SECADV 20140605
SECADV_20140605
SSL/TLS MITM vulnerability.
A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected client or server.
This advisory covers multiple issues - this additional details page currently only covers one of the issues.
| Date | Advisory | Description | CVE | Affected Versions | Fixed In Versions |
|---|---|---|---|---|---|
| 05-Jun-2014 | SECADV_20140605 | SSL/TLS MITM vulnerability (and others) | CVE-2014-0224 | OpenSSL-0.9.8a-y, OpenSSL-1.0.0a-l, OpenSSL-1.0.1a-g | OpenSSL-0.9.8za, OpenSSL-1.0.0m, OpenSSL-1.0.1h |
Abstract
An attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. This can be exploited by a Man-in-the-middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server.
The attack can only be performed between a vulnerable client *and* server. OpenSSL clients are vulnerable in all versions of OpenSSL. Servers are only known to be vulnerable in OpenSSL 1.0.1 and 1.0.2-beta1. Users of OpenSSL servers earlier than 1.0.1 are advised to upgrade as a precaution.
Solutions and Workarounds
- OpenSSL 0.9.8 SSL/TLS users (client and/or server) should upgrade to 0.9.8za.
- OpenSSL 1.0.0 SSL/TLS users (client and/or server) should upgrade to 1.0.0m.
- OpenSSL 1.0.1 SSL/TLS users (client and/or server) should upgrade to 1.0.1h.
Detecting Vulnerability
TODO
References
- Timeline Mark J Cox
- How I discovered CCS Injection Vulnerability (CVE-2014-0224) Masashi Kikuchi
- Early ChangeCipherSpec Attack Adam Langley
