BugTraq
FreeBSD Security Advisory FreeBSD-SA-14:06.openssl Apr 08 2014 11:34PM
FreeBSD Security Advisories (security-advisories freebsd org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

========================================================================
=====
FreeBSD-SA-14:06.openssl Security Advisory
The FreeBSD Project

Topic: OpenSSL multiple vulnerabilities

Category: contrib
Module: openssl
Announced: 2014-04-08
Affects: All supported versions of FreeBSD.
Corrected: 2014-04-08 18:27:39 UTC (stable/10, 10.0-STABLE)
2014-04-08 18:27:46 UTC (releng/10.0, 10.0-RELEASE-p1)
2014-04-08 23:16:19 UTC (stable/9, 9.2-STABLE)
2014-04-08 23:16:05 UTC (releng/9.2, 9.2-RELEASE-p4)
2014-04-08 23:16:05 UTC (releng/9.1, 9.1-RELEASE-p11)
2014-04-08 23:16:19 UTC (stable/8, 8.4-STABLE)
2014-04-08 23:16:05 UTC (releng/8.4, 8.4-RELEASE-p8)
2014-04-08 23:16:05 UTC (releng/8.3, 8.3-RELEASE-p15)
CVE Name: CVE-2014-0076, CVE-2014-0160

For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:http://security.FreeBSD.org/>.

I. Background

FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is
a collaborative effort to develop a robust, commercial-grade, full-featured
Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)
and Transport Layer Security (TLS v1) protocols as well as a full-strength
general purpose cryptography library.

The Heartbeat Extension provides a new protocol for TLS/DTLS allowing the
usage of keep-alive functionality without performing a renegotiation and a
basis for path MTU (PMTU) discovery for DTLS.

Elliptic Curve Digital Signature Algorithm (ECDSA) is a variant of the
Digital Signature Algorithm (DSA) which uses Elliptic Curve Cryptography.
OpenSSL uses the Montgomery Ladder Approach to compute scalar multiplication
in a fixed amount of time, which does not leak any information through timing
or power.

II. Problem Description

The code used to handle the Heartbeat Extension does not do sufficient boundary
checks on record length, which allows reading beyond the actual payload.
[CVE-2014-0160]. Affects FreeBSD 10.0 only.

A flaw in the implementation of Montgomery Ladder Approach would create a
side-channel that leaks sensitive timing information. [CVE-2014-0076]

III. Impact

An attacker who can send a specifically crafted packet to TLS server or client
with an established connection can reveal up to 64k of memory of the remote
system. Such memory might contain sensitive information, including key
material, protected content, etc. which could be directly useful, or might
be leveraged to obtain elevated privileges. [CVE-2014-0160]

A local attacker might be able to snoop a signing process and might recover
the signing key from it. [CVE-2014-0076]

IV. Workaround

No workaround is available, but systems that do not use OpenSSL to implement
the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
protocols implementation and do not use the ECDSA implementation from OpenSSL
are not vulnerable.

V. Solution

Perform one of the following:

1) Upgrade your vulnerable system to a supported FreeBSD stable or
release / security branch (releng) dated after the correction date.

2) To update your vulnerable system via a source code patch:

The following patches have been verified to apply to the applicable
FreeBSD release branches.

a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.

[FreeBSD 8.x and FreeBSD 9.x]
# fetch http://security.FreeBSD.org/patches/SA-14:06/openssl.patch
# fetch http://security.FreeBSD.org/patches/SA-14:06/openssl.patch.asc
# gpg --verify openssl.patch.asc

[FreeBSD 10.0]
# fetch http://security.FreeBSD.org/patches/SA-14:06/openssl-10.patch
# fetch http://security.FreeBSD.org/patches/SA-14:06/openssl-10.patch.asc
# gpg --verify openssl-10.patch.asc

Recompile the operating system using buildworld and installworld as
described in <URL:http://www.FreeBSD.org/handbook/makeworld.html>.

Restart all deamons using the library, or reboot the system.

3) To update your vulnerable system via a binary patch:

Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:

# freebsd-update fetch
# freebsd-update install

IMPORTANT: the update procedure above does not update OpenSSL from the
Ports Collection or from a package, known as security/openssl, which
has to be updated separately via ports or package. Users who have
installed security/openssl should update to at least version 1.0.1_10.

VI. Correction details

The following list contains the correction revision numbers for each
affected branch.

Branch/path Revision
- ------------------------------------------------------------------------
-
stable/8/ r264285
releng/8.3/ r264284
releng/8.4/ r264284
stable/9/ r264285
releng/9.1/ r264284
releng/9.2/ r264284
stable/10/ r264266
releng/10.0/ r264267
- ------------------------------------------------------------------------
-

To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:

# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base

Or visit the following URL, replacing NNNNNN with the revision number:

<URL:http://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>

VII. References

<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076>
<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160>

<URL:http://www.openssl.org/news/secadv_20140407.txt>
<URL:http://eprint.iacr.org/2014/140.pdf>

The latest revision of this advisory is available at
<URL:http://security.FreeBSD.org/advisories/FreeBSD-SA-14:06.openssl.asc
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (FreeBSD)

iQIcBAEBCgAGBQJTRISyAAoJEO1n7NZdz2rnwdgP/RFT6HsugPJZeIKX2Rn36Mat
qgAET7gotiU1Y7G/647BiSCOn/BQs9Z1yTLE7wKdgiVDDTZOHJCJxssXav/+Cqli
G1Cyoi2Rv9R77sno0wdj62YguTg0EKnU52CYpHVmF2NA0H/zexXDrCgiQtyvnU62
ZtM2TO76qhKFXwNtIQ1EQYmu+qsxLbp65ryyu9Tq7rXlc52JYTa0QdWDcKoPtcBO
U85HzJwQglX2lEmipv63s0vwur5eSTtlWSmUSpFzE1jsjYiRl7xFHQKdXxA5Ifw0
qO7LYrYK7b4EyEq9TcQQKvh05IgorjRcA4i0mSQFpc0HINtgv3bYlHyQL+tyN1+k
/4uzdDFB27j8EuKZzEg6aF1JLNq9/zMvx+E0iykPodb5i+n5BzPzWc4rogHvj7rU
mfSeABG3m/SifTewy1258V3TRfTKLNU8EPX2CTnJI9WjYX83GO7sM1vtaGQUOAFK
gff2tFfeSmDpyCmp+RwnmIr5IefIG2y8s/0iJM/wLF3rW8ZrwP1zX+cot5KRCWfT
FpdhHHLRcsCLM7frxmSgRdN+iuXIAcdfbj1EN7z1ryHLk2vRsm2n66kojt4BCnig
7JcStOjMSz843+1L3eCZubHIxVxxjKBGwqVfQ9OWbgeIro0+bapYLJIavuAa9BM6
1T0hWKFh59zAxyGPqX49
=X7Qk
-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus