exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

OpenSSL Security Advisory 20140806

OpenSSL Security Advisory 20140806
Posted Aug 6, 2014
Site openssl.org

OpenSSL Security Advisory 20140806 - A flaw in OBJ_obj2txt may cause pretty printing functions such as X509_name_oneline, X509_name_print_ex et al. to leak some information from the stack. Applications may be affected if they echo pretty printing output to the attacker. OpenSSL SSL/TLS clients and servers themselves are not affected. Other issues were also addressed.

tags | advisory
advisories | CVE-2014-3505, CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3509, CVE-2014-3510, CVE-2014-3511, CVE-2014-3512, CVE-2014-5139
SHA-256 | 2883e6b93580d6b479ec7deff02c94d30c4e29451dfc7278c3bc66db6f1c6795

OpenSSL Security Advisory 20140806

Change Mirror Download
OpenSSL Security Advisory [6 Aug 2014]
========================================

Information leak in pretty printing functions (CVE-2014-3508)
=============================================================

A flaw in OBJ_obj2txt may cause pretty printing functions such as
X509_name_oneline, X509_name_print_ex et al. to leak some information from the
stack. Applications may be affected if they echo pretty printing output to the
attacker. OpenSSL SSL/TLS clients and servers themselves are not affected.

OpenSSL 0.9.8 users should upgrade to 0.9.8zb
OpenSSL 1.0.0 users should upgrade to 1.0.0n.
OpenSSL 1.0.1 users should upgrade to 1.0.1i.

Thanks to Ivan Fratric (Google) for discovering this issue. This issue
was reported to OpenSSL on 19th June 2014.

The fix was developed by Emilia Käsper and Stephen Henson of the OpenSSL
development team.


Crash with SRP ciphersuite in Server Hello message (CVE-2014-5139)
==================================================================

The issue affects OpenSSL clients and allows a malicious server to crash
the client with a null pointer dereference (read) by specifying an SRP
ciphersuite even though it was not properly negotiated with the client. This can
be exploited through a Denial of Service attack.

OpenSSL 1.0.1 SSL/TLS client users should upgrade to 1.0.1i.

Thanks to Joonas Kuorilehto and Riku Hietamäki (Codenomicon) for discovering and
researching this issue. This issue was reported to OpenSSL on 2nd July 2014.

The fix was developed by Stephen Henson of the OpenSSL core team.


Race condition in ssl_parse_serverhello_tlsext (CVE-2014-3509)
==============================================================

If a multithreaded client connects to a malicious server using a resumed session
and the server sends an ec point format extension it could write up to 255 bytes
to freed memory.

OpenSSL 1.0.0 SSL/TLS client users should upgrade to 1.0.0n.
OpenSSL 1.0.1 SSL/TLS client users should upgrade to 1.0.1i.

Thanks to Gabor Tyukasz (LogMeIn Inc) for discovering and researching this
issue. This issue was reported to OpenSSL on 8th July 2014.

The fix was developed by Gabor Tyukasz.


Double Free when processing DTLS packets (CVE-2014-3505)
========================================================

An attacker can force an error condition which causes openssl to crash whilst
processing DTLS packets due to memory being freed twice. This can be exploited
through a Denial of Service attack.

OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8zb
OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0n.
OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1i.

Thanks to Adam Langley and Wan-Teh Chang (Google) for discovering and
researching this issue. This issue was reported to OpenSSL on 6th June
2014.

The fix was developed by Adam Langley.


DTLS memory exhaustion (CVE-2014-3506)
======================================

An attacker can force openssl to consume large amounts of memory whilst
processing DTLS handshake messages. This can be exploited through a Denial of
Service attack.

OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8zb
OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0n.
OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1i.

Thanks to Adam Langley (Google) for discovering and researching this
issue. This issue was reported to OpenSSL on 6th June 2014.

The fix was developed by Adam Langley.


DTLS memory leak from zero-length fragments (CVE-2014-3507)
===========================================================

By sending carefully crafted DTLS packets an attacker could cause openssl to
leak memory. This can be exploited through a Denial of Service attack.

OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8zb
OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0n.
OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1i.

Thanks to Adam Langley (Google) for discovering and researching this
issue. This issue was reported to OpenSSL on 6th June 2014.

The fix was developed by Adam Langley.

OpenSSL DTLS anonymous EC(DH) denial of service (CVE-2014-3510)
===============================================================

OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject to a
denial of service attack. A malicious server can crash the client with a null
pointer dereference (read) by specifying an anonymous (EC)DH ciphersuite and
sending carefully crafted handshake messages.

OpenSSL 0.9.8 DTLS client users should upgrade to 0.9.8zb
OpenSSL 1.0.0 DTLS client users should upgrade to 1.0.0n.
OpenSSL 1.0.1 DTLS client users should upgrade to 1.0.1i.

Thanks to Felix Gröbert (Google) for discovering and researching this issue.
This issue was reported to OpenSSL on 18th July 2014.

The fix was developed by Emilia Käsper of the OpenSSL development team.


OpenSSL TLS protocol downgrade attack (CVE-2014-3511)
=====================================================

A flaw in the OpenSSL SSL/TLS server code causes the server to negotiate
TLS 1.0 instead of higher protocol versions when the ClientHello message is
badly fragmented. This allows a man-in-the-middle attacker to force a
downgrade to TLS 1.0 even if both the server and the client support a higher
protocol version, by modifying the client's TLS records.

OpenSSL 1.0.1 SSL/TLS server users should upgrade to 1.0.1i.

Thanks to David Benjamin and Adam Langley (Google) for discovering and
researching this issue. This issue was reported to OpenSSL on 21st July 2014.

The fix was developed by David Benjamin.


SRP buffer overrun (CVE-2014-3512)
==================================

A malicious client or server can send invalid SRP parameters and overrun
an internal buffer. Only applications which are explicitly set up for SRP
use are affected.

OpenSSL 1.0.1 SSL/TLS users should upgrade to 1.0.1i.

Thanks to Sean Devlin and Watson Ladd (Cryptography Services, NCC
Group) for discovering this issue. This issue was reported to OpenSSL
on 31st July 2014.

The fix was developed by Stephen Henson of the OpenSSL core team.


References
==========

URL for this Security Advisory:
https://www.openssl.org/news/secadv_20140806.txt

Note: the online version of the advisory may be updated with additional
details over time.

Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close