7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.938 High
EPSS
Percentile
99.1%
This security advisory (SA) describes the impact of 9 OpenSSL vulnerabilities discovered in third-party software. (Vulnerability ID: HWPSIRT-2014-0816)
These vulnerabilities are referenced in this document as follows:
1.Information leak in pretty printing functions (CVE-2014-3508). A flaw in OBJ_obj2txt may cause pretty printing functions such as X509_name_oneline, X509_name_print_ex et al. to leak some information from the stack. Applications may be affected if they echo pretty printing output to the attacker. OpenSSL SSL/TLS clients and servers themselves are not affected.
The NVD link is: <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3508>
2.Crash with SRP ciphersuite in Server Hello message (CVE-2014-5139). The issue affects OpenSSL clients and allows a malicious server to crash the client with a null pointer dereference (read) by specifying an SRP ciphersuite even though it was not properly negotiated with the client. This can be exploited through a Denial of Service attack.
The NVD link is: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5139
3.Race condition in ssl_parse_serverhello_tlsext (CVE-2014-3509). If a multithreaded client connects to a malicious server using a resumed session and the server sends an ec point format extension it could write up to 255 bytes to freed memory.
The NVD link is: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3509
4.Double Free when processing DTLS packets (CVE-2014-3505). An attacker can force an error condition which causes openssl to crash whilst processing DTLS packets due to memory being freed twice. This can be exploited through a Denial of Service attack.
The NVD link is: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3505
5.DTLS memory exhaustion (CVE-2014-3506). An attacker can force openssl to consume large amounts of memory whilst processing DTLS handshake messages. This can be exploited through a Denial of Service attack.
The NVD link is: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3506
6.DTLS memory leak from zero-length fragments (CVE-2014-3507). By sending carefully crafted DTLS packets an attacker could cause openssl to leak memory. This can be exploited through a Denial of Service attack.
The NVD link is: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3507
7.OpenSSL DTLS anonymous EC(DH) denial of service (CVE-2014-3510). OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject to a denial of service attack. A malicious server can crash the client with a null pointer dereference (read) by specifying an anonymous (EC)DH ciphersuite and sending carefully crafted handshake messages.
The NVD link is: <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3510>
8.OpenSSL TLS protocol downgrade attack (CVE-2014-3511). A flaw in the OpenSSL SSL/TLS server code causes the server to negotiate TLS 1.0 instead of higher protocol versions when the ClientHello message is badly fragmented. This allows a man-in-the-middle attacker to force a downgrade to TLS 1.0 even if both the server and the client support a higher protocol version, by modifying the client’s TLS records.
The NVD link is: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3511
9.SRP buffer overrun (CVE-2014-3512). A malicious client or server can send invalid SRP parameters and overrun an internal buffer. Only applications which are explicitly set up for SRP use are affected.
The NVD link is: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3512
The 9 vulnerabilities affect the Huawei products that use OpenSSL. Some Products have provided the fixed versions.