Vulnerability Note VU#978508

OpenSSL is vulnerable to a man-in-the-middle attack

Original Release date: 05 Jun 2014 | Last revised: 10 Sep 2014

Overview

OpenSSL is vulnerable to a man-in-the-middle attack.

Description

The OpenSSL security advisory states:

    SSL/TLS MITM vulnerability (CVE-2014-0224)
    ===========================================

    An attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. This can be exploited by a Man-in-the-middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server.

    The attack can only be performed between a vulnerable client *and* server. OpenSSL clients are vulnerable in all versions of OpenSSL. Servers are only known to be vulnerable in OpenSSL 1.0.1 and 1.0.2-beta1. Users of OpenSSL servers earlier than 1.0.1 are advised to upgrade as a precaution.

    OpenSSL 0.9.8 SSL/TLS users (client and/or server) should upgrade to 0.9.8za.
    OpenSSL 1.0.0 SSL/TLS users (client and/or server) should upgrade to 1.0.0m.
    OpenSSL 1.0.1 SSL/TLS users (client and/or server) should upgrade to 1.0.1h.

    Thanks to KIKUCHI Masashi (Lepidum Co. Ltd.) for discovering and researching this issue. This issue was reported to OpenSSL on 1st May 2014 via JPCERT/CC.

    The fix was developed by Stephen Henson of the OpenSSL core team partly based on an original patch from KIKUCHI Masashi.

Additional details may be found in the OpenSSL security advisory. This vulnerability is one of many that has been fixed in the latest release.

Masashi Kikuchi has written a technical blog post about the vulnerability.

Impact

A remote attacker with a man-in-the-middle vantage point on the network may be able to decrypt or modify traffic between a client and server.

Solution

Apply an Update

OpenSSL 0.9.8 SSL/TLS users (client and/or server) should upgrade to 0.9.8za.
OpenSSL 1.0.0 SSL/TLS users (client and/or server) should upgrade to 1.0.0m.
OpenSSL 1.0.1 SSL/TLS users (client and/or server) should upgrade to 1.0.1h.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
AttachmateAffected02 Jun 201419 Aug 2014
Debian GNU/LinuxAffected02 Jun 201406 Jun 2014
Fedora ProjectAffected02 Jun 201406 Jun 2014
FreeBSD ProjectAffected02 Jun 201405 Jun 2014
Global Technology Associates, Inc.Affected02 Jun 201419 Jun 2014
Hewlett-Packard CompanyAffected02 Jun 201421 Aug 2014
IBM CorporationAffected02 Jun 201416 Jun 2014
NEC CorporationAffected02 Jun 201409 Jun 2014
NVIDIAAffected02 Jun 201410 Sep 2014
OpenSSLAffected09 May 201405 Jun 2014
Oracle CorporationAffected02 Jun 201416 Jun 2014
Red Hat, Inc.Affected02 Jun 201405 Jun 2014
SUSE LinuxAffected02 Jun 201409 Jun 2014
UbuntuAffected02 Jun 201405 Jun 2014
VMwareAffected02 Jun 201416 Jun 2014
If you are a vendor and your product is affected, let us know.View More »

CVSS Metrics (Learn More)

Group Score Vector
Base 6.4 AV:A/AC:M/Au:N/C:C/I:P/A:N
Temporal 5.0 E:POC/RL:OF/RC:C
Environmental 8.1 CDP:H/TD:H/CR:H/IR:M/AR:L

References

Credit

Thanks to KIKUCHI Masashi for reporting this vulnerability.

This document was written by Jared Allar.

Other Information

  • CVE IDs: CVE-2014-0224
  • Date Public: 05 Jun 2014
  • Date First Published: 05 Jun 2014
  • Date Last Updated: 10 Sep 2014
  • Document Revision: 27

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.