The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Vulnerability of OpenSSL: disclosure of ECDSA secret

Synthesis of the vulnerability

A local attacker can guess the ECDSA secret used by the OpenSSL implementation, in order to obtain sensitive information.
Severity of this threat: 1/4.
Creation date: 21/03/2014.
Revision date: 05/06/2014.
Références of this weakness: 1673696, 1681249, 1688949, c04336637, CERTFR-2014-AVI-179, CERTFR-2014-AVI-253, CERTFR-2014-AVI-254, CERTFR-2014-AVI-255, CERTFR-2014-AVI-279, CERTFR-2014-AVI-286, cisco-sa-20140605-openssl, CVE-2014-0076, DOC-53313, DSA-2908-1, FreeBSD-SA-14:06.openssl, HPSBUX03046, JSA10629, MDVSA-2014:067, MDVSA-2015:062, NetBSD-SA2014-006, openSUSE-SU-2014:0480-1, openSUSE-SU-2016:0640-1, pfSense-SA-14_04.openssl, SA40006, SB10075, SSA:2014-098-01, SSRT101590, SUSE-SU-2014:0759-1, SUSE-SU-2014:0761-1, SUSE-SU-2014:0762-1, USN-2165-1, VIGILANCE-VUL-14462.

Description of the vulnerability

The ECDSA (Elliptic Curve Digital Signature Algorithm) algorithm uses a secret "k" value.

However, a local attacker can monitor the process linked to OpenSSL, and use the "FLUSH+RELOAD Cache" attack on a conditional branch (if), to obtain bit after bit the "k" secret value.

A local attacker can therefore guess the ECDSA secret used by the OpenSSL implementation, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

This security threat impacts software or systems such as Cisco ASR, Cisco ATA, Cisco ACE, ASA, AsyncOS, Cisco Catalyst, CiscoWorks, Cisco Content SMA, Cisco CSS, Cisco ESA, IOS by Cisco, IOS XE Cisco, IOS XR Cisco, Cisco IPS, IronPort Email, IronPort Management, IronPort Web, Nexus by Cisco, NX-OS, Prime Collaboration Assurance, Prime Collaboration Manager, Prime Infrastructure, Cisco PRSM, Cisco Router, Secure ACS, Cisco CUCM, Cisco Manager Attendant Console, Cisco Unified CCX, Cisco IP Phone, Cisco MeetingPlace, Cisco Wireless IP Phone, Unity Cisco, WebNS, Cisco WSA, Debian, Avamar, EMC CAVA, EMC CEE, EMC CEPA, Celerra FAST, Celerra NS, Celerra NX4, EMC CMDCE, Connectrix Switch, ECC, NetWorker, PowerPath, Unisphere EMC, VNX Operating Environment, VNX Series, FreeBSD, HP-UX, AIX, Tivoli Workload Scheduler, WebSphere AS Traditional, WebSphere MQ, Juniper J-Series, Junos OS, Junos Pulse, Juniper Network Connect, Juniper UAC, McAfee Web Gateway, NetBSD, OpenSSL, openSUSE, openSUSE Leap, Solaris, pfSense, Polycom CMA, HDX, RealPresence Collaboration Server, Polycom VBP, ACE Agent, ACE Server, RSA Authentication Agent, RSA Authentication Manager, SecurID, Slackware, stunnel, SUSE Linux Enterprise Desktop, SLES, Ubuntu.

Our Vigil@nce team determined that the severity of this computer weakness note is low.

The trust level is of type confirmed by the editor, with an origin of document.

An attacker with a expert ability can exploit this computer threat alert.

Solutions for this threat

OpenSSL: version 1.0.1g.
The version 1.0.1g is fixed:
  http://www.openssl.org/

OpenSSL: version 1.0.0m.
The version 1.0.0m is fixed:
  http://www.openssl.org/

OpenSSL: version 0.9.8za.
Version 0.9.8za is fixed:
  http://www.openssl.org/

pfSense: version 2.1.2.
The version 2.1.2 is fixed:
  http://www.pfsense.org/

stunnel: version 5.01.
The version 5.01 is fixed:
  https://www.stunnel.org/downloads.html

AIX: OpenSSL version 1.0.1.502.
The version 1.0.1.502 is fixed:
  https://www14.software.ibm.com/webapp/iwm/web/reg/download.do?source=aixbp&lang=en_US&S_PKG=openssl&cp=UTF-8

Cisco: solution for OpenSSL.
The solution is indicated in information sources.
Vulnerable products are listed in the information sources.

Debian: new openssl packages.
New packages are available:
  Debian 7: openssl 1.0.1e-2+deb7u7

EMC: solution for OpenSSL.
The solution is indicated in information sources.

FreeBSD: patch for OpenSSL.
A patch is available:
  http://security.FreeBSD.org/patches/SA-14:06/openssl.patch
  http://security.FreeBSD.org/patches/SA-14:06/openssl-10.patch

HP-UX: fixed versions for OpenSSL.
Fixed versions are indicated in information sources.

IBM Tivoli Workload Scheduler: patch for GSKit.
A patch is available:
  8.5.1-TIV-TWS-FP0005-IV60577
  8.6.0-TIV-TWS-FP0003-IV60577
  9.1.0-TIV-TWS-FP0001-IV60577
  9.2.0-TIV-TWS-FP0000-IV60577

Juniper: solution for OpenSSL.
The solution is indicated in information sources.

Mandriva BS1: new openssl packages.
New packages are available:
  Mandriva BS1: openssl 1.0.0k-1.2.mbs1

Mandriva BS2: new openssl packages.
New packages are available:
  Mandriva BS2: openssl 1.0.1m-1.mbs2

McAfee Web Gateway: patch for OpenSSL.
A patch is available in information sources.

NetBSD: patch for OpenSSL.
A patch is available in information sources.

NetBSD: version 6.0.5.
The version 6.0.5 is fixed:
  http://www.netbsd.org/

NetBSD: version 6.1.4.
The version 6.1.4 is fixed:
  http://www.netbsd.org/

openSUSE: new libopenssl0_9_8 packages.
New packages are available:
  openSUSE 13.2: libopenssl0_9_8 0.9.8zh-9.3.1
  openSUSE Leap 42.1: libopenssl0_9_8 0.9.8zh-14.1

openSUSE: new openssl packages.
New packages are available:
  openSUSE 12.3: openssl 1.0.1e-1.40.1
  openSUSE 13.1: openssl 1.0.1e-11.28.1

Polycom Converged Management Application: version 5.2.6.
The version 5.2.6 is fixed.

Polycom HDX: version 3.1.5.
The version 3.1.5 is fixed.

Polycom RMX 1800/Collaboration Server: version 8.4.1.
The version 8.4.1 is fixed.

Polycom Video Border Proxy: version 11.2.18.
The version 11.2.18 is fixed.

Slackware: new openssl packages.
New packages are available:
  Slackware 14.0: openssl 1.0.1g-i486-1_slack14.0, openssl-solibs 1.0.1g-i486-1_slack14.0
  Slackware 14.1: openssl 1.0.1g-i486-1_slack14.1, openssl-solibs 1.0.1g-i486-1_slack14.1

Solaris 11.2: patch for OpenSSL.
A patch is available:
  https://updates.oracle.com/download/19298012.html

Solaris: version 11.1.20.5.0.
The version 11.1.20.5.0 is fixed:
  https://support.oracle.com/rs?type=doc&id=1683966.1

SUSE LE 11: new openssl packages.
New packages are available:
  SUSE LE 11: openssl 0.9.8j-0.58.1

Ubuntu: new libssl1.0.0 packages.
New packages are available:
  Ubuntu 13.10: libssl1.0.0 1.0.1e-3ubuntu1.2
  Ubuntu 12.10: libssl1.0.0 1.0.1c-3ubuntu2.7
  Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.12

WebSphere AS: version 8.5.5.3.
The version 8.5.5.3 is fixed:
  http://www-01.ibm.com/

WebSphere MQ: workaround for ECDSA.
A workaround is to disable ECDSA.
Full Vigil@nce bulletin... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides applications vulnerabilities announces. Each administrator can customize the list of products for which he wants to receive vulnerability alerts.