

SSL/TLS MITM vulnerability (CVE-2014-0224)
An attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. This can be exploited by a Man-in-the-middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server.

DTLS recursion flaw (CVE-2014-0221)
By sending an invalid DTLS handshake to an OpenSSL DTLS client the code can be made to recurse eventually crashing in a DoS attack.

DTLS invalid fragment vulnerability (CVE-2014-0195)
A buffer overrun attack can be triggered by sending invalid DTLS fragments to an OpenSSL DTLS client or server. This is potentially exploitable to run arbitrary code on a vulnerable client or server.

SSL_MODE_RELEASE_BUFFERS NULL pointer dereference (CVE-2014-0198)
A flaw in the do_ssl3_write function can allow remote attackers to cause a denial of service via a NULL pointer dereference. This flaw only affects OpenSSL 1.0.0 and 1.0.1 where SSL_MODE_RELEASE_BUFFERS is enabled, which is not the default and not common.

SSL_MODE_RELEASE_BUFFERS session injection or denial of service (CVE-2010-5298)
A race condition in the ssl3_read_bytes function can allow remote attackers to inject data across sessions or cause a denial of service. This flaw only affects multithreaded applications using OpenSSL 1.0.0 and 1.0.1, where SSL_MODE_RELEASE_BUFFERS is enabled, which is not the default and not common.

Anonymous ECDH denial of service (CVE-2014-3470)
OpenSSL TLS clients enabling anonymous ECDH ciphersuites are subject to a denial of service attack.

OpenSSL 1.0.0m and OpenSSL 0.9.8za also contain a fix for CVE-2014-0076: Fix for the attack described in the paper “Recovering OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack” Reported by Yuval Yarom and Naomi Benger. This issue was previously fixed in OpenSSL 1.0.1g.

openssl-0.9.8za.tar.gz
openssl-1.0.0m.tar.gz
openssl-1.0.1h.tar.gz

References: http://www.openssl.org/news/secadv_20140605.txt
[ad#mo]