SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (VPN)  >   OpenSSL Vendors:   OpenSSL.org
(NetBSD Issues Fix) OpenSSL SSL 3.0 Protocol Downgrade Flaw Lets Remote Users Decrypt SSL Traffic
SecurityTracker Alert ID:  1031158
SecurityTracker URL:  http://securitytracker.com/id/1031158
CVE Reference:   CVE-2014-3566   (Links to External Site)
Date:  Nov 3 2014
Impact:   Disclosure of system information, Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  

Description:   A vulnerability was reported in OpenSSL. A remote user can decrypt SSL sessions in certain cases.

A remote user can with the ability to conduct a man-in-the-middle attack can force a client to negotiate a downgrade to SSLv3 instead of a TLS v1.x protocol and then conduct a BEAST-style of attack to decrypt portions of the session.

This protocol vulnerability is referred to as the POODLE ("Padding Oracle On Downgraded Legacy Encryption") vulnerability.

This is a flaw in the protocol rather than in the OpenSSL implementation.

The original advisory is available at:

https://www.openssl.org/~bodo/ssl-poodle.pdf

Bodo Moller, Thai Duong, and Krzysztof Kotowicz reported this vulnerability.

Impact:   A remote user with the ability to conduct a man-in-the-middle attack can decrypt SSL sessions.
Solution:   NetBSD has issued a fix.

The NetBSD advisory is available at:

http://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.asc

Vendor URL:  www.openssl.org/ (Links to External Site)
Cause:   Access control error
Underlying OS:  UNIX (NetBSD)
Underlying OS Comments:  5.1, 5.2, 6.0, 6.1

Message History:   This archive entry is a follow-up to the message listed below.
Oct 15 2014 OpenSSL SSL 3.0 Protocol Downgrade Flaw Lets Remote Users Decrypt SSL Traffic



 Source Message Contents

Subject:  NetBSD Security Advisory 2014-015: OpenSSL and SSLv3 vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

		NetBSD Security Advisory 2014-015
		=================================

Topic:		OpenSSL and SSLv3 vulnerabilities


Version:	NetBSD-current:		source prior to Oct 18th, 2014
		NetBSD 6.1 - 6.1.5:	affected
		NetBSD 6.0 - 6.0.6:	affected
		NetBSD 5.1 - 5.1.4:	affected
		NetBSD 5.2 - 5.2.2:	affected

Severity:	confidentiality breach, remote DoS

Fixed:		NetBSD-current:		Oct 17th, 2014
		NetBSD-7 branch:	Oct 19th, 2014
		NetBSD-6-0 branch:	Oct 26th, 2014
		NetBSD-6-1 branch:	Oct 26th, 2014
		NetBSD-6 branch:	Oct 26th, 2014
		NetBSD-5-2 branch:	Oct 19th, 2014
		NetBSD-5-1 branch:	Oct 19th, 2014
		NetBSD-5 branch:	Oct 19th, 2014

Teeny versions released later than the fix date will contain the fix.

Please note that NetBSD releases prior to 5.1 are no longer supported.
It is recommended that all users upgrade to a supported release.


Abstract
========

This advisory covers the OpenSSL Security Advisory of Oct 15th, 2014,
which lists four different vulnerabilities:

SRTP Memory Leak (CVE-2014-3513), a remotely DoSable memory leak
  (not present in NetBSD 5.*)
 
Session Ticket Memory Leak (CVE-2014-3567), a remotely DoSable memory leak

SSLv3 has recently been shown to be breakable by an attacker able to
intercept the data stream between the communication partners (POODLE,
CVE-2014-3566).
OpenSSL has added a mitigation mechanism:
SSL 3.0 Fallback protection - add support for TLS_FALLBACK_SCSV which
signals not to do downgrades to SSLv3 from TLS

Build option no-ssl3 is incomplete (CVE-2014-3568), OpenSSL explicitly
built with no SSLv3 support would still use this protocol as a fallback.



Technical Details
=================

see https://en.wikipedia.org/wiki/POODLE for the SSLv3 protocol
vulnerability and http://www.openssl.org/news/secadv_20141015.txt
for the OpenSSL issues.


Solutions and Workarounds
=========================

Disable SSLv3 in servers and clients.
Update the OpenSSL libraries so the prohibition of SSLv3 actually works.
Make sure the old libssl is no longer in use.
While the issue is only in libssl, unrelated source changes make it
adviseable to update libcrypto as well.

- From source:
+-----------
Update src and rebuild and install.
Note: OpenSSL in NetBSD-6 and NetBSD-current has been updated to
version 1.0.1j; updating the entire src tree is recommended.

- From tarballs:
+-------------
To obtain fixed binaries, fetch the appropriate base.tgz and comp.tgz
from a daily build later than the fix dates, from
http://nyftp.netbsd.org/pub/NetBSD-daily/<rel>/<date>/<arch>/binary/sets/
with a date later than the fix date for your branch as listed above,
and your release version and architecture
(e.g. http://nyftp.netbsd.org/pub/NetBSD-daily/netbsd-6-1/201410250200Z/amd64/binary/sets/),
and then extract the files:

Shared libraries:

tar xzpf base.tgz \*libssl\* \*libcrypto\*

And static libraries and linker config files:

tar xzpf comp.tgz \*libssl\* \*libcrypto\*

Get the fixed library into use
+-----------------------------
Since the vulnerability is in a shared library, getting the old
library purged and the fixed one into use requires restarting
all programs that load libssl.
The easiest way to do this is to reboot the system.
Another method: using /bin/sh,
ps ax -o pid | (while read pid; do \
        pmap $pid | egrep '(libssl|libcrypto)' && echo found $pid ;\
done)
will find non-chrooted programs that have the affected libraries open;
restart them. sshd will not show up in this list since it runs chrooted
and re-exec'ed but also needs to be restartet.
ldd <programname> will show the shared libraries a program will want to use.

Fixed versions, code only; note updating only these files will not work
due to additional changes, but updating the subdirectoriess e.g. from
anoncvs will:

relative to src/crypto/external/bsd/openssl/dist:
File			HEAD	netbsd-7
+--------------------------------------------------------------------------------
apps/s_client.c		1.7	1.6.2.1
crypto/err/openssl.ec	1.2	1.1.1.1.26.1
ssl/d1_lib.c		1.2	1.1.1.6.2.1
ssl/d1_srtp.c		1.2	1.1.1.2.10.1
ssl/dtls1.h		1.2	1.1.1.5.10.1
ssl/s23_clnt.c		1.7	1.6.2.1
ssl/s23_srvr.c		1.2	1.1.1.4.2.1
ssl/s2_lib.c		1.2	1.1.1.2.2.1
ssl/s3_enc.c		1.7	1.6.2.1
ssl/s3_lib.c		1.12	1.11.2.1
ssl/ssl.h		1.9	1.8.2.1
ssl/ssl3.h		1.7	1.6.2.1
ssl/ssl_err.c		1.7	1.6.2.1
ssl/ssl_lib.c		1.2	1.1.1.9.2.1
ssl/t1_enc.c		1.11	1.10.2.1
ssl/t1_lib.c		1.14	1.13.2.1
ssl/tls1.h		1.2	1.1.1.5.2.1

File			netbsd-6	netbsd-6-1		netbsd-6-0
+--------------------------------------------------------------------------------
apps/s_client.c		1.2.4.4		1.2.4.1.6.3		1.2.4.1.4.3
crypto/err/openssl.ec	1.1.1.1.8.1	1.1.1.1.22.1		1.1.1.1.14.1
ssl/d1_lib.c		1.1.1.3.4.4	1.1.1.3.4.1.6.3		1.1.1.3.4.1.4.3
ssl/d1_srtp.c		1.1.1.1.2.4	1.1.1.1.2.2.6.2		1.1.1.1.2.2.4.2
ssl/dtls1.h		1.1.1.3.4.3	1.1.1.3.4.1.6.2		1.1.1.3.4.1.4.2
ssl/s23_clnt.c		1.3.4.3		1.3.4.1.6.2		1.3.4.1.4.2
ssl/s23_srvr.c		1.1.1.3.4.2	1.1.1.3.18.2		1.1.1.3.10.2
ssl/s2_lib.c		1.1.1.1.8.2	1.1.1.1.22.2		1.1.1.1.14.2
ssl/s3_enc.c		1.4.2.3		1.4.10.3		1.4.8.3
ssl/s3_lib.c		1.7.2.4		1.7.2.1.6.3		1.7.2.1.4.3
ssl/ssl.h		1.2.2.5		1.2.2.1.6.4		1.2.2.1.4.4
ssl/ssl3.h		1.2.2.4		1.2.2.1.6.3		1.2.2.1.4.3
ssl/ssl_err.c		1.2.2.5		1.2.2.1.6.4		1.2.2.1.4.4
ssl/ssl_lib.c		1.1.1.3.4.5	1.1.1.3.4.1.6.4		1.1.1.3.4.1.4.4
ssl/t1_enc.c		1.3.4.6		1.3.4.2.6.4		1.3.4.2.4.4
ssl/t1_lib.c		1.5.4.5		1.5.4.1.6.4		1.5.4.1.4.4
ssl/tls1.h		1.1.1.3.4.3	1.1.1.3.4.1.6.2		1.1.1.3.4.1.4.2


relative to src/crypto/dist/openssl:
File                    netbsd-5	netbsd-5-2		netbsd-5-1
+--------------------------------------------------------------------------------
apps/s_client.c         1.1.1.11.4.1	1.1.1.11.2.1		1.1.1.11.12.1
crypto/err/openssl.ec   1.1.1.7.4.1	1.1.1.7.2.1		1.1.1.7.12.1
ssl/s23_clnt.c          1.1.1.10.4.1	1.1.1.10.2.1		1.1.1.10.12.1
ssl/s23_srvr.c          1.6.4.2		1.6.2.2			1.6.12.2
ssl/s2_lib.c            1.12.4.1	1.12.2.1		1.12.12.1
ssl/s3_enc.c            1.1.1.12.4.3	1.1.1.12.4.2.2.1	1.1.1.12.4.1.2.2
ssl/s3_lib.c            1.14.4.2	1.14.4.1.6.1		1.14.4.1.2.1
ssl/ssl.h               1.18.4.2	1.18.4.1.6.1		1.18.4.1.2.1
ssl/ssl3.h              1.8.4.2		1.8.2.2			1.8.12.2
ssl/ssl_err.c           1.12.4.2	1.12.4.1.6.1		1.12.4.1.2.1
ssl/ssl_lib.c           1.5.4.1		1.5.2.1			1.5.12.1
ssl/t1_enc.c            1.1.1.12.4.2	1.1.1.12.4.1.6.1	1.1.1.12.4.1.2.1
ssl/t1_lib.c            1.2.4.5		1.2.4.3.2.2		1.2.12.5
ssl/tls1.h		1.1.1.8.4.1	1.1.1.8.2.1		1.1.1.8.12.1



Thanks To
=========

Thanks to the OpenSSL team, the LibreSSL team, and Akamai Technologies
from the Google Security Team for finding and publishing about POODLE.


Revision History
================

	2014-11-03	Initial release


More Information
================

Advisories may be updated as new information becomes available.
The most recent version of this advisory (PGP signed) can be found at 
  http://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.asc

Information about NetBSD and NetBSD security can be found at
http://www.NetBSD.org/ and http://www.NetBSD.org/Security/ .


Copyright 2014, The NetBSD Foundation, Inc.  All Rights Reserved.
Redistribution permitted only in full, unmodified form.

$NetBSD: NetBSD-SA2014-015.txt,v 1.1 2014/11/02 22:17:45 spz Exp $

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (NetBSD)

iQIcBAEBAgAGBQJUV/DaAAoJEAZJc6xMSnBuJH8P/2xAMGkbX8jCdP6yE/1cCcyt
XspFUGUWVs6hkvBxm534+zrbVsyXLsyajy1fdBdhamUHKTEtQsDGuq8lWGmKMIhk
AmXXGUvISZcTMA2QTwOCHwdlcOn6eGUs123USywsfveU7ZkNN1UzlckSFlwXDAfJ
UCFW1jZxNsC3PH+71taACHmqV/BO+SY8KqdVbK9LC3NLswAK+2Y+KlGpZD6S1vtH
ZeJxvp/fd4p87xnQP4SPVtbFn1MY1n3PWxm/Vk919TFn5jygArl/1fvagwJIxQq5
EOLa6cVUQXSbPh1PsHZOE+kpEPQf0poA706lQnR8McxLygPXycW6qX+O62l+w9Ev
ZtVrgZsrRKy8ETuQjPuTu6S5b5KfTH0+x1SzroGx9wKIaXFPcdrL9Gc6O8zvvurH
9mlJugXaL/kATXG8MEcAv2qiTonLtv2I8qz287z6oqw/vTsORtSfb34LvPKD+pe6
dqu4u43QFgzWiDff1OfrO0ssK0C/q9RBH8h4Uf2JLeW8YNfz9b2S5qguTHbs9655
h1nEvAfW10zf1XC3I2q5eudXchukAA2LrI2jLifpxWTLdacGtahhcyudMdgsBQQI
uF723i5z/u/WcuLU9sMsyDXUYFMSeK+CqAICh8gVlkAGI1HjpMc40yNaiUGTXQpe
8DGwVP3FCgEXXfTpWPUp
=hnkQ
-----END PGP SIGNATURE-----
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC