Home / mailingsPDF  

FreeBSD Security Advisory FreeBSD-SA-15:01.openssl

Posted on 14 January 2015
FreeBSD security notificat

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

=============================================================================
FreeBSD-SA-15:01.openssl Security Advisory
The FreeBSD Project

Topic: OpenSSL multiple vulnerabilities

Category: contrib
Module: openssl
Announced: 2015-01-14
Affects: All supported versions of FreeBSD.
Corrected: 2015-01-09 00:58:20 UTC (stable/10, 10.1-STABLE)
2015-01-14 21:27:46 UTC (releng/10.1, 10.1-RELEASE-p4)
2015-01-14 21:27:46 UTC (releng/10.0, 10.0-RELEASE-p16)
2015-01-09 01:11:43 UTC (stable/9, 9.3-STABLE)
2015-01-14 21:27:46 UTC (releng/9.3, 9.3-RELEASE-p8)
2015-01-09 01:11:43 UTC (stable/8, 8.4-STABLE)
2015-01-14 21:27:46 UTC (releng/8.4, 8.4-RELEASE-p22)
CVE Name: CVE-2014-3571, CVE-2015-0206, CVE-2014-3569, CVE-2014-3572
CVE-2015-0204, CVE-2015-0205, CVE-2014-8275, CVE-2014-3570

For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:https://security.FreeBSD.org/>.

I. Background

FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is
a collaborative effort to develop a robust, commercial-grade, full-featured
Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)
and Transport Layer Security (TLS v1) protocols as well as a full-strength
general purpose cryptography library.

II. Problem Description

A carefully crafted DTLS message can cause a segmentation fault in OpenSSL
due to a NULL pointer dereference. [CVE-2014-3571]

A memory leak can occur in the dtls1_buffer_record function under certain
conditions. [CVE-2015-0206]

When OpenSSL is built with the no-ssl3 option and a SSL v3 ClientHello is
received the ssl method would be set to NULL which could later result in
a NULL pointer dereference. [CVE-2014-3569] This does not affect
FreeBSD's default build.

An OpenSSL client will accept a handshake using an ephemeral ECDH
ciphersuite using an ECDSA certificate if the server key exchange message
is omitted. [CVE-2014-3572]

An OpenSSL client will accept the use of an RSA temporary key in a non-export
RSA key exchange ciphersuite. [CVE-2015-0204]

An OpenSSL server will accept a DH certificate for client authentication
without the certificate verify message. [CVE-2015-0205]

OpenSSL accepts several non-DER-variations of certificate signature
algorithm and signature encodings. OpenSSL also does not enforce a
match between the signature algorithm between the signed and unsigned
portions of the certificate. [CVE-2014-8275]

Bignum squaring (BN_sqr) may produce incorrect results on some
platforms, including x86_64. [CVE-2014-3570]

III. Impact

An attacker who can send a carefully crafted DTLS message can cause server
daemons that uses OpenSSL to crash, resulting a Denial of Service.
[CVE-2014-3571]

An attacker who can send repeated DTLS records with the same sequence number
but for the next epoch can exhaust the server's memory and result in a Denial of
Service. [CVE-2015-0206]

A server can remove forward secrecy from the ciphersuite. [CVE-2014-3572]

A server could present a weak temporary key and downgrade the security of
the session. [CVE-2015-0204]

A client could authenticate without the use of a private key. This only
affects servers which trust a client certificate authority which issues
certificates containing DH keys, which is extremely rare. [CVE-2015-0205]

By modifying the contents of the signature algorithm or the encoding of
the signature, it is possible to change the certificate's fingerprint.

This does not allow an attacker to forge certificates, and does not
affect certificate verification or OpenSSL servers/clients in any
other way. It also does not affect common revocation mechanisms. Only
custom applications that rely on the uniqueness of the fingerprint
(e.g. certificate blacklists) may be affected. [CVE-2014-8275]

IV. Workaround

No workaround is available.

V. Solution

Perform one of the following:

1) Upgrade your vulnerable system to a supported FreeBSD stable or
release / security branch (releng) dated after the correction date.

2) To update your vulnerable system via a binary patch:

Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:

# freebsd-update fetch
# freebsd-update install

3) To update your vulnerable system via a source code patch:

The following patches have been verified to apply to the applicable
FreeBSD release branches.

a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.

[FreeBSD 8.4 and FreeBSD 9.3]
# fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-9.3.patch
# fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-9.3.patch.asc
# gpg --verify openssl-9.3.patch.asc

[FreeBSD 10.0]
# fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.0.patch
# fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.0.patch.asc
# gpg --verify openssl-10.0.patch.asc

[FreeBSD 10.1]
# fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.1.patch
# fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.1.patch.asc
# gpg --verify openssl-10.1.patch.asc

b) Apply the patch. Execute the following commands as root:

# cd /usr/src
# patch < /path/to/patch

c) Recompile the operating system using buildworld and installworld as
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.

Restart all deamons using the library, or reboot the system.

VI. Correction details

The following list contains the correction revision numbers for each
affected branch.

Branch/path Revision
- -------------------------------------------------------------------------
stable/8/ r276865
releng/8.4/ r277195
stable/9/ r276865
releng/9.3/ r277195
stable/10/ r276864
releng/10.0/ r277195
releng/10.1/ r277195
- -------------------------------------------------------------------------

To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:

# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base

Or visit the following URL, replacing NNNNNN with the revision number:

<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>

VII. References

<URL:https://www.openssl.org/news/secadv_20150108.txt>

<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569>

<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570>

<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571>

<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572>

<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275>

<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204>

<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205>

<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206>

The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-15:01.openssl.asc>

 

TOP