Critical OpenSSL Patch Available. Patch Now!
[Webcast Correction] Important correction to the webcast. The MITM attack does not just affect DTLS. It does affect TLS (TCP) as well.
Quick Q&A Summary from the webcast:
- The MITM vulnerablity only affects servers that run OpenSSL 1.0.1 but all clients. Both have to be vulnerable to exploit this problem.
- The MITM vulnerability is not just DTLS (sorry, had that wrong during the webcast)
- Common DTLS applications: Video/Voice over IP, LDAP, SNMPv3, WebRTC
â??- Web servers (https) can not use DTLS.
- OpenVPN's "auth-tls" feature will likely mitigate all these vulnerabilities
- Even if you use "commercial software", it may still use OpenSSL.
Â
---------
The OpenSSL team released a critical security update today. The update patches 6 flaws. 1 of the flaws (CVE-2014-0195) may lead to arbitrary code execution. [1]
All versions of OpenSSL are vulnerable to CVE-2014-0195, but this vulnerability only affects DTLS clients or servers (look for SSL VPNs... not so much HTTPS).
I also rated CVE-2014-0224 critical, since it does allow for MiTM attacks, one of the reasons you use SSL. But in order to exploit this issue, both client and server have to be vulnerable, and only openssl 1.0.1 is vulnerable on servers (which is why I stuck with "important" for servers). The discoverer of this vulnerability released details here: http://ccsinjection.lepidum.co.jp/blog/2014-06-05/CCS-Injection-en/index.html .
CVE-2010-5298 does allow third parties to inject data into existing SSL connections. This could be a big deal, but according to the OpenSSL advisory, the SSL_MODE_RELEASE_BUFFERS feature is usually not enabled.
Make sure you update to one of these OpenSSL versions:
OpenSSL 0.9.8za (openssl ran out of letters, so instead of calling this one 'z' they call it 'za' to allow for future releases. However, this *may* be the last 0.9.8 release).
OpenSSL 1.0.0m
OpenSSL 1.0.1h
CVE | Name | Impact | Vulnerable Versions | Client | Server |
CVE-2014-0224 | SSL/TLS MITM Vulnerability | MiTM | Server: 1.0.1, Client: 0.9.8,1.0.0,1.0.1 (both have to be vulnerable) | Critical | Important |
CVE-2014-0221 | DTLS recursion flaw | DoS | 0.9.8,1.0.0,1.0.1 | Important | Not Affected |
CVE-2014-0195 | DTLS invalid fragment vulnerability | Code Exec. | 0.9.8,1.0.0,1.0.1 | Critical | Critical |
CVE-2014-0198 | SSL_MODE_RELEASE_BUFFERS NULL pointer dereference | DoS | 1.0.0,1.0.1 (neither affected in default config) |
Important | Important |
CVE-2010-5298 | SSL_MODE_RELEASE_BUFFERS session injection | DoS or Data Injection | 1.0.0, 1.0.1 (in multithreaded applications, not in default config) |
Important | Important |
CVE-2014-3470 | Anonymous ECDH Denial of Service | DoS | 0.9.8, 1.0.0, 1.0.1 | Important | Not Affected |
Vendor Information:
Redhat | https://rhn.redhat.com/errata/RHSA-2014-0625.html https://rhn.redhat.com/errata/RHSA-2014-0626.html |
Ubuntu | http://www.ubuntu.com/usn/usn-2232-1/ |
FreeBSD | http://www.freebsd.org/security/advisories/FreeBSD-SA-14:14.openssl.asc |
Debian | http://www.debian.org/security/2014/dsa-2950 |
OpenSuse | http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00003.html |
Amazon AWS | http://aws.amazon.com/security/security-bulletins/openssl-security-advisory/ |
[1] https://www.openssl.org/news/secadv_20140605.txt
Application Security: Securing Web Apps, APIs, and Microservices | Online | US Eastern | Jan 27th - Feb 1st 2025 |
Comments
http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/uc_system/design/guides/videodg/vidguide/security.html#wp1060870
WebRTC appears to use it as well.
Anonymous
Jun 5th 2014
1 decade ago
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed
Cisco Jabber also uses OpenSSL, and may use DTLS for voice and video.
Anonymous
Jun 5th 2014
1 decade ago
Doing a search on CVE-2014-0195 on the NIST NVD will result in "Unable to find vuln CVE-2014-0195" or 0 entries found.
The MITRE reference to CVE-2014-0195 states the CVE entry is "Reserved".
Maybe there is ongoing impact assessment??
Will need to check on it later.
Anonymous
Jun 5th 2014
1 decade ago
For CVE-2014-0195 (as of 1500 EST today):
If you go to the MITRE site, the entry is listed as "Reserved" with no useful data about the vulnerability.
If you go to the NIST NVD, a search will result in 0 records. A direct GET statement will result in "Unable to find vuln CVE-2014-0195"
Maybe the CVE impact is still under assessment??
Will need to check on this.
Anonymous
Jun 5th 2014
1 decade ago
Anonymous
Jun 5th 2014
1 decade ago
Anonymous
Jun 5th 2014
1 decade ago
Anonymous
Jun 5th 2014
1 decade ago
Anonymous
Jun 5th 2014
1 decade ago
The original by the Japanese discoverer of the vulnerability
http://ccsinjection.lepidum.co.jp/blog/2014-06-05/CCS-Injection-en/index.html
A secondary writeup by Adam Langley
https://www.imperialviolet.org/2014/06/05/earlyccs.html
Neither is a terrible easy read, and both heavily reference prior DTLS bugs. But neither writeup excludes TLS.
Anonymous
Jun 5th 2014
1 decade ago
Anonymous
Jun 13th 2014
1 decade ago