K15325 : OpenSSL vulnerability CVE-2014-0224

Security Advisory Description

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the “CCS Injection” vulnerability. (CVE-2014-0224)

Impact

An attacker may be able to decrypt and modify traffic between a client and a server. OpenSSL clients may be vulnerable to a man-in-the-middle (MITM) attack when connecting to a server running OpenSSL 1.0.1 or 1.0.2. For information about vulnerable components or features, refer to the following section.

Server-side impact for F5 products

The server-side components are vulnerable in the event that an attacker is able to launch an MITM attack between a client and an affected server component.

BIG-IP 11.5.0 through 11.5.1 contains the following vulnerable server-side code:

• COMPAT SSL ciphers are vulnerable. Virtual servers using a Client SSL profile configured to use ciphers from the COMPAT SSL stack are vulnerable to this attack (the BIG-IP Client SSL profile enables the BIG-IP system to accept and terminate client requests that are sent using the SSL protocol; in this context, the BIG-IP functions as an SSL server, handling incoming SSL traffic).

Note: NATIVE SSL ciphers on affected versions are not vulnerable. However, some vulnerability scanners may generate false positive reports when run against BIG-IP virtual servers that are configured to use ciphers supported by the NATIVE SSL stack. This includes all ciphers enabled by the default cipher string.

Note: On non-vulnerable versions, the third partynmapscript,ssl-ccs-injection.nse, may return a false positive vulnerable report if theGeneric Alertoption of the Client SSL profile is enabled (enabled by default). You can safely ignore this result and it does not indicate that the BIG-IP virtual server is vulnerable, but is an artifact of the basic check performed by thenmap script. F5 does not recommend disabling generic alerts because they provide a significant security advantage compared to the potential small disadvantage of this false positive report.

• The Configuration utility and other services, such as iControl, are vulnerable.
• The big3dprocess included with BIG-IP GTM 11.5.0 and 11.5.1 is vulnerable. In addition, monitored BIG-IP systems whose big3dprocess was updated by an affected BIG-IP GTM system are also vulnerable.

Client-side impact for F5 products

Connections that a vulnerable F5 device initiates (as a client) are at risk in the event that an attacker gains access to the traffic between the F5 device and the server (for example, BIG-IP system and pool members), and the server with which the F5 device is communicating is running a vulnerable version of OpenSSL.