Six vulnerabilities have been discovered in OpenSSL, which could allow for remote code execution. OpenSSL is a library that provides cryptographic functionality to applications such as secure web servers. Successful exploitation of these vulnerabilities could result in an attacker gaining the same privileges as the installed version of OpenSSL. Depending on the privileges associated with the service, an attacker could then install programs; view, change, or delete data; or create new accounts.
- OpenSSL prior to 0.9.8za
- OpenSSL prior to 1.0.0m
- OpenSSL prior to 1.0.1h
Six vulnerabilities have been discovered in OpenSSL. Details of these vulnerabilities are as follows:
SSL/TLS MITM vulnerability (CVE-2014-0224)
An attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. This can be exploited by a Man-in-the-middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server.
The attack can only be performed between a vulnerable client *and* server. OpenSSL clients are vulnerable in all versions of OpenSSL. Servers are only known to be vulnerable in OpenSSL 1.0.1 and 1.0.2-beta1. Users of OpenSSL servers earlier than 1.0.1 are advised to upgrade as a precaution.
DTLS recursion flaw (CVE-2014-0221)
By sending an invalid DTLS handshake to an OpenSSL DTLS client the code can be made to recurse eventually crashing in a DoS attack. Only applications using OpenSSL as a DTLS client are affected.
DTLS invalid fragment vulnerability (CVE-2014-0195)
A buffer overrun attack can be triggered by sending invalid DTLS fragments to an OpenSSL DTLS client or server. This is potentially exploitable to run arbitrary code on a vulnerable client or server.
Only applications using OpenSSL as a DTLS client or server affected.
SSL_MODE_RELEASE_BUFFERS NULL pointer dereference (CVE-2014-0198)
A flaw in the do_ssl3_write function can allow remote attackers to cause a denial of service via a NULL pointer dereference. This flaw only affects OpenSSL 1.0.0 and 1.0.1 where SSL_MODE_RELEASE_BUFFERS is enabled, which is not the default and not common.
SSL_MODE_RELEASE_BUFFERS session injection or denial of service (CVE-2010-5298)
A race condition in the ssl3_read_bytes function can allow remote attackers to inject data across sessions or cause a denial of service. This flaw only affects multithreaded applications using OpenSSL 1.0.0 and 1.0.1, where SSL_MODE_RELEASE_BUFFERS is enabled, which is not the default and not common.
Anonymous ECDH denial of service (CVE-2014-3470)
OpenSSL TLS clients enabling anonymous ECDH ciphersuites are subject to a denial of service attack.
- Patch vulnerable versions of OpenSSL on affected systems after appropriate testing.
- Review your OpenSSL configurations for possible vulnerable systems
- Monitor your systems for server crashes
- Apply IDS signatures as necessary
SANS Internet Storm Center