Search...

IBM Tivoli Endpoint Manager Server 9.1.x < 9.1.1117.0 OpenSSL Security Bypass

2014-11-19T00:00:00

ID IBM_TEM_9_1_1117_0.NASL
Type nessus
Reporter Tenable
Modified 2016-05-16T00:00:00

Description

According to its self-reported version, the IBM Tivoli Endpoint Manager Server installed on the remote host uses a vulnerable OpenSSL library that contains a flaw in the processing of ChangeCipherSpec messages. The flaw allows an attacker to cause usage of weak keying material leading to simplified man-in-the-middle attacks.

                                        
                                            #
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(79335);
  script_version("$Revision: 1.4 $");
  script_cvs_date("$Date: 2016/05/16 14:02:51 $");

  script_cve_id("CVE-2014-0224");
  script_bugtraq_id(67899);
  script_osvdb_id(107729);
  script_xref(name:"CERT", value:"978508");

  script_name(english:"IBM Tivoli Endpoint Manager Server 9.1.x &lt; 9.1.1117.0 OpenSSL Security Bypass");
  script_summary(english:"Checks the version of the Tivoli Endpoint Manager Server.");

  script_set_attribute(attribute:"synopsis", value:"The remote host is affected by a security bypass vulnerability.");
  script_set_attribute(attribute:"description", value:
"According to its self-reported version, the IBM Tivoli Endpoint
Manager Server installed on the remote host uses a vulnerable OpenSSL
library that contains a flaw in the processing of ChangeCipherSpec
messages. The flaw allows an attacker to cause usage of weak keying
material leading to simplified man-in-the-middle attacks.");
  script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg21677842");
  script_set_attribute(attribute:"see_also", value:"https://www.openssl.org/news/secadv/20140605.txt");
  script_set_attribute(attribute:"solution", value:"Upgrade to Tivoli Endpoint Manager Server 9.1.1117.0 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2014/06/05");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/06/30");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/19");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:tivoli_endpoint_manager");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Web Servers");

  script_copyright(english:"This script is Copyright (C) 2014-2016 Tenable Network Security, Inc.");

  script_dependencies("ibm_tem_detect.nasl");
  script_require_keys("www/BigFixHTTPServer");
  script_require_ports("Services/www", 52311);

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
include("install_func.inc");

app_name = "IBM Tivoli Endpoint Manager";
port = get_http_port(default:52311, embedded:FALSE);

version = get_kb_item_or_exit("www/BigFixHTTPServer/"+port+"/version");
if (version == UNKNOWN_VER) audit(AUDIT_UNKNOWN_WEB_SERVER_VER, app_name, port);
if (version !~ "^(\d+\.){2,}\d+$") audit(AUDIT_VER_NOT_GRANULAR, app_name, port, version);

fix = "9.1.1117.0";

if (
  version =~ "^9\.1\.1065($|[^0-9])" ||
  version =~ "^9\.1\.1082($|[^0-9])" ||
  version =~ "^9\.1\.1088($|[^0-9])"
)
{
  if (report_verbosity &gt; 0)
  {
    report = "";

    source = get_kb_item("www/BigFixHTTPServer/"+port+"/source");
    if (!isnull(source))
      report += '\n  Source            : ' + source;

    report +=
      '\n  Installed version : ' + version +
      '\n  Fixed version     : ' + fix +
      '\n';

    security_warning(port:port, extra:report);
  }
  else security_warning(port);
}
else audit(AUDIT_LISTEN_NOT_VULN, app_name, port, version);

JSON Vulners Source

Initial Source

{"published": "2014-11-19T00:00:00", "id": "IBM_TEM_9_1_1117_0.NASL", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "history": [{"differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-26T17:23:15", "bulletin": {"enchantments": {}, "published": "2014-11-19T00:00:00", "id": "IBM_TEM_9_1_1117_0.NASL", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "history": [], "cpe": [], "hash": "c5b87cdf345ad734ff55355336e69526045a87120e32cce07398194ffa38feba", "description": "According to its self-reported version, the IBM Tivoli Endpoint Manager Server installed on the remote host uses a vulnerable OpenSSL library that contains a flaw in the processing of ChangeCipherSpec messages. The flaw allows an attacker to cause usage of weak keying material leading to simplified man-in-the-middle attacks.", "type": "nessus", "pluginID": "79335", "lastseen": "2016-09-26T17:23:15", "edition": 1, "title": "IBM Tivoli Endpoint Manager Server 9.1.x < 9.1.1117.0 OpenSSL Security Bypass", "href": "https://www.tenable.com/plugins/index.php?view=single&id=79335", "modified": "2016-05-16T00:00:00", "bulletinFamily": "scanner", "viewCount": 6, "cvelist": ["CVE-2014-0224"], "references": ["http://www-01.ibm.com/support/docview.wss?uid=swg21677842", "https://www.openssl.org/news/secadv/20140605.txt"], "naslFamily": "Web Servers", "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79335);\n script_version(\"$Revision: 1.4 $\");\n script_cvs_date(\"$Date: 2016/05/16 14:02:51 $\");\n\n script_cve_id(\"CVE-2014-0224\");\n script_bugtraq_id(67899);\n script_osvdb_id(107729);\n script_xref(name:\"CERT\", value:\"978508\");\n\n script_name(english:\"IBM Tivoli Endpoint Manager Server 9.1.x < 9.1.1117.0 OpenSSL Security Bypass\");\n script_summary(english:\"Checks the version of the Tivoli Endpoint Manager Server.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\"The remote host is affected by a security bypass vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version, the IBM Tivoli Endpoint\nManager Server installed on the remote host uses a vulnerable OpenSSL\nlibrary that contains a flaw in the processing of ChangeCipherSpec\nmessages. The flaw allows an attacker to cause usage of weak keying\nmaterial leading to simplified man-in-the-middle attacks.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21677842\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20140605.txt\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Tivoli Endpoint Manager Server 9.1.1117.0 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\nscript_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/06/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:tivoli_endpoint_manager\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2016 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ibm_tem_detect.nasl\");\n script_require_keys(\"www/BigFixHTTPServer\");\n script_require_ports(\"Services/www\", 52311);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"install_func.inc\");\n\napp_name = \"IBM Tivoli Endpoint Manager\";\nport = get_http_port(default:52311, embedded:FALSE);\n\nversion = get_kb_item_or_exit(\"www/BigFixHTTPServer/\"+port+\"/version\");\nif (version == UNKNOWN_VER) audit(AUDIT_UNKNOWN_WEB_SERVER_VER, app_name, port);\nif (version !~ \"^(\\d+\\.){2,}\\d+$\") audit(AUDIT_VER_NOT_GRANULAR, app_name, port, version);\n\nfix = \"9.1.1117.0\";\n\nif (\n version =~ \"^9\\.1\\.1065($|[^0-9])\" ||\n version =~ \"^9\\.1\\.1082($|[^0-9])\" ||\n version =~ \"^9\\.1\\.1088($|[^0-9])\"\n)\n{\n if (report_verbosity > 0)\n {\n report = \"\";\n\n source = get_kb_item(\"www/BigFixHTTPServer/\"+port+\"/source\");\n if (!isnull(source))\n report += '\\n Source : ' + source;\n\n report +=\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, app_name, port, version);\n", "hashmap": [{"hash": "ae30ab679a4620946e7383f6006ba3c5", "key": "modified"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "de42e4d1afe340138253b8e5938c093f", "key": "title"}, {"hash": "925fafb853aa47307edbc06773b7da93", "key": "cvelist"}, {"hash": "07a0416e4de2a26a0531240b230d9eca", "key": "naslFamily"}, {"hash": "e9b5947b339a90d25fb10457aed7ed42", "key": "published"}, {"hash": "2a1e0f8fae30c9626f94bbadcc53d3e4", "key": "pluginID"}, {"hash": "afc7e78da05dfd802df8b4036f6a1b48", "key": "references"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "8989cb786fcd4f7bda355b0c857c3b82", "key": "href"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "737e2591b537c46d1ca7ce6f0cea5cb9", "key": "cvss"}, {"hash": "260a9252d91626d1309967e2bc2a0715", "key": "description"}, {"hash": "025a7d610c4dd597bc9cd6be16aef1f4", "key": "sourceData"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "objectVersion": "1.2"}}], "description": "According to its self-reported version, the IBM Tivoli Endpoint Manager Server installed on the remote host uses a vulnerable OpenSSL library that contains a flaw in the processing of ChangeCipherSpec messages. The flaw allows an attacker to cause usage of weak keying material leading to simplified man-in-the-middle attacks.", "hash": "dcafda1fc9da641b3abf90fe0480677880acc71a4e6bb2b5687a736a38f77369", "enchantments": {"vulnersScore": 5.0}, "type": "nessus", "pluginID": "79335", "lastseen": "2017-10-29T13:33:36", "edition": 2, "cpe": ["cpe:/a:ibm:tivoli_endpoint_manager"], "title": "IBM Tivoli Endpoint Manager Server 9.1.x < 9.1.1117.0 OpenSSL Security Bypass", "href": "https://www.tenable.com/plugins/index.php?view=single&id=79335", "modified": "2016-05-16T00:00:00", "bulletinFamily": "scanner", "viewCount": 6, "cvelist": ["CVE-2014-0224"], "references": ["http://www-01.ibm.com/support/docview.wss?uid=swg21677842", "https://www.openssl.org/news/secadv/20140605.txt"], "naslFamily": "Web Servers", "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79335);\n script_version(\"$Revision: 1.4 $\");\n script_cvs_date(\"$Date: 2016/05/16 14:02:51 $\");\n\n script_cve_id(\"CVE-2014-0224\");\n script_bugtraq_id(67899);\n script_osvdb_id(107729);\n script_xref(name:\"CERT\", value:\"978508\");\n\n script_name(english:\"IBM Tivoli Endpoint Manager Server 9.1.x < 9.1.1117.0 OpenSSL Security Bypass\");\n script_summary(english:\"Checks the version of the Tivoli Endpoint Manager Server.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\"The remote host is affected by a security bypass vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version, the IBM Tivoli Endpoint\nManager Server installed on the remote host uses a vulnerable OpenSSL\nlibrary that contains a flaw in the processing of ChangeCipherSpec\nmessages. The flaw allows an attacker to cause usage of weak keying\nmaterial leading to simplified man-in-the-middle attacks.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21677842\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20140605.txt\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Tivoli Endpoint Manager Server 9.1.1117.0 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\nscript_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/06/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:tivoli_endpoint_manager\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2016 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ibm_tem_detect.nasl\");\n script_require_keys(\"www/BigFixHTTPServer\");\n script_require_ports(\"Services/www\", 52311);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"install_func.inc\");\n\napp_name = \"IBM Tivoli Endpoint Manager\";\nport = get_http_port(default:52311, embedded:FALSE);\n\nversion = get_kb_item_or_exit(\"www/BigFixHTTPServer/\"+port+\"/version\");\nif (version == UNKNOWN_VER) audit(AUDIT_UNKNOWN_WEB_SERVER_VER, app_name, port);\nif (version !~ \"^(\\d+\\.){2,}\\d+$\") audit(AUDIT_VER_NOT_GRANULAR, app_name, port, version);\n\nfix = \"9.1.1117.0\";\n\nif (\n version =~ \"^9\\.1\\.1065($|[^0-9])\" ||\n version =~ \"^9\\.1\\.1082($|[^0-9])\" ||\n version =~ \"^9\\.1\\.1088($|[^0-9])\"\n)\n{\n if (report_verbosity > 0)\n {\n report = \"\";\n\n source = get_kb_item(\"www/BigFixHTTPServer/\"+port+\"/source\");\n if (!isnull(source))\n report += '\\n Source : ' + source;\n\n report +=\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, app_name, port, version);\n", "hashmap": [{"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "c14d94cb936f27ae5dfe6e82264f3450", "key": "cpe"}, {"hash": "925fafb853aa47307edbc06773b7da93", "key": "cvelist"}, {"hash": "737e2591b537c46d1ca7ce6f0cea5cb9", "key": "cvss"}, {"hash": "260a9252d91626d1309967e2bc2a0715", "key": "description"}, {"hash": "8989cb786fcd4f7bda355b0c857c3b82", "key": "href"}, {"hash": "ae30ab679a4620946e7383f6006ba3c5", "key": "modified"}, {"hash": "07a0416e4de2a26a0531240b230d9eca", "key": "naslFamily"}, {"hash": "2a1e0f8fae30c9626f94bbadcc53d3e4", "key": "pluginID"}, {"hash": "e9b5947b339a90d25fb10457aed7ed42", "key": "published"}, {"hash": "afc7e78da05dfd802df8b4036f6a1b48", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "025a7d610c4dd597bc9cd6be16aef1f4", "key": "sourceData"}, {"hash": "de42e4d1afe340138253b8e5938c093f", "key": "title"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}], "objectVersion": "1.3"}

{"result": {"cve": [{"id": "CVE-2014-0224", "type": "cve", "title": "CVE-2014-0224", "description": "OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the \"CCS Injection\" vulnerability.", "published": "2014-06-05T17:55:07", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0224", "cvelist": ["CVE-2014-0224"], "lastseen": "2017-10-20T10:47:08"}], "f5": [{"id": "F5:K15325", "type": "f5", "title": "OpenSSL vulnerability CVE-2014-0224", "description": "\nF5 Product Development has assigned IDs 465799 and 466486 (BIG-IP), ID 466469 (FirePass), ID 466956 (Enterprise Manager), ID 466954 (BIG-IQ), and ID 466317 (BIG-IP Edge Client) to this vulnerability. Additionally, BIG-IP [iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H465802 on the** Diagnostics** > **Identified** > **Medium | High** screen.\n\nTo determine if your release contains vulnerable server-side components, vulnerable client-side components, or both, and to obtain information about releases or hotfixes that resolve the vulnerability, refer to the following tables:\n\n**Server-side components**\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Vulnerable component or feature \n---|---|---|--- \nBIG-IP LTM| 11.5.0, 11.5.1| 12.0.0 \n11.6.0 \n11.5.3 \n11.5.2 \n11.5.1 HF3 \n11.5.0 HF4 \n11.0.0 - 11.4.1 \n10.0.0 - 10.2.4| Configuration utility \nbig3d \nCOMPAT SSL ciphers \nBIG-IP AAM| 11.5.0, 11.5.1| 12.0.0 \n11.6.0 \n11.5.3 \n11.5.2 \n11.5.1 HF3 \n11.5.0 HF4 \n11.4.0 - 11.4.1| Configuration utility \nbig3d \nCOMPAT SSL ciphers \nBIG-IP AFM| 11.5.0, 11.5.1| 12.0.0 \n11.6.0 \n11.5.3 \n11.5.2 \n11.5.1 HF3 \n11.5.0 HF4 \n11.3.0 - 11.4.1| Configuration utility \nbig3d \nCOMPAT SSL ciphers \nBIG-IP Analytics| 11.5.0, 11.5.1| 12.0.0 \n11.6.0 \n11.5.3 \n11.5.2 \n11.5.1 HF3 \n11.5.0 HF4 \n11.0.0 - 11.4.1| Configuration utility \nbig3d \nCOMPAT SSL ciphers \nBIG-IP APM| 11.5.0, 11.5.1| 12.0.0 \n11.6.0 \n11.5.3 \n11.5.2 \n11.5.1 HF3 \n11.5.0 HF4 \n11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| Configuration utility \nbig3d \nCOMPAT SSL ciphers \nBIG-IP ASM| 11.5.0, 11.5.1| 12.0.0 \n11.6.0 \n11.5.3 \n11.5.2 \n11.5.1 HF3 \n11.5.0 HF4 \n11.0.0 - 11.4.1 \n10.0.0 - 10.2.4| Configuration utility \nbig3d \nCOMPAT SSL ciphers \nBIG-IP DNS| None| 12.0.0| None \nBIG-IP Edge Gateway| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None \nBIG-IP GTM| 11.5.0, 11.5.1| 11.6.0 \n11.5.3 \n11.5.2 \n11.5.1 HF3 \n11.5.0 HF4 \n11.0.0 - 11.4.1 \n10.0.0 - 10.2.4| Configuration utility \nbig3d \nCOMPAT SSL ciphers \nBIG-IP Link Controller| 11.5.0, 11.5.1| 12.0.0 \n11.6.0 \n11.5.3 \n11.5.2 \n11.5.1 HF3 \n11.5.0 HF4 \n11.0.0 - 11.4.1 \n10.0.0 - 10.2.4| Configuration utility \nbig3d \nCOMPAT SSL ciphers \nBIG-IP PEM| 11.5.0, 11.5.1| 12.0.0 \n11.6.0 \n11.5.3 \n11.5.2 \n11.5.1 HF3 \n11.5.0 HF4 \n11.3.0 - 11.4.1| Configuration utility \nbig3d \nCOMPAT SSL ciphers \nBIG-IP PSM| None| 11.0.0 - 11.4.1 \n10.0.0 - 10.2.4| None \nBIG-IP WebAccelerator| None| 11.0.0 - 11.3.0 \n10.0.0 - 10.2.4| None \nBIG-IP WOM| None| 11.0.0 - 11.3.0 \n10.0.0 - 10.2.4| None \nARX| None| 6.0.0 - 6.4.0| None \nEnterprise Manager| None| 3.0.0 - 3.1.1 \n2.1.0 - 2.3.0| None \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| None \nBIG-IQ Cloud| None| 4.0.0 - 4.5.0| None \nBIG-IQ Device| None| 4.2.0 - 4.5.0| None \nBIG-IQ Security| None| 4.0.0 - 4.5.0| None \nLineRate| 2.3.0 - 2.3.1 \n2.2.0 - 2.2.4 \n1.6.0 - 1.6.3| None| OpenSSL \n \n**Client-side components**\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Vulnerable component or feature \n---|---|---|--- \nBIG-IP LTM| 11.0.0 - 11.5.1 \n10.0.0 - 10.2.4| 12.0.0 \n11.6.0 \n11.5.1 HF3 \n11.5.0 HF4 \n11.2.1 HF15| Host-initiated SSL connections \nCOMPAT SSL ciphers \nBIG-IP AAM| 11.4.0 - 11.5.1| 12.0.0 \n11.6.0 \n11.5.1 HF3 \n11.5.0 HF4| Host-initiated SSL connections \nCOMPAT SSL ciphers \nBIG-IP AFM| 11.3.0 - 11.5.1| 12.0.0 \n11.6.0 \n11.5.1 HF3 \n11.5.0 HF4| Host-initiated SSL connections \nCOMPAT SSL ciphers \nBIG-IP Analytics| 11.0.0 - 11.5.1| 12.0.0 \n11.6.0 \n11.5.1 HF3 \n11.5.0 HF4 \n11.2.1 HF15| Host-initiated SSL connections \nCOMPAT SSL ciphers \nBIG-IP APM| 11.0.0 - 11.5.1 \n10.1.0 - 10.2.4| 12.0.0 \n11.6.0 \n11.5.1 HF3 \n11.5.0 HF4 \n11.2.1 HF15| Host-initiated SSL connections \nCOMPAT SSL ciphers \nBIG-IP ASM| 11.0.0 - 11.5.1 \n10.0.0 - 10.2.4| 12.0.0 \n11.6.0 \n11.5.1 HF3 \n11.5.0 HF4 \n11.2.1 HF15| Host-initiated SSL connections \nCOMPAT SSL ciphers \nBIG-IP DNS| None| 12.0.0| None \nBIG-IP Edge Gateway| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| 11.2.1 HF15| Host-initiated SSL connections \nCOMPAT SSL ciphers \nBIG-IP GTM| 11.0.0 - 11.5.1 \n10.0.0 - 10.2.4| 11.6.0 \n11.5.1 HF3 \n11.5.0 HF4 \n11.2.1 HF15| Host-initiated SSL connections \nBIG-IP Link Controller| 11.0.0 - 11.5.1 \n10.0.0 - 10.2.4| 12.0.0 \n11.6.0 \n11.5.1 HF3 \n11.5.0 HF4 \n11.2.1 HF15| Host-initiated SSL connections \nCOMPAT SSL ciphers \nBIG-IP PEM| 11.3.0 - 11.5.1| 11.5.1 HF3 \n11.5.0 HF4| Host-initiated SSL connections \nCOMPAT SSL ciphers \nBIG-IP PSM| 11.0.0 - 11.4.1 \n10.0.0 - 10.2.4| 11.2.1 HF15| Host-initiated SSL connections \nCOMPAT SSL ciphers \nBIG-IP WebAccelerator| 11.0.0 - 11.3.0 \n10.0.0 - 10.2.4| 11.2.1 HF15| Host-initiated SSL connections \nCOMPAT SSL ciphers \nBIG-IP WOM| 11.0.0 - 11.3.0 \n10.0.0 - 10.2.4| 11.2.1 HF15| Host-initiated SSL connections \nCOMPAT SSL ciphers \nARX| None| 6.0.0 - 6.4.0| None \nEnterprise Manager| 2.0.0 - 2.3.0| None| Host-initiated SSL connections \nFirePass| 7.0.0 \n6.0.0 - 6.1.0| None| Host-initiated SSL connections \nBIG-IQ Cloud| 4.0.0 - 4.3.0| None| Host-initiated SSL connections \nBIG-IQ Device| 4.2.0 - 4.3.0| None| Host-initiated SSL connections \nBIG-IQ Security| 4.0.0 - 4.3.0| None| Host-initiated SSL connections \nLineRate| 2.3.0 - 2.3.1 \n2.2.0 - 2.2.4 \n1.6.0 - 1.6.3| None| Host-initiated SSL connections \nBIG-IP Edge Clients for Linux| 6035 - 7071| 7101.2014.0612.* \n7100.2014.0612.* \n7091.2014.0612.* \n7090.2014.0612.* \n7080.2014.0624.*| VPN \nBIG-IP Edge Client for MAC OS X| 6035 - 7071| 7101.2014.0612.* \n7100.2014.0612.* \n7091.2014.0612.* \n7090.2014.0612.* \n7080.2014.0624.*| VPN \nBIG-IP Edge Client for Windows| 7101.* - 7101.2014.0611.* \n7100.* - 7100.2014.0611.* \n7091.* - 7091.2014.0611.* \n7090.* - 7090.2014.0611.* \n7080.* - 7080.2014.0623.* \n6035 - 7071| 7101.2014.0612.1847 \n7100.2014.0612.1847 \n7091.2014.0612.1950 \n7090.2014.0612.1853 \n7080.2014.0624.2054| VPN (DTLS Only) \nBIG-IP Edge Client for iOS| 2.0.0 - 2.0.2 \n1.0.5 - 1.0.6| 2.0.3| VPN \nBIG-IP Edge Client for Android| 2.0.1 - 2.0.4| 2.0.5| VPN\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable column**. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\n**Mitigating this vulnerability**\n\nTo mitigate this vulnerability, you should consider the following recommendations:\n\n * Consider denying access to the Configuration utility and using only the command line and** **Traffic Management Shell (**tmsh**) until the BIG-IP system is updated. If that is not possible, F5 recommends that you access the Configuration utility over only a secure network.\n * If SSL profiles are configured to use COMPAT ciphers, consider reconfiguring the profiles to use ciphers from the NATIVE SSL stack. For information about the NATIVE and COMPAT ciphers, refer to the following articles: \n\n * [K13163: SSL ciphers supported on BIG-IP platforms (11.x - 12.x)](<https://support.f5.com/csp/article/K13163>)\n * [K13171: Configuring the cipher strength for SSL profiles (11.x)](<https://support.f5.com/csp/article/K13171>)\n * [K13187: COMPAT SSL ciphers are no longer included in standard cipher strings](<https://support.f5.com/csp/article/K13187>)\n * Limit traffic between the BIG-IP system and pool members to trusted traffic.\n * Verify that servers with which the F5 device communicates (such as pool members) are not using vulnerable OpenSSL versions.\n\n * For more information about SSL profiles, refer to the following articles: \n\n * [K14783: Overview of the Client SSL profile (11.x - 12.x)](<https://support.f5.com/csp/article/K14783>)\n * [K14806: Overview of the Server SSL profile (11.x - 12.x)](<https://support.f5.com/csp/article/K14806>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated document](<https://support.f5.com/csp/article/K9957>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K17329: BIG-IP GTM name has changed to BIG-IP DNS](<https://support.f5.com/csp/article/K17329>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n", "published": "2014-06-06T05:34:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://support.f5.com/csp/article/K15325", "cvelist": ["CVE-2014-0224"], "lastseen": "2017-06-08T10:18:46"}, {"id": "SOL15325", "type": "f5", "title": "SOL15325 - OpenSSL vulnerability CVE-2014-0224", "description": "**Client-side components**Product| Versions known to be vulnerable| Versions known to be not vulnerable| Vulnerable component or feature \n---|---|---|--- \nBIG-IP LTM| 11.0.0 - 11.5.1 \n10.0.0 - 10.2.4| 12.0.0 \n11.6.0 \n11.5.1 HF3 \n11.5.0 HF4 \n11.2.1 HF15| Host-initiated SSL connections \nCOMPAT SSL ciphers \nBIG-IP AAM| 11.4.0 - 11.5.1| 12.0.0 \n11.6.0 \n11.5.1 HF3 \n11.5.0 HF4| Host-initiated SSL connections \nCOMPAT SSL ciphers \nBIG-IP AFM| 11.3.0 - 11.5.1| 12.0.0 \n11.6.0 \n11.5.1 HF3 \n11.5.0 HF4| Host-initiated SSL connections \nCOMPAT SSL ciphers \nBIG-IP Analytics| 11.0.0 - 11.5.1| 12.0.0 \n11.6.0 \n11.5.1 HF3 \n11.5.0 HF4 \n11.2.1 HF15| Host-initiated SSL connections \nCOMPAT SSL ciphers \nBIG-IP APM| 11.0.0 - 11.5.1 \n10.1.0 - 10.2.4| 12.0.0 \n11.6.0 \n11.5.1 HF3 \n11.5.0 HF4 \n11.2.1 HF15| Host-initiated SSL connections \nCOMPAT SSL ciphers \nBIG-IP ASM| 11.0.0 - 11.5.1 \n10.0.0 - 10.2.4| 12.0.0 \n11.6.0 \n11.5.1 HF3 \n11.5.0 HF4 \n11.2.1 HF15| Host-initiated SSL connections \nCOMPAT SSL ciphers \nBIG-IP DNS| None| 12.0.0| None \nBIG-IP Edge Gateway| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| 11.2.1 HF15| Host-initiated SSL connections \nCOMPAT SSL ciphers \nBIG-IP GTM| 11.0.0 - 11.5.1 \n10.0.0 - 10.2.4| 11.6.0 \n11.5.1 HF3 \n11.5.0 HF4 \n11.2.1 HF15| Host-initiated SSL connections \nBIG-IP Link Controller| 11.0.0 - 11.5.1 \n10.0.0 - 10.2.4| 12.0.0 \n11.6.0 \n11.5.1 HF3 \n11.5.0 HF4 \n11.2.1 HF15| Host-initiated SSL connections \nCOMPAT SSL ciphers \nBIG-IP PEM| 11.3.0 - 11.5.1| 11.5.1 HF3 \n11.5.0 HF4| Host-initiated SSL connections \nCOMPAT SSL ciphers \nBIG-IP PSM| 11.0.0 - 11.4.1 \n10.0.0 - 10.2.4| 11.2.1 HF15| Host-initiated SSL connections \nCOMPAT SSL ciphers \nBIG-IP WebAccelerator| 11.0.0 - 11.3.0 \n10.0.0 - 10.2.4| 11.2.1 HF15| Host-initiated SSL connections \nCOMPAT SSL ciphers \nBIG-IP WOM| 11.0.0 - 11.3.0 \n10.0.0 - 10.2.4| 11.2.1 HF15| Host-initiated SSL connections \nCOMPAT SSL ciphers \nARX| None| 6.0.0 - 6.4.0| None \nEnterprise Manager| 2.0.0 - 2.3.0| None| Host-initiated SSL connections \nFirePass| 7.0.0 \n6.0.0 - 6.1.0| None| Host-initiated SSL connections \nBIG-IQ Cloud| 4.0.0 - 4.3.0| None| Host-initiated SSL connections \nBIG-IQ Device| 4.2.0 - 4.3.0| None| Host-initiated SSL connections \nBIG-IQ Security| 4.0.0 - 4.3.0| None| Host-initiated SSL connections \nLineRate| 2.3.0 - 2.3.1 \n2.2.0 - 2.2.4 \n1.6.0 - 1.6.3| None| Host-initiated SSL connections \nBIG-IP Edge Clients for Linux| 6035 - 7071| 7101.2014.0612.* \n7100.2014.0612.* \n7091.2014.0612.* \n7090.2014.0612.* \n7080.2014.0624.*| VPN \nBIG-IP Edge Client for MAC OS X| 6035 - 7071| 7101.2014.0612.* \n7100.2014.0612.* \n7091.2014.0612.* \n7090.2014.0612.* \n7080.2014.0624.*| VPN \nBIG-IP Edge Client for Windows| 7101.* - 7101.2014.0611.* \n7100.* - 7100.2014.0611.* \n7091.* - 7091.2014.0611.* \n7090.* - 7090.2014.0611.* \n7080.* - 7080.2014.0623.* \n6035 - 7071| 7101.2014.0612.1847 \n7100.2014.0612.1847 \n7091.2014.0612.1950 \n7090.2014.0612.1853 \n7080.2014.0624.2054| VPN (DTLS Only) \nBIG-IP Edge Client for iOS| 2.0.0 - 2.0.2 \n1.0.5 - 1.0.6| 2.0.3| VPN \nBIG-IP Edge Client for Android| 2.0.1 - 2.0.4| 2.0.5| VPN \n \nVulnerability Recommended Actions\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists. \n \n**Important**: F5 has created an engineering hotfix to address this issue for FirePass 7.0. You can obtain the engineering hotfix by contacting [F5 Technical Support](<http://www.f5.com/training-support/customer-support/contact/>) and referencing this article number. For more information, refer to SOL8986: F5 software life cycle policy. \n \nF5 is responding to this vulnerability as determined by the parameters defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\n**Mitigating this vulnerability**\n\nTo mitigate this vulnerability, you should consider the following recommendations:\n\n * Consider denying access to the Configuration utility and using only the command line and** **Traffic Management Shell (**tmsh**) until the BIG-IP system is updated. If that is not possible, F5 recommends that you access the Configuration utility over only a secure network.\n * If SSL profiles are configured to use COMPAT ciphers, consider reconfiguring the profiles to use ciphers from the NATIVE SSL stack. For information about the NATIVE and COMPAT ciphers, refer to the following articles: \n \n\n * SOL13163: SSL ciphers supported on BIG-IP platforms (11.x - 12.x)\n * SOL13171: Configuring the cipher strength for SSL profiles (11.x)\n * SOL13187: COMPAT SSL ciphers are no longer included in standard cipher strings\n * Limit traffic between the BIG-IP system and pool members to trusted traffic.\n * Verify that servers with which the F5 device communicates (such as pool members) are not using vulnerable OpenSSL versions.\n\nSupplemental Information\n\n * For more information about SSL profiles, refer to the following articles: \n \n\n * SOL14783: Overview of the Client SSL profile (11.x - 12.x)\n * SOL14806: Overview of the Server SSL profile (11.x - 12.x)\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated document\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n * SOL17329: BIG-IP GTM name has changed to BIG-IP DNS\n", "published": "2014-06-05T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15325.html", "cvelist": ["CVE-2014-0224"], "lastseen": "2016-09-26T17:23:25"}], "openssl": [{"id": "OPENSSL:CVE-2014-0224", "type": "openssl", "title": "Vulnerability in OpenSSL (CVE-2014-0224)", "description": "An attacker can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. This can be exploited by a Man-in-the-middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server. Reported by KIKUCHI Masashi (Lepidum Co. Ltd.).", "published": "2014-06-05T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.openssl.org/news/vulnerabilities.html", "cvelist": ["CVE-2014-0224"], "lastseen": "2016-09-26T17:22:34"}], "hackerone": [{"id": "H1:50885", "type": "hackerone", "title": "Whisper: CVE-2014-0224 openssl ccs vulnerability", "description": "your site is vulnerable to CVE-2014-0224\r\n \r\n\r\nOpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the \"CCS Injection\" vulnerability.", "published": "2015-03-11T04:42:02", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://hackerone.com/reports/50885", "cvelist": ["CVE-2014-0224"], "lastseen": "2018-04-19T17:34:12"}], "paloalto": [{"id": "PAN-SA-2014-0003", "type": "paloalto", "title": "OpenSSL Man-in-the-middle vulnerability (CVE-2014-0224)", "description": "The Palo Alto Networks product security engineering team has completed analysis of our products' exposure to the vulnerabilities described in the OpenSSL Security Advisory dated June 5th, 2014. Of the 7 CVEs highlighted in the advisory, only CVE-2014-0224 is relevant to our software. The remaining vulnerabilities to not apply because we do not use or support use of Datagram Transport Layer Security (DTLS), nor do we use anonymous Elliptic curve Diffie-Hellman (ECDH) on our software clients. Our exposure to CVE-2014-0224 is limited because both client and server must be vulnerable. While our client-side is vulnerable, the server-side is not. This limits exposure to potential man-in-the-middle (MITM) attacks only to sessions our software initiates with servers outside of our control that are running a vulnerable version of OpenSSL (OpenSSL 1.0.1 and 1.0.2-beta1). As such, services that may be vulnerable to MITM depending on customer configuration include: firewall services using SSL configured to use a proxy running a vulnerable OpenSSL server, syslog over SSL to a syslog server running a vulnerable OpenSSL server, and the User-ID agent connecting to a directory server running a vulnerable OpenSSL server. GlobalProtect is not vulnerable because our portal and gateway servers are not vulnerable. In response to these issues, Palo Alto Networks is including a patch to the OpenSSL software used across our products with the next scheduled maintenance release for all supported versions of PAN-OS / Panorama, User-ID agent, and GlobalProtect. Users can mitigate their exposure by ensuring that any servers described above are not running vulnerable versions of OpenSSL (1.0.1 and 1.0.2-beta1). If customers have any further questions related to product exposure to this OpenSSL security advisory, they can contact support.\n", "published": "2014-06-09T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://securityadvisories.paloaltonetworks.com/Home/Detail/23", "cvelist": ["CVE-2014-0224"], "lastseen": "2016-09-05T13:36:03"}], "seebug": [{"id": "SSV:92577", "type": "seebug", "title": "OpenSSL SSL/TLS MITM Vulnerability (CVE-2014-0224)", "description": "OpenSSL is an open-source SSL implementation, used to implement the network communication of high-strength encryption, it is now widely used in various network applications.\n\nOpenSSL 0.9.8 za, 1.0.0 m, 1.0.1 h prior version, does not properly handle ChangeCipherSpec messages, which allows the middle attack in certain OpenSSL-to-OpenSSL communications within the use of a zero-length master key, and then use a specially crafted TLS handshake to hijack a session and gain sensitive information.\n\nOpenSSL TLS heartbeat read remote information disclosure Vulnerability (CVE-2014-0160) http://www.linuxidc.com/Linux/2014-04/99741.htm\n\nOpenSSL serious bug allows an attacker to read 64k of memory, and Debian half an hour to fix http://www.linuxidc.com/Linux/2014-04/99737.htm\n\nOpenSSL \u201cheartbleed\u201d security vulnerability http://www.linuxidc.com/Linux/2014-04/99706.htm\n\nBy OpenSSL to provide FTP+SSL/TLS authentication functions, and to achieve secure data transmission http://www.linuxidc.com/Linux/2013-05/84986.htm\n\n * Source: KIKUCHI Masashi\n", "published": "2016-12-20T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.seebug.org/vuldb/ssvid-92577", "cvelist": ["CVE-2014-0160", "CVE-2014-0224"], "lastseen": "2017-11-19T12:02:28"}], "cert": [{"id": "VU:978508", "type": "cert", "title": "OpenSSL is vulnerable to a man-in-the-middle attack", "description": "### Overview\n\nOpenSSL is vulnerable to a man-in-the-middle attack.\n\n### Description\n\nThe OpenSSL security advisory states: \n\n_SSL/TLS MITM vulnerability (CVE-2014-0224)_ \n_===========================================_ \n \n_An attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. This can be exploited by a Man-in-the-middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server._ \n \n_The attack can only be performed between a vulnerable client *and* server. OpenSSL clients are vulnerable in all versions of OpenSSL. Servers are only known to be vulnerable in OpenSSL 1.0.1 and 1.0.2-beta1. Users of OpenSSL servers earlier than 1.0.1 are advised to upgrade as a precaution._ \n \n_OpenSSL 0.9.8 SSL/TLS users (client and/or server) should upgrade to 0.9.8za._ \n_OpenSSL 1.0.0 SSL/TLS users (client and/or server) should upgrade to 1.0.0m._ \n_OpenSSL 1.0.1 SSL/TLS users (client and/or server) should upgrade to 1.0.1h._ \n \n_Thanks to KIKUCHI Masashi (Lepidum Co. Ltd.) for discovering and researching this issue. This issue was reported to OpenSSL on 1st May 2014 via JPCERT/CC._ \n \n_The fix was developed by Stephen Henson of the OpenSSL core team partly based on an original patch from KIKUCHI Masashi._ \n\n\nAdditional details may be found in the [OpenSSL security advisory](<https://www.openssl.org/news/secadv_20140605.txt>). This vulnerability is one of many that has been fixed in the latest release. \n \nMasashi Kikuchi has written a[ technical blog post](<http://ccsinjection.lepidum.co.jp/blog/2014-06-05/CCS-Injection-en/index.html>) about the vulnerability. \n \n--- \n \n### Impact\n\nA remote attacker with a man-in-the-middle vantage point on the network may be able to decrypt or modify traffic between a client and server. \n \n--- \n \n### Solution\n\n**Apply an Update** \n \nOpenSSL 0.9.8 SSL/TLS users (client and/or server) should upgrade to 0.9.8za. \nOpenSSL 1.0.0 SSL/TLS users (client and/or server) should upgrade to 1.0.0m. \nOpenSSL 1.0.1 SSL/TLS users (client and/or server) should upgrade to 1.0.1h. \n \n--- \n \n### Vendor Information \n\nVendor| Status| Date Notified| Date Updated \n---|---|---|--- \nAttachmate| | 02 Jun 2014| 19 Aug 2014 \nDebian GNU/Linux| | 02 Jun 2014| 06 Jun 2014 \nFedora Project| | 02 Jun 2014| 06 Jun 2014 \nFreeBSD Project| | 02 Jun 2014| 05 Jun 2014 \nGlobal Technology Associates, Inc.| | 02 Jun 2014| 19 Jun 2014 \nHewlett-Packard Company| | 02 Jun 2014| 21 Aug 2014 \nIBM Corporation| | 02 Jun 2014| 16 Jun 2014 \nNEC Corporation| | 02 Jun 2014| 09 Jun 2014 \nNEC Corporation| | -| 26 Oct 2015 \nNVIDIA| | 02 Jun 2014| 10 Sep 2014 \nOpenSSL| | 09 May 2014| 05 Jun 2014 \nOracle Corporation| | 02 Jun 2014| 16 Jun 2014 \nRed Hat, Inc.| | 02 Jun 2014| 05 Jun 2014 \nSUSE Linux| | 02 Jun 2014| 09 Jun 2014 \nUbuntu| | 02 Jun 2014| 05 Jun 2014 \nIf you are a vendor and your product is affected, [let us know](<mailto:cert@cert.org?Subject=VU%23978508 Vendor Status Inquiry>). \n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | 6.4 | AV:A/AC:M/Au:N/C:C/I:P/A:N \nTemporal | 5.0 | E:POC/RL:OF/RC:C \nEnvironmental | 8.1 | CDP:H/TD:H/CR:H/IR:M/AR:L \n \n### References\n\n * <https://www.openssl.org/news/secadv_20140605.txt>\n * <http://ccsinjection.lepidum.co.jp/>\n * <http://ccsinjection.lepidum.co.jp/blog/2014-06-05/CCS-Injection-en/index.html>\n * <https://plus.google.com/app/basic/stream/z12xhp3hbzbhhjgfm22ncvtbeua1dpaa004>\n\n### Credit\n\nThanks to KIKUCHI Masashi for reporting this vulnerability.\n\nThis document was written by Jared Allar.\n\n### Other Information\n\n * CVE IDs: [CVE-2014-0224](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0224>)\n * Date Public: 05 Jun 2014\n * Date First Published: 05 Jun 2014\n * Date Last Updated: 26 Oct 2015\n * Document Revision: 30\n\n", "published": "2014-06-05T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.kb.cert.org/vuls/id/978508", "cvelist": ["CVE-2014-0224", "CVE-2014-0224", "CVE-2014-0224"], "lastseen": "2016-02-03T09:12:19"}], "oraclelinux": [{"id": "ELSA-2014-0624", "type": "oraclelinux", "title": "openssl security update", "description": "[0.9.8e-27.3]\n- fix for CVE-2014-0224 - SSL/TLS MITM vulnerability\n[0.9.8e-27.1]\n- replace expired GlobalSign Root CA certificate in ca-bundle.crt", "published": "2014-06-05T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://linux.oracle.com/errata/ELSA-2014-0624.html", "cvelist": ["CVE-2014-0224"], "lastseen": "2016-09-04T11:16:26"}, {"id": "ELSA-2014-3040", "type": "oraclelinux", "title": "openssl security update", "description": "[0.9.7a-43.18.0.2]\n- fix for CVE-2014-0224 - SSL/TLS MITM vulnerability", "published": "2014-06-11T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://linux.oracle.com/errata/ELSA-2014-3040.html", "cvelist": ["CVE-2014-0224"], "lastseen": "2016-09-04T11:16:06"}, {"id": "ELSA-2014-0680", "type": "oraclelinux", "title": "openssl098e security update", "description": "[0.9.8e-29.2]\n- fix for CVE-2014-0224 - SSL/TLS MITM vulnerability", "published": "2014-07-23T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://linux.oracle.com/errata/ELSA-2014-0680.html", "cvelist": ["CVE-2014-0224"], "lastseen": "2016-09-04T11:16:12"}, {"id": "ELSA-2014-0626", "type": "oraclelinux", "title": "openssl097a and openssl098e security update", "description": "[0.9.8e-18.0.1.el6_5.2]\n- Updated the description\n[0.9.8e-18.2]\n- fix for CVE-2014-0224 - SSL/TLS MITM vulnerability\n[0.9.8e-18]\n- fix for CVE-2012-2110 - memory corruption in asn1_d2i_read_bio() (#814185)", "published": "2014-06-05T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://linux.oracle.com/errata/ELSA-2014-0626.html", "cvelist": ["CVE-2014-0224", "CVE-2012-2110"], "lastseen": "2016-09-04T11:16:57"}, {"id": "ELSA-2014-1053", "type": "oraclelinux", "title": "openssl security update", "description": "[0.9.8e-27.4]\n- fix CVE-2014-0221 - recursion in DTLS code leading to DoS\n- fix CVE-2014-3505 - doublefree in DTLS packet processing\n- fix CVE-2014-3506 - avoid memory exhaustion in DTLS\n- fix CVE-2014-3508 - fix OID handling to avoid information leak\n- fix CVE-2014-3510 - fix DoS in anonymous (EC)DH handling in DTLS\n[0.9.8e-27.3]\n- fix for CVE-2014-0224 - SSL/TLS MITM vulnerability\n[0.9.8e-27.1]\n- replace expired GlobalSign Root CA certificate in ca-bundle.crt", "published": "2014-08-13T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://linux.oracle.com/errata/ELSA-2014-1053.html", "cvelist": ["CVE-2014-3505", "CVE-2014-3508", "CVE-2014-0224", "CVE-2014-3506", "CVE-2014-3510", "CVE-2014-0221"], "lastseen": "2016-09-04T11:16:22"}, {"id": "ELSA-2016-0372", "type": "oraclelinux", "title": "openssl098e security update", "description": "[0.9.8e-20.0.1.1]\n- Updated the description\n[0.9.8e-20.1]\n- fix CVE-2015-0293 - triggerable assert in SSLv2 server\n- fix CVE-2015-3197 - SSLv2 ciphersuite enforcement\n- disable SSLv2 in the generic TLS method\n[0.9.8e-20]\n- fix for CVE-2014-0224 - SSL/TLS MITM vulnerability", "published": "2016-03-09T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://linux.oracle.com/errata/ELSA-2016-0372.html", "cvelist": ["CVE-2015-3197", "CVE-2014-0224", "CVE-2015-0293", "CVE-2016-0800", "CVE-2016-0704", "CVE-2016-0703"], "lastseen": "2016-09-04T11:15:55"}, {"id": "ELSA-2014-0679", "type": "oraclelinux", "title": "openssl security update", "description": "[1.0.1e-34.3]\n- fix CVE-2010-5298 - possible use of memory after free\n- fix CVE-2014-0195 - buffer overflow via invalid DTLS fragment\n- fix CVE-2014-0198 - possible NULL pointer dereference\n- fix CVE-2014-0221 - DoS from invalid DTLS handshake packet\n- fix CVE-2014-0224 - SSL/TLS MITM vulnerability\n- fix CVE-2014-3470 - client-side DoS when using anonymous ECDH", "published": "2014-07-23T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://linux.oracle.com/errata/ELSA-2014-0679.html", "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2010-5298", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-0221"], "lastseen": "2016-09-04T11:16:23"}, {"id": "ELSA-2014-0625", "type": "oraclelinux", "title": "openssl security update", "description": "[1.0.1e-16.14]\n- fix CVE-2010-5298 - possible use of memory after free\n- fix CVE-2014-0195 - buffer overflow via invalid DTLS fragment\n- fix CVE-2014-0198 - possible NULL pointer dereference\n- fix CVE-2014-0221 - DoS from invalid DTLS handshake packet\n- fix CVE-2014-0224 - SSL/TLS MITM vulnerability\n- fix CVE-2014-3470 - client-side DoS when using anonymous ECDH", "published": "2014-06-05T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://linux.oracle.com/errata/ELSA-2014-0625.html", "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2010-5298", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-0221"], "lastseen": "2016-09-04T11:16:01"}], "nessus": [{"id": "REDHAT-RHSA-2014-0626.NASL", "type": "nessus", "title": "RHEL 5 / 6 : openssl097a and openssl098e (RHSA-2014:0626)", "description": "Updated openssl097a and openssl098e packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6 respectively.\n\nThe Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.\n\nIt was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server.\n(CVE-2014-0224)\n\nNote: In order to exploit this flaw, both the server and the client must be using a vulnerable version of OpenSSL; the server must be using OpenSSL version 1.0.1 and above, and the client must be using any version of OpenSSL. For more information about this flaw, refer to: https://access.redhat.com/site/articles/904433\n\nRed Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter of this issue.\n\nAll OpenSSL users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.", "published": "2014-06-06T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=74348", "cvelist": ["CVE-2014-0224"], "lastseen": "2017-10-29T13:32:54"}, {"id": "SL_20140605_OPENSSL_ON_SL5_X.NASL", "type": "nessus", "title": "Scientific Linux Security Update : openssl on SL5.x i386/x86_64", "description": "It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server.\n(CVE-2014-0224)\n\nNote: In order to exploit this flaw, both the server and the client must be using a vulnerable version of OpenSSL; the server must be using OpenSSL version 1.0.1 and above, and the client must be using any version of OpenSSL. For more information about this flaw, refer to :\n\nFor the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.", "published": "2014-06-12T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=74487", "cvelist": ["CVE-2014-0224"], "lastseen": "2017-10-29T13:42:31"}, {"id": "ORACLELINUX_ELSA-2014-0680.NASL", "type": "nessus", "title": "Oracle Linux 7 : openssl098e (ELSA-2014-0680)", "description": "From Red Hat Security Advisory 2014:0680 :\n\nUpdated openssl098e packages that fix one security issue are now available for Red Hat Enterprise Linux 7.\n\nThe Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.\n\nIt was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server.\n(CVE-2014-0224)\n\nNote: In order to exploit this flaw, both the server and the client must be using a vulnerable version of OpenSSL; the server must be using OpenSSL version 1.0.1 and above, and the client must be using any version of OpenSSL. For more information about this flaw, refer to: https://access.redhat.com/site/articles/904433\n\nRed Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter of this issue.\n\nAll OpenSSL users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.", "published": "2014-07-24T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=76730", "cvelist": ["CVE-2014-0224"], "lastseen": "2017-10-29T13:40:53"}, {"id": "PALO_ALTO_PAN-SA-2014-0003.NASL", "type": "nessus", "title": "Palo Alto Networks PAN-OS < 5.0.14 / 5.1.x < 5.1.9 / 6.0.x < 6.0.4 OpenSSL MitM", "description": "The remote host is running a version of Palo Alto Networks PAN-OS prior to 5.0.14 / 5.1.9 / 6.0.4. It is, therefore, affected by a flaw in the included OpenSSL library that can cause the client or server to use weak keying material, which a remote attacker can exploit to conduct a man-in-the-middle attack.", "published": "2014-10-20T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=78586", "cvelist": ["CVE-2014-0224"], "lastseen": "2017-10-29T13:41:46"}, {"id": "ALA_ALAS-2014-350.NASL", "type": "nessus", "title": "Amazon Linux AMI : openssl098e (ALAS-2014-350)", "description": "It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server.\n(CVE-2014-0224)", "published": "2014-10-12T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=78293", "cvelist": ["CVE-2014-0224"], "lastseen": "2018-04-19T07:24:03"}, {"id": "SOLARIS10_X86_148072.NASL", "type": "nessus", "title": "Solaris 10 (x86) : 148072-19 (deprecated)", "description": "SunOS 5.10_x86: openssl patch.\nDate this patch was last updated by Sun : Dec/17/15\n\nThis plugin has been deprecated and either replaced with individual 148072 patch-revision plugins, or deemed non-security related.", "published": "2013-06-02T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=66740", "cvelist": ["CVE-2014-0224"], "lastseen": "2018-03-15T14:35:27"}, {"id": "BLUECOAT_PROXY_SG_4_X_OPENSSL.NASL", "type": "nessus", "title": "Blue Coat ProxySG 4.x OpenSSL Security Bypass", "description": "The remote Blue Coat ProxySG device's SGOS self-reported version is 4.x and reportedly contains a bundled version of OpenSSL that has multiple flaws. It is, therefore, potentially affected by an unspecified error that could allow an attacker to cause usage of weak keying material, leading to simplified man-in-the-middle attacks.", "published": "2014-06-20T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=76163", "cvelist": ["CVE-2014-0224"], "lastseen": "2017-10-29T13:32:48"}, {"id": "ORACLELINUX_ELSA-2014-3040.NASL", "type": "nessus", "title": "Oracle Linux 4 : openssl (ELSA-2014-3040)", "description": "Description of changes:\n\n[0.9.7a-43.18.0.2]\n- fix for CVE-2014-0224 - SSL/TLS MITM vulnerability", "published": "2014-06-12T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=74484", "cvelist": ["CVE-2014-0224"], "lastseen": "2017-10-29T13:40:48"}, {"id": "BLUECOAT_PROXY_SG_6_2_15_6.NASL", "type": "nessus", "title": "Blue Coat ProxySG 6.2.x OpenSSL Security Bypass", "description": "The remote Blue Coat ProxySG device's SGOS self-reported version is 6.2 prior to 6.2.15.6. It, therefore, contains a bundled version of OpenSSL that has multiple flaws, meaning it is potentially affected by an unspecified error that could allow an attacker to cause usage of weak keying material leading to simplified man-in-the-middle attacks.", "published": "2014-06-20T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=76164", "cvelist": ["CVE-2014-0224"], "lastseen": "2017-10-29T13:44:44"}, {"id": "REDHAT-RHSA-2014-0680.NASL", "type": "nessus", "title": "RHEL 7 : openssl098e (RHSA-2014:0680)", "description": "Updated openssl098e packages that fix one security issue are now available for Red Hat Enterprise Linux 7.\n\nThe Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.\n\nIt was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server.\n(CVE-2014-0224)\n\nNote: In order to exploit this flaw, both the server and the client must be using a vulnerable version of OpenSSL; the server must be using OpenSSL version 1.0.1 and above, and the client must be using any version of OpenSSL. For more information about this flaw, refer to: https://access.redhat.com/site/articles/904433\n\nRed Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter of this issue.\n\nAll OpenSSL users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.", "published": "2014-07-30T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=76892", "cvelist": ["CVE-2014-0224"], "lastseen": "2017-10-29T13:37:34"}], "redhat": [{"id": "RHSA-2014:0627", "type": "redhat", "title": "(RHSA-2014:0627) Important: openssl security update", "description": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nIt was found that OpenSSL clients and servers could be forced, via a\nspecially crafted handshake packet, to use weak keying material for\ncommunication. A man-in-the-middle attacker could use this flaw to decrypt\nand modify traffic between a client and a server. (CVE-2014-0224)\n\nNote: In order to exploit this flaw, both the server and the client must be\nusing a vulnerable version of OpenSSL; the server must be using OpenSSL\nversion 1.0.1 and above, and the client must be using any version of\nOpenSSL. For more information about this flaw, refer to:\nhttps://access.redhat.com/site/articles/904433\n\nRed Hat would like to thank the OpenSSL project for reporting this issue.\nUpstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter\nof this issue.\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted.\n", "published": "2014-06-05T04:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2014:0627", "cvelist": ["CVE-2014-0224"], "lastseen": "2017-09-09T07:19:36"}, {"id": "RHSA-2014:0624", "type": "redhat", "title": "(RHSA-2014:0624) Important: openssl security update", "description": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nIt was found that OpenSSL clients and servers could be forced, via a\nspecially crafted handshake packet, to use weak keying material for\ncommunication. A man-in-the-middle attacker could use this flaw to decrypt\nand modify traffic between a client and a server. (CVE-2014-0224)\n\nNote: In order to exploit this flaw, both the server and the client must be\nusing a vulnerable version of OpenSSL; the server must be using OpenSSL\nversion 1.0.1 and above, and the client must be using any version of\nOpenSSL. For more information about this flaw, refer to:\nhttps://access.redhat.com/site/articles/904433\n\nRed Hat would like to thank the OpenSSL project for reporting this issue.\nUpstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter\nof this issue.\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted.\n", "published": "2014-06-05T04:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2014:0624", "cvelist": ["CVE-2014-0224"], "lastseen": "2017-09-09T07:20:36"}, {"id": "RHSA-2014:0680", "type": "redhat", "title": "(RHSA-2014:0680) Important: openssl098e security update", "description": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nIt was found that OpenSSL clients and servers could be forced, via a\nspecially crafted handshake packet, to use weak keying material for\ncommunication. A man-in-the-middle attacker could use this flaw to decrypt\nand modify traffic between a client and a server. (CVE-2014-0224)\n\nNote: In order to exploit this flaw, both the server and the client must be\nusing a vulnerable version of OpenSSL; the server must be using OpenSSL\nversion 1.0.1 and above, and the client must be using any version of\nOpenSSL. For more information about this flaw, refer to:\nhttps://access.redhat.com/site/articles/904433\n\nRed Hat would like to thank the OpenSSL project for reporting this issue.\nUpstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter\nof this issue.\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted.\n", "published": "2014-06-10T04:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2014:0680", "cvelist": ["CVE-2014-0224"], "lastseen": "2018-04-15T12:23:31"}, {"id": "RHSA-2014:0626", "type": "redhat", "title": "(RHSA-2014:0626) Important: openssl097a and openssl098e security update", "description": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nIt was found that OpenSSL clients and servers could be forced, via a\nspecially crafted handshake packet, to use weak keying material for\ncommunication. A man-in-the-middle attacker could use this flaw to decrypt\nand modify traffic between a client and a server. (CVE-2014-0224)\n\nNote: In order to exploit this flaw, both the server and the client must be\nusing a vulnerable version of OpenSSL; the server must be using OpenSSL\nversion 1.0.1 and above, and the client must be using any version of\nOpenSSL. For more information about this flaw, refer to:\nhttps://access.redhat.com/site/articles/904433\n\nRed Hat would like to thank the OpenSSL project for reporting this issue.\nUpstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter\nof this issue.\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted.\n", "published": "2014-06-05T04:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2014:0626", "cvelist": ["CVE-2014-0224"], "lastseen": "2018-06-06T18:04:39"}, {"id": "RHSA-2014:0628", "type": "redhat", "title": "(RHSA-2014:0628) Important: openssl security update", "description": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nIt was found that OpenSSL clients and servers could be forced, via a\nspecially crafted handshake packet, to use weak keying material for\ncommunication. A man-in-the-middle attacker could use this flaw to decrypt\nand modify traffic between a client and a server. (CVE-2014-0224)\n\nNote: In order to exploit this flaw, both the server and the client must be\nusing a vulnerable version of OpenSSL; the server must be using OpenSSL\nversion 1.0.1 and above, and the client must be using any version of\nOpenSSL. For more information about this flaw, refer to:\nhttps://access.redhat.com/site/articles/904433\n\nA buffer overflow flaw was found in the way OpenSSL handled invalid DTLS\npacket fragments. A remote attacker could possibly use this flaw to execute\narbitrary code on a DTLS client or server. (CVE-2014-0195)\n\nMultiple flaws were found in the way OpenSSL handled read and write buffers\nwhen the SSL_MODE_RELEASE_BUFFERS mode was enabled. A TLS/SSL client or\nserver using OpenSSL could crash or unexpectedly drop connections when\nprocessing certain SSL traffic. (CVE-2010-5298, CVE-2014-0198)\n\nA denial of service flaw was found in the way OpenSSL handled certain DTLS\nServerHello requests. A specially crafted DTLS handshake packet could cause\na DTLS client using OpenSSL to crash. (CVE-2014-0221)\n\nA NULL pointer dereference flaw was found in the way OpenSSL performed\nanonymous Elliptic Curve Diffie Hellman (ECDH) key exchange. A specially\ncrafted handshake packet could cause a TLS/SSL client that has the\nanonymous ECDH cipher suite enabled to crash. (CVE-2014-3470)\n\nRed Hat would like to thank the OpenSSL project for reporting these issues.\nUpstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter\nof CVE-2014-0224, J\u00fcri Aedla as the original reporter of CVE-2014-0195,\nImre Rad of Search-Lab as the original reporter of CVE-2014-0221, and Felix\nGr\u00f6bert and Ivan Fratri\u0107 of Google as the original reporters of\nCVE-2014-3470.\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted.\n", "published": "2014-06-05T04:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2014:0628", "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2010-5298", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-0221"], "lastseen": "2016-09-04T11:18:00"}, {"id": "RHSA-2014:0679", "type": "redhat", "title": "(RHSA-2014:0679) Important: openssl security update", "description": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nIt was found that OpenSSL clients and servers could be forced, via a\nspecially crafted handshake packet, to use weak keying material for\ncommunication. A man-in-the-middle attacker could use this flaw to decrypt\nand modify traffic between a client and a server. (CVE-2014-0224)\n\nNote: In order to exploit this flaw, both the server and the client must be\nusing a vulnerable version of OpenSSL; the server must be using OpenSSL\nversion 1.0.1 and above, and the client must be using any version of\nOpenSSL. For more information about this flaw, refer to:\nhttps://access.redhat.com/site/articles/904433\n\nA buffer overflow flaw was found in the way OpenSSL handled invalid DTLS\npacket fragments. A remote attacker could possibly use this flaw to execute\narbitrary code on a DTLS client or server. (CVE-2014-0195)\n\nMultiple flaws were found in the way OpenSSL handled read and write buffers\nwhen the SSL_MODE_RELEASE_BUFFERS mode was enabled. A TLS/SSL client or\nserver using OpenSSL could crash or unexpectedly drop connections when\nprocessing certain SSL traffic. (CVE-2010-5298, CVE-2014-0198)\n\nA denial of service flaw was found in the way OpenSSL handled certain DTLS\nServerHello requests. A specially crafted DTLS handshake packet could cause\na DTLS client using OpenSSL to crash. (CVE-2014-0221)\n\nA NULL pointer dereference flaw was found in the way OpenSSL performed\nanonymous Elliptic Curve Diffie Hellman (ECDH) key exchange. A specially\ncrafted handshake packet could cause a TLS/SSL client that has the\nanonymous ECDH cipher suite enabled to crash. (CVE-2014-3470)\n\nRed Hat would like to thank the OpenSSL project for reporting these issues.\nUpstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter\nof CVE-2014-0224, J\u00fcri Aedla as the original reporter of CVE-2014-0195,\nImre Rad of Search-Lab as the original reporter of CVE-2014-0221, and Felix\nGr\u00f6bert and Ivan Fratri\u0107 of Google as the original reporters of\nCVE-2014-3470.\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted.\n", "published": "2014-06-10T04:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2014:0679", "cvelist": ["CVE-2010-5298", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-0221", "CVE-2014-0224", "CVE-2014-3470"], "lastseen": "2018-04-15T16:21:50"}, {"id": "RHSA-2014:0625", "type": "redhat", "title": "(RHSA-2014:0625) Important: openssl security update", "description": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nIt was found that OpenSSL clients and servers could be forced, via a\nspecially crafted handshake packet, to use weak keying material for\ncommunication. A man-in-the-middle attacker could use this flaw to decrypt\nand modify traffic between a client and a server. (CVE-2014-0224)\n\nNote: In order to exploit this flaw, both the server and the client must be\nusing a vulnerable version of OpenSSL; the server must be using OpenSSL\nversion 1.0.1 and above, and the client must be using any version of\nOpenSSL. For more information about this flaw, refer to:\nhttps://access.redhat.com/site/articles/904433\n\nA buffer overflow flaw was found in the way OpenSSL handled invalid DTLS\npacket fragments. A remote attacker could possibly use this flaw to execute\narbitrary code on a DTLS client or server. (CVE-2014-0195)\n\nMultiple flaws were found in the way OpenSSL handled read and write buffers\nwhen the SSL_MODE_RELEASE_BUFFERS mode was enabled. A TLS/SSL client or\nserver using OpenSSL could crash or unexpectedly drop connections when\nprocessing certain SSL traffic. (CVE-2010-5298, CVE-2014-0198)\n\nA denial of service flaw was found in the way OpenSSL handled certain DTLS\nServerHello requests. A specially crafted DTLS handshake packet could cause\na DTLS client using OpenSSL to crash. (CVE-2014-0221)\n\nA NULL pointer dereference flaw was found in the way OpenSSL performed\nanonymous Elliptic Curve Diffie Hellman (ECDH) key exchange. A specially\ncrafted handshake packet could cause a TLS/SSL client that has the\nanonymous ECDH cipher suite enabled to crash. (CVE-2014-3470)\n\nRed Hat would like to thank the OpenSSL project for reporting these issues.\nUpstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter\nof CVE-2014-0224, J\u00fcri Aedla as the original reporter of CVE-2014-0195,\nImre Rad of Search-Lab as the original reporter of CVE-2014-0221, and Felix\nGr\u00f6bert and Ivan Fratri\u0107 of Google as the original reporters of\nCVE-2014-3470.\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted.\n", "published": "2014-06-05T04:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2014:0625", "cvelist": ["CVE-2010-5298", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-0221", "CVE-2014-0224", "CVE-2014-3470"], "lastseen": "2018-06-12T21:09:41"}], "openvas": [{"id": "OPENVAS:1361412562310105129", "type": "openvas", "title": "IBM Endpoint Manager 9.1 OpenSSL Man in the Middle Security Bypass Vulnerability", "description": "There is an OpenSSL vulnerability that could allow an attacker to decrypt\nand modify traffic from a vulnerable client and server. ", "published": "2014-12-03T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310105129", "cvelist": ["CVE-2014-0224"], "lastseen": "2017-07-31T10:48:59"}, {"id": "OPENVAS:1361412562310120311", "type": "openvas", "title": "Amazon Linux Local Check: ALAS-2014-350", "description": "Amazon Linux Local Security Checks", "published": "2015-09-08T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120311", "cvelist": ["CVE-2014-0224"], "lastseen": "2017-07-28T10:48:58"}, {"id": "OPENVAS:1361412562310871188", "type": "openvas", "title": "RedHat Update for openssl098e RHSA-2014:0680-01", "description": "Check for the Version of openssl098e", "published": "2014-07-04T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871188", "cvelist": ["CVE-2014-0224"], "lastseen": "2018-04-09T11:13:12"}, {"id": "OPENVAS:1361412562310105946", "type": "openvas", "title": "Junos SSL/TLS MITM Vulnerability", "description": "Junos OS is prone to a OpenSSL man in the middle security\nbypass vulnerability.", "published": "2015-01-23T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310105946", "cvelist": ["CVE-2014-0224"], "lastseen": "2018-01-15T13:11:23"}, {"id": "OPENVAS:1361412562310123368", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2014-0680", "description": "Oracle Linux Local Security Checks ELSA-2014-0680", "published": "2015-10-06T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123368", "cvelist": ["CVE-2014-0224"], "lastseen": "2017-07-24T12:54:03"}, {"id": "OPENVAS:1361412562310881939", "type": "openvas", "title": "CentOS Update for openssl097a CESA-2014:0626 centos5 ", "description": "Check for the Version of openssl097a", "published": "2014-06-09T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881939", "cvelist": ["CVE-2014-0224"], "lastseen": "2018-04-09T11:12:10"}, {"id": "OPENVAS:1361412562310881944", "type": "openvas", "title": "CentOS Update for openssl098e CESA-2014:0626 centos6 ", "description": "Check for the Version of openssl098e", "published": "2014-06-09T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881944", "cvelist": ["CVE-2014-0224"], "lastseen": "2018-04-09T11:12:35"}, {"id": "OPENVAS:1361412562310105042", "type": "openvas", "title": "SSL/TLS: OpenSSL CCS Man in the Middle Security Bypass Vulnerability", "description": "OpenSSL is prone to security-bypass vulnerability.", "published": "2014-06-10T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310105042", "cvelist": ["CVE-2014-0224"], "lastseen": "2017-10-30T10:44:38"}, {"id": "OPENVAS:1361412562310120310", "type": "openvas", "title": "Amazon Linux Local Check: ALAS-2014-351", "description": "Amazon Linux Local Security Checks", "published": "2015-09-08T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120310", "cvelist": ["CVE-2014-0224"], "lastseen": "2017-07-28T10:48:43"}, {"id": "OPENVAS:1361412562310105056", "type": "openvas", "title": "HP BladeSystem c-Class Onboard Administrator Remote Disclosure of Information", "description": "A potential security vulnerability has been identified with HP BladeSystem\nc-Class Onboard Administrator (OA) running OpenSSL. This vulnerability could be exploited\nremotely to allow the disclosure of information.", "published": "2014-07-04T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310105056", "cvelist": ["CVE-2014-0224"], "lastseen": "2017-10-30T10:43:53"}], "jvn": [{"id": "JVN:61247051", "type": "jvn", "title": "JVN#61247051: OpenSSL improper handling of Change Cipher Spec message", "description": "\n ## Description\n\nOpenSSL contains a flaw in the implementation of the [Change Cipher Spec](<http://tools.ietf.org/html/rfc5246#section-7.1>) protocol that allows a MITM (man-in-the-middle) attacker to force a server and a client to use easily guessable cryptgraphic key material during the initial SSL/TLS handshake ([CWE-325](<http://cwe.mitre.org/data/definitions/325.html>)). \n\n\n ## Impact\n\nSSL/TLS communication between the server and the client can be decrypted or altered by the MITM attacker. \n\n\n ## Solution\n\n**Update the software** \nUpdate to the latest version according to the information provided by the developer.\n\n ## Products Affected\n\nIt is confirmed that the SSL/TLS communication between a server and a client using the following vulnerable OpenSSL versions is affected. \n \nServer: \n\n\n * OpenSSL 1.0.1g and earlier\nClient: \n\n\n * OpenSSL 1.0.1g and earlier\n * OpenSSL 1.0.0l and earlier\n * OpenSSL 0.9.8y and earlier\n", "published": "2014-06-06T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://jvn.jp/en/jp/JVN61247051/index.html", "cvelist": ["CVE-2014-0224"], "lastseen": "2017-03-23T17:09:40"}], "thn": [{"id": "THN:11ACCB96E6DF3B8769AC3B63D2F85776", "type": "thn", "title": "Android 4.3 and Earlier versions Vulnerable to Critical Code-Execution Flaw", "description": "[![Android 4.3 and Earlier versions Vulnerable to Critical Code-Execution Flaw](https://1.bp.blogspot.com/-0lzOmBFdj24/U60nT7Xf7oI/AAAAAAAAATk/f_uoAAGVfJQ/s728/Google-Android-code-execution-vulnerability.jpg)](<https://1.bp.blogspot.com/-0lzOmBFdj24/U60nT7Xf7oI/AAAAAAAAATk/f_uoAAGVfJQ/s1600/Google-Android-code-execution-vulnerability.jpg>)\n\nA critical code-execution vulnerability almost affecting everyone those are not running the most updated version of [Google Android](<https://thehackernews.com/search/label/Android>), i.e. Android version 4.4 also known as KitKat.\n\n \n\n\nAfter nine months of vulnerability disclosure to the Android security team, researchers of the Application Security team at IBM have finally [revealed](<http://securityintelligence.com/android-keystore-stack-buffer-overflow-to-keep-things-simple-buffers-are-always-larger-than-needed>) all the possible details of a serious code-execution vulnerability that still affects the Android devices running versions 4.3 and earlier, which could allow attackers to exfiltrate sensitive information from the vulnerable devices.\n\n> \u201c_Considering Android\u2019s fragmented nature and the fact that this was a code-execution vulnerability, we decided to wait a bit with the public disclosure_,\u201d said Roee Hay, a security research group leader at IBM.\n\nThe researchers found the stack buffer overflow vulnerability that resides in the Android's KeyStore storage service, which according to the Android developers\u2019 website is the _**service code running in Android responsible for storing and securing device\u2019s cryptographic keys**_.\n\n \n\n\n**CAUSE OF THE CRITICAL FLAW**\n\nAccording to the researchers, the vulnerability occurred due the absent bounds check for a stack buffer created by the \u201c_KeyStore::getKeyForName_\u201d method.\n\n \n\n\n\u201c_This function has several callers, which are accessible by external applications using the Binder interface (e.g., \u2018android::KeyStoreProxy::get\u2019). Therefore, the \u2018keyName\u2019 variable can be controllable with an arbitrary size by a malicious application,\u201d Hay said. \u201c__The \u2018encode_key\u2019 routine that is called by \u2018encode_key_for_uid\u2019 can overflow the \u2018filename\u2019 buffer, since bounds checking is absent._\u201d\n\n \n\n\n**ANDROID VULNERABILITY IMPACT**\n\nWhile IBM's researchers haven't seen this vulnerability being exploited in the wild yet. But if successfully exploited, would compromise a device completely allowing an attacker to execute malicious code of their choice under the keystore process. \n\n \n\n\nConsequently, the attacker could gain access to the device\u2019s sensitive information such as device\u2019s lock-screen credentials, encrypted and decrypted master keys, data and hardware-backed key identifiers from the memory, as well as the ability to carry out cryptographic operations such as arbitrary signing of data on behalf of the users.\n\n \n\n\n**ATTACK VECTOR**\n\nWhile this could be accomplished only with the use of a malicious application, but there are a number of obstacles for the working exploit to overcome.\n\n \n\n\nThat means, a malicious application must have ability to bypass memory-based protections native to the operating system including Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR). \n\n \n\n\nDEP is an exploit mitigation that limits where code can be executed and helps prevent certain malicious exploits, but the attackers have had success using shellcode or Return Oriented Programming (ROP) attacks in order to bypass DEP. \n\n[![Android 4.3 and Earlier versions Vulnerable to Critical Code-Execution Flaw](https://3.bp.blogspot.com/-Y68qvgyNY6E/U60ol3kmYvI/AAAAAAAAATw/RiJqMrmO0-I/s728/keystore.png)](<https://3.bp.blogspot.com/-Y68qvgyNY6E/U60ol3kmYvI/AAAAAAAAATw/RiJqMrmO0-I/s1600/keystore.png>)\n\nWhile, ASLR specifically reduces buffer overflow attacks that exploit vulnerabilities like the one elaborated in this article. ASLR randomizes the memory locations used by system files and other programs, making it much harder for an attacker to correctly guess the location of a given process.\n\n \n\n\nAn attacker would also need to overcome the stack canaries present in Android, which is used to detect stack buffer overflow bugs such as this one before execution of malicious code can occur. Moreover, Android also makes use of encoding, which is also an obstacle for the attacker to overcome. \n\n> \u201c_However, the Android KeyStore is respawned every time it terminates_,\u201d Hay cautions. \u201c_This behavior enables a probabilistic approach; moreover, the attacker may even theoretically abuse ASLR to defeat the encoding._\u201d\n\n**LATEST UPDATE - ANDROID 4.4.4**\n\nCurrently Google is rolling out Android KitKat 4.4.4 with build number KTU84P (branch kitkat-mr2.1-release) to several Nexus devices, including Nexus 4, 5, 7, and 10. Latest update primarily addresses the [OpenSSL CCS Injection Vulnerability](<https://thehackernews.com/2014/06/openssl-vulnerable-to-man-in-middle.html>) (CVE-2014-0224), which was discovered in OpenSSL after the [Heartbleed bug](<https://thehackernews.com/search/label/Heartbleed%20bug>) was uncovered.\n\n \n\n\nSo if you haven't updated your OS, this might be a good time to do it. Users can check to see if the update is available for their device by accessing Settings > About Phone > System Updates.\n", "published": "2014-06-26T21:22:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://thehackernews.com/2014/06/android-43-and-earlier-versions.html", "cvelist": ["CVE-2014-0224"], "lastseen": "2018-01-27T09:17:13"}, {"id": "THN:D2B91981A95FA63440BEC1909D1FAE82", "type": "thn", "title": "OpenSSL Vulnerable to Man-in-the-Middle Attack and Several Other Bugs", "description": "[![OpenSSL Vulnerable to Man-in-the-Middle Attack and Several Other Vulnerabilities](https://3.bp.blogspot.com/-W9MmiVzV-K4/U5CfAfLYiXI/AAAAAAAAb9U/ypeNlFGpb14/s728/Openssl-bug-mitm.jpg)](<https://3.bp.blogspot.com/-W9MmiVzV-K4/U5CfAfLYiXI/AAAAAAAAb9U/ypeNlFGpb14/s1600/Openssl-bug-mitm.jpg>)\n\nRemember OpenSSL [Heartbleed vulnerability](<https://thehackernews.com/2014/04/heartbleed-bug-explained-10-most.html>)? Several weeks ago, the exposure of this security bug chilled the Internet, revealed that millions of websites were vulnerable to a flaw in the OpenSSL code which they used to encrypt their communications.\n\n \n\n\nNow once again the OpenSSL Foundation has issued software updates to patch six new vulnerabilities, and two of them are critical.\n\n \n\n\n**MAN-IN-THE-MIDDLE ATTACK (CVE-2014-0224)**\n\nFirst critical vulnerability (CVE-2014-0224) in [OpenSSL](<https://thehackernews.com/search/label/OpenSSL>) is \"_CCS Injection_\" - resides in ChangeCipherSpec (CCS) request sent during the handshake that could allow an attacker to perform a [man-in-the-middle attack](<https://thehackernews.com/search/label/Man-in-the-Middle>) against the encrypted connection servers and clients. \n\n \n\n\nBy exploiting this vulnerability an attacker could intercept an encrypted connection which allows him to decrypt, read or manipulate the data. But the reported flaw is exploitable only if both server and client are vulnerable to this issue.\n\n \n\n\nAccording to the OpenSSL [advisory](<https://www.openssl.org/news/secadv_20140605.txt>), \"_An attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers._\" All versions of OpenSSL are vulnerable on the client side. Only 1.0.1 and above are currently known to be vulnerable on the server side. SSL VPN (_virtual private network_) products are believed to be especially vulnerable to this flaw.\n\n \n\n\nOpenSSL CCS Injection vulnerability is discovered by a Japanese security researcher, _[Masashi Kikuchi](<http://ccsinjection.lepidum.co.jp/blog/2014-06-05/CCS-Injection-en/index.html>)_ from Lepidum security firm._ _According to him this bug was existed since the very first release of OpenSSL. RedHat also posted a detailed [explanation](<https://securityblog.redhat.com/2014/06/05/openssl-mitm-ccs-injection-attack-cve-2014-0224/>) about this bug on their security blog.\n\n** \n**\n\n**DTLS invalid fragment vulnerability (CVE-2014-0195):**** **Sending invalid DTLS fragments to a OpenSSL DTLS client or server can lead to a buffer overrun attack. A potential hacker could exploit this flaw to run arbitrary code on a vulnerable client or server. This [vulnerability](<https://thehackernews.com/search/label/Vulnerability>) also marked as critical bug.\n\n \n\n\n**DTLS recursion flaw (CVE-2014-0221): **A remote attacker can send an invalid DTLS (Datagram Transport Layer Security) handshake to an OpenSSL DTLS client, which will force the code to recurse eventually crashing in a DoS attack. This attack is limited to the applications using OpenSSL as a DTLS client.\n\n \n\n\nDTLS mainly used in VOIP and other communication related applications like Cisco Systems\u2019 AnyConnect VPN Client. Chrome and Firefox web browser also support [DTLS for WebRTC](<https://thehackernews.com/2014/06/mozilla-to-provide-webrtc-based-free.html>) (_Web Real-Time Communication_) for P2P file sharing and Voice/Video Chats.\n\n \n\n\nOther important OpenSSL vulnerabilities are:\n\n * **SSL_MODE_RELEASE_BUFFERS NULL pointer dereference (CVE-2014-0198),** allows remote attackers to cause a denial of service via a NULL pointer dereference.\n * **SSL_MODE_RELEASE_BUFFERS session injection or denial of service (CVE-2010-5298),** allows remote attackers to inject data across sessions or cause a denial of service.\n * **Anonymous ECDH denial of service (CVE-2014-3470),** OpenSSL TLS clients enabling anonymous ECDH (Elliptic Curve Diffie Hellman) ciphersuites are subject to a denial of service attack.\n\nBut the good news is that these vulnerabilities are not as critical as Heartbleed bug. The patched versions 0.9.8za, 1.0.0m and 1.0.1h are available on the project website to download and The OpenSSL Foundation is urging companies to update their implementation as soon as possible.\n", "published": "2014-06-05T05:49:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://thehackernews.com/2014/06/openssl-vulnerable-to-man-in-middle.html", "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2010-5298", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-0221"], "lastseen": "2018-01-27T09:17:49"}], "metasploit": [{"id": "MSF:AUXILIARY/SCANNER/SSL/OPENSSL_CCS", "type": "metasploit", "title": "OpenSSL Server-Side ChangeCipherSpec Injection Scanner", "description": "This module checks for the OpenSSL ChangeCipherSpec (CCS) Injection vulnerability. The problem exists in the handling of early CCS messages during session negotiation. Vulnerable installations of OpenSSL accepts them, while later implementations do not. If successful, an attacker can leverage this vulnerability to perform a man-in-the-middle (MITM) attack by downgrading the cipher spec between a client and server. This issue was first reported in early June, 2014.", "published": "2014-06-09T22:38:11", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "", "cvelist": ["CVE-2014-0224"], "lastseen": "2018-06-05T07:49:09"}], "threatpost": [{"id": "SCANS-QUANTIFY-VULNERABLE-OPENSSL-SERVERS/106665", "type": "threatpost", "title": "SSL Pulse Scans Quantify Vulnerable OpenSSL Servers", "description": "Certain mitigating factors made the recent [OpenSSL man-in-the-middle vulnerability](<http://threatpost.com/new-openssl-mitm-flaw-affects-all-clients-some-server-versions/106470>) a notch or two below [Heartbleed](<http://threatpost.com/openssl-heartbleed-highlights-crypto-pitfalls/105628>) in terms of criticality. With that in consideration, it\u2019s probably no surprise that patching levels for CVE-2014-0224 aren\u2019t as high out of the gate as they were for Heartbleed.\n\nIvan Ristic, an application security researcher and director of engineering at Qualys, said that his company\u2019s research arm, SSL Labs, has been running a remote check for servers vulnerable to the bug. This week it ran that same [scan against a dataset maintained by SSL Pulse](<http://blog.ivanristic.com/2014/06/ssl-pulse-49-percent-vulnerable-to-cve-2014-0224-in-june-2014.html>), a global project that monitors the quality of SSL support, in order to quantify the scope of the problem affecting all OpenSSL client versions and version 1.0.1 of the server software.\n\nThe results weren\u2019t entirely discouraging to Ristic, who has done extensive SSL research.\n\nThe results weren\u2019t entirely discouraging to Ristic, who has done extensive SSL research. The comparison against the SSL Pulse data showed that about 49 percent of servers remain vulnerable, while 14 percent are exploitable.\n\n\u201cI\u2019d say they\u2019re decent,\u201dRistic said of the results. \u201cThe patching rate is not as good as with Heartbleed, but Heartbleed was much worse in terms of impact, and it was very well covered.\u201d\n\nThe scan revealed that about 36 percent of servers are running older versions of OpenSSL that are not exploitable. Those servers too, won\u2019t likely be patched in any urgency, Ristic said. Ristic estimates based on the presence of the Heartbleed extension that 24 percent of servers are running vulnerable versions of OpenSSL, meaning that about 38 percent were patched in the first week.\n\nThe flaw surfaced publicly on June 5, though experts said it\u2019s likely been in the OpenSSL codebase since Day 1 in 1998. The bug enables an attacker to remotely exploit clients or servers running vulnerable versions of OpenSSL to intercept and decrypt traffic. An attacker would have to be in a man-in-the-middle position to do so, not to mention that the bug can only be exploited if an attacker is sitting between both a vulnerable client and server.\n\n\u201cThat just reduces the number of exploitable systems. But I\u2019d say that the attack surface is still pretty big. There\u2019s probably lots of backend stuff using OpenSSL accessing APIs and such,\u201d Ristic said of the mitigating factors. \u201cOne decrypted connection means the password is compromised.\u201d\n\nAdam Langley of Google published an early [analysis](<https://www.imperialviolet.org/2014/06/05/earlyccs.html>) of the vulnerability pointing the finger at ChangeCipherSpec messages sent during the TLS handshake.\n\n\u201cThis vulnerability allows an active network attacker to inject ChangeCipherSpec (CCS) messages to both sides of a connection and force them to fix their keys before all key material is available,\u201d Ristic said. \u201cWeak keys are negotiated as a result.\u201d", "published": "2014-06-13T14:05:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://threatpost.com/scans-quantify-vulnerable-openssl-servers/106665/", "cvelist": ["CVE-2014-0224"], "lastseen": "2016-09-04T20:48:02"}, {"id": "VMWARE-PATCHES-ESXI-AGAINST-OPENSSL-FLAW-BUT-MANY-OTHER-PRODUCTS-STILL-VULNERABLE/106605", "type": "threatpost", "title": "VMware Patches ESXi Against OpenSSL Flaw, But Many Other Products Still Vulnerable", "description": "While the group of [vulnerabilities that the OpenSSL Project patched](<https://threatpost.com/new-openssl-mitm-flaw-affects-all-clients-some-server-versions/106470>) last week hasn\u2019t grown into the kind of mess that the Heartbleed flaw did, the vulnerabilities still affect a huge range of products. Vendors are still making their way through the patching process, and VMware has released an advisory confirming that a long list of its products are vulnerable to the latest OpenSSL bugs. The company said in the [advisory](<http://seclists.org/fulldisclosure/2014/Jun/71>) that there is only a patch available for one of its products right now, ESXi 5.5. VMware sells a huge line of products that includes both clients and servers, which makes the patching process for the most serious of the recent OpenSSL vulnerabilities even more onerous. The critical vulnerability in this group is CVE-2014-0224, a flaw that could enable an attacker to intercept and decrypt traffic between vulnerable clients and a vulnerable server. Both the client and server must be running flawed versions of the software in order for the attack to succeed.\n\nVMware said in its advisory that various products are affected differently by the vulnerability.\n\nVMware said in its advisory that various products are affected differently by the vulnerability, depending upon whether they\u2019re acting as clients or servers.\n\n\u201cCVE-2014-0224 may lead to a Man-in-the-Middle attack if a server is running a vulnerable version of OpenSSL 1.0.1 and clients are running a vulnerable version of OpenSSL 0.9.8 or 1.0.1. Updating the server will mitigate this issue for both the server and all affected clients,\u201d the advisory says.\n\n\u201cCVE-2014-0224 may affect products differently depending on whether the product is acting as a client or a server and of which version of OpenSSL the product is using.Clients that communicate over untrusted networks such as public Wi-Fi and communicate to a server running a vulnerable version of OpenSSL 1.0.1. can be mitigated by using a secure network such as VPN.\u201d\n\nThe list of other VMware products that are still vulnerable to CVE-2014-0224 and for which no patch is yet available is long, and includes both clients and servers. The company said that the patches for these products, which include other versions of ESXi, several versions of vCenter and vSphere, are in the works.", "published": "2014-06-12T09:38:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://threatpost.com/vmware-patches-esxi-against-openssl-flaw-but-many-other-products-still-vulnerable/106605/", "cvelist": ["CVE-2014-0224"], "lastseen": "2016-09-04T20:45:05"}, {"id": "NEW-OPENSSL-MITM-FLAW-AFFECTS-ALL-CLIENTS-SOME-SERVER-VERSIONS/106470", "type": "threatpost", "title": "New OpenSSL MITM Flaw Affects All Clients, Some Server Versions", "description": "There is a new, remotely exploitable [vulnerability in OpenSSL](<http://www.openssl.org/news/secadv_20140605.txt>) that could enable an attacker to intercept and decrypt traffic between vulnerable clients and servers. The flaw affects all versions of the OpenSSL client and versions 1.0.1 and 1.0.2-beta1 of the server software.\n\nThe new vulnerability could only be exploited to decrypt traffic between a vulnerable client and a vulnerable server, and the attacker would need to have a man-in-the-middle position on a network in order to do so. That\u2019s not an insignificant set of conditions that must be present for a successful attack, but in the current environment, where open wireless networks are everywhere and many users connect to them without a second thought, gaining a MITM position is not an insurmountable hurdle.\n\nResearchers who have looked at the vulnerable piece of code say that it appears to have existed, nearly unchanged, in the OpenSSL source since 1998.\n\n\u201cThe code changes are around the rejection of ChangeCipherSpec messages, which are messages sent during the TLS handshake that mark the change from unencrypted to encrypted traffic. These messages aren\u2019t part of the handshake protocol itself and aren\u2019t linked into the handshake state machine in OpenSSL. Rather there\u2019s a check in the code that they are only received when a new cipher is ready to be used,\u201d Adam Langley, a researcher on the security team at Google, wrote in an [analysis](<https://www.imperialviolet.org/2014/06/05/earlyccs.html>) of the vulnerability.\n\n\u201cHowever, that check (for s->s3->tmp.new_cipher in s3_pkt.c) seems reasonable, but new_cipher is actually set as soon as the cipher for the connection has been decided (i.e. once the ServerHello message has been sent/received), not when the cipher is actually ready! It looks like this is the problem that\u2019s getting fixed in this release.\u201d\n\nMasashi Kikuchi, the Japanese researcher who discovered the vulnerability, confirmed that the bug had been present in OpenSSL since the first version and that it likely should have been found sooner.\n\n\u201cThe biggest reason why the bug hasn\u2019t been found for over 16 years is that code reviews were insufficient, especially from experts who had experiences with TLS/SSL implementation. If the reviewers had enough experiences, they should have been verified OpenSSL code in the same way they do their own code. They could have detected the problem,\u201d Kikuchi said in his [explanation of the vulnerability](<http://ccsinjection.lepidum.co.jp/blog/2014-06-05/CCS-Injection-en/index.html>) and how he discovered it.\n\n\u201cFuzzing may have worked. However, as the history (see below) shows, knowledge of TLS/SSL implementation seems vital.\u201d\n\nThe CVE-2014-0224 bug surfaced two months after the OpenSSL Heartbleed vulnerability came to light.\n\nThe new CVE-2014-0224 bug surfaced two months after the [OpenSSL Heartbleed vulnerability](<https://threatpost.com/what-have-we-learned-openssl-heartbleed-bug/105385>) came to light. That flaw was considered more serious and affected a huge number of diverse systems and clients and administrators and security engineers scrambled to fix it before attackers began taking advantage of it. Heartbleed caused a lot of discussion and debate in the security community and even bled over into the mainstream, albeit not necessarily with the most accurate details.\n\nThis OpenSSL flaw is serious, as well, but likely won\u2019t cause the same sort of distress. Still, Langley said in his analysis that the vulnerability could have a variety of effects.\n\n\u201cThe implications of this are pretty complex. For a client there\u2019s an additional check in the code that requires that a CCS message appear before the Finished and after the master secret has been generated. An attacker can still inject an early CCS too and the keys will be calculated with an empty master secret. Those keys will be latched \u2013 another CCS won\u2019t cause them to be recalculated. However, when sending the second CCS that the client code requires, the Finished hash is recalculated with the correct master secret. This means that the attacker can\u2019t fabricate an acceptable Finished hash. This stops the obvious, generic impersonation attack against the client,\u201d Langley wrote.\n\n\u201cFor a server, there\u2019s no such check and it appears to be possible to send an early CCS message and then fabricate the Finished hash because it\u2019s based on an empty master secret. However, that doesn\u2019t obviously gain an attacker anything.\u201d\n\nThe vulnerability affects some mobile implementations of OpenSSL, as well. Google has already released an updated version of Chrome for Android to fix this issue in the mobile version of the browser.\n\nIn addition to the MITM vulnerability, OpenSSL fixed several other flaws in its latest release. Four of those vulnerabilities can be used to cause a denial-of-service, while the remaining one can allow remote code execution.", "published": "2014-06-05T09:30:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://threatpost.com/new-openssl-mitm-flaw-affects-all-clients-some-server-versions/106470/", "cvelist": ["CVE-2014-0224"], "lastseen": "2016-09-04T20:50:12"}], "amazon": [{"id": "ALAS-2014-351", "type": "amazon", "title": "Important: openssl097a", "description": "**Issue Overview:**\n\nIt was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. ([CVE-2014-0224 __](<https://access.redhat.com/security/cve/CVE-2014-0224>))\n\n \n**Affected Packages:** \n\n\nopenssl097a\n\n \n**Issue Correction:** \nRun _yum update openssl097a_ to update your system. \n\n \n**New Packages:**\n \n \n i686: \n openssl097a-0.9.7a-12.1.9.amzn1.i686 \n openssl097a-debuginfo-0.9.7a-12.1.9.amzn1.i686 \n \n src: \n openssl097a-0.9.7a-12.1.9.amzn1.src \n \n x86_64: \n openssl097a-debuginfo-0.9.7a-12.1.9.amzn1.x86_64 \n openssl097a-0.9.7a-12.1.9.amzn1.x86_64 \n \n \n", "published": "2014-06-05T15:38:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://alas.aws.amazon.com/ALAS-2014-351.html", "cvelist": ["CVE-2014-0224"], "lastseen": "2016-09-28T21:04:14"}, {"id": "ALAS-2014-350", "type": "amazon", "title": "Important: openssl098e", "description": "**Issue Overview:**\n\nIt was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. ([CVE-2014-0224 __](<https://access.redhat.com/security/cve/CVE-2014-0224>))\n\n \n**Affected Packages:** \n\n\nopenssl098e\n\n \n**Issue Correction:** \nRun _yum update openssl098e_ to update your system. \n\n \n**New Packages:**\n \n \n i686: \n openssl098e-debuginfo-0.9.8e-18.2.13.amzn1.i686 \n openssl098e-0.9.8e-18.2.13.amzn1.i686 \n \n src: \n openssl098e-0.9.8e-18.2.13.amzn1.src \n \n x86_64: \n openssl098e-debuginfo-0.9.8e-18.2.13.amzn1.x86_64 \n openssl098e-0.9.8e-18.2.13.amzn1.x86_64 \n \n \n", "published": "2014-06-05T15:38:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://alas.aws.amazon.com/ALAS-2014-350.html", "cvelist": ["CVE-2014-0224"], "lastseen": "2016-09-28T21:04:15"}], "kaspersky": [{"id": "KLA10266", "type": "kaspersky", "title": "\r KLA10266OSI vulnerability in MySQL Workbench\t\t\t ", "description": "### *CVSS*:\n6.8\n\n### *Detect date*:\n06/27/2014\n\n### *Severity*:\nHigh\n\n### *Description*:\nVulnerabilities in the linked library were found in MySQL Workbench. By exploiting these vulnerabilities malicious users can obtain sensitive information. These vulnerabilities can be exploited remotely via man-in-the-middle attacks at a point related to OpenSSL.\n\n### *Affected products*:\nMySQL Workbench versions 6.1.6 and earlier\n\n### *Solution*:\nUpdate to latest version\n\n### *Original advisories*:\n[MySQL bulletin](<http://dev.mysql.com/doc/relnotes/workbench/en/wb-news-6-1-7.html>) \n\n\n### *Impacts*:\nOSI \n\n### *Related products*:\n[MySQL Workbench](<https://threats.kaspersky.com/en/product/MySQL-Workbench/>)\n\n### *CVE-IDS*:\n[CVE-2014-0224](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224>)", "published": "2014-06-27T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://threats.kaspersky.com/en/vulnerability/KLA10266", "cvelist": ["CVE-2014-0224"], "lastseen": "2018-03-30T14:11:15"}, {"id": "KLA10382", "type": "kaspersky", "title": "\r KLA10382Multiple vulnerabilities in VMware\t\t\t ", "description": "### *CVSS*:\n6.8\n\n### *Detect date*:\n06/10/2014\n\n### *Severity*:\nHigh\n\n### *Description*:\nMultiple serious vulnerabilities have been found in VMware products. Malicious users can exploit these vulnerabilities to obtain sensitive information, hijack a session or cause denial of service. \nBelow is a complete list of vulnerabilities\n\n### *Affected products*:\nESXi without patch ESXi550-201406401-SG versions 5.0, 5.1, 5.5 \nWorkstation 10 versions earlier than 10.0.3 \nWorkstation 9 versions earlier than 9.0.4 \nPlayer 6 versions earlier than 6.0.3 \nPlayer 5 versions earlier than 5.0.4 \nFusion 6 versions earlier than 6.0.4 \nFusion 5 versions earlier than 5.0.5 \nHorizon Mirage Edge Gateway versions earlier than 4.4.3 \nHorizon View versions earlier than 5.3.2 \nHorizon View 5.3 versions earlier than FP3 \nHorizon Workspace Server 1.5 without patch horizon-nginx-rpm-1.5.0.0-1876270.x86_64.rpm \nHorizon Workspace Server 1.8 without patch horizon-nginx-rpm-1.8.2.1820-1876338.x86_64.rpm \nHorizon View Clients versions earlier than 3.0 \nvCD 5.5 versions earlier than 5.5.1.2 \nvCD 5.1 versions earlier than 5.1.3.1 \nvCenter versions earlier than 5.5u1b vCenter Support \nAssistant versions earlier than 5.5.1.1 vCloud Automation \nCenter versions earlier than 6.0.1.2 vCenter Configuration \nManager versions earlier than 5.7.2 \nvCenter Converter Standalone versions earlier than 5.5.2 \nConverter Standalone versions earlier than 5.1.1 \n\n### *Solution*:\nUpdate to latest version \n[Vmware Products](<https://my.vmware.com/web/vmware/downloads>)\n\n### *Original advisories*:\n[VMware bulletin](<http://www.vmware.com/security/advisories/VMSA-2014-0006.html>) \n\n\n### *Impacts*:\nOSI \n\n### *Related products*:\n[VMware Workstation](<https://threats.kaspersky.com/en/product/VMware-Workstation/>)\n\n### *CVE-IDS*:\n[CVE-2014-3470](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470>) \n[CVE-2014-0224](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224>) \n[CVE-2014-0198](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198>) \n[CVE-2010-5298](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298>)", "published": "2014-06-10T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://threats.kaspersky.com/en/vulnerability/KLA10382", "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2010-5298", "CVE-2014-0198"], "lastseen": "2018-03-30T14:11:04"}], "centos": [{"id": "CESA-2014:0626", "type": "centos", "title": "openssl097a, openssl098e security update", "description": "**CentOS Errata and Security Advisory** CESA-2014:0626\n\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nIt was found that OpenSSL clients and servers could be forced, via a\nspecially crafted handshake packet, to use weak keying material for\ncommunication. A man-in-the-middle attacker could use this flaw to decrypt\nand modify traffic between a client and a server. (CVE-2014-0224)\n\nNote: In order to exploit this flaw, both the server and the client must be\nusing a vulnerable version of OpenSSL; the server must be using OpenSSL\nversion 1.0.1 and above, and the client must be using any version of\nOpenSSL. For more information about this flaw, refer to:\nhttps://access.redhat.com/site/articles/904433\n\nRed Hat would like to thank the OpenSSL project for reporting this issue.\nUpstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter\nof this issue.\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2014-June/020345.html\nhttp://lists.centos.org/pipermail/centos-announce/2014-June/020346.html\n\n**Affected packages:**\nopenssl097a\nopenssl098e\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2014-0626.html", "published": "2014-06-05T13:21:51", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2014-June/020345.html", "cvelist": ["CVE-2014-0224"], "lastseen": "2017-10-03T18:26:25"}, {"id": "CESA-2014:0624", "type": "centos", "title": "openssl security update", "description": "**CentOS Errata and Security Advisory** CESA-2014:0624\n\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nIt was found that OpenSSL clients and servers could be forced, via a\nspecially crafted handshake packet, to use weak keying material for\ncommunication. A man-in-the-middle attacker could use this flaw to decrypt\nand modify traffic between a client and a server. (CVE-2014-0224)\n\nNote: In order to exploit this flaw, both the server and the client must be\nusing a vulnerable version of OpenSSL; the server must be using OpenSSL\nversion 1.0.1 and above, and the client must be using any version of\nOpenSSL. For more information about this flaw, refer to:\nhttps://access.redhat.com/site/articles/904433\n\nRed Hat would like to thank the OpenSSL project for reporting this issue.\nUpstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter\nof this issue.\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2014-June/020347.html\nhttp://lists.centos.org/pipermail/centos-announce/2014-June/020348.html\nhttp://lists.centos.org/pipermail/centos-announce/2014-June/020349.html\n\n**Affected packages:**\nopenssl\nopenssl-devel\nopenssl-perl\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2014-0624.html", "published": "2014-06-06T01:40:21", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2014-June/020347.html", "cvelist": ["CVE-2014-0224"], "lastseen": "2017-10-03T18:25:31"}, {"id": "CESA-2014:0625", "type": "centos", "title": "openssl security update", "description": "**CentOS Errata and Security Advisory** CESA-2014:0625\n\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nIt was found that OpenSSL clients and servers could be forced, via a\nspecially crafted handshake packet, to use weak keying material for\ncommunication. A man-in-the-middle attacker could use this flaw to decrypt\nand modify traffic between a client and a server. (CVE-2014-0224)\n\nNote: In order to exploit this flaw, both the server and the client must be\nusing a vulnerable version of OpenSSL; the server must be using OpenSSL\nversion 1.0.1 and above, and the client must be using any version of\nOpenSSL. For more information about this flaw, refer to:\nhttps://access.redhat.com/site/articles/904433\n\nA buffer overflow flaw was found in the way OpenSSL handled invalid DTLS\npacket fragments. A remote attacker could possibly use this flaw to execute\narbitrary code on a DTLS client or server. (CVE-2014-0195)\n\nMultiple flaws were found in the way OpenSSL handled read and write buffers\nwhen the SSL_MODE_RELEASE_BUFFERS mode was enabled. A TLS/SSL client or\nserver using OpenSSL could crash or unexpectedly drop connections when\nprocessing certain SSL traffic. (CVE-2010-5298, CVE-2014-0198)\n\nA denial of service flaw was found in the way OpenSSL handled certain DTLS\nServerHello requests. A specially crafted DTLS handshake packet could cause\na DTLS client using OpenSSL to crash. (CVE-2014-0221)\n\nA NULL pointer dereference flaw was found in the way OpenSSL performed\nanonymous Elliptic Curve Diffie Hellman (ECDH) key exchange. A specially\ncrafted handshake packet could cause a TLS/SSL client that has the\nanonymous ECDH cipher suite enabled to crash. (CVE-2014-3470)\n\nRed Hat would like to thank the OpenSSL project for reporting these issues.\nUpstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter\nof CVE-2014-0224, J\u00fcri Aedla as the original reporter of CVE-2014-0195,\nImre Rad of Search-Lab as the original reporter of CVE-2014-0221, and Felix\nGr\u00f6bert and Ivan Fratri\u0107 of Google as the original reporters of\nCVE-2014-3470.\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2014-June/020344.html\n\n**Affected packages:**\nopenssl\nopenssl-devel\nopenssl-perl\nopenssl-static\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2014-0625.html", "published": "2014-06-05T13:06:47", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2014-June/020344.html", "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2010-5298", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-0221"], "lastseen": "2017-10-03T18:26:33"}], "nmap": [{"id": "NMAP:SSL-CCS-INJECTION.NSE", "type": "nmap", "title": "ssl-ccs-injection NSE Script", "description": "Detects whether a server is vulnerable to the SSL/TLS \"CCS Injection\" vulnerability (CVE-2014-0224), first discovered by Masashi Kikuchi. The script is based on the ccsinjection.c code authored by Ramon de C Valle (https://gist.github.com/rcvalle/71f4b027d61a78c42607) \n\nIn order to exploit the vulnerablity, a MITM attacker would effectively do the following: \n\no Wait for a new TLS connection, followed by the ClientHello ServerHello handshake messages. \n\no Issue a CCS packet in both the directions, which causes the OpenSSL code to use a zero length pre master secret key. The packet is sent to both ends of the connection. Session Keys are derived using a zero length pre master secret key, and future session keys also share this weakness. \n\no Renegotiate the handshake parameters. \n\no The attacker is now able to decrypt or even modify the packets in transit. \n\nThe script works by sending a 'ChangeCipherSpec' message out of order and checking whether the server returns an 'UNEXPECTED_MESSAGE' alert record or not. Since a non-patched server would simply accept this message, the CCS packet is sent twice, in order to force an alert from the server. If the alert type is different than 'UNEXPECTED_MESSAGE', we can conclude the server is vulnerable.\n\n## Script Arguments \n\n#### tls.servername \n\nSee the documentation for the tls library. \n\n#### smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername \n\nSee the documentation for the smbauth library. \n\n#### mssql.domain, mssql.instance-all, mssql.instance-name, mssql.instance-port, mssql.password, mssql.protocol, mssql.scanned-ports-only, mssql.timeout, mssql.username \n\nSee the documentation for the mssql library. \n\n#### smtp.domain \n\nSee the documentation for the smtp library. \n\n#### randomseed, smbbasic, smbport, smbsign \n\nSee the documentation for the smb library. \n\n#### vulns.short, vulns.showall \n\nSee the documentation for the vulns library. \n\n## Example Usage \n \n \n nmap -p 443 --script ssl-ccs-injection <target>\n \n\n## Script Output \n \n \n PORT STATE SERVICE\n 443/tcp open https\n | ssl-ccs-injection:\n | VULNERABLE:\n | SSL/TLS MITM vulnerability (CCS Injection)\n | State: VULNERABLE\n | Risk factor: High\n | Description:\n | OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before\n | 1.0.1h does not properly restrict processing of ChangeCipherSpec\n | messages, which allows man-in-the-middle attackers to trigger use\n | of a zero-length master key in certain OpenSSL-to-OpenSSL\n | communications, and consequently hijack sessions or obtain\n | sensitive information, via a crafted TLS handshake, aka the\n | \"CCS Injection\" vulnerability.\n |\n | References:\n | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224\n | http://www.cvedetails.com/cve/2014-0224\n |_ http://www.openssl.org/news/secadv_20140605.txt\n\n## Requires \n\n * nmap\n * shortport\n * sslcert\n * stdnse\n * table\n * vulns\n * tls\n\n* * *\n", "published": "2014-06-11T13:43:28", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://nmap.org/nsedoc/scripts/ssl-ccs-injection.html", "cvelist": ["CVE-2014-0224"], "lastseen": "2017-10-31T14:03:11"}], "suse": [{"id": "SUSE-SU-2014:0768-1", "type": "suse", "title": "Security update for OpenSSL (critical)", "description": "OpenSSL was updated to fix the following security vulnerabilities:\n\n * SSL/TLS MITM vulnerability. (CVE-2014-0224)\n * ECC private key can leak on 32 bit platforms. (CVE-2011-4354)\n\n Further information can be found at\n <a rel=\"nofollow\" href=\"http://www.openssl.org/news/secadv_20140605.txt\">http://www.openssl.org/news/secadv_20140605.txt</a>\n <<a rel=\"nofollow\" href=\"http://www.openssl.org/news/secadv_20140605.txt\">http://www.openssl.org/news/secadv_20140605.txt</a>> .\n\n Security Issues references:\n\n * CVE-2014-0224\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224</a>>\n * CVE-2011-4354\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4354\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4354</a>>\n\n\n", "published": "2014-06-07T00:04:15", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00011.html", "cvelist": ["CVE-2014-0224", "CVE-2011-4354"], "lastseen": "2016-09-04T12:35:28"}, {"id": "SUSE-SU-2014:0759-2", "type": "suse", "title": "Security update for OpenSSL (critical)", "description": "OpenSSL was updated to fix the following security vulnerabilities:\n\n * SSL/TLS MITM vulnerability. (CVE-2014-0224)\n * DTLS recursion flaw. (CVE-2014-0221)\n * Anonymous ECDH denial of service. (CVE-2014-3470)\n\n Further information can be found at\n <a rel=\"nofollow\" href=\"http://www.openssl.org/news/secadv_20140605.txt\">http://www.openssl.org/news/secadv_20140605.txt</a>\n <<a rel=\"nofollow\" href=\"http://www.openssl.org/news/secadv_20140605.txt\">http://www.openssl.org/news/secadv_20140605.txt</a>> .\n\n Security Issues references:\n\n * CVE-2014-0224\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224</a>>\n * CVE-2014-0221\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221</a>>\n * CVE-2014-3470\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470</a>>\n\n\n", "published": "2014-06-07T01:04:17", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00013.html", "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2014-0221"], "lastseen": "2016-09-04T11:20:17"}, {"id": "SUSE-SU-2014:0759-1", "type": "suse", "title": "Security update for OpenSSL (critical)", "description": "OpenSSL was updated to fix several vulnerabilities:\n\n * SSL/TLS MITM vulnerability. (CVE-2014-0224)\n * DTLS recursion flaw. (CVE-2014-0221)\n * Anonymous ECDH denial of service. (CVE-2014-3470)\n\n Further information can be found at\n <a rel=\"nofollow\" href=\"http://www.openssl.org/news/secadv_20140605.txt\">http://www.openssl.org/news/secadv_20140605.txt</a>\n <<a rel=\"nofollow\" href=\"http://www.openssl.org/news/secadv_20140605.txt\">http://www.openssl.org/news/secadv_20140605.txt</a>> .\n\n Security Issues references:\n\n * CVE-2014-0224\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224</a>>\n * CVE-2014-0221\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221</a>>\n * CVE-2014-3470\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470</a>>\n\n", "published": "2014-06-06T00:04:19", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00004.html", "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2014-0221"], "lastseen": "2016-09-04T12:25:39"}, {"id": "OPENSUSE-SU-2014:0765-1", "type": "suse", "title": "update to version 1.0.0m (critical)", "description": "The openssl library was updated to version 1.0.0m fixing various security\n issues and bugs:\n\n Security issues fixed:\n - CVE-2014-0224: Fix for SSL/TLS MITM flaw. An attacker using a carefully\n crafted handshake can force the use of weak keying material in OpenSSL\n SSL/TLS clients and servers.\n - CVE-2014-0221: Fix DTLS recursion flaw. By sending an invalid DTLS\n handshake to an OpenSSL DTLS client the code can be made to recurse\n eventually crashing in a DoS attack.\n - CVE-2014-0195: Fix DTLS invalid fragment vulnerability. A buffer\n overrun attack can be triggered by sending invalid DTLS fragments to an\n OpenSSL DTLS client or server. This is potentially exploitable to run\n arbitrary code on a vulnerable client or server.\n - CVE-2014-3470: Fix bug in TLS code where clients enable anonymous ECDH\n ciphersuites are subject to a denial of service attack.\n\n", "published": "2014-06-06T12:04:17", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00009.html", "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2014-0195", "CVE-2014-0221"], "lastseen": "2016-09-04T11:45:28"}, {"id": "SUSE-SU-2014:0762-1", "type": "suse", "title": "Security update for OpenSSL 1.0 (critical)", "description": "OpenSSL was updated to fix several vulnerabilities:\n\n * SSL/TLS MITM vulnerability. (CVE-2014-0224)\n * DTLS recursion flaw. (CVE-2014-0221)\n * DTLS invalid fragment vulnerability. (CVE-2014-0195)\n * SSL_MODE_RELEASE_BUFFERS NULL pointer dereference. (CVE-2014-0198)\n * Anonymous ECDH denial of service. (CVE-2014-3470)\n\n Further information can be found at\n <a rel=\"nofollow\" href=\"http://www.openssl.org/news/secadv_20140605.txt\">http://www.openssl.org/news/secadv_20140605.txt</a>\n <<a rel=\"nofollow\" href=\"http://www.openssl.org/news/secadv_20140605.txt\">http://www.openssl.org/news/secadv_20140605.txt</a>> .\n\n Security Issues references:\n\n * CVE-2014-0224\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224</a>>\n * CVE-2014-0221\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221</a>>\n * CVE-2014-0195\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195</a>>\n * CVE-2014-0198\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198</a>>\n * CVE-2014-3470\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470</a>>\n\n", "published": "2014-06-06T09:04:15", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00006.html", "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-0221"], "lastseen": "2016-09-04T11:48:49"}, {"id": "OPENSUSE-SU-2014:0764-1", "type": "suse", "title": "openssl: update to version 1.0.1h (critical)", "description": "The openssl library was updated to version 1.0.1h fixing various security\n issues and bugs:\n\n Security issues fixed:\n - CVE-2014-0224: Fix for SSL/TLS MITM flaw. An attacker using a carefully\n crafted handshake can force the use of weak keying material in OpenSSL\n SSL/TLS clients and servers.\n - CVE-2014-0221: Fix DTLS recursion flaw. By sending an invalid DTLS\n handshake to an OpenSSL DTLS client the code can be made to recurse\n eventually crashing in a DoS attack.\n - CVE-2014-0195: Fix DTLS invalid fragment vulnerability. A buffer\n overrun attack can be triggered by sending invalid DTLS fragments to an\n OpenSSL DTLS client or server. This is potentially exploitable to run\n arbitrary code on a vulnerable client or server.\n - CVE-2014-3470: Fix bug in TLS code where clients enable anonymous ECDH\n ciphersuites are subject to a denial of service attack.\n\n", "published": "2014-06-06T11:04:41", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00008.html", "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2014-0195", "CVE-2014-0221"], "lastseen": "2016-09-04T11:50:35"}, {"id": "SUSE-SU-2014:0761-1", "type": "suse", "title": "Security update for OpenSSL (critical)", "description": "OpenSSL was updated to fix several vulnerabilities:\n\n * SSL/TLS MITM vulnerability. (CVE-2014-0224)\n * DTLS recursion flaw. (CVE-2014-0221)\n * Anonymous ECDH denial of service. (CVE-2014-3470)\n * Using the FLUSH+RELOAD Cache Side-channel Attack the nonces could\n have been recovered. (CVE-2014-0076)\n\n Further information can be found at\n <a rel=\"nofollow\" href=\"http://www.openssl.org/news/secadv_20140605.txt\">http://www.openssl.org/news/secadv_20140605.txt</a>\n <<a rel=\"nofollow\" href=\"http://www.openssl.org/news/secadv_20140605.txt\">http://www.openssl.org/news/secadv_20140605.txt</a>> .\n\n Additionally, the following non-security fixes and enhancements have been\n included in this release:\n\n * Ensure that the stack is marked non-executable on x86 32bit. On\n other processor platforms it was already marked as non-executable\n before. (bnc#870192)\n * IPv6 support was added to the openssl s_client and s_server command\n line tool. (bnc#859228)\n * The openssl command line tool now checks certificates by default\n against /etc/ssl/certs (this can be changed via the -CApath option).\n (bnc#860332)\n * The Elliptic Curve Diffie-Hellman key exchange selector was enabled\n and can be selected by kECDHE, kECDH, ECDH tags in the SSL cipher\n string. (bnc#859924)\n * If an optional openssl1 command line tool is installed in parallel,\n c_rehash uses it to generate certificate hashes in both OpenSSL 0\n and OpenSSL 1 style. This allows parallel usage of OpenSSL 0.9.8j\n and OpenSSL 1.x client libraries with a shared certificate store.\n (bnc#862181)\n\n Security Issues references:\n\n * CVE-2014-0224\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224</a>>\n * CVE-2014-0221\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221</a>>\n * CVE-2014-3470\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470</a>>\n * CVE-2014-0076\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076</a>>\n\n", "published": "2014-06-06T01:05:59", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00005.html", "cvelist": ["CVE-2014-0076", "CVE-2014-0224", "CVE-2014-3470", "CVE-2014-0221"], "lastseen": "2016-09-04T11:28:45"}], "ubuntu": [{"id": "USN-2232-4", "type": "ubuntu", "title": "OpenSSL regression", "description": "USN-2232-1 fixed vulnerabilities in OpenSSL. One of the patch backports for Ubuntu 10.04 LTS caused a regression for certain applications. This update fixes the problem.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\nJ\u00fcri Aedla discovered that OpenSSL incorrectly handled invalid DTLS fragments. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. (CVE-2014-0195)\n\nImre Rad discovered that OpenSSL incorrectly handled DTLS recursions. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2014-0221)\n\nKIKUCHI Masashi discovered that OpenSSL incorrectly handled certain handshakes. A remote attacker could use this flaw to perform a man-in-the-middle attack and possibly decrypt and modify traffic. (CVE-2014-0224)\n\nFelix Gr\u00f6bert and Ivan Fratri\u0107 discovered that OpenSSL incorrectly handled anonymous ECDH ciphersuites. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. (CVE-2014-3470)", "published": "2014-08-18T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://usn.ubuntu.com/2232-4/", "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2014-0195", "CVE-2014-0221"], "lastseen": "2018-03-29T18:17:18"}, {"id": "USN-2232-3", "type": "ubuntu", "title": "OpenSSL regression", "description": "USN-2232-1 fixed vulnerabilities in OpenSSL. The upstream fix for CVE-2014-0224 caused a regression for certain applications that use renegotiation, such as PostgreSQL. This update fixes the problem.\n\nOriginal advisory details:\n\nJ\u00fcri Aedla discovered that OpenSSL incorrectly handled invalid DTLS fragments. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. (CVE-2014-0195)\n\nImre Rad discovered that OpenSSL incorrectly handled DTLS recursions. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2014-0221)\n\nKIKUCHI Masashi discovered that OpenSSL incorrectly handled certain handshakes. A remote attacker could use this flaw to perform a man-in-the-middle attack and possibly decrypt and modify traffic. (CVE-2014-0224)\n\nFelix Gr\u00f6bert and Ivan Fratri\u0107 discovered that OpenSSL incorrectly handled anonymous ECDH ciphersuites. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. (CVE-2014-3470)", "published": "2014-06-23T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://usn.ubuntu.com/2232-3/", "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2014-0195", "CVE-2014-0221"], "lastseen": "2018-03-29T18:19:48"}, {"id": "USN-2232-1", "type": "ubuntu", "title": "OpenSSL vulnerabilities", "description": "J\u00fcri Aedla discovered that OpenSSL incorrectly handled invalid DTLS fragments. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. (CVE-2014-0195)\n\nImre Rad discovered that OpenSSL incorrectly handled DTLS recursions. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2014-0221)\n\nKIKUCHI Masashi discovered that OpenSSL incorrectly handled certain handshakes. A remote attacker could use this flaw to perform a man-in-the-middle attack and possibly decrypt and modify traffic. (CVE-2014-0224)\n\nFelix Gr\u00f6bert and Ivan Fratri\u0107 discovered that OpenSSL incorrectly handled anonymous ECDH ciphersuites. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. (CVE-2014-3470)", "published": "2014-06-05T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://usn.ubuntu.com/2232-1/", "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2014-0195", "CVE-2014-0221"], "lastseen": "2018-03-29T18:17:16"}, {"id": "USN-2232-2", "type": "ubuntu", "title": "OpenSSL regression", "description": "USN-2232-1 fixed vulnerabilities in OpenSSL. The upstream fix for CVE-2014-0224 caused a regression for certain applications that use tls_session_secret_cb, such as wpa_supplicant. This update fixes the problem.\n\nOriginal advisory details:\n\nJ\u00fcri Aedla discovered that OpenSSL incorrectly handled invalid DTLS fragments. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. (CVE-2014-0195)\n\nImre Rad discovered that OpenSSL incorrectly handled DTLS recursions. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2014-0221)\n\nKIKUCHI Masashi discovered that OpenSSL incorrectly handled certain handshakes. A remote attacker could use this flaw to perform a man-in-the-middle attack and possibly decrypt and modify traffic. (CVE-2014-0224)\n\nFelix Gr\u00f6bert and Ivan Fratri\u0107 discovered that OpenSSL incorrectly handled anonymous ECDH ciphersuites. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. (CVE-2014-3470)", "published": "2014-06-12T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://usn.ubuntu.com/2232-2/", "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2014-0195", "CVE-2014-0221"], "lastseen": "2018-03-29T18:20:43"}], "aix": [{"id": "OPENSSL_ADVISORY9.ASC", "type": "aix", "title": "AIX OpenSSL Vulnerabilities (Multiple CVEs)", "description": "-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nIBM SECURITY ADVISORY\n\nFirst Issued: Wed Jun 11 06:39:27 CDT 2014 \n\nThe most recent version of this document is available here:\n\nhttp://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc\nhttps://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc\nftp://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc\n===============================================================================\n VULNERABILITY SUMMARY\n\n1.VULNERABILITY: AIX OpenSSL SSL/TLS Man In The Middle (MITM) vulnerability \n\n PLATFORMS: AIX 5.3, 6.1 and 7.1\n VIOS 2.2.*\n\n SOLUTION: Apply the fix as described below.\n\n THREAT: See below\n\n CVE Numbers: CVE-2014-0224\n\n Reboot required? NO\n Workarounds? NO\n Protected by FPM? NO\n Protected by SED? NO\n\n2. VULNERABILITY: AIX OpenSSL DTLS recursion flaw\n\n PLATFORMS: AIX 5.3, 6.1 and 7.1\n VIOS 2.2.*\n\n SOLUTION: Apply the fix as described below.\n\n THREAT: See below\n\n CVE Numbers: CVE-2014-0221\n\n Reboot required? NO\n Workarounds? NO\n Protected by FPM? NO\n Protected by SED? NO\n\n3. VULNERABILITY: AIX OpenSSL DTLS invalid fragment vulnerability\n\n PLATFORMS: AIX 5.3, 6.1 and 7.1\n VIOS 2.2.*\n\n SOLUTION: Apply the fix as described below.\n\n THREAT: See below\n\n CVE Numbers: CVE-2014-0195\n\n Reboot required? NO\n Workarounds? NO\n Protected by FPM? NO\n Protected by SED? NO\n\n4. VULNERABILITY: AIX OpenSSL SSL_MODE_RELEASE_BUFFERS NULL pointer dereference\n\n PLATFORMS: AIX 5.3, 6.1 and 7.1\n VIOS 2.2.*\n\n SOLUTION: Apply the fix as described below.\n\n THREAT: See below\n\n CVE Numbers: CVE-2014-0198\n\n Reboot required? NO\n Workarounds? NO\n Protected by FPM? NO\n Protected by SED? NO\n\n5. VULNERABILITY: AIX OpenSSL Anonymous ECDH denial of service\n\n PLATFORMS: AIX 5.3, 6.1 and 7.1\n VIOS 2.2.*\n\n SOLUTION: Apply the fix as described below.\n\n THREAT: See below\n\n CVE Numbers: CVE-2014-3470\n\n Reboot required? NO\n Workarounds? NO\n Protected by FPM? NO\n Protected by SED? NO\n\n===============================================================================\n DETAILED INFORMATION\n\nI. DESCRIPTION \n \n 1. CVE-2014-0224\n\tOpenSSL could allow a Man-in-the-middle(MITM) attacker to force the use of \n\tweak keying material in OpenSSL SSL/TLS clients and servers. The attacker \n\tcan decrypt and modify traffic from the attacked client and server. The \n\tattack can only be performed between a vulnerable client *and* server.\n\n 2. CVE-2014-0221\n\tOpenSSL could allow an attacker to cause Denial of Service information.\n\tThe attacker can send a invalid DTLS handshake to an OpenSSL DTLS client,\n\tresulting recursive execution of code and eventual crash.\n\n 3. CVE-2014-0195\n\tOpenSSL could allow an attacker to cause a \"buffer overrun\" situation. This \n\tis triggered when an attacker sends an invalid DTLS fragments to an OpenSSL \n\tDTLS client or server, and thus forcing it to run arbitrary code on a \n\tvulnerable client or server.\n\n 4. CVE-2014-0198\n\tOpenSSL could allow an attacker to cause Denial of Service information.\n\tThe attacker will be able to exploit the flaw in the do_ssl3_write function\n\tvia a NULL pointer dereference.\n\n 5. CVE-2014-3470\n\tOpenSSL could allow an attacker to cause Denial of Service information.\n\tThe attacker will be able to exploit the software's anonymous ECDH cipher \n\tsuites present within OpenSSL clients.\n\nII. CVSS\n\n 1. CVE-2014-0224\n CVSS Base Score: 5.8\n CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/93586\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:N/A:N)\n\n 2. CVE-2014-0221\n CVSS Base Score: 4.3\n CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/93587\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:N/A:N)\n\n 3. CVE-2014-0195\n CVSS Base Score: 7.5\n CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/93588\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:N/A:N)\n\n 4. CVE-2014-0198\n CVSS Base Score: 4.3\n CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/93000\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:N/A:N)\n\n 5. CVE-2014-3470\n CVSS Base Score: 4.3\n CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/93589\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:N/A:N)\n\n\nIII. PLATFORM VULNERABILITY ASSESSMENT\n\n To determine if your system is vulnerable, execute the following\n command:\n\n lslpp -L openssl.base\n \n The following fileset levels are vulnerable:\n \n A. CVE-2014-0198\n\n AIX Fileset Lower Level Upper Level KEY\n --------------------------------------------------------\n openssl.base 1.0.1.500 1.0.1.510 key_w_fs\n\n B. CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-3470\n\n AIX Fileset Lower Level Upper Level KEY\n --------------------------------------------------------\n openssl.base 1.0.1.500 1.0.1.510 key_w_fs\n openssl.base 0.9.8.401 0.9.8.2501 key_w_fs\n openssl.base 12.9.8.1100 12.9.8.2501 key_w_fs\n\n\nIV. SOLUTIONS\n\n A fix is available, and it can be downloaded from:\n\n https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=aixbp\n\n To extract the fixes from the tar file:\n\n For Openssl 1.0.1 version - \n zcat openssl-1.0.1.511.tar.Z | tar xvf -\n For Openssl 0.9.8 version - \n zcat openssl-0.9.8.2502.tar.Z | tar xvf -\n For Openssl 12.9.8 version - \n zcat openssl-12.9.8.2502.tar.Z | tar xvf -\n\n IMPORTANT: If possible, it is recommended that a mksysb backup\n of the system be created. Verify it is both bootable and\n readable before proceeding.\n\n To preview the fix installation:\n\n installp -apYd . openssl\n\n To install the fix package:\n\n installp -aXYd . openssl\n \n\nV. WORKAROUNDS\n \n No workarounds.\n\nVI. CONTACT INFORMATION\n\n If you would like to receive AIX Security Advisories via email,\n please visit:\n\n http://www.ibm.com/systems/support\n\n and click on the \"My notifications\" link.\n\n To view previously issued advisories, please visit:\n\n http://www14.software.ibm.com/webapp/set2/subscriptions/onvdq\n \n Comments regarding the content of this announcement can be\n directed to:\n\n security-alert@austin.ibm.com\n\n To obtain the OpenSSL public key that can be used to verify the\n signed advisories and ifixes:\n\n Download the key from our web page:\n\n http://www.ibm.com/systems/resources/systems_p_os_aix_security_pgpkey.txt\n\n To obtain the PGP public key that can be used to communicate\n securely with the AIX Security Team you can either:\n\n A. Send an email with \"get key\" in the subject line to:\n\n security-alert@austin.ibm.com\n\n B. Download the key from a PGP Public Key Server. The key ID is:\n\n 0x28BFAA12\n\n Please contact your local IBM AIX support center for any\n assistance.\n\n\n\nVII. REFERENCES:\n\n Note: Keywords labeled as KEY in this document are used for parsing purposes.\n\n eServer is a trademark of International Business Machines\n Corporation. IBM, AIX and pSeries are registered trademarks of\n International Business Machines Corporation. All other trademarks\n are property of their respective holders.\n\n Complete CVSS Guide: http://www.first.org/cvss/cvss-guide.html\n On-line Calculator V2: http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2\n X-Force Vulnerability Database: http://xforce.iss.net/xforce/xfdb/93586\n X-Force Vulnerability Database: http://xforce.iss.net/xforce/xfdb/93587\n X-Force Vulnerability Database: http://xforce.iss.net/xforce/xfdb/93588\n X-Force Vulnerability Database: http://xforce.iss.net/xforce/xfdb/93000\n X-Force Vulnerability Database: http://xforce.iss.net/xforce/xfdb/93589\n CVE-2014-0224 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224\n CVE-2014-0221 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221\n CVE-2014-0195 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195\n CVE-2014-0198 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198\n CVE-2014-3470 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470\n\n *The CVSS Environment Score is customer environment specific and will\n ultimately impact the Overall CVSS Score. Customers can evaluate the\n impact of this vulnerability in their environments by accessing the links\n in the Reference section of this Flash.\n\n Note: According to the Forum of Incident Response and Security Teams\n (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry\n open standard designed to convey vulnerability severity and help to\n determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES\n \"AS IS\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF\n MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE\n RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY\n VULNERABILITY.\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.13 (AIX)\n\niEYEARECAAYFAlOYa3QACgkQ4fmd+Ci/qhJMsQCeIm9hBmgNkQxOH80z74Du1Gt3\nldsAn3mM6Hl5+KNzs+2sTTxirF79+NJ+\n=Q2O7\n-----END PGP SIGNATURE-----\n", "published": "2014-06-11T06:39:27", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc", "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-0221"], "lastseen": "2016-10-24T17:48:11"}], "freebsd": [{"id": "5AC53801-EC2E-11E3-9CF3-3C970E169BC2", "type": "freebsd", "title": "OpenSSL -- multiple vulnerabilities", "description": "\nThe OpenSSL Project reports:\n\nAn attacker using a carefully crafted handshake can force\n\t the use of weak keying material in OpenSSL SSL/TLS clients\n\t and servers. This can be exploited by a Man-in-the-middle\n\t (MITM) attack where the attacker can decrypt and modify\n\t traffic from the attacked client and server. [CVE-2014-0224]\nBy sending an invalid DTLS handshake to an OpenSSL DTLS\n\t client the code can be made to recurse eventually crashing\n\t in a DoS attack. [CVE-2014-0221]\nA buffer overrun attack can be triggered by sending invalid\n\t DTLS fragments to an OpenSSL DTLS client or server. This is\n\t potentially exploitable to run arbitrary code on a vulnerable\n\t client or server. [CVE-2014-0195]\nOpenSSL TLS clients enabling anonymous ECDH ciphersuites are\n\t subject to a denial of service attack. [CVE-2014-3470]\n\n", "published": "2014-06-05T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vuxml.freebsd.org/freebsd/5ac53801-ec2e-11e3-9cf3-3c970e169bc2.html", "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2014-0195", "CVE-2014-0221"], "lastseen": "2016-09-26T17:24:24"}], "debian": [{"id": "DSA-2950", "type": "debian", "title": "openssl -- security update", "description": "Multiple vulnerabilities have been discovered in OpenSSL:\n\n * [CVE-2014-0195](<https://security-tracker.debian.org/tracker/CVE-2014-0195>)\n\nJueri Aedla discovered that a buffer overflow in processing DTLS fragments could lead to the execution of arbitrary code or denial of service.\n\n * [CVE-2014-0221](<https://security-tracker.debian.org/tracker/CVE-2014-0221>)\n\nImre Rad discovered the processing of DTLS hello packets is susceptible to denial of service.\n\n * [CVE-2014-0224](<https://security-tracker.debian.org/tracker/CVE-2014-0224>)\n\nKIKUCHI Masashi discovered that carefully crafted handshakes can force the use of weak keys, resulting in potential man-in-the-middle attacks.\n\n * [CVE-2014-3470](<https://security-tracker.debian.org/tracker/CVE-2014-3470>)\n\nFelix Groebert and Ivan Fratric discovered that the implementation of anonymous ECDH ciphersuites is suspectible to denial of service.\n\nAdditional information can be found at <http://www.openssl.org/news/secadv_20140605.txt>\n\nFor the stable distribution (wheezy), these problems have been fixed in version 1.0.1e-2+deb7u10. All applications linked to openssl need to be restarted. You can use the tool checkrestart from the package debian-goodies to detect affected programs or reboot your system. There's also a forthcoming security update for the Linux kernel later the day ([CVE-2014-3153](<https://security-tracker.debian.org/tracker/CVE-2014-3153>)), so you need to reboot anyway. Perfect timing, isn't it?\n\nFor the unstable distribution (sid), these problems will be fixed soon.\n\nWe recommend that you upgrade your openssl packages.", "published": "2014-06-05T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://www.debian.org/security/dsa-2950", "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2014-0195", "CVE-2014-0221"], "lastseen": "2016-09-02T18:19:37"}], "ics": [{"id": "ICSA-14-198-03G", "type": "ics", "title": "Siemens OpenSSL Vulnerabilities (Update G)", "description": "## OVERVIEW\n\nThis updated advisory is a follow-up to the updated advisory titled ICSA-14-198-03F Siemens OpenSSL Vulnerabilities that was published October 16, 2014, on the NCCIC/ICS-CERT web site.\n\n### **\\--------- Begin Update G Part 1 of 3 --------**\n\nSiemens has identified four vulnerabilities in its OpenSSL cryptographic software library affecting several Siemens industrial products. Updates are available for APE 2.0.2, S7-1500, WinCC OA (PVSS), CP1543-1, Ruggedcom ROX 1, and ROX 2-based products.\n\n### **\\--------- End Update G Part 1 of 3 ----------**\n\nThese vulnerabilities could be exploited remotely. Exploits that target OpenSSL vulnerabilities are publicly available. ICS-CERT is unaware of any OpenSSL exploits that target Siemens\u2019 products specifically.\n\n## AFFECTED PRODUCTS\n\nThe following Siemens products are affected:\n\n### **\\--------- Begin Update G Part 2 of 3 --------**\n\n * APE (only affected if SSL/TLS component is used):\n * APE stand-alone: All versions prior to V2.0.2,\n * ELAN on APE: All versions prior to V8.4.0,\n * CP1543-1: prior to Version 1.1.25,\n * ROX 1: all versions prior to V1.16.1 (only affected if Crossbow is installed),\n * ROX 2: all versions prior to V2.6.0 (only affected if ELAN or Crossbow is installed),\n * Crossbow: All versions prior to V4.2.3\n * ELAN: All versions prior to V8.4.0\n * S7-1500: versions prior to Version 1.6, and\n * WinCC OA (PVSS): Version 3.12-P001\u20133.12-P008\n\n### **\\--------- End Update G Part 2 of 3 ----------**\n\n## IMPACT\n\nThe vulnerabilities identified could impact authenticity, integrity, and availability of affected devices. The man-in-the-middle attack could allow an attacker to hijack a session between an authorized user and the device. The other vulnerabilities reported could impact the availability of the device by causing the web server of the product to crash.\n\nImpact to individual organizations depends on many factors that are unique to each organization. ICS-CERT recommends that organizations evaluate the impact of these vulnerabilities based on their operational environment, architecture, and product implementation.\n\n## BACKGROUND\n\nSiemens is a multinational company headquartered in Munich, Germany. Siemens develops products mainly in the energy, healthcare and public health sectors, and transportation systems.\n\nThe affected Siemens industrial products are for process and network control and monitoring in critical infrastructure sectors such as Chemical, Critical Manufacturing, Energy, Food and Agriculture, and Water and Wastewater Systems.\n\n## VULNERABILITY CHARACTERIZATION\n\n### VULNERABILITY OVERVIEW\n\n### MAN-IN-THE-MIDDLEa\n\nAn attacker could perform a man-in-the-middle (MitM) attack between a vulnerable client and a vulnerable server. This vulnerability affects ROX, APE, S7-1500, and CP1543-1.\n\nCVE-2014-0224b has been assigned to this vulnerability. A CVSS v2 base score of 6.8 has been assigned; the CVSS vector string is (AV:N/AC:M/Au:N/C:P/I:P/A:P).c\n\n### IMPROPER INPUT VALIDATIONd\n\nSpecially crafted packets may crash the web server of the product. This vulnerability affects the SIMATIC S7-1500.\n\nCVE-2014-0198e has been assigned to this vulnerability. A CVSS v2 base score of 4.3 has been assigned; the CVSS vector string is (AV:N/AC:M/Au:N/C:N/I:N/A:P).f\n\n### IMPROPER INPUT VALIDATIONg\n\nSpecially crafted packets may crash the web server of the product. This vulnerability affects the SIMATIC S7-1500.\n\nCVE-2010-5298h has been assigned to this vulnerability. A CVSS v2 base score of 4.0 has been assigned; the CVSS vector string is (AV:N/AC:H/Au:N/C:N/I:P/A:P).i\n\n### IMPROPER INPUT VALIDATIONj\n\nSpecially crafted packets may crash the web server of the product. This vulnerability affects the WinCC OA (PVSS).\n\nCVE-2014-3470k has been assigned to this vulnerability. A CVSS v2 base score of 4.3 has been assigned; the CVSS vector string is (AV:N/AC:M/Au:N/C:N/I:N/A:P).l\n\n### VULNERABILITY DETAILS\n\n#### EXPLOITABILITY\n\nThese vulnerabilities could be exploited remotely.\n\n#### EXISTENCE OF EXPLOIT\n\nExploits that target OpenSSL vulnerabilities are publicly available. ICS-CERT is unaware of any OpenSSL exploits that target Siemens\u2019 products specifically.\n\n#### DIFFICULTY\n\nAn attacker with a moderate skill would be able to exploit these vulnerabilities.\n\n## MITIGATION\n\nSiemens provides updates for the following products:\n\n### **\\--------- Begin Update G Part 3 of 3 --------**\n\nAPE 2.0.2 stand-alone available at:\n\n<http://support.automation.siemens.com/WW/view/en/97654933>\n\nS7-1500: update to Version 1.6 at:\n\n<http://support.automation.siemens.com/WW/view/de/98164677>\n\nWinCC OA (PVSS) available at the Siemens[ ETM portal](<https://portal.etm.at/index.php?option=com_user&view=login&return=aHR0cHM6Ly9wb3J0YWwuZXRtLmF0L2luZGV4LnBocD9vcHRpb249Y29tX2NvbnRleHQmdmlldz1jYXRlZ29yeSZpZD02NSZsYXlvdXQ9YmxvZyZJdGVtaWQ9ODA=https://portal.etm.at/index.php?option=com_user&view=login&return=aHR0cHM6Ly9wb3J0YWwuZXRtLmF0L2luZGV4LnBocD9vcHRpb249Y29tX2NvbnRleHQmdmlldz1jYXRlZ29yeSZpZD02NSZsYXlvdXQ9YmxvZyZJdGVtaWQ9ODA=>).\n\nCP1543-1 update to Version V1.1.25 at:\n\n<http://support.automation.siemens.com/WW/view/en/99804563>\n\nUpdated firmware for Ruggedcom ROX-based devices and ELAN software can be obtained for free from the following contact points:\n\n * Submit a support request to Siemens online:\n * <http://www.siemens.com/automation/support-request>\n * Call a local hotline center:\n * <http://www.automation.siemens.com/mcms/aspa-db/en/automation-technology/Pages/default.aspx>\n\nUpdate Debian using the standard update procedures if eLAN is installed on a Linux system.\n\n### **\\--------- End Update G Part 3 of 3 ----------**\n\nSiemens provides specific advice for mitigating risk in each of the affected products in SSA\u2011234763, which can be found at its web site at the following location:\n\n<http://www.siemens.com/cert/advisories>\n\nICS-CERT encourages asset owners to take additional defensive measures to protect against this and other cybersecurity risks.\n\n * Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.\n * Locate control system networks and remote devices behind firewalls, and isolate them from the business network.\n * When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.\n\nICS-CERT also provides a section for control systems security recommended practices on the ICS-CERT web page at: <http://ics-cert.us-cert.gov/content/recommended-practices>. Several recommended practices are available for reading and download, including [Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.](<http://ics-cert.us-cert.gov/sites/default/files/recommended_practices/Defense_in_Depth_Oct09.pdf>) ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\n\nAdditional mitigation guidance and recommended practices are publicly available in the ICS\u2011CERT Technical Information Paper, [ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies](<http://ics-cert.us-cert.gov/tips/ICS-TIP-12-146-01B>), that is available for download from the ICS-CERT web site (<http://ics-cert.us-cert.gov/>).\n\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.\n\nIn addition, ICS-CERT recommends that users take the following measures to protect themselves from social engineering attacks:\n\n 1. Do not click web links or open unsolicited attachments in email messages.\n 2. Refer to Recognizing and Avoiding Email Scamsm for more information on avoiding email scams.\n 3. Refer to Avoiding Social Engineering and Phishing Attacksn for more information on social engineering attacks.\n * a. CWE-310: Cryptographic Issues, <http://cwe.mitre.org/data/definitions/310.html>, web site last accessed July 17, 2014.\n * b. NVD, <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0224>, web site last accessed July 17, 2014.\n * c. CVSS Calculator, [http://nvd.nist.gov/cvss.cfm?version=2&vector=AV:N/AC:M/Au:N/C:P/I:P/A:P](<http://nvd.nist.gov/cvss.cfm?version=2&vector=AV:N/AC:M/Au:N/C:P/I:P/A:P>), web site last accessed July 17, 2014.\n * d. CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer, <http://cwe.mitre.org/data/definitions/119.html>, web site last accessed July 17, 2014.\n * e. NVD, <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0198>, web site last accessed July 17, 2014.\n * f. CVSS Calculator, [http://nvd.nist.gov/cvss.cfm?version=2&vector=AV:N/AC:M/Au:N/C:N/I:N/A:P](<http://nvd.nist.gov/cvss.cfm?version=2&vector=AV:N/AC:M/Au:N/C:N/I:N/A:P>), web site last accessed July 17, 2014.\n * g. CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition'), <http://cwe.mitre.org/data/definitions/362.html>, web site last accessed July 17, 2014.\n * h. NVD, <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5298>, web site last accessed July 17, 2014.\n * i. CVSS Calculator, [http://nvd.nist.gov/cvss.cfm?version=2&vector=AV:N/AC:H/Au:N/C:N/I:P/A:P](<http://nvd.nist.gov/cvss.cfm?version=2&vector=AV:N/AC:H/Au:N/C:N/I:P/A:P>), web site last accessed July 17, 2014.\n * j. CWE-476: NULL Pointer Dereference, <http://cwe.mitre.org/data/definitions/476.html>, web site last accessed July 17, 2014.\n * k. NVD, <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3470>, web site last accessed July 17, 2014.\n * l. CVSS Calculator, [http://nvd.nist.gov/cvss.cfm?version=2&vector=AV:N/AC:M/Au:N/C:N/I:N/A:P](<http://nvd.nist.gov/cvss.cfm?version=2&vector=AV:N/AC:M/Au:N/C:N/I:N/A:P>), web site last accessed July 17, 2014.\n * m. Recognizing and Avoiding Email Scams, <http://www.us-cert.gov/reading_room/emailscams_0905.pdf>, web site last accessed July 17, 2014.\n * n. National Cyber Alert System Cyber Security Tip ST04-014, <http://www.us-cert.gov/cas/tips/ST04-014.html>, web site last accessed July 17, 2014.\n", "published": "2015-02-17T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://ics-cert.us-cert.gov//advisories/ICSA-14-198-03G", "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2010-5298", "CVE-2014-0198"], "lastseen": "2017-12-04T19:02:39"}], "vmware": [{"id": "VMSA-2014-0006", "type": "vmware", "title": "VMware product updates address OpenSSL security vulnerabilities", "description": "a. OpenSSL update for multiple products. \n\n\nOpenSSL libraries have been updated in multiple products to versions 0.9.8za and 1.0.1h in order to resolve multiple security issues. \n \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2014-0224, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470, CVE-2014-0221 and CVE-2014-0195 to these issues. The most important of these issues is CVE-2014-0224.\n\nCVE-2014-0198, CVE-2010-5298 and CVE-2014-3470 are considered to be of moderate severity. Exploitation is highly unlikely or is mitigated due to the application configuration.\n\nCVE-2014-0221 and CVE-2014-0195, which are listed in the OpenSSL Security Advisory (see Reference section below), do not affect any VMware products. \n \nCVE-2014-0224 may lead to a Man-in-the-Middle attack if a server is running a vulnerable version of OpenSSL 1.0.1 and clients are running a vulnerable version of OpenSSL 0.9.8 or 1.0.1. Updating the server will mitigate this issue for both the server and all affected clients. \n \nCVE-2014-0224 may affect products differently depending on whether the product is acting as a client or a server and of which version of OpenSSL the product is using. For readability the affected products have been split into 3 tables below, based on the different client-server configurations and deployment scenarios. \n \n**MITIGATIONS \n \n**\n\n * Clients that communicate with a patched or non-vulnerable server are not vulnerable to CVE-2014-0224. Applying these patches to affected servers will mitigate the affected clients (See Table 1 below).\n * Clients that communicate over untrusted networks such as public Wi-Fi and communicate to a server running a vulnerable version of OpenSSL 1.0.1. can be mitigated by using a secure network such as VPN (see Table 2 below). \n * Clients and servers that are deployed on an isolated network are less exposed to CVE-2014-0224 (see Table 3 below). The affected products are typically deployed to communicate over the management network.\n\n \n**RECOMMENDATIONS** \n \nVMware recommends customers evaluate and deploy patches for affected Servers in Table 1 below as these patches become available. Patching these servers will remove the ability to exploit the vulnerability described in CVE-2014-0224 on both clients and servers. \n \nVMware recommends customers consider applying patches to products listed in Table 2 & 3 as required.\n\nColumn 4 of the following tables lists the action required to remediate the vulnerability in each release, if a solution is available.\n\n_**Table 1**_\n\nAffected servers running a vulnerable version of OpenSSL 1.0.1.\n", "published": "2014-06-10T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.vmware.com/security/advisories/VMSA-2014-0006.html", "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2010-5298", "CVE-2014-0198"], "lastseen": "2016-09-04T11:19:39"}], "slackware": [{"id": "SSA-2014-156-03", "type": "slackware", "title": "openssl", "description": "New openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,\nand -current to fix security issues.\n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n\npatches/packages/openssl-1.0.1h-i486-1_slack14.1.txz: Upgraded.\n Multiple security issues have been corrected, including a possible\n man-in-the-middle attack where weak keying material is forced, denial\n of service, and the execution of arbitrary code.\n For more information, see:\n http://www.openssl.org/news/secadv_20140605.txt\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470\n (* Security fix *)\npatches/packages/openssl-solibs-1.0.1h-i486-1_slack14.1.txz: Upgraded.\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the "Get Slack" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated packages for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8za-i486-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8za-i486-1_slack13.0.txz\n\nUpdated packages for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8za-x86_64-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8za-x86_64-1_slack13.0.txz\n\nUpdated packages for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8za-i486-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8za-i486-1_slack13.1.txz\n\nUpdated packages for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8za-x86_64-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8za-x86_64-1_slack13.1.txz\n\nUpdated packages for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8za-i486-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8za-i486-1_slack13.37.txz\n\nUpdated packages for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8za-x86_64-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8za-x86_64-1_slack13.37.txz\n\nUpdated packages for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1h-i486-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1h-i486-1_slack14.0.txz\n\nUpdated packages for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1h-x86_64-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1h-x86_64-1_slack14.0.txz\n\nUpdated packages for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1h-i486-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1h-i486-1_slack14.1.txz\n\nUpdated packages for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1h-x86_64-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1h-x86_64-1_slack14.1.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1h-i486-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1h-i486-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1h-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1h-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 13.0 packages:\n634b8ecc8abc6d3f249b73d0fefa5959 openssl-0.9.8za-i486-1_slack13.0.txz\na2529f1243d42a3608f61b96236b5f60 openssl-solibs-0.9.8za-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 packages:\n2ddac651c5f2531f3a7f70d9f5823bd6 openssl-0.9.8za-x86_64-1_slack13.0.txz\nd7ffeb15713a587f642fbb3d5c310c75 openssl-solibs-0.9.8za-x86_64-1_slack13.0.txz\n\nSlackware 13.1 packages:\n0b84a6a1edf76cba83d4c52c54196baa openssl-0.9.8za-i486-1_slack13.1.txz\ndfd5d241b0e1703ae9d70d6ccda06179 openssl-solibs-0.9.8za-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 packages:\nbd749622577a5f76a59d90b95aa922fd openssl-0.9.8za-x86_64-1_slack13.1.txz\n35cf911dd9f0cc13f7f0056d9e1f4520 openssl-solibs-0.9.8za-x86_64-1_slack13.1.txz\n\nSlackware 13.37 packages:\n8f674defac9002c81265d284b1072f75 openssl-0.9.8za-i486-1_slack13.37.txz\n48ce79e7714cb0c823d2b6ea4a88ba51 openssl-solibs-0.9.8za-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 packages:\nefa09162c22782c15806bca99472c5be openssl-0.9.8za-x86_64-1_slack13.37.txz\n8e3b8d1e3d3a740bd274fbe38dc10f96 openssl-solibs-0.9.8za-x86_64-1_slack13.37.txz\n\nSlackware 14.0 packages:\n8e2698d19f54c7e0cac8f998df23b782 openssl-1.0.1h-i486-1_slack14.0.txz\ncf6233bc169cf6dd192bb7210f779fc1 openssl-solibs-1.0.1h-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 packages:\n2b4f0610d5e46fa7bb27a0b39f0d6d33 openssl-1.0.1h-x86_64-1_slack14.0.txz\n18fdd83dcf86204275508a689a017dea openssl-solibs-1.0.1h-x86_64-1_slack14.0.txz\n\nSlackware 14.1 packages:\n49aea7da42eef41da894f29762971863 openssl-1.0.1h-i486-1_slack14.1.txz\n6f19f4fdc3f018b4e821c519d7bb1e5c openssl-solibs-1.0.1h-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 packages:\nccf5ff2b107c665a4f3bf98176937749 openssl-1.0.1h-x86_64-1_slack14.1.txz\nea1aaba38c98b096186ca94ca541a793 openssl-solibs-1.0.1h-x86_64-1_slack14.1.txz\n\nSlackware -current packages:\ndb1ed7ded71ab503f567940fff39eb16 a/openssl-solibs-1.0.1h-i486-1.txz\n0db4f91f9b568b2b2629950e5ab88b22 n/openssl-1.0.1h-i486-1.txz\n\nSlackware x86_64 -current packages:\nd01aef33335bee27f36574241f54091f a/openssl-solibs-1.0.1h-x86_64-1.txz\n95a743d21c58f39573845d6ec5270656 n/openssl-1.0.1h-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the packages as root:\n > upgradepkg openssl-1.0.1h-i486-1_slack14.1.txz openssl-solibs-1.0.1h-i486-1_slack14.1.txz", "published": "2014-06-05T22:27:11", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.746956", "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2010-5298", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-0221"], "lastseen": "2018-02-02T18:11:33"}], "gentoo": [{"id": "GLSA-201407-05", "type": "gentoo", "title": "OpenSSL: Multiple vulnerabilities", "description": "### Background\n\nOpenSSL is an Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general purpose cryptography library. \n\n### Description\n\nMultiple vulnerabilities have been discovered in OpenSSL. Please review the OpenSSL Security Advisory [05 Jun 2014] and the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could send specially crafted DTLS fragments to an OpenSSL DTLS client or server to possibly execute arbitrary code with the privileges of the process using OpenSSL. \n\nFurthermore, an attacker could force the use of weak keying material in OpenSSL SSL/TLS clients and servers, inject data across sessions, or cause a Denial of Service via various vectors. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll OpenSSL users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-libs/openssl-1.0.1h-r1\"", "published": "2014-07-27T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://security.gentoo.org/glsa/201407-05", "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2010-5298", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-0221"], "lastseen": "2016-09-06T19:46:37"}], "cisco": [{"id": "CISCO-SA-20140605-OPENSSL", "type": "cisco", "title": "Multiple Vulnerabilities in OpenSSL Affecting Cisco Products", "description": "Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to execute arbitrary code, create a denial of service (DoS) condition, or perform a man-in-the-middle attack. On June 5, 2014, the OpenSSL Project released a security advisory detailing seven distinct vulnerabilities. The vulnerabilities are referenced in this document as follows:\n\n SSL/TLS Man-in-the-Middle Vulnerability\n DTLS Recursion Flaw Vulnerability\n DTLS Invalid Fragment Vulnerability\n SSL_MODE_RELEASE_BUFFERS NULL Pointer Dereference Vulnerability\n SSL_MODE_RELEASE_BUFFERS Session Injection or Denial of Service Vulnerability\n Anonymous ECDH Denial of Service Vulnerability\n ECDSA NONCE Side-Channel Recovery Attack Vulnerability\n\nPlease note that the devices that are affected by this vulnerability are the devices acting as a Secure Sockets Layer (SSL) or Datagram Transport Layer Security (DTLS) server terminating SSL or DTLS connections or devices acting as an SSL client initiating an SSL or DTLS connection. Devices that are simply traversed by SSL or DTLS traffic without terminating it are not affected.\n\nCisco will release software updates that address these vulnerabilities. \n\nWorkarounds that mitigate these vulnerabilities may be available.\n\nThis advisory is available at the following link:\n\nhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl[\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl\"]", "published": "2014-06-05T22:40:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl", "cvelist": ["CVE-2010-5298", "CVE-2014-0076", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-0221", "CVE-2014-0224", "CVE-2014-3470"], "lastseen": "2018-04-23T16:45:50"}]}}

IBM Tivoli Endpoint Manager Server 9.1.x &lt; 9.1.1117.0 OpenSSL Security Bypass

Description

IBM Tivoli Endpoint Manager Server 9.1.x < 9.1.1117.0 OpenSSL Security Bypass