The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them. |
|
 |
|
|
Synthesis of the vulnerability 
An attacker can establish a connection with a multi-thread application linked to OpenSSL with OPENSSL_NO_BUF_FREELIST, in order to potentially inject data in the session of another user.
Impacted systems: ArubaOS, ProxyAV, ProxySG par Blue Coat, SGOS by Blue Coat, Cisco ASR, Cisco ATA, Cisco ACE, ASA, AsyncOS, Cisco Catalyst, CiscoWorks, Cisco Content SMA, Cisco CSS, Cisco ESA, IOS by Cisco, IOS XE Cisco, IOS XR Cisco, Cisco IPS, IronPort Email, IronPort Management, IronPort Web, Nexus by Cisco, NX-OS, Prime Collaboration Assurance, Prime Collaboration Manager, Prime Infrastructure, Cisco PRSM, Cisco Router, Secure ACS, Cisco CUCM, Cisco Manager Attendant Console, Cisco Unified CCX, Cisco IP Phone, Cisco MeetingPlace, Cisco Wireless IP Phone, Unity Cisco, WebNS, Cisco WSA, Debian, Avamar, EMC CAVA, EMC CEE, EMC CEPA, Celerra FAST, Celerra NS, Celerra NX4, EMC CMDCE, Connectrix Switch, ECC, NetWorker, PowerPath, Unisphere EMC, VNX Operating Environment, VNX Series, BIG-IP Hardware, TMOS, Fedora, FortiAnalyzer, FortiAnalyzer Virtual Appliance, FortiClient, FortiManager, FortiManager Virtual Appliance, FreeBSD, ProCurve Switch, HP Switch, AIX, Juniper J-Series, Junos OS, Junos Pulse, Juniper Network Connect, Juniper UAC, McAfee Web Gateway, NetBSD, OpenBSD, OpenSSL, openSUSE, Solaris, pfSense, Polycom CMA, HDX, RealPresence Collaboration Server, Polycom VBP, RHEL, ACE Agent, ACE Server, RSA Authentication Agent, RSA Authentication Manager, SecurID, ROS, ROX, RuggedSwitch, SIMATIC, Slackware, stunnel, Ubuntu, ESXi, vCenter Server, VMware vSphere, VMware vSphere Hypervisor.
Severity of this alert: 1/4.
Creation date: 14/04/2014.
Revision date: 05/06/2014.
Références of this alert: 2167, aid-06062014, c04347622, CERTFR-2014-AVI-253, CERTFR-2014-AVI-254, CERTFR-2014-AVI-255, CERTFR-2014-AVI-260, CERTFR-2014-AVI-274, CERTFR-2014-AVI-279, CERTFR-2014-AVI-286, cisco-sa-20140605-openssl, CTX140876, CVE-2010-5298, DOC-53313, DSA-2908-1, FEDORA-2014-17576, FEDORA-2014-17587, FEDORA-2014-7101, FEDORA-2014-7102, FG-IR-14-018, FreeBSD-SA-14:09.openssl, HPSBHF03052, JSA10629, MDVSA-2014:090, MDVSA-2015:062, NetBSD-SA2014-006, openSUSE-SU-2014:0592-1, RHSA-2014:0625-01, RHSA-2014:0628-01, RHSA-2014:0679-01, SA40006, SA80, SB10075, SOL15328, SSA:2014-156-03, SSA-234763, USN-2192-1, VIGILANCE-VUL-14585, VMSA-2014-0006, VMSA-2014-0006.1, VMSA-2014-0006.10, VMSA-2014-0006.11, VMSA-2014-0006.2, VMSA-2014-0006.3, VMSA-2014-0006.4, VMSA-2014-0006.5, VMSA-2014-0006.6, VMSA-2014-0006.7, VMSA-2014-0006.8, VMSA-2014-0006.9.
Description of the vulnerability 
The OpenSSL product uses a proprietary implementation of malloc to manage its memory.
However, when this feature is disabled with OPENSSL_NO_BUF_FREELIST, a memory area is not freed, and the ssl3_setup_read_buffer() function can, in multi-thread mode, reuse data from another SSL session.
An attacker can therefore establish a connection with a multi-threaded application linked to OpenSSL with OPENSSL_NO_BUF_FREELIST, in order to potentially inject data in the session of another user. Full bulletin, software filtering, emails, fixes, ... (Request your free trial)
This security weakness impacts software or systems such as ArubaOS, ProxyAV, ProxySG par Blue Coat, SGOS by Blue Coat, Cisco ASR, Cisco ATA, Cisco ACE, ASA, AsyncOS, Cisco Catalyst, CiscoWorks, Cisco Content SMA, Cisco CSS, Cisco ESA, IOS by Cisco, IOS XE Cisco, IOS XR Cisco, Cisco IPS, IronPort Email, IronPort Management, IronPort Web, Nexus by Cisco, NX-OS, Prime Collaboration Assurance, Prime Collaboration Manager, Prime Infrastructure, Cisco PRSM, Cisco Router, Secure ACS, Cisco CUCM, Cisco Manager Attendant Console, Cisco Unified CCX, Cisco IP Phone, Cisco MeetingPlace, Cisco Wireless IP Phone, Unity Cisco, WebNS, Cisco WSA, Debian, Avamar, EMC CAVA, EMC CEE, EMC CEPA, Celerra FAST, Celerra NS, Celerra NX4, EMC CMDCE, Connectrix Switch, ECC, NetWorker, PowerPath, Unisphere EMC, VNX Operating Environment, VNX Series, BIG-IP Hardware, TMOS, Fedora, FortiAnalyzer, FortiAnalyzer Virtual Appliance, FortiClient, FortiManager, FortiManager Virtual Appliance, FreeBSD, ProCurve Switch, HP Switch, AIX, Juniper J-Series, Junos OS, Junos Pulse, Juniper Network Connect, Juniper UAC, McAfee Web Gateway, NetBSD, OpenBSD, OpenSSL, openSUSE, Solaris, pfSense, Polycom CMA, HDX, RealPresence Collaboration Server, Polycom VBP, RHEL, ACE Agent, ACE Server, RSA Authentication Agent, RSA Authentication Manager, SecurID, ROS, ROX, RuggedSwitch, SIMATIC, Slackware, stunnel, Ubuntu, ESXi, vCenter Server, VMware vSphere, VMware vSphere Hypervisor.
Our Vigil@nce team determined that the severity of this threat bulletin is low.
The trust level is of type confirmed by the editor, with an origin of internet client.
An attacker with a expert ability can exploit this threat.
Solutions for this threat 
OpenSSL: version 1.0.1h.
The version 1.0.1h is fixed:
http://www.openssl.org/
OpenSSL: version 1.0.0m.
The version 1.0.0m is fixed:
http://www.openssl.org/
OpenSSL: patch for OPENSSL_NO_BUF_FREELIST.
A patch is available in information sources.
pfSense: version 2.1.3.
The version 2.1.3 is fixed:
https://www.pfsense.org/
stunnel: version 5.02.
The version 5.02 is fixed:
https://www.stunnel.org/downloads.html
AIX: patch for openssl.
A patch is available in information sources.
https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=aixbp
openssl-1.0.1.503.tar.Z
Aruba: solution for OpenSSL.
The solution is indicated in information sources.
Blue Coat: solution for OpenSSL.
The solution is indicated in information sources.
Cisco: solution for OpenSSL.
The solution is indicated in information sources.
Vulnerable products are listed in the information sources.
Debian: new openssl packages.
New packages are available:
Debian 7: openssl 1.0.1e-2+deb7u7
EMC: solution for OpenSSL.
The solution is indicated in information sources.
F5 BIG-IP: fixed versions for OPENSSL_NO_BUF_FREELIST.
Fixed versions are indicated in information sources.
Fedora: new mingw-openssl packages.
New packages are available:
Fedora 20: mingw-openssl 1.0.1j-1.fc20
Fedora 21: mingw-openssl 1.0.1j-1.fc21
Fedora: new openssl packages.
New packages are available:
Fedora 19: openssl 1.0.1e-38.fc19
Fedora 20: openssl 1.0.1e-38.fc20
Fortinet: solution for OpenSSL.
The solution is indicated in information sources.
FreeBSD: patch for OpenSSL.
A patch is available in information sources.
HP: solution for OpenSSL.
The solution is indicated in information sources.
Juniper: solution for OpenSSL.
The solution is indicated in information sources.
Mandriva BS2: new openssl packages.
New packages are available:
Mandriva BS2: openssl 1.0.1m-1.mbs2
Mandriva BS: new openssl packages.
New packages are available:
Mandriva BS1: openssl 1.0.0k-1.4.mbs1
McAfee Web Gateway: patch for OpenSSL.
A patch is available in information sources.
NetBSD: patch for OpenSSL.
A patch is available in information sources.
OpenBSD: patch for FREELIST.
A patch is available:
http://ftp.openbsd.org/pub/OpenBSD/patches/5.3/common/015_openssl.patch
http://ftp.openbsd.org/pub/OpenBSD/patches/5.4/common/008_openssl.patch
http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/004_openssl.patch.sig
openSUSE: new openssl packages.
New packages are available:
openSUSE 12.3: openssl 1.0.1g-1.52.1
openSUSE 13.1: openssl 1.0.1g-11.40.1
Polycom Converged Management Application: version 5.2.6.
The version 5.2.6 is fixed.
Polycom HDX: version 3.1.5.
The version 3.1.5 is fixed.
Polycom RMX 1800/Collaboration Server: version 8.4.1.
The version 8.4.1 is fixed.
Polycom Video Border Proxy: version 11.2.18.
The version 11.2.18 is fixed.
Red Hat Storage Server 2.1: new openssl packages.
New packages are available:
RHEL 6: openssl 1.0.1e-16.el6_5.14
RHEL 6.5: new openssl packages.
New packages are available:
RHEL 6: openssl 1.0.1e-16.el6_5.14
RHEL 7.0: new openssl packages.
New packages are available:
RHEL 7: openssl 1.0.1e-34.el7_0.3
Siemens: solution for OpenSSL.
The solution is indicated in information sources.
Slackware: new openssl packages.
New packages are available:
Slackware 13.0: openssl 0.9.8za-i486-1_slack13.0
Slackware 13.1: openssl 0.9.8za-i486-1_slack13.1
Slackware 13.37: openssl 0.9.8za-i486-1_slack13.37
Slackware 14.0: openssl 1.0.1h-i486-1_slack14.0
Slackware 14.1: openssl 1.0.1h-i486-1_slack14.1
Solaris: version 11.1.20.5.0.
The version 11.1.20.5.0 is fixed:
https://support.oracle.com/rs?type=doc&id=1683966.1
Ubuntu: new libssl1.0.0 packages.
New packages are available:
Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.1
Ubuntu 13.10: libssl1.0.0 1.0.1e-3ubuntu1.3
Ubuntu 12.10: libssl1.0.0 1.0.1c-3ubuntu2.8
Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.13
VMware: solution for OpenSSL.
The solution is indicated in information sources.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)
Computer vulnerabilities tracking service 
Vigil@nce provides a computer security announce. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.
|