The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of OpenSSL: multiple vulnerabilities

Synthesis of the vulnerability 

An attacker can use several vulnerabilities of OpenSSL.
Impacted software: ArubaOS, ProxyAV, ProxySG par Blue Coat, SGOS by Blue Coat, FabricOS, Brocade Network Advisor, Cisco ATA, AnyConnect VPN Client, Cisco ACE, ASA, AsyncOS, Cisco ESA, IOS by Cisco, IronPort Email, IronPort Web, Nexus by Cisco, NX-OS, Cisco Prime Access Registrar, Prime Collaboration Assurance, Cisco Prime DCNM, Prime Infrastructure, Cisco Prime LMS, Prime Network Control Systems, Cisco PRSM, Cisco Router, Cisco IP Phone, Cisco MeetingPlace, Cisco WSA, Clearswift Email Gateway, Debian, BIG-IP Hardware, TMOS, Fedora, FreeBSD, HP-UX, AIX, DB2 UDB, Domino, Notes, Tivoli Storage Manager, Tivoli Workload Scheduler, WebSphere AS Traditional, Juniper J-Series, Junos OS, Junos Space, Junos Space Network Management Platform, NSM Central Manager, NSMXpress, Juniper SBR, McAfee Email Gateway, McAfee Web Gateway, Data ONTAP 7-Mode, NetBSD, NetScreen Firewall, ScreenOS, Nodejs Core, OpenSSL, openSUSE, openSUSE Leap, Oracle Communications, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle Internet Directory, Solaris, Tuxedo, WebLogic, pfSense, Puppet, RHEL, Base SAS Software, SAS SAS/CONNECT, Slackware, Splunk Enterprise, stunnel, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity of this computer vulnerability: 2/4.
Number of vulnerabilities in this bulletin: 7.
Creation date: 08/01/2015.
Références of this announce: 1610582, 1699810, 1700997, 1902260, 1903541, 1973383, 55767, 9010028, ARUBA-PSA-2015-003, bulletinjan2015, c04556853, c04679334, CERTFR-2015-AVI-008, CERTFR-2015-AVI-108, CERTFR-2015-AVI-146, CERTFR-2016-AVI-303, cisco-sa-20150310-ssl, cpuapr2017, cpujul2018, cpuoct2016, cpuoct2017, CTX216642, CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0205, CVE-2015-0206, DSA-3125-1, FEDORA-2015-0512, FEDORA-2015-0601, FreeBSD-SA-15:01.openssl, HPSBUX03244, HPSBUX03334, JSA10679, MDVSA-2015:019, MDVSA-2015:062, MDVSA-2015:063, NetBSD-SA2015-006, NetBSD-SA2015-007, NTAP-20150205-0001, openSUSE-SU-2015:0130-1, openSUSE-SU-2015:1277-1, openSUSE-SU-2016:0640-1, RHSA-2015:0066-01, RHSA-2015:0800-01, SA40015, SA88, SB10108, SOL16120, SOL16123, SOL16124, SOL16126, SOL16135, SOL16136, SOL16139, SP-CAAANXD, SPL-95203, SPL-95206, SSA:2015-009-01, SSRT101885, SSRT102000, SUSE-SU-2015:1138-1, SUSE-SU-2015:1161-1, USN-2459-1, VIGILANCE-VUL-15934, VU#243585.

Description of the vulnerability 

Several vulnerabilities were announced in OpenSSL.

An attacker can send a DTLS message, to force a NULL pointer to be dereferenced in dtls1_get_record(), in order to trigger a denial of service. [severity:2/4; CVE-2014-3571]

An attacker can send a DTLS message, to create a memory leak in dtls1_buffer_record(), in order to trigger a denial of service. [severity:1/4; CVE-2015-0206]

An attacker can force a TLS client to use ECDH instead of ECDHE (ephemeral). [severity:2/4; CVE-2014-3572]

An attacker can force a TLS client to use EXPORT_RSA instead of RSA (VIGILANCE-VUL-16301). [severity:2/4; CVE-2015-0204, VU#243585]

An attacker can authenticate without using a private key, in the case where the server trusts a certification authority publishing certificates with DH keys (rare case) (VIGILANCE-VUL-16300). [severity:2/4; CVE-2015-0205]

An attacker can change the fingerprint of a certificate, with no known consequence on security. [severity:1/4; CVE-2014-8275]

In some rare cases, the BN_sqr() function produces an invalid result, with no known consequence on security. [severity:1/4; CVE-2014-3570]
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This weakness note impacts software or systems such as ArubaOS, ProxyAV, ProxySG par Blue Coat, SGOS by Blue Coat, FabricOS, Brocade Network Advisor, Cisco ATA, AnyConnect VPN Client, Cisco ACE, ASA, AsyncOS, Cisco ESA, IOS by Cisco, IronPort Email, IronPort Web, Nexus by Cisco, NX-OS, Cisco Prime Access Registrar, Prime Collaboration Assurance, Cisco Prime DCNM, Prime Infrastructure, Cisco Prime LMS, Prime Network Control Systems, Cisco PRSM, Cisco Router, Cisco IP Phone, Cisco MeetingPlace, Cisco WSA, Clearswift Email Gateway, Debian, BIG-IP Hardware, TMOS, Fedora, FreeBSD, HP-UX, AIX, DB2 UDB, Domino, Notes, Tivoli Storage Manager, Tivoli Workload Scheduler, WebSphere AS Traditional, Juniper J-Series, Junos OS, Junos Space, Junos Space Network Management Platform, NSM Central Manager, NSMXpress, Juniper SBR, McAfee Email Gateway, McAfee Web Gateway, Data ONTAP 7-Mode, NetBSD, NetScreen Firewall, ScreenOS, Nodejs Core, OpenSSL, openSUSE, openSUSE Leap, Oracle Communications, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle Internet Directory, Solaris, Tuxedo, WebLogic, pfSense, Puppet, RHEL, Base SAS Software, SAS SAS/CONNECT, Slackware, Splunk Enterprise, stunnel, SUSE Linux Enterprise Desktop, SLES, Ubuntu.

Our Vigil@nce team determined that the severity of this threat note is medium.

The trust level is of type confirmed by the editor, with an origin of document.

This bulletin is about 7 vulnerabilities.

An attacker with a expert ability can exploit this computer weakness.

Solutions for this threat 

OpenSSL: version 1.0.1k.
The version 1.0.1k is fixed:
  https://www.openssl.org/source/

OpenSSL: version 1.0.0p.
The version 1.0.0p is fixed:
  https://www.openssl.org/source/

OpenSSL: version 0.9.8zd.
The version 0.9.8zd is fixed:
  https://www.openssl.org/source/

AIX: patch for OpenSSL.
A patch is available:
  ftp://aix.software.ibm.com/aix/efixes/security/openssl_fix12.tar

ArubaOS: solution for OpenSSL.
The solution is indicated in information sources.

Blue Coat: solution for OpenSSL.
The solution is indicated in information sources.

Brocade: solution for OpenSSL (30/03/2015).
The solution is indicated in information sources.

Cisco: solution for OpenSSL.
The solution is indicated in information sources.

Citrix NetScaler: fixed versions for LOM Firmware.
Fixed versions are indicated in information sources.

Citrix NetScaler Platform IPMI LOM: solution.
The solution is indicated in information sources.

Clearswift SECURE Email Gateway: version 3.8.5.
The version 3.8.5 is fixed:
  http://app-patches.clearswift.net/Patches/Patch3_8_5.htm

Debian: new openssl packages.
New packages are available:
  Debian 7: openssl 1.0.1e-2+deb7u14

F5 BIG-IP: fixed versions for OpenSSL.
Fixed versions are indicated in information sources.

Fedora: new openssl packages.
New packages are available:
  Fedora 20: openssl 1.0.1e-41.fc20
  Fedora 21: openssl 1.0.1k-1.fc21

FreeBSD: patch for OpenSSL.
A patch is available:
  https://security.FreeBSD.org/patches/SA-15:01/openssl-9.3.patch
  https://security.FreeBSD.org/patches/SA-15:01/openssl-10.0.patch
  https://security.FreeBSD.org/patches/SA-15:01/openssl-10.1.patch

HP-UX: fixed versions for OpenSSL.
Fixed versions are indicated in information sources.

HP-UX: OpenSSL version A.00.09.08zf.
The version OpenSSL A.00.09.08zf is fixed:
  https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=OPENSSL11I

IBM AIX: patch for Java.
The announce states the URLs of the applicable patch for each version of the SDK.

IBM DB2: version 10.1 Fix Pack 6.
The version 10.1 Fix Pack 6 is fixed.

IBM Notes, Domino: patch for Java 6.
A patch is available:
  version 9.0.1.x: http://www-01.ibm.com/support/docview.wss?uid=swg21657963
  version 8.5.3: http://www-01.ibm.com/support/docview.wss?uid=swg21663874

IBM Tivoli Storage Manager: patch for OpenSSL.
A patch is indicated in information sources.

IBM Tivoli Workload Scheduler: solution for OpenSSL.
The solution is indicated in information sources.

Juniper: fixed versions for OpenSSL-08/01/2015.
Fixed versions are indicated in information sources.

Mandriva BS1: new openssl packages.
New packages are available:
  Mandriva BS1: openssl 1.0.0r-1.mbs1

Mandriva BS2: new openssl packages.
New packages are available:
  Mandriva BS2: openssl 1.0.1m-1.mbs2

Mandriva: new openssl packages.
New packages are available:
  Mandriva BS1: openssl 1.0.0p-1.mbs1

McAfee: solution for OpenSSL FREAK.
The solution is indicated in information sources.

NetApp: solution for OpenSSL 01/2015.
The solution is indicated in information sources.

NetBSD: patch for OpenSSL (20/03/2015).
A patch is available in information sources.

NetBSD: patch for OpenSSL (20/08/2015).
A patch is available in information sources.

Node.js: version 0.10.36.
The version 0.10.36 is fixed:
  http://nodejs.org/download/

openSUSE 13.2: new libressl packages.
New packages are available:
  openSUSE 13.2: libressl 2.2.1-2.3.1

openSUSE: new libopenssl0_9_8 packages.
New packages are available:
  openSUSE 13.2: libopenssl0_9_8 0.9.8zh-9.3.1
  openSUSE Leap 42.1: libopenssl0_9_8 0.9.8zh-14.1

openSUSE: new openssl packages.
New packages are available:
  openSUSE 13.1: openssl 1.0.1k-11.64.2
  openSUSE 13.2: openssl 1.0.1k-2.16.2

Oracle Communications: CPU of April 2017.
A Critical Patch Update is available:
  https://support.oracle.com/rs?type=doc&id=2247453.1
  https://support.oracle.com/rs?type=doc&id=2248470.1
  https://support.oracle.com/rs?type=doc&id=2251718.1
  https://support.oracle.com/rs?type=doc&id=2245233.1
  https://support.oracle.com/rs?type=doc&id=2248526.1
  https://support.oracle.com/rs?type=doc&id=2250567.1

Oracle Communications: CPU of October 2016.
A Critical Patch Update is available:
  https://support.oracle.com/rs?type=doc&id=2188694.1

Oracle Communications: CPU of October 2017.
A Critical Patch Update is available.

Oracle Fusion Middleware: CPU of July 2018.
A Critical Patch Update is available:
  https://support.oracle.com/rs?type=doc&id=2394520.1

pfSense: version 2.2.
The version 2.2 is fixed:
  https://www.pfsense.org/

Puppet Enterprise: version 3.7.2.
The version 3.7.2 is fixed:
  http://puppetlabs.com/

RHEL 5: new openssl packages.
New packages are available:
  RHEL 5: openssl 0.9.8e-33.el5_11

RHEL 6, 7: new openssl packages.
New packages are available:
  RHEL 6: openssl 1.0.1e-30.el6_6.5
  RHEL 7: openssl 1.0.1e-34.el7_0.7

SAS: solution for OpenSSL.
The solution is indicated in information sources.

Slackware: new openssl packages.
New packages are available:
  Slackware 13.0: openssl 0.9.8zd-*-1_slack13.0
  Slackware 13.1: openssl 0.9.8zd-*-1_slack13.1
  Slackware 13.37: openssl 0.9.8zd-*-1_slack13.37
  Slackware 14.0: openssl 1.0.1k-*-1_slack14.0
  Slackware 14.1: openssl 1.0.1k-*-1_slack14.1

Snare Enterprise Agent for Windows: version 4.2.9.
The version 4.2.9 is fixed:
  https://snaresupport.intersectalliance.com/

Solaris: patch for Third Party.
A patch is available:
  https://support.oracle.com/rs?type=doc&id=1448883.1

Splunk Enterprise: version 5.0.12.
The version 5.0.12 is fixed:
  http://www.splunk.com/

Splunk Enterprise: version 6.0.8.
The version 6.0.8 is fixed:
  http://www.splunk.com/

Splunk Enterprise: version 6.1.7.
The version 6.1.7 is fixed:
  http://www.splunk.com/

Splunk Enterprise: version 6.2.2.
The version 6.2.2 is fixed:
  http://www.splunk.com/

stunnel: version 5.10.
The version 5.10 is fixed:
  https://www.stunnel.org/downloads.html

SUSE LE 10: new IBM Java packages.
New packages are available:
  SUSE LE 10: java-1_6_0-ibm 1.6.0_sr16.4-0.8.1

SUSE LE 12: new java-1_6_0-ibm packages.
New packages are available:
  SUSE LE 12: java-1_6_0-ibm 1.6.0_sr16.4-15.1

Ubuntu: new libssl packages.
New packages are available:
  Ubuntu 14.10: libssl1.0.0 1.0.1f-1ubuntu9.1
  Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.8
  Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.21
  Ubuntu 10.04 LTS: libssl0.9.8 0.9.8k-7ubuntu8.23

WebSphere AS: patch for Java.
Some patches ae available in information sources, to be chosen according to the version of WebSphere AS.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a system vulnerability watch. The technology watch team tracks security threats targeting the computer system.