Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:30481
HistoryApr 20, 2014 - 12:00 a.m.

FreeBSD Security Advisory FreeBSD-SA-14:06.openssl [REVISED]

2014-04-2000:00:00
vulners.com
93
JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

=============================================================================
FreeBSD-SA-14:06.openssl Security Advisory
The FreeBSD Project

Topic: OpenSSL multiple vulnerabilities

Category: contrib
Module: openssl
Announced: 2014-04-08
Affects: All supported versions of FreeBSD.
Corrected: 2014-04-08 18:27:39 UTC (stable/10, 10.0-STABLE)
2014-04-08 18:27:46 UTC (releng/10.0, 10.0-RELEASE-p1)
2014-04-08 23:16:19 UTC (stable/9, 9.2-STABLE)
2014-04-08 23:16:05 UTC (releng/9.2, 9.2-RELEASE-p4)
2014-04-08 23:16:05 UTC (releng/9.1, 9.1-RELEASE-p11)
2014-04-08 23:16:19 UTC (stable/8, 8.4-STABLE)
2014-04-08 23:16:05 UTC (releng/8.4, 8.4-RELEASE-p8)
2014-04-08 23:16:05 UTC (releng/8.3, 8.3-RELEASE-p15)
CVE Name: CVE-2014-0076, CVE-2014-0160

For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:http://security.FreeBSD.org/&gt;.

  1. Revision History

v1.0 2014-04-08 Initial release.
v1.1 2014-04-08 Added patch applying step in Solutions section.

I. Background

FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is
a collaborative effort to develop a robust, commercial-grade, full-featured
Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)
and Transport Layer Security (TLS v1) protocols as well as a full-strength
general purpose cryptography library.

The Heartbeat Extension provides a new protocol for TLS/DTLS allowing the
usage of keep-alive functionality without performing a renegotiation and a
basis for path MTU (PMTU) discovery for DTLS.

Elliptic Curve Digital Signature Algorithm (ECDSA) is a variant of the
Digital Signature Algorithm (DSA) which uses Elliptic Curve Cryptography.
OpenSSL uses the Montgomery Ladder Approach to compute scalar multiplication
in a fixed amount of time, which does not leak any information through timing
or power.

II. Problem Description

The code used to handle the Heartbeat Extension does not do sufficient boundary
checks on record length, which allows reading beyond the actual payload.
[CVE-2014-0160]. Affects FreeBSD 10.0 only.

A flaw in the implementation of Montgomery Ladder Approach would create a
side-channel that leaks sensitive timing information. [CVE-2014-0076]

III. Impact

An attacker who can send a specifically crafted packet to TLS server or client
with an established connection can reveal up to 64k of memory of the remote
system. Such memory might contain sensitive information, including key
material, protected content, etc. which could be directly useful, or might
be leveraged to obtain elevated privileges. [CVE-2014-0160]

A local attacker might be able to snoop a signing process and might recover
the signing key from it. [CVE-2014-0076]

IV. Workaround

No workaround is available, but systems that do not use OpenSSL to implement
the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
protocols implementation and do not use the ECDSA implementation from OpenSSL
are not vulnerable.

V. Solution

Perform one of the following:

1) Upgrade your vulnerable system to a supported FreeBSD stable or
release / security branch (releng) dated after the correction date.

2) To update your vulnerable system via a source code patch:

The following patches have been verified to apply to the applicable
FreeBSD release branches.

a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.

[FreeBSD 8.x and FreeBSD 9.x]

fetch http://security.FreeBSD.org/patches/SA-14:06/openssl.patch

fetch http://security.FreeBSD.org/patches/SA-14:06/openssl.patch.asc

gpg --verify openssl.patch.asc

[FreeBSD 10.0]

fetch http://security.FreeBSD.org/patches/SA-14:06/openssl-10.patch

fetch http://security.FreeBSD.org/patches/SA-14:06/openssl-10.patch.asc

gpg --verify openssl-10.patch.asc

b) Execute the following commands as root:

cd /usr/src

patch < /path/to/patch

Recompile the operating system using buildworld and installworld as
described in <URL:http://www.FreeBSD.org/handbook/makeworld.html&gt;.

Restart all deamons using the library, or reboot the system.

3) To update your vulnerable system via a binary patch:

Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:

freebsd-update fetch

freebsd-update install

IMPORTANT: the update procedure above does not update OpenSSL from the
Ports Collection or from a package, known as security/openssl, which
has to be updated separately via ports or package. Users who have
installed security/openssl should update to at least version 1.0.1_10.

VI. Correction details

The following list contains the correction revision numbers for each
affected branch.

Branch/path Revision

stable/8/ r264285
releng/8.3/ r264284
releng/8.4/ r264284
stable/9/ r264285
releng/9.1/ r264284
releng/9.2/ r264284
stable/10/ r264266
releng/10.0/ r264267

To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:

svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base

Or visit the following URL, replacing NNNNNN with the revision number:

<URL:http://svnweb.freebsd.org/base?view=revision&amp;revision=NNNNNN&gt;

VII. References

<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076&gt;
<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160&gt;

<URL:http://www.openssl.org/news/secadv_20140407.txt&gt;
<URL:http://eprint.iacr.org/2014/140.pdf&gt;

The latest revision of this advisory is available at
<URL:http://security.FreeBSD.org/advisories/FreeBSD-SA-14:06.openssl.asc&gt;
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (FreeBSD)

iQIcBAEBCgAGBQJTRJySAAoJEO1n7NZdz2rnzPcQALd6So7vDRBaYiaGwQjc55oI
QwTnNzkkgxVTGwi8lDV6h8bIW3Ga8AhMGoZCVOeKbDABBDghVYe6Na5e/wsHbPPu
tXmDRhoi2aV0sVCTFfpoCNJ8l2lb+5vnmEC6Oi3PMQDbRC+Ptg15o0W/2hXw0eKO
yu4BhS4dl6lX7IvlR1n4sr0rfa8vwxe5OpUUd6Bzw0SUBmV+BTzq1C70FuOZ/hnD
ThaZS8Ox3fcWuPylhPbhxnWqg0oVNkBpiRYpIBadrpl9EiRRzbTfF+uFvauR9tBN
1mK8lLwd7DK6x8iCSnDd2ZlN1rNn8EPsGohT4vP+szz2E2YP1x8ugihEBdYax+Dh
Z4TWkm3/wJwEf00G32E1hZ8F+UavE8AmnGVk6gxiRpnv2sdNJYRlWd9O8u251qMq
uzcmBX6Jr14dQCwlqof8pYKYV7VCE/Cu4JHThOCL042CLwUmXyJVMFzm6WPQlNjC
dlPbSG+PXjninPjcYBoMR+863X35Guv0pJBNG/ofEh+Jy5MveaMRQX/mA+wy29zm
qg74lM07adXkJujPAuA5dYjZivpW1NPOHeIjaYjaI6KDw2q3BlkGa2C3PeYDQxn4
Iqujqpem5nyQY4BO2XC8gVtuym0jDSA98bgFXumNDkmzlUUuOFOWD8YScLopOzOu
EpUXgezogk1Rd3EVsaJ+
=UBO0
-----END PGP SIGNATURE-----

Related

nessus 48
ibm 45
openvas 14
securityvulns 17
altlinux 4
gentoo 1
mageia 1
ubuntu 1
vmware 2
freebsd_advisory 1
slackware 1
prion 2
threatpost 1
veracode 1
cve 1
freebsd 1
seebug 16
f5 3
openssl 2
ubuntucve 2
debiancve 1
intel 1
osv 1
packetstorm 4
symantec 1
thn 5
hp 3
exploitpack 2
hackerone 2
zdt 2
ics 5
kitploit 1
checkpoint_security 1
n0where 1
suse 1
atlassian 1
fortinet 1
vulnerlab 1
attackerkb 1
nessus
nessus
VMware Workstation 10.x < 10.0.2 OpenSSL Library Multiple Vulnerabilities (VMSA-2014-0004) (Heartbleed)
2014-04-21 00:00:00
VMware Horizon Workspace 1.8 < 1.8.1 OpenSSL Library Multiple Vulnerabilities (VMSA-2014-0004) (Heartbleed)
2014-05-06 00:00:00
VMware ESXi Multiple OpenSSL Vulnerabilities (VMSA-2014-0004) (Heartbleed)
2015-12-30 00:00:00
ibm
ibm
Security Bulletin: IBM Security Proventia Network Active Bypass is affected by vulnerabilities in OpenSSL (CVE-2014-0160 and CVE-2014-0076)
2018-06-16 21:17:19
Security Bulletin: Rational Build Forge is affected by vulnerabilities in OpenSSL (CVE-2014-0160 and CVE-2014-0076)
2018-06-17 04:53:33
Security Bulletin: IBM Security Network Intrusion Prevention System is affected by vulnerabilities in OpenSSL (CVE-2014-0160 and CVE-2014-0076)
2022-02-23 17:14:38
openvas
openvas
VMware ESXi/ESX updates address OpenSSL security vulnerabilities (VMSA-2014-0004)
2014-05-08 00:00:00
VMSA-2014-0004: VMware product updates address OpenSSL security vulnerabilities (remote check)
2014-05-08 00:00:00
Ubuntu Update for openssl USN-2165-1
2014-04-08 00:00:00
securityvulns
securityvulns
OpenSSL security vulnerabilities
2014-05-30 00:00:00
[USN-2165-1] OpenSSL vulnerabilities
2014-04-08 00:00:00
[security bulletin] HPSBMU03022 rev.1 - HP Systems Insight Manager &#40;SIM&#41; Bundled Software running OpenSSL, Remote Disclosure of Information
2014-05-01 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 7 package openssl10 version 1.0.1g-alt1
2014-04-08 00:00:00
Security fix for the ALT Linux 8 package openssl10 version 1.0.1g-alt1
2014-04-07 00:00:00
Security fix for the ALT Linux 9 package openssl1.1 version 1.0.1g-alt1
2014-04-07 00:00:00
gentoo
gentoo
OpenSSL: Information Disclosure
2014-04-08 00:00:00
mageia
mageia
Updated openssl package fix two security vulnerabilities
2014-04-08 11:58:47
ubuntu
ubuntu
OpenSSL vulnerabilities
2014-04-07 00:00:00
vmware
vmware
VMware product updates address OpenSSL security vulnerabilities
2014-04-14 00:00:00
VMware product updates address OpenSSL security vulnerabilities
2014-04-14 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-14:06.openssl
2014-04-08 00:00:00
slackware
slackware
[slackware-security] openssl
2014-04-08 15:05:22
prion
prion
Design/Logic Flaw
2014-03-25 13:25:00
Buffer overflow
2014-04-07 22:55:00
threatpost
threatpost
Second NSA Crypto Tool Found in RSA BSafe
2014-03-31 15:59:27
veracode
veracode
Side-channel Timing Attack
2017-02-08 02:53:24
cve
cve
CVE-2014-0076
2014-03-25 13:25:00
freebsd
freebsd
OpenSSL -- Local Information Disclosure
2014-04-07 00:00:00
seebug
seebug
OpenSSL ECDSA Nonces恢复漏洞
2014-03-25 00:00:00
Kerio Control OpenSSL TLS心跳信息泄漏漏洞
2014-04-16 00:00:00
Splunk OpenSSL TLS心跳信息泄漏漏洞
2014-04-16 00:00:00
f5
f5
SOL15295 - OpenSSL vulnerability CVE-2014-0076
2014-05-29 00:00:00
K15295 : OpenSSL vulnerability CVE-2014-0076
2014-05-29 00:00:00
K15159 : OpenSSL vulnerability CVE-2014-0160
2015-02-16 00:00:00
openssl
openssl
Vulnerability in OpenSSL CVE-2014-0076
2014-02-14 00:00:00
Vulnerability in OpenSSL CVE-2014-0160
2014-04-07 00:00:00
ubuntucve
ubuntucve
CVE-2014-0076
2014-03-25 00:00:00
CVE-2014-0160
2014-04-07 00:00:00
debiancve
debiancve
CVE-2014-0076
2014-03-25 13:25:00
intel
intel
Multiple Intel Software Products and API Services impacted by CVE-2014-0160
2014-04-30 00:00:00
osv
osv
openssl - security update
2014-04-07 00:00:00
packetstorm
packetstorm
OpenSSL Heartbeat (Heartbleed) Information Leak
2014-04-10 00:00:00
OpenSSL TLS Heartbeat Extension Memory Disclosure
2014-04-08 00:00:00
Heartbleed Proof Of Concept
2014-04-08 00:00:00
symantec
symantec
Symantec Messaging Gateway 10.6.x ACE Library Static Link to Vulnerable SSL Version
2016-05-12 08:00:00
thn
thn
How to Protect yourself from the 'Heartbleed' Bug
2014-04-10 07:58:00
Over 199,500 Websites Are Still Vulnerable to Heartbleed OpenSSL Bug
2017-01-22 23:27:00
Heartbleed - OpenSSL Zero-day Bug leaves Millions of websites Vulnerable
2014-04-08 08:23:00
hp
hp
HPSBPI03031 rev.3 - HP Officejet Pro X Printers, Certain Officejet Pro Printers, Remote Disclosure of Information
2014-04-30 00:00:00
HPSBPI03014 rev.2 - HP LaserJet Pro MFP Printers, HP Color LaserJet Pro MFP Printers, Remote Disclosure of Information
2014-04-22 00:00:00
HPSBHF03021 rev.1 - HP Thin Client with ThinPro OS or Smart Zero Core Services, Running OpenSSL, Remote Disclosure of Information
2014-04-23 00:00:00
exploitpack
exploitpack
OpenSSL TLS Heartbeat Extension - Heartbleed Memory Disclosure
2014-04-08 00:00:00
OpenSSL TLS Heartbeat Extension - Heartbleed Information Leak (2) (DTLS Support)
2014-04-24 00:00:00
hackerone
hackerone
Mail.ru: OpenSSL HeartBleed (CVE-2014-0160)
2014-10-23 15:12:13
Internet Bug Bounty: TLS heartbeat read overrun
2014-04-05 23:51:06
zdt
zdt
OpenSSL 1.0.1f TLS Heartbeat Extension - Memory Disclosure (Multiple SSL/TLS versions)
2014-04-09 00:00:00
OpenSSL Heartbeat (Heartbleed) Information Leak Exploit
2014-04-10 00:00:00
ics
ics
OpenSSL Vulnerability
2018-08-27 12:00:00
Certec atvise scada OpenSSL Heartbleed Vulnerability
2018-08-23 12:00:00
Unified Automation OPC SDK OpenSSL Vulnerability
2018-09-06 12:00:00
kitploit
kitploit
Collection of Heartbleed Tools (OpenSSL CVE-2014-0160)
2014-04-10 00:55:00
checkpoint_security
checkpoint_security
Check Point response to OpenSSL vulnerability (CVE-2014-0160)
2014-04-07 21:00:00
n0where
n0where
Access Point Impersonation Attacks: hostapd-wpe
2016-04-12 22:19:39
suse
suse
update for openssl (important)
2014-04-08 13:04:15
atlassian
atlassian
Update Tomcat Native DLL in JIRA Installer
2014-06-26 19:39:26
fortinet
fortinet
Information Disclosure Vulnerability in OpenSSL (Heartbleed)
2014-04-08 00:00:00
vulnerlab
vulnerlab
HeartBleed SSL CVE 20140160 - 10 Steps to Fix in Ubuntu
2014-04-09 00:00:00
attackerkb
attackerkb
CVE-2014-0160 (AKA: Heartbleed)
2014-04-07 00:00:00
JSON
Related for SECURITYVULNS:DOC:30481
nessus48ibm45openvas14securityvulns17altlinux4gentoo1mageia1ubuntu1vmware2freebsd_advisory1slackware1prion2threatpost1veracode1cve1freebsd1seebug16f53openssl2ubuntucve2debiancve1intel1osv1packetstorm4symantec1thn5hp3exploitpack2hackerone2zdt2ics5kitploit1checkpoint_security1n0where1suse1atlassian1fortinet1vulnerlab1attackerkb1