The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of OpenSSL: use after free via DTLS

Synthesis of the vulnerability 

An attacker can force the usage of a freed memory area via DTLS in OpenSSL, in order to trigger a denial of service, and possibly to execute code.
Vulnerable products: ProxyAV, ProxySG par Blue Coat, SGOS by Blue Coat, FabricOS, Brocade Network Advisor, Brocade vTM, Cisco ASR, Cisco ATA, Cisco AnyConnect Secure Mobility Client, AnyConnect VPN Client, Cisco ACE, ASA, AsyncOS, Cisco Catalyst, Cisco Content SMA, Cisco ESA, IOS by Cisco, IOS XE Cisco, IOS XR Cisco, Cisco IPS, IronPort Encryption, Nexus by Cisco, NX-OS, Cisco Prime Access Registrar, Prime Collaboration Assurance, Cisco Prime DCNM, Prime Infrastructure, Cisco Prime LMS, Prime Network Control Systems, Cisco PRSM, Cisco Router, Secure ACS, Cisco CUCM, Cisco Manager Attendant Console, Cisco Unified CCX, Cisco IP Phone, Cisco MeetingPlace, Cisco Wireless IP Phone, Unity Cisco, Cisco WSA, Debian, VNX Operating Environment, VNX Series, BIG-IP Hardware, TMOS, HP Switch, AIX, IRAD, McAfee Email and Web Security, McAfee Email Gateway, Data ONTAP 7-Mode, Snap Creator Framework, SnapManager, NetBSD, OpenSSL, openSUSE, Palo Alto Firewall PA***, PAN-OS, pfSense, RHEL, stunnel, Ubuntu.
Severity of this weakness: 2/4.
Creation date: 12/06/2015.
Références of this bulletin: 1961569, 9010038, 9010039, BSA-2015-006, c05184351, CERTFR-2015-AVI-257, cisco-sa-20150612-openssl, CVE-2014-8176, DSA-2019-197, DSA-3287-1, HPSBHF03613, NetBSD-SA2015-008, NTAP-20150616-0001, openSUSE-SU-2015:1277-1, PAN-SA-2016-0020, PAN-SA-2016-0028, RHSA-2015:1115-01, SA98, SB10122, SOL16920, USN-2639-1, VIGILANCE-VUL-17118.

Description of the vulnerability 

The DTLS (Datagram Transport Layer Security) protocol, based on TLS, provides a cryptographic layer over the UDP protocol.

However, if data are received between the ChangeCipherSpec and Finished messages, OpenSSL frees a memory area before reusing it.

An attacker can therefore force the usage of a freed memory area via DTLS in OpenSSL, in order to trigger a denial of service, and possibly to execute code.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This computer weakness bulletin impacts software or systems such as ProxyAV, ProxySG par Blue Coat, SGOS by Blue Coat, FabricOS, Brocade Network Advisor, Brocade vTM, Cisco ASR, Cisco ATA, Cisco AnyConnect Secure Mobility Client, AnyConnect VPN Client, Cisco ACE, ASA, AsyncOS, Cisco Catalyst, Cisco Content SMA, Cisco ESA, IOS by Cisco, IOS XE Cisco, IOS XR Cisco, Cisco IPS, IronPort Encryption, Nexus by Cisco, NX-OS, Cisco Prime Access Registrar, Prime Collaboration Assurance, Cisco Prime DCNM, Prime Infrastructure, Cisco Prime LMS, Prime Network Control Systems, Cisco PRSM, Cisco Router, Secure ACS, Cisco CUCM, Cisco Manager Attendant Console, Cisco Unified CCX, Cisco IP Phone, Cisco MeetingPlace, Cisco Wireless IP Phone, Unity Cisco, Cisco WSA, Debian, VNX Operating Environment, VNX Series, BIG-IP Hardware, TMOS, HP Switch, AIX, IRAD, McAfee Email and Web Security, McAfee Email Gateway, Data ONTAP 7-Mode, Snap Creator Framework, SnapManager, NetBSD, OpenSSL, openSUSE, Palo Alto Firewall PA***, PAN-OS, pfSense, RHEL, stunnel, Ubuntu.

Our Vigil@nce team determined that the severity of this computer threat announce is medium.

The trust level is of type confirmed by the editor, with an origin of internet client.

An attacker with a expert ability can exploit this threat announce.

Solutions for this threat 

OpenSSL: version 1.0.1h.
The version 1.0.1h is fixed:
  http://www.openssl.org/

OpenSSL: version 1.0.0m.
The version 1.0.0m is fixed:
  http://www.openssl.org/

OpenSSL: version 0.9.8za.
Version 0.9.8za is fixed:
  http://www.openssl.org/

AIX: patch for OpenSSL (15/07/2015).
A patch is available:
  ftp://aix.software.ibm.com/aix/efixes/security/openssl_fix14.tar

Blue Coat: fixed versions for OpenSSL.
Fixed versions are indicated in information sources.

Brocade: solution for OpenSSL.
The solution is indicated in information sources.

Cisco: solution for OpenSSL.
Solutions for some product are available in information sources.

Debian: new openssl packages.
New packages are available:
  Debian 7: openssl 1.0.1e-2+deb7u17
  Debian 8: openssl 1.0.1k-3+deb8u1

Dell EMC VNXe: version MR4 Service Pack 5.
The version MR4 Service Pack 5 is fixed:
  https://www.dell.com/support/

F5 BIG-IP: fixed versions.
Fixed versions are indicated in information sources.

HPE Switch Comware: patch for OpenSSL.
A patch is indicated in information sources for numerous products of the families Comware 5 and Comware 7.

IBM Rational Application Developer: solution for OpenSSL.
The solution is indicated in information sources.

McAfee Email and Web Security: version 5.6h1054075.
The version 5.6h1054075 est fixed:
  https://support.mcafee.com/downloads
Workarounds are indicated in the McAfee announce.

McAfee Email Gateway: version 7.6.401.
Version 7.6.401 is fixed:
  https://support.mcafee.com/downloads

NetApp Data: solution for OpenSSL 06/2015.
A patch is available:
  Data ONTAP Edge: http://mysupport.netapp.com/NOW/cgi-bin/bol?Type=Detail&Display=923550
  Data ONTAP operating in 7-Mode: http://mysupport.netapp.com/NOW/cgi-bin/bol?Type=Detail&Display=923548
  Data ONTAP SMI-S Agent: http://mysupport.netapp.com/NOW/cgi-bin/bol?Type=Detail&Display=923545
  Snap Creator Framework: https://mysupport.netapp.com/NOW/download/software/snapcreator_framework/4.3P1/
  SnapManager for SAP win: http://mysupport.netapp.com/NOW/download/software/snapmanager_sap_win/3.4P2/
  SnapManager for SAP unix: http://mysupport.netapp.com/NOW/download/software/snapmanager_sap_unix/3.4P2/

NetBSD: patch for OpenSSL.
A patch is available in information sources.

openSUSE 13.2: new libressl packages.
New packages are available:
  openSUSE 13.2: libressl 2.2.1-2.3.1

PAN-OS: versions 5.0.20, 5.1.13, 6.0.14, 6.1.13, 7.0.9 and 7.1.4.
Versions 5.0.20, 5.1.13, 6.0.14, 6.1.13, 7.0.9 and 7.1.4 are fixed.

pfSense: version 2.2.3.
The version 2.2.3 is fixed:
  https://www.pfsense.org/download/mirror.php?section=updates
  https://www.pfsense.org/download/mirror.php?section=downloads

RHEL: new openssl packages.
New packages are available:
  RHEL 6: openssl 1.0.1e-30.el6_6.11
  RHEL 7: openssl 1.0.1e-42.el7_1.8

stunnel: version 5.18.
The version 5.18 is fixed:
  https://www.stunnel.org/downloads.html

Ubuntu: new openssl packages.
New packages are available:
  Ubuntu 15.04: libssl1.0.0 1.0.1f-1ubuntu11.4
  Ubuntu 14.10: libssl1.0.0 1.0.1f-1ubuntu9.8
  Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.15
  Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.31
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides computers vulnerabilities announces. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.