Vulnerability Note VU#978508
OpenSSL is vulnerable to a man-in-the-middle attack
Original Release date: 05 Jun 2014 | Last revised: 19 Jun 2014

Overview
OpenSSL is vulnerable to a man-in-the-middle attack.

Description
The OpenSSL security advisory states:

SSL/TLS MITM vulnerability (CVE-2014-0224)
===========================================

An attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. This can be exploited by a Man-in-the-middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server.

The attack can only be performed between a vulnerable client *and* server. OpenSSL clients are vulnerable in all versions of OpenSSL. Servers are only known to be vulnerable in OpenSSL 1.0.1 and 1.0.2-beta1. Users of OpenSSL servers earlier than 1.0.1 are advised to upgrade as a precaution.

OpenSSL 0.9.8 SSL/TLS users (client and/or server) should upgrade to 0.9.8za.
OpenSSL 1.0.0 SSL/TLS users (client and/or server) should upgrade to 1.0.0m.
OpenSSL 1.0.1 SSL/TLS users (client and/or server) should upgrade to 1.0.1h.

Thanks to KIKUCHI Masashi (Lepidum Co. Ltd.) for discovering and researching this issue. This issue was reported to OpenSSL on 1st May 2014 via JPCERT/CC.

The fix was developed by Stephen Henson of the OpenSSL core team partly based on an original patch from KIKUCHI Masashi.

Additional details may be found in the OpenSSL security advisory. This vulnerability is one of many that has been fixed in the latest release.

Masashi Kikuchi has written a technical blog post about the vulnerability.

Impact
A remote attacker with a man-in-the-middle vantage point on the network may be able to decrypt or modify traffic between a client and server.

Solution
Apply an Update

OpenSSL 0.9.8 SSL/TLS users (client and/or server) should upgrade to 0.9.8za.
OpenSSL 1.0.0 SSL/TLS users (client and/or server) should upgrade to 1.0.0m.
OpenSSL 1.0.1 SSL/TLS users (client and/or server) should upgrade to 1.0.1h.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate UpdatedDebian GNU/LinuxAffected02 Jun 201406 Jun 2014
Fedora ProjectAffected02 Jun 201406 Jun 2014
FreeBSD ProjectAffected02 Jun 201405 Jun 2014
Global Technology Associates, Inc.Affected02 Jun 201419 Jun 2014
IBM CorporationAffected02 Jun 201416 Jun 2014
NEC CorporationAffected02 Jun 201409 Jun 2014
OpenSSLAffected09 May 201405 Jun 2014
Oracle CorporationAffected02 Jun 201416 Jun 2014
Red Hat, Inc.Affected02 Jun 201405 Jun 2014
SUSE LinuxAffected02 Jun 201409 Jun 2014
UbuntuAffected02 Jun 201405 Jun 2014
VMwareAffected02 Jun 201416 Jun 2014
ACCESSUnknown02 Jun 201402 Jun 2014
Alcatel-LucentUnknown02 Jun 201402 Jun 2014
Apple Inc.Unknown02 Jun 201402 Jun 2014If you are a vendor and your product is affected, let
us know.View More &raquo

CVSS Metrics (Learn More)

Group
Score
Vector

Base
6.4
AV:A/AC:M/Au:N/C:C/I:P/A:N

Temporal
5.0
E:POC/RL:OF/RC:C

Environmental
8.1
CDP:H/TD:H/CR:H/IR:M/AR:L

References

https://www.openssl.org/news/secadv_20140605.txt
http://ccsinjection.lepidum.co.jp/
http://ccsinjection.lepidum.co.jp/blog/2014-06-05/CCS-Injection-en/index.html
https://plus.google.com/app/basic/stream/z12xhp3hbzbhhjgfm22ncvtbeua1dpaa004

Credit

Thanks to KIKUCHI Masashi for reporting this vulnerability.
This document was written by Jared Allar.

Other Information

CVE IDs:
CVE-2014-0224

Date Public:
05 Jun 2014

Date First Published:
05 Jun 2014

Date Last Updated:
19 Jun 2014

Document Revision:
24

FeedbackIf you have feedback, comments, or additional information about this vulnerability, please send us email.

Leave a Reply