(FreeBSD Issues Fix) OpenSSL SSL 3.0 Protocol Downgrade Flaw Lets Remote Users Decrypt SSL Traffic
SecurityTracker Alert ID: 1031102|
SecurityTracker URL: http://securitytracker.com/id/1031102
(Links to External Site)
Date: Oct 22 2014
Disclosure of system information, Disclosure of user information|
Vendor Confirmed: Yes Exploit Included: Yes |
A vulnerability was reported in OpenSSL. A remote user can decrypt SSL sessions in certain cases.|
A remote user can with the ability to conduct a man-in-the-middle attack can force a client to negotiate a downgrade to SSLv3 instead of a TLS v1.x protocol and then conduct a BEAST-style of attack to decrypt portions of the session.
This protocol vulnerability is referred to as the POODLE ("Padding Oracle On Downgraded Legacy Encryption") vulnerability.
This is a flaw in the protocol rather than in the OpenSSL implementation.
The original advisory is available at:
Bodo Moller, Thai Duong, and Krzysztof Kotowicz reported this vulnerability.
A remote user with the ability to conduct a man-in-the-middle attack can decrypt SSL sessions.|
FreeBSD has issued a fix.|
The FreeBSD advisory is available at:
Vendor URL: www.openssl.org/ (Links to External Site)
Access control error|
|Underlying OS: UNIX (FreeBSD)|
|Underlying OS Comments: 8.4, 9.1, 9.2, 9.3, 10.0, 10.1|
This archive entry is a follow-up to the message listed below.|
Source Message Contents
Subject: FreeBSD Security Advisory FreeBSD-SA-14:23.openssl|
-----BEGIN PGP SIGNED MESSAGE-----
FreeBSD-SA-14:23.openssl Security Advisory
The FreeBSD Project
Topic: OpenSSL multiple vulnerabilities
Affects: All supported versions of FreeBSD.
Corrected: 2014-10-15 19:59:43 UTC (stable/10, 10.1-PRERELEASE)
2014-10-21 19:00:32 UTC (releng/10.1, 10.1-RC3)
2014-10-21 19:00:32 UTC (releng/10.1, 10.1-RC2-p1)
2014-10-21 19:00:32 UTC (releng/10.1, 10.1-RC1-p1)
2014-10-21 19:00:32 UTC (releng/10.1, 10.1-BETA3-p1)
2014-10-21 20:21:10 UTC (releng/10.0, 10.0-RELEASE-p10)
2014-10-15 20:28:31 UTC (stable/9, 9.3-STABLE)
2014-10-21 20:21:10 UTC (releng/9.3, 9.3-RELEASE-p3)
2014-10-21 20:21:10 UTC (releng/9.2, 9.2-RELEASE-p13)
2014-10-21 20:21:10 UTC (releng/9.1, 9.1-RELEASE-p20)
2014-10-15 20:28:31 UTC (stable/8, 8.4-STABLE)
2014-10-21 20:21:27 UTC (releng/8.4, 8.4-RELEASE-p17)
CVE Name: CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, CVE-2014-3568
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:http://security.FreeBSD.org/>.
FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is
a collaborative effort to develop a robust, commercial-grade, full-featured
Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)
and Transport Layer Security (TLS v1) protocols as well as a full-strength
general purpose cryptography library.
II. Problem Description
A flaw in the DTLS SRTP extension parsing code allows an attacker, who
sends a carefully crafted handshake message, to cause OpenSSL to fail
to free up to 64k of memory causing a memory leak. [CVE-2014-3513].
When an OpenSSL SSL/TLS/DTLS server receives a session ticket the
integrity of that ticket is first verified. In the event of a session
ticket integrity check failing, OpenSSL will fail to free memory
causing a memory leak. [CVE-2014-3567].
The SSL protocol 3.0, as supported in OpenSSL and other products, supports
CBC mode encryption where it could not adequately check the integrity of
padding, because of the use of non-deterministic CBC padding. This
protocol weakness makes it possible for an attacker to obtain clear text
data through a padding-oracle attack.
Some client applications (such as browsers) will reconnect using a
downgraded protocol to work around interoperability bugs in older
servers. This could be exploited by an active man-in-the-middle to
downgrade connections to SSL 3.0 even if both sides of the connection
support higher protocols. SSL 3.0 contains a number of weaknesses
including POODLE [CVE-2014-3566].
OpenSSL has added support for TLS_FALLBACK_SCSV to allow applications
to block the ability for a MITM attacker to force a protocol downgrade.
When OpenSSL is configured with "no-ssl3" as a build option, servers
could accept and complete a SSL 3.0 handshake, and clients could be
configured to send them. [CVE-2014-3568].
A remote attacker can cause Denial of Service with OpenSSL 1.0.1
server implementations for both SSL/TLS and DTLS regardless of
whether SRTP is used or configured. [CVE-2014-3513]
By sending a large number of invalid session tickets an attacker
could exploit this issue in a Denial Of Service attack.
An active man-in-the-middle attacker can force a protocol downgrade
to SSLv3 and exploit the weakness of SSLv3 to obtain clear text data
from the connection. [CVE-2014-3566] [CVE-2014-3568]
No workaround is available.
Perform one of the following:
1) Upgrade your vulnerable system to a supported FreeBSD stable or
release / security branch (releng) dated after the correction date.
2) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
3) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-10.0.patch
# fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-10.0.patch.asc
# gpg --verify openssl-10.0.patch.asc
# fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-9.3.patch
# fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-9.3.patch.asc
# gpg --verify openssl-9.3.patch.asc
[FreeBSD 8.4, 9.1 and 9.2]
# fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-8.4.patch
# fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-8.4.patch.asc
# gpg --verify openssl-8.4.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile the operating system using buildworld and installworld as
described in <URL:http://www.FreeBSD.org/handbook/makeworld.html>.
Restart all deamons using the library, or reboot the system.
VI. Correction details
The following list contains the correction revision numbers for each
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
The latest revision of this advisory is available at
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
-----END PGP SIGNATURE-----
email@example.com mailing list
To unsubscribe, send any mail to "firstname.lastname@example.org"
Go to the Top of This SecurityTracker Archive Page