Difference between revisions of "SECADV 20140605"

From OpenSSLWiki
Jump to navigationJump to search
(Created page with "= SECADV_20140605 = SSL/TLS MITM vulnerability. A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected c…")
 
m
 
Line 21: Line 21:
 
| SSL/TLS MITM vulnerability (and others)
 
| SSL/TLS MITM vulnerability (and others)
 
| [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224 CVE-2014-0224]  
 
| [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224 CVE-2014-0224]  
| OpenSSL-0.9.8a-z, OpenSSL-1.0.0a-l, OpenSSL-1.0.1a-g
+
| OpenSSL-0.9.8a-y, OpenSSL-1.0.0a-l, OpenSSL-1.0.1a-g
 
| OpenSSL-0.9.8za, OpenSSL-1.0.0m, OpenSSL-1.0.1h
 
| OpenSSL-0.9.8za, OpenSSL-1.0.0m, OpenSSL-1.0.1h
 
|-
 
|-

Latest revision as of 19:21, 6 June 2014

SECADV_20140605[edit]

SSL/TLS MITM vulnerability.

A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected client or server.

This advisory covers multiple issues - this additional details page currently only covers one of the issues.

Date Advisory Description CVE Affected Versions Fixed In Versions
05-Jun-2014 SECADV_20140605 SSL/TLS MITM vulnerability (and others) CVE-2014-0224 OpenSSL-0.9.8a-y, OpenSSL-1.0.0a-l, OpenSSL-1.0.1a-g OpenSSL-0.9.8za, OpenSSL-1.0.0m, OpenSSL-1.0.1h

Abstract[edit]

An attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. This can be exploited by a Man-in-the-middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server.

The attack can only be performed between a vulnerable client *and* server. OpenSSL clients are vulnerable in all versions of OpenSSL. Servers are only known to be vulnerable in OpenSSL 1.0.1 and 1.0.2-beta1. Users of OpenSSL servers earlier than 1.0.1 are advised to upgrade as a precaution.

Solutions and Workarounds[edit]

  • OpenSSL 0.9.8 SSL/TLS users (client and/or server) should upgrade to 0.9.8za.
  • OpenSSL 1.0.0 SSL/TLS users (client and/or server) should upgrade to 1.0.0m.
  • OpenSSL 1.0.1 SSL/TLS users (client and/or server) should upgrade to 1.0.1h.

Detecting Vulnerability[edit]

TODO

References[edit]