Skip to Content

OpenSSL update addressed vulnerabilities including MitM attack

OpenSSL released an update that addresses seven vulnerabilities – including one that could enable a man-in-the-middle (MitM) attack and another that could potentially be exploited to run arbitrary code. Client and server – are advised to upgrade to OpenSSL 0.9.8za from OpenSSL 0.9.8, to OpenSSL 1.0.0m from OpenSSL 1.0.0, and to OpenSSL 1.0.1h from OpenSSL 1.0.1.

SSL/TLS MITM vulnerability (CVE-2014-0224)
An attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. This can be exploited by a Man-in-the-middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server.

DTLS recursion flaw (CVE-2014-0221)
By sending an invalid DTLS handshake to an OpenSSL DTLS client the code can be made to recurse eventually crashing in a DoS attack.

DTLS invalid fragment vulnerability (CVE-2014-0195)
A buffer overrun attack can be triggered by sending invalid DTLS fragments to an OpenSSL DTLS client or server. This is potentially exploitable to run arbitrary code on a vulnerable client or server.

SSL_MODE_RELEASE_BUFFERS NULL pointer dereference (CVE-2014-0198)
A flaw in the do_ssl3_write function can allow remote attackers to cause a denial of service via a NULL pointer dereference. This flaw only affects OpenSSL 1.0.0 and 1.0.1 where SSL_MODE_RELEASE_BUFFERS is enabled, which is not the default and not common.

SSL_MODE_RELEASE_BUFFERS session injection or denial of service (CVE-2010-5298)
A race condition in the ssl3_read_bytes function can allow remote attackers to inject data across sessions or cause a denial of service. This flaw only affects multithreaded applications using OpenSSL 1.0.0 and 1.0.1, where SSL_MODE_RELEASE_BUFFERS is enabled, which is not the default and not common.

Anonymous ECDH denial of service (CVE-2014-3470)
OpenSSL TLS clients enabling anonymous ECDH ciphersuites are subject to a denial of service attack.

OpenSSL 1.0.0m and OpenSSL 0.9.8za also contain a fix for CVE-2014-0076: Fix for the attack described in the paper “Recovering OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack” Reported by Yuval Yarom and Naomi Benger. This issue was previously fixed in OpenSSL 1.0.1g.

openssl-0.9.8za.tar.gz
openssl-1.0.0m.tar.gz
openssl-1.0.1h.tar.gz

References: http://www.openssl.org/news/secadv_20140605.txt

    Ads Blocker Image Powered by Code Help Pro

    Ads Blocker Detected!!!

    This site depends on revenue from ad impressions to survive. If you find this site valuable, please consider disabling your ad blocker.