Executive Summary

Summary
Title OpenSSL vulnerabilities
Informations
Name USN-2385-1 First vendor Publication 2014-10-16
Vendor Ubuntu Last vendor Modification 2014-10-16
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:N/A:C)
Cvss Base Score 7.1 Attack Range Network
Cvss Impact Score 6.9 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS - Ubuntu 12.04 LTS - Ubuntu 10.04 LTS

Summary:

Several security issues were fixed in OpenSSL.

Software Description: - openssl: Secure Socket Layer (SSL) cryptographic library and tools

Details:

It was discovered that OpenSSL incorrectly handled memory when parsing DTLS SRTP extension data. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-3513)

It was discovered that OpenSSL incorrectly handled memory when verifying the integrity of a session ticket. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, resulting in a denial of service. (CVE-2014-3567)

In addition, this update introduces support for the TLS Fallback Signaling Cipher Suite Value (TLS_FALLBACK_SCSV). This new feature prevents protocol downgrade attacks when certain applications such as web browsers attempt to reconnect using a lower protocol version for interoperability reasons.

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.04 LTS:
libssl1.0.0 1.0.1f-1ubuntu2.7

Ubuntu 12.04 LTS:
libssl1.0.0 1.0.1-4ubuntu5.20

Ubuntu 10.04 LTS:
libssl0.9.8 0.9.8k-7ubuntu8.22

After a standard system update you need to reboot your computer to make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2385-1
CVE-2014-3513, CVE-2014-3567

Package Information:
https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.7
https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.20
https://launchpad.net/ubuntu/+source/openssl/0.9.8k-7ubuntu8.22

Original Source

Url : http://www.ubuntu.com/usn/USN-2385-1

CWE : Common Weakness Enumeration

% Id Name
67 % CWE-20 Improper Input Validation
33 % CWE-399 Resource Management Errors

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:26245
 
Oval ID: oval:org.mitre.oval:def:26245
Title: HP-UX Running OpenSSL, Remote Denial of Service (DoS), Unauthorized Access, Man-in-the-Middle (MitM) Attack
Description: Memory leak in the tls_decrypt_ticket function in t1_lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted session ticket that triggers an integrity-check failure.
Family: unix Class: vulnerability
Reference(s): CVE-2014-3567
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26416
 
Oval ID: oval:org.mitre.oval:def:26416
Title: AIX OpenSSL Denial of Service due to memory consumption
Description: Memory leak in the tls_decrypt_ticket function in t1_lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted session ticket that triggers an integrity-check failure.
Family: unix Class: vulnerability
Reference(s): CVE-2014-3567
Version: 4
Platform(s): IBM AIX 6.1
IBM AIX 7.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26743
 
Oval ID: oval:org.mitre.oval:def:26743
Title: AIX OpenSSL Denial of Service due to memory leak in DTLS SRTP extension
Description: Memory leak in d1_srtp.c in the DTLS SRTP extension in OpenSSL 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted handshake message.
Family: unix Class: vulnerability
Reference(s): CVE-2014-3513
Version: 4
Platform(s): IBM AIX 6.1
IBM AIX 7.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26829
 
Oval ID: oval:org.mitre.oval:def:26829
Title: RHSA-2014:1652: openssl security update (Important)
Description: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL), Transport Layer Security (TLS), and Datagram Transport Layer Security (DTLS) protocols, as well as a full-strength, general purpose cryptography library. This update adds support for the TLS Fallback Signaling Cipher Suite Value (TLS_FALLBACK_SCSV), which can be used to prevent protocol downgrade attacks against applications which re-connect using a lower SSL/TLS protocol version when the initial connection indicating the highest supported protocol version fails. This can prevent a forceful downgrade of the communication to SSL 3.0. The SSL 3.0 protocol was found to be vulnerable to the padding oracle attack when using block cipher suites in cipher block chaining (CBC) mode. This issue is identified as CVE-2014-3566, and also known under the alias POODLE. This SSL 3.0 protocol flaw will not be addressed in a future update; it is recommended that users configure their applications to require at least TLS protocol version 1.0 for secure communication. For additional information about this flaw, see the Knowledgebase article at https://access.redhat.com/articles/1232123 A memory leak flaw was found in the way OpenSSL parsed the DTLS Secure Real-time Transport Protocol (SRTP) extension data. A remote attacker could send multiple specially crafted handshake messages to exhaust all available memory of an SSL/TLS or DTLS server. (CVE-2014-3513) A memory leak flaw was found in the way an OpenSSL handled failed session ticket integrity checks. A remote attacker could exhaust all available memory of an SSL/TLS or DTLS server by sending a large number of invalid session tickets to that server. (CVE-2014-3567) All OpenSSL users are advised to upgrade to these updated packages, which contain backported patches to mitigate the CVE-2014-3566 issue and correct the CVE-2014-3513 and CVE-2014-3567 issues. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.
Family: unix Class: patch
Reference(s): RHSA-2014:1652-00
CESA-2014:1652
CVE-2014-3513
CVE-2014-3567
Version: 3
Platform(s): Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
CentOS Linux 6
CentOS Linux 7
Product(s): openssl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27052
 
Oval ID: oval:org.mitre.oval:def:27052
Title: USN-2385-1 -- OpenSSL vulnerabilities
Description: It was discovered that OpenSSL incorrectly handled memory when parsing DTLS SRTP extension data. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-3513">CVE-2014-3513</a>) It was discovered that OpenSSL incorrectly handled memory when verifying the integrity of a session ticket. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, resulting in a denial of service. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-3567">CVE-2014-3567</a>) In addition, this update introduces support for the TLS Fallback Signaling Cipher Suite Value (TLS_FALLBACK_SCSV). This new feature prevents protocol downgrade attacks when certain applications such as web browsers attempt to reconnect using a lower protocol version for interoperability reasons.
Family: unix Class: patch
Reference(s): USN-2385-1
CVE-2014-3513
CVE-2014-3567
Version: 3
Platform(s): Ubuntu 14.04
Ubuntu 12.04
Ubuntu 10.04
Product(s): openssl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27084
 
Oval ID: oval:org.mitre.oval:def:27084
Title: ELSA-2014-1652 -- openssl security update
Description: [1.0.1e-30.2] - fix CVE-2014-3567 - memory leak when handling session tickets - fix CVE-2014-3513 - memory leak in srtp support - add support for fallback SCSV to partially mitigate CVE-2014-3566 (padding attack on SSL3) [1.0.1e-30] - add ECC TLS extensions to DTLS (#1119800) [1.0.1e-29] - fix CVE-2014-3505 - doublefree in DTLS packet processing - fix CVE-2014-3506 - avoid memory exhaustion in DTLS - fix CVE-2014-3507 - avoid memory leak in DTLS - fix CVE-2014-3508 - fix OID handling to avoid information leak - fix CVE-2014-3509 - fix race condition when parsing server hello - fix CVE-2014-3510 - fix DoS in anonymous (EC)DH handling in DTLS - fix CVE-2014-3511 - disallow protocol downgrade via fragmentation [1.0.1e-28] - fix CVE-2014-0224 fix that broke EAP-FAST session resumption support [1.0.1e-26] - drop EXPORT, RC2, and DES from the default cipher list (#1057520) - print ephemeral key size negotiated in TLS handshake (#1057715) - do not include ECC ciphersuites in SSLv2 client hello (#1090952) - properly detect encryption failure in BIO (#1100819) - fail on hmac integrity check if the .hmac file is empty (#1105567) - FIPS mode: make the limitations on DSA, DH, and RSA keygen length enforced only if OPENSSL_ENFORCE_MODULUS_BITS environment variable is set [1.0.1e-25] - fix CVE-2010-5298 - possible use of memory after free - fix CVE-2014-0195 - buffer overflow via invalid DTLS fragment - fix CVE-2014-0198 - possible NULL pointer dereference - fix CVE-2014-0221 - DoS from invalid DTLS handshake packet - fix CVE-2014-0224 - SSL/TLS MITM vulnerability - fix CVE-2014-3470 - client-side DoS when using anonymous ECDH [1.0.1e-24] - add back support for secp521r1 EC curve [1.0.1e-23] - fix CVE-2014-0160 - information disclosure in TLS heartbeat extension [1.0.1e-22] - use 2048 bit RSA key in FIPS selftests [1.0.1e-21] - add DH_compute_key_padded needed for FIPS CAVS testing - make 3des strength to be 128 bits instead of 168 (#1056616) - FIPS mode: do not generate DSA keys and DH parameters < 2048 bits - FIPS mode: use approved RSA keygen (allows only 2048 and 3072 bit keys) - FIPS mode: add DH selftest - FIPS mode: reseed DRBG properly on RAND_add() - FIPS mode: add RSA encrypt/decrypt selftest - FIPS mode: add hard limit for 2^32 GCM block encryptions with the same key - use the key length from configuration file if req -newkey rsa is invoked [1.0.1e-20] - fix CVE-2013-4353 - Invalid TLS handshake crash [1.0.1e-19] - fix CVE-2013-6450 - possible MiTM attack on DTLS1 [1.0.1e-18] - fix CVE-2013-6449 - crash when version in SSL structure is incorrect [1.0.1e-17] - add back some no-op symbols that were inadvertently dropped
Family: unix Class: patch
Reference(s): ELSA-2014-1652
CVE-2014-3513
CVE-2014-3567
Version: 6
Platform(s): Oracle Linux 6
Oracle Linux 7
Product(s): openssl
openssl-devel
openssl-perl
openssl-static
openssl-libs
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 287

Information Assurance Vulnerability Management (IAVM)

Date Description
2015-07-16 IAVM : 2015-A-0154 - Multiple Vulnerabilities in Oracle Fusion Middleware
Severity : Category I - VMSKEY : V0061081
2015-02-05 IAVM : 2015-B-0014 - Multiple Vulnerabilities in VMware ESXi 5.5
Severity : Category I - VMSKEY : V0058513
2015-02-05 IAVM : 2015-B-0013 - Multiple Vulnerabilities in VMware ESXi 5.1
Severity : Category I - VMSKEY : V0058515
2015-02-05 IAVM : 2015-B-0012 - Multiple Vulnerabilities in VMware ESXi 5.0
Severity : Category I - VMSKEY : V0058517
2015-01-22 IAVM : 2015-B-0007 - Multiple Vulnerabilities in Juniper Secure Analytics (JSA) and Security Threa...
Severity : Category I - VMSKEY : V0058213

Snort® IPS/IDS

Date Description
2019-10-10 OpenSSL DTLS SRTP extension parsing denial-of-service attempt
RuleID : 51460 - Revision : 1 - Type : SERVER-OTHER
2019-10-01 OpenSSL TLS anomalous ascii client session ticket
RuleID : 51354 - Revision : 1 - Type : SERVER-OTHER
2019-10-01 OpenSSL TLS anomalous ascii client session ticket
RuleID : 51353 - Revision : 1 - Type : SERVER-OTHER
2019-10-01 OpenSSL TLS anomalous ascii client session ticket
RuleID : 51352 - Revision : 1 - Type : SERVER-OTHER
2019-10-01 OpenSSL TLS anomalous ascii client session ticket
RuleID : 51351 - Revision : 1 - Type : SERVER-OTHER
2019-10-01 OpenSSL TLS anomalous ascii session ticket
RuleID : 51350 - Revision : 1 - Type : SERVER-OTHER
2019-10-01 OpenSSL TLS anomalous ascii session ticket
RuleID : 51349 - Revision : 1 - Type : SERVER-OTHER
2019-10-01 OpenSSL TLS anomalous ascii session ticket
RuleID : 51348 - Revision : 1 - Type : SERVER-OTHER
2019-10-01 OpenSSL TLS anomalous ascii session ticket
RuleID : 51347 - Revision : 1 - Type : SERVER-OTHER
2019-10-01 OpenSSL TLS anomalous non-zero length session ticket in client hello
RuleID : 51346 - Revision : 1 - Type : SERVER-OTHER
2019-10-01 OpenSSL TLS anomalous non-zero length session ticket in client hello
RuleID : 51345 - Revision : 1 - Type : SERVER-OTHER
2019-10-01 OpenSSL TLS anomalous non-zero length session ticket in client hello
RuleID : 51344 - Revision : 1 - Type : SERVER-OTHER
2019-10-01 OpenSSL TLS anomalous non-zero length session ticket in client hello
RuleID : 51343 - Revision : 1 - Type : SERVER-OTHER
2014-12-11 OpenSSL TLS large number of session tickets sent - possible dos attempt
RuleID : 32468 - Revision : 3 - Type : SERVER-OTHER
2014-12-11 OpenSSL TLS large number of session tickets sent - possible dos attempt
RuleID : 32467 - Revision : 3 - Type : SERVER-OTHER
2014-12-11 OpenSSL TLS large number of session tickets sent - possible dos attempt
RuleID : 32466 - Revision : 3 - Type : SERVER-OTHER
2014-12-11 OpenSSL TLS large number of session tickets sent - possible dos attempt
RuleID : 32465 - Revision : 3 - Type : SERVER-OTHER
2014-12-09 OpenSSL DTLS SRTP extension parsing denial-of-service attempt
RuleID : 32382 - Revision : 6 - Type : SERVER-OTHER
2014-12-09 OpenSSL DTLS SRTP extension parsing denial-of-service attempt
RuleID : 32381 - Revision : 7 - Type : SERVER-OTHER

Nessus® Vulnerability Scanner

Date Description
2016-03-04 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2016-294.nasl - Type : ACT_GATHER_INFO
2015-10-02 Name : The remote Mac OS X host has an application installed that is affected by mul...
File : macosx_xcode_7_0.nasl - Type : ACT_GATHER_INFO
2015-08-03 Name : The remote web server is affected by multiple vulnerabilities.
File : hpsmh_7_4_1.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2014-1524-1.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2014-1512-1.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2014-1387-1.nasl - Type : ACT_GATHER_INFO
2015-03-30 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2015-062.nasl - Type : ACT_GATHER_INFO
2015-03-26 Name : The remote Debian host is missing a security update.
File : debian_DLA-81.nasl - Type : ACT_GATHER_INFO
2015-03-05 Name : The remote Apache Tomcat server is affected by multiple vulnerabilities.
File : tomcat_6_0_43.nasl - Type : ACT_GATHER_INFO
2015-03-05 Name : The remote Apache Tomcat server is affected by multiple vulnerabilities.
File : tomcat_7_0_57.nasl - Type : ACT_GATHER_INFO
2015-03-05 Name : The remote Apache Tomcat server is affected by multiple vulnerabilities.
File : tomcat_8_0_15.nasl - Type : ACT_GATHER_INFO
2015-02-06 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2015-0126.nasl - Type : ACT_GATHER_INFO
2015-02-03 Name : The remote host has a virtualization management application installed that is...
File : vmware_vcenter_vmsa-2015-0001.nasl - Type : ACT_GATHER_INFO
2015-01-29 Name : The remote VMware ESXi 5.5 host is affected by multiple vulnerabilities.
File : vmware_esxi_5_5_build_2352327_remote.nasl - Type : ACT_GATHER_INFO
2015-01-29 Name : The remote VMware ESXi host is missing one or more security-related patches.
File : vmware_VMSA-2015-0001.nasl - Type : ACT_GATHER_INFO
2015-01-29 Name : The remote host is missing a Mac OS X update that fixes multiple security iss...
File : macosx_SecUpd2015-001.nasl - Type : ACT_GATHER_INFO
2015-01-29 Name : The remote host is missing a Mac OS X update that fixes multiple vulnerabilit...
File : macosx_10_10_2.nasl - Type : ACT_GATHER_INFO
2015-01-22 Name : The remote host has a version of Oracle Secure Global Desktop that is affecte...
File : oracle_secure_global_desktop_jan_2015_cpu.nasl - Type : ACT_GATHER_INFO
2015-01-21 Name : A clustered file system on the remote host is affected by multiple vulnerabil...
File : ibm_gpfs_isg3T1021546_windows.nasl - Type : ACT_GATHER_INFO
2015-01-19 Name : The remote Solaris system is missing a security patch for third-party software.
File : solaris11_openssl_20141104.nasl - Type : ACT_GATHER_INFO
2014-12-30 Name : The remote application is affected by multiple denial of service vulnerabilit...
File : securitycenter_openssl_1_0_1j.nasl - Type : ACT_GATHER_INFO
2014-12-29 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL15722.nasl - Type : ACT_GATHER_INFO
2014-12-29 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL15723.nasl - Type : ACT_GATHER_INFO
2014-12-26 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201412-39.nasl - Type : ACT_GATHER_INFO
2014-12-04 Name : The remote web server contains an application that is affected by multiple vu...
File : splunk_607.nasl - Type : ACT_GATHER_INFO
2014-12-04 Name : The remote web server contains an application that is affected by multiple vu...
File : splunk_5011.nasl - Type : ACT_GATHER_INFO
2014-11-26 Name : The remote OracleVM host is missing a security update.
File : oraclevm_OVMSA-2014-0032.nasl - Type : ACT_GATHER_INFO
2014-11-17 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-671.nasl - Type : ACT_GATHER_INFO
2014-11-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1692.nasl - Type : ACT_GATHER_INFO
2014-11-06 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_libopenssl-devel-141024.nasl - Type : ACT_GATHER_INFO
2014-10-31 Name : The remote AIX host has a version of OpenSSL installed that is affected by mu...
File : aix_openssl_advisory11.nasl - Type : ACT_GATHER_INFO
2014-10-30 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-605.nasl - Type : ACT_GATHER_INFO
2014-10-24 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2014-203.nasl - Type : ACT_GATHER_INFO
2014-10-20 Name : The remote Windows host contains a program that is affected by multiple vulne...
File : stunnel_5_06.nasl - Type : ACT_GATHER_INFO
2014-10-17 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2385-1.nasl - Type : ACT_GATHER_INFO
2014-10-17 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20141016_openssl_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2014-10-17 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1652.nasl - Type : ACT_GATHER_INFO
2014-10-17 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-1652.nasl - Type : ACT_GATHER_INFO
2014-10-17 Name : The remote service is affected by multiple vulnerabilities.
File : openssl_1_0_1j.nasl - Type : ACT_GATHER_INFO
2014-10-17 Name : The remote service is affected by multiple vulnerabilities.
File : openssl_1_0_0o.nasl - Type : ACT_GATHER_INFO
2014-10-17 Name : The remote service is affected by multiple vulnerabilities.
File : openssl_0_9_8zc.nasl - Type : ACT_GATHER_INFO
2014-10-17 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3053.nasl - Type : ACT_GATHER_INFO
2014-10-17 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-1652.nasl - Type : ACT_GATHER_INFO
2014-10-16 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2014-288-01.nasl - Type : ACT_GATHER_INFO
2014-10-16 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_03175e62549411e49cc1bc5ff4fb5e7b.nasl - Type : ACT_GATHER_INFO
2014-10-16 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2014-427.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
3
Date Informations
2014-10-22 17:28:44
  • Multiple Updates
2014-10-19 09:26:42
  • Multiple Updates
2014-10-18 13:26:20
  • Multiple Updates
2014-10-16 21:22:30
  • First insertion