The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

security alert CVE-2015-0138 CVE-2015-0204

OpenSSL, LibReSSL, Mono, JSSE: weakening TLS encryption via FREAK

Synthesis of the vulnerability

An attacker, located as a Man-in-the-Middle, can force the Chrome, JSSE, LibReSSL, Mono or OpenSSL client to accept a weak export algorithm, in order to more easily capture or alter exchanged data.
Severity of this alert: 2/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 04/03/2015.
Revision date: 09/03/2015.
Références of this alert: 122007, 1450666, 1610582, 1647054, 1698613, 1699051, 1699810, 1700225, 1700997, 1701485, 1902260, 1903541, 1963275, 1968485, 1973383, 55767, 7014463, 7022958, 9010028, ARUBA-PSA-2015-003, bulletinjan2015, c04556853, c04679334, c04773241, CERTFR-2015-AVI-108, CERTFR-2015-AVI-117, CERTFR-2015-AVI-146, CERTFR-2016-AVI-303, cisco-sa-20150310-ssl, cpuapr2017, cpujul2018, cpuoct2017, CTX216642, CVE-2015-0138, CVE-2015-0204, DSA-3125-1, FEDORA-2015-0512, FEDORA-2015-0601, FG-IR-15-007, FREAK, FreeBSD-SA-15:01.openssl, HPSBMU03345, HPSBUX03244, HPSBUX03334, JSA10679, MDVSA-2015:019, MDVSA-2015:062, MDVSA-2015:063, NetBSD-SA2015-006, NetBSD-SA2015-007, NTAP-20150205-0001, openSUSE-SU-2015:0130-1, openSUSE-SU-2016:0640-1, RHSA-2015:0066-01, RHSA-2015:0800-01, RHSA-2015:1020-01, RHSA-2015:1021-01, RHSA-2015:1091-01, SA40015, SA88, SA91, SB10108, SB10110, SOL16120, SOL16123, SOL16124, SOL16126, SOL16135, SOL16136, SOL16139, SP-CAAANXD, SPL-95203, SPL-95206, SSA:2015-009-01, SSRT101885, SSRT102000, SUSE-SU-2015:1073-1, SUSE-SU-2015:1085-1, SUSE-SU-2015:1086-1, SUSE-SU-2015:1086-2, SUSE-SU-2015:1086-3, SUSE-SU-2015:1086-4, SUSE-SU-2015:1138-1, SUSE-SU-2015:1161-1, T1022075, USN-2459-1, VIGILANCE-VUL-16301, VN-2015-003_FREAK, VU#243585.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The TLS protocol uses a series of messages which have to be exchanged between the client and the server, before establishing a secured session.

Several cryptographic algorithms can be negotiated, such as algorithms allowed for USA export (less than 512 bits).

An attacker, located as a Man-in-the-Middle, can inject during the session initialization a message choosing an export algorithm. This message should generate an error, however some TLS clients accept it.

Note: the variant related to Windows is described in VIGILANCE-VUL-16332.

An attacker, located as a Man-in-the-Middle, can therefore force the Chrome, JSSE, LibReSSL, Mono or OpenSSL client to accept a weak export algorithm, in order to more easily capture or alter exchanged data.
Full Vigil@nce bulletin... (Free trial)

This security weakness impacts software or systems such as Arkoon FAST360, ArubaOS, Avaya Ethernet Routing Switch, ProxyAV, ProxySG par Blue Coat, SGOS by Blue Coat, FabricOS, Brocade Network Advisor, Cisco ATA, AnyConnect VPN Client, Cisco ACE, ASA, AsyncOS, Cisco ESA, IOS by Cisco, IronPort Email, IronPort Web, Nexus by Cisco, NX-OS, Cisco Prime Access Registrar, Prime Collaboration Assurance, Cisco Prime DCNM, Prime Infrastructure, Cisco Prime LMS, Prime Network Control Systems, Cisco PRSM, Cisco Router, Cisco IP Phone, Cisco MeetingPlace, Cisco WSA, Clearswift Email Gateway, Debian, Black Diamond, ExtremeXOS, Summit, BIG-IP Hardware, TMOS, Fedora, FortiClient, FortiGate, FortiGate Virtual Appliance, FortiOS, FreeBSD, Chrome, HPE NNMi, HP-UX, AIX, DB2 UDB, Domino, Notes, IRAD, Security Directory Server, Tivoli Directory Server, Tivoli Storage Manager, Tivoli Workload Scheduler, WebSphere AS Traditional, WebSphere MQ, Juniper J-Series, Junos OS, Junos Space, Junos Space Network Management Platform, NSM Central Manager, NSMXpress, Juniper SBR, McAfee Email Gateway, ePO, McAfee NTBA, McAfee NGFW, VirusScan, McAfee Web Gateway, Windows (platform) ~ not comprehensive, Data ONTAP 7-Mode, NetBSD, NetScreen Firewall, ScreenOS, Nodejs Core, OpenBSD, Java OpenJDK, OpenSSL, openSUSE, openSUSE Leap, Oracle Communications, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle Internet Directory, Java Oracle, Solaris, Tuxedo, WebLogic, pfSense, Puppet, RHEL, Base SAS Software, SAS SAS/CONNECT, Slackware, Sophos AV, Splunk Enterprise, Stonesoft NGFW/VPN, stunnel, SUSE Linux Enterprise Desktop, SLES, Ubuntu, Unix (platform) ~ not comprehensive.

Our Vigil@nce team determined that the severity of this threat bulletin is medium.

The trust level is of type confirmed by the editor, with an origin of internet server.

This bulletin is about 2 vulnerabilities.

An attacker with a expert ability can exploit this threat.

Solutions for this threat

Chrome: version 41.0.2272.76.
The version 41.0.2272.76 is fixed:
  http://www.google.com/chrome/index.html

LibReSSL: version 2.1.2.
The version 2.1.2 is fixed:
  http://www.libressl.org/

Mono: version 3.12.1.
The version 3.12.1 is fixed:
  http://www.mono-project.com/download/

OpenSSL: version 1.0.1k.
The version 1.0.1k is fixed:
  https://www.openssl.org/source/

OpenSSL: version 1.0.0p.
The version 1.0.0p is fixed:
  https://www.openssl.org/source/

OpenSSL: version 0.9.8zd.
The version 0.9.8zd is fixed:
  https://www.openssl.org/source/

AIX: fixed versions for JSSE.
Fixed versions are indicated in information sources.

AIX: patch for OpenSSL.
A patch is available:
  ftp://aix.software.ibm.com/aix/efixes/security/openssl_fix12.tar

Arkoon Firewall FAST360: versions 5.0/34 and 6.0/8.
Versions 5.0/34 and 6.0/8 are fixed:
  http://www.arkoon.net/

ArubaOS: solution for OpenSSL.
The solution is indicated in information sources.

Avaya Ethernet Routing Switch: version 7.2.23.0.
The version 7.2.23.0 is fixed:
  https://downloads.avaya.com/css/P8/documents/101023231
  http://support.avaya.com

Blue Coat: fixed versions for FREAK.
Fixed versions are indicated in information sources.

Blue Coat: solution for OpenSSL.
The solution is indicated in information sources.

Brocade: solution for OpenSSL (12/05/2015).
The solution is indicated in information sources.

Brocade: solution for OpenSSL (30/03/2015).
The solution is indicated in information sources.

Cisco: solution for OpenSSL.
The solution is indicated in information sources.

Citrix NetScaler: fixed versions for LOM Firmware.
Fixed versions are indicated in information sources.

Citrix NetScaler Platform IPMI LOM: solution.
The solution is indicated in information sources.

Clearswift SECURE Email Gateway: version 3.8.5.
The version 3.8.5 is fixed:
  http://app-patches.clearswift.net/Patches/Patch3_8_5.htm

Debian: new openssl packages.
New packages are available:
  Debian 7: openssl 1.0.1e-2+deb7u14

Extreme Networks: solution for FREAK.
The solution is indicated in information sources.

F5 BIG-IP: fixed versions for OpenSSL.
Fixed versions are indicated in information sources.

Fedora: new openssl packages.
New packages are available:
  Fedora 20: openssl 1.0.1e-41.fc20
  Fedora 21: openssl 1.0.1k-1.fc21

Fortinet FortiOS: versions 5.0.11 and 5.2.3.
Versions 5.0.11 and 5.2.3 are fixed.

FreeBSD: patch for OpenSSL.
A patch is available:
  https://security.FreeBSD.org/patches/SA-15:01/openssl-9.3.patch
  https://security.FreeBSD.org/patches/SA-15:01/openssl-10.0.patch
  https://security.FreeBSD.org/patches/SA-15:01/openssl-10.1.patch

HP Network Node Manager i: patch for OpenSSL.
A patch is available in information sources.

HP-UX: fixed versions for OpenSSL.
Fixed versions are indicated in information sources.

HP-UX: OpenSSL version A.00.09.08zf.
The version OpenSSL A.00.09.08zf is fixed:
  https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=OPENSSL11I

IBM AIX: patch for Java.
The announce states the URLs of the applicable patch for each version of the SDK.

IBM DB2: version 10.1 Fix Pack 5.
The version 10.1 Fix Pack 5 is fixed:
  http://www-304.ibm.com/support/docview.wss?uid=swg24040170#Description

IBM DB2: version 10.1 Fix Pack 6.
The version 10.1 Fix Pack 6 is fixed.

IBM DB2: version 10.5 Fix Pack 6.
The version 10.5 Fix Pack 6 is fixed:
  http://www-01.ibm.com/support/docview.wss?uid=swg24040522

IBM DB2: version 10.5 Fix Pack 7.
The version 10.5 Fix Pack 7 is fixed:
  http://www-01.ibm.com/support/docview.wss?uid=swg24041243

IBM DB2: version 9.7 Fix Pack 11.
The version 9.7 Fix Pack 11 is fixed:
  http://www-01.ibm.com/support/docview.wss?uid=swg24040935

IBM Notes, Domino: patch for Java 6.
A patch is available:
  version 9.0.1.x: http://www-01.ibm.com/support/docview.wss?uid=swg21657963
  version 8.5.3: http://www-01.ibm.com/support/docview.wss?uid=swg21663874

IBM Rational Application Developer: solution for IBM Java SDK.
The solution is indicated in information sources.

IBM Security Directory Server: solution for FREAK.
The solution is indicated in information sources.

IBM Tivoli Directory Server: patch for FREAK.
A patch is available:
  http://www-01.ibm.com/support/docview.wss?uid=swg21698703

IBM Tivoli Storage Manager: patch for OpenSSL.
A patch is indicated in information sources.

IBM Tivoli Workload Scheduler: solution for OpenSSL.
The solution is indicated in information sources.

IBM WebSphere MQ: solution for Java.
The solution is indicated in information sources.

Juniper: fixed versions for OpenSSL-08/01/2015.
Fixed versions are indicated in information sources.

Mandriva BS1: new openssl packages.
New packages are available:
  Mandriva BS1: openssl 1.0.0r-1.mbs1

Mandriva BS2: new openssl packages.
New packages are available:
  Mandriva BS2: openssl 1.0.1m-1.mbs2

Mandriva: new openssl packages.
New packages are available:
  Mandriva BS1: openssl 1.0.0p-1.mbs1

McAfee: solution for OpenSSL.
The solution is indicated in information sources.

McAfee: solution for OpenSSL FREAK.
The solution is indicated in information sources.

NetApp: solution for OpenSSL 01/2015.
The solution is indicated in information sources.

NetBSD: patch for OpenSSL (20/03/2015).
A patch is available in information sources.

NetBSD: patch for OpenSSL (20/08/2015).
A patch is available in information sources.

Node.js: version 0.10.36.
The version 0.10.36 is fixed:
  http://nodejs.org/download/

OpenBSD: patch for FREAK.
A patch is available in information sources.

openSUSE: new libopenssl0_9_8 packages.
New packages are available:
  openSUSE 13.2: libopenssl0_9_8 0.9.8zh-9.3.1
  openSUSE Leap 42.1: libopenssl0_9_8 0.9.8zh-14.1

openSUSE: new openssl packages.
New packages are available:
  openSUSE 13.1: openssl 1.0.1k-11.64.2
  openSUSE 13.2: openssl 1.0.1k-2.16.2

Oracle Communications: CPU of April 2017.
A Critical Patch Update is available:
  https://support.oracle.com/rs?type=doc&id=2247453.1
  https://support.oracle.com/rs?type=doc&id=2248470.1
  https://support.oracle.com/rs?type=doc&id=2251718.1
  https://support.oracle.com/rs?type=doc&id=2245233.1
  https://support.oracle.com/rs?type=doc&id=2248526.1
  https://support.oracle.com/rs?type=doc&id=2250567.1

Oracle Communications: CPU of October 2017.
A Critical Patch Update is available.

Oracle Fusion Middleware: CPU of July 2018.
A Critical Patch Update is available:
  https://support.oracle.com/rs?type=doc&id=2394520.1

pfSense: version 2.2.
The version 2.2 is fixed:
  https://www.pfsense.org/

Puppet Enterprise: version 3.7.2.
The version 3.7.2 is fixed:
  http://puppetlabs.com/

Red Hat Satellite 5: new java-1.6.0-ibm packages.
New packages are available:
  RHEL 5: java-1.6.0-ibm 1.6.0.16.4-1jpp.1.el5
  RHEL 6: java-1.6.0-ibm 1.6.0.16.4-1jpp.1.el6_6

RHEL 5: new openssl packages.
New packages are available:
  RHEL 5: openssl 0.9.8e-33.el5_11

RHEL 6, 7: new openssl packages.
New packages are available:
  RHEL 6: openssl 1.0.1e-30.el6_6.5
  RHEL 7: openssl 1.0.1e-34.el7_0.7

RHEL: new java-1.5.0-ibm packages.
New packages are available:
  RHEL 5: java-1.5.0-ibm 1.5.0.16.10-1jpp.1.el5
  RHEL 6: java-1.5.0-ibm 1.5.0.16.10-1jpp.1.el6_6

RHEL: new java-1.7.1-ibm packages.
New packages are available:
  RHEL 6: java-1.7.1-ibm 1.7.1.3.0-1jpp.2.el6_6
  RHEL 7: java-1.7.1-ibm 1.7.1.3.0-1jpp.2.el7_1

SAS: solution for OpenSSL.
The solution is indicated in information sources.

Slackware: new openssl packages.
New packages are available:
  Slackware 13.0: openssl 0.9.8zd-*-1_slack13.0
  Slackware 13.1: openssl 0.9.8zd-*-1_slack13.1
  Slackware 13.37: openssl 0.9.8zd-*-1_slack13.37
  Slackware 14.0: openssl 1.0.1k-*-1_slack14.0
  Slackware 14.1: openssl 1.0.1k-*-1_slack14.1

Snare Enterprise Agent for Windows: version 4.2.9.
The version 4.2.9 is fixed:
  https://snaresupport.intersectalliance.com/

Solaris: patch for Third Party.
A patch is available:
  https://support.oracle.com/rs?type=doc&id=1448883.1

Sophos Anti-Virus: fixed versions for FREAK.
Fixed versions are indicated in information sources.

Splunk Enterprise: version 5.0.12.
The version 5.0.12 is fixed:
  http://www.splunk.com/

Splunk Enterprise: version 6.0.8.
The version 6.0.8 is fixed:
  http://www.splunk.com/

Splunk Enterprise: version 6.1.7.
The version 6.1.7 is fixed:
  http://www.splunk.com/

Splunk Enterprise: version 6.2.2.
The version 6.2.2 is fixed:
  http://www.splunk.com/

stunnel: version 5.10.
The version 5.10 is fixed:
  https://www.stunnel.org/downloads.html

SUSE LE 10: new IBM Java packages.
New packages are available:
  SUSE LE 10: java-1_6_0-ibm 1.6.0_sr16.4-0.8.1

SUSE LE 12: new java-1_6_0-ibm packages.
New packages are available:
  SUSE LE 12: java-1_6_0-ibm 1.6.0_sr16.4-15.1

SUSE LE 12: new java-1_7_1-ibm packages.
New packages are available:
  SUSE LE 12: java-1_7_1-ibm 1.7.1_sr3.0-11.1

SUSE LE: new IBM Java packages.
New packages are available:
  SUSE LE 10: java-1_5_0-ibm 1.5.0_sr16.10-0.6.1
  SUSE LE 11: java-1_6_0-ibm 1.6.0_sr16.4-0.3.1, java-1_7_0-ibm 1.7.0_sr9.0-0.7.1

Ubuntu: new libssl packages.
New packages are available:
  Ubuntu 14.10: libssl1.0.0 1.0.1f-1ubuntu9.1
  Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.8
  Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.21
  Ubuntu 10.04 LTS: libssl0.9.8 0.9.8k-7ubuntu8.23

WebSphere AS: patch for Java.
Some patches ae available in information sources, to be chosen according to the version of WebSphere AS.

WebSphere AS: version 7.0.0.39.
The version 7.0.0.39 is fixed:
  http://www.ibm.com/support/docview.wss?uid=swg24041013

WebSphere AS: version 8.0.0.11.
The version 8.0.0.11 is fixed:
  http://www.ibm.com/support/docview.wss?uid=swg24040425

WebSphere AS: workaround for FREAK.
A workaround is indicated in the information source.

WebSphere MQ: solution.
The solution is indicated in information sources.
Full Vigil@nce bulletin... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides a network vulnerability bulletin. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications.