Tjh at 19:21, 6 June 2014

2014-06-06T19:21:09Z

Tjh: Created page with "= SECADV_20140605 = SSL/TLS MITM vulnerability. A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected c…"

2014-06-05T23:31:43Z

Created page with "= SECADV_20140605 = SSL/TLS MITM vulnerability. A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected c…"

New page

= SECADV_20140605 =

SSL/TLS MITM vulnerability.

A missing bounds check in the handling of the TLS heartbeat extension can be
used to reveal up to 64k of memory to a connected client or server.

This advisory covers multiple issues - this additional details page currently only covers one of the issues.

{| class="wikitable" border="1"
|-
! scope="col" | Date
! scope="col" | Advisory
! scope="col" | Description
! scope="col" | CVE
! scope="col" | Affected Versions
! scope="col" | Fixed In Versions
|-
| 05-Jun-2014
| [https://www.openssl.org/news/secadv_20140605.txt SECADV_20140605]
| SSL/TLS MITM vulnerability (and others)
| [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224 CVE-2014-0224]
| OpenSSL-0.9.8a-z, OpenSSL-1.0.0a-l, OpenSSL-1.0.1a-g
| OpenSSL-0.9.8za, OpenSSL-1.0.0m, OpenSSL-1.0.1h
|-
|}

== Abstract ==

An attacker using a carefully crafted handshake can force the use of weak
keying material in OpenSSL SSL/TLS clients and servers. This can be exploited
by a Man-in-the-middle (MITM) attack where the attacker can decrypt and
modify traffic from the attacked client and server.

The attack can only be performed between a vulnerable client *and*
server. OpenSSL clients are vulnerable in all versions of OpenSSL. Servers
are only known to be vulnerable in OpenSSL 1.0.1 and 1.0.2-beta1. Users
of OpenSSL servers earlier than 1.0.1 are advised to upgrade as a precaution.

== Solutions and Workarounds ==

:* OpenSSL 0.9.8 SSL/TLS users (client and/or server) should upgrade to 0.9.8za.
:* OpenSSL 1.0.0 SSL/TLS users (client and/or server) should upgrade to 1.0.0m.
:* OpenSSL 1.0.1 SSL/TLS users (client and/or server) should upgrade to 1.0.1h.

== Detecting Vulnerability ==

TODO

== References ==

:* [https://plus.google.com/u/0/+MarkJCox/posts/L8i6PSsKJKs Timeline] Mark J Cox
:* [http://ccsinjection.lepidum.co.jp/blog/2014-06-05/CCS-Injection-en/index.html '''How I discovered CCS Injection Vulnerability (CVE-2014-0224)'''] Masashi Kikuchi
:* [https://www.imperialviolet.org/2014/06/05/earlyccs.html '''Early ChangeCipherSpec Attack'''] Adam Langley

@@ Line 21: / Line 21: @@
 | SSL/TLS MITM vulnerability (and others)
 | [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224 CVE-2014-0224]
-| OpenSSL-0.9.8a-z, OpenSSL-1.0.0a-l, OpenSSL-1.0.1a-g
+| OpenSSL-0.9.8a-y, OpenSSL-1.0.0a-l, OpenSSL-1.0.1a-g
 | OpenSSL-0.9.8za, OpenSSL-1.0.0m, OpenSSL-1.0.1h
 |-

SECADV 20140605 - Revision history

Tjh at 19:21, 6 June 2014

Tjh: Created page with "= SECADV_20140605 = SSL/TLS MITM vulnerability. A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected c…"