More OpenSSL vulnerabilities

[Popijopi 0]

 

OpenSSL Security Advisory [6 Aug 2014]========================================Information leak in pretty printing functions (CVE-2014-3508)=============================================================A flaw in OBJ_obj2txt may cause pretty printing functions such asX509_name_oneline, X509_name_print_ex et al. to leak some information from thestack. Applications may be affected if they echo pretty printing output to theattacker. OpenSSL SSL/TLS clients and servers themselves are not affected.OpenSSL 0.9.8 users should upgrade to 0.9.8zbOpenSSL 1.0.0 users should upgrade to 1.0.0n.OpenSSL 1.0.1 users should upgrade to 1.0.1i.Thanks to Ivan Fratric (Google) for discovering this issue. This issuewas reported to OpenSSL on 19th June 2014.The fix was developed by Emilia Käsper and Stephen Henson of the OpenSSLdevelopment team.Crash with SRP ciphersuite in Server Hello message (CVE-2014-5139)==================================================================The issue affects OpenSSL clients and allows a malicious server to crashthe client with a null pointer dereference (read) by specifying an SRPciphersuite even though it was not properly negotiated with the client. This canbe exploited through a Denial of Service attack.OpenSSL 1.0.1 SSL/TLS client users should upgrade to 1.0.1i.Thanks to Joonas Kuorilehto and Riku Hietamäki (Codenomicon) for discovering andresearching this issue. This issue was reported to OpenSSL on 2nd July 2014.The fix was developed by Stephen Henson of the OpenSSL core team.Race condition in ssl_parse_serverhello_tlsext (CVE-2014-3509)==============================================================If a multithreaded client connects to a malicious server using a resumed sessionand the server sends an ec point format extension it could write up to 255 bytesto freed memory.OpenSSL 1.0.0 SSL/TLS client users should upgrade to 1.0.0n.OpenSSL 1.0.1 SSL/TLS client users should upgrade to 1.0.1i.Thanks to Gabor Tyukasz (LogMeIn Inc) for discovering and researching thisissue. This issue was reported to OpenSSL on 8th July 2014.The fix was developed by Gabor Tyukasz.Double Free when processing DTLS packets (CVE-2014-3505)========================================================An attacker can force an error condition which causes openssl to crash whilstprocessing DTLS packets due to memory being freed twice. This can be exploitedthrough a Denial of Service attack.OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8zbOpenSSL 1.0.0 DTLS users should upgrade to 1.0.0n.OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1i.Thanks to Adam Langley and Wan-Teh Chang (Google) for discovering andresearching this issue. This issue was reported to OpenSSL on 6th June2014.The fix was developed by Adam Langley.DTLS memory exhaustion (CVE-2014-3506)======================================An attacker can force openssl to consume large amounts of memory whilstprocessing DTLS handshake messages. This can be exploited through a Denial ofService attack.OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8zbOpenSSL 1.0.0 DTLS users should upgrade to 1.0.0n.OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1i.Thanks to Adam Langley (Google) for discovering and researching thisissue. This issue was reported to OpenSSL on 6th June 2014.The fix was developed by Adam Langley.DTLS memory leak from zero-length fragments (CVE-2014-3507)===========================================================By sending carefully crafted DTLS packets an attacker could cause openssl toleak memory. This can be exploited through a Denial of Service attack.OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8zbOpenSSL 1.0.0 DTLS users should upgrade to 1.0.0n.OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1i.Thanks to Adam Langley (Google) for discovering and researching thisissue. This issue was reported to OpenSSL on 6th June 2014.The fix was developed by Adam Langley.OpenSSL DTLS anonymous EC(DH) denial of service (CVE-2014-3510)===============================================================OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject to adenial of service attack. A malicious server can crash the client with a nullpointer dereference (read) by specifying an anonymous (EC)DH ciphersuite andsending carefully crafted handshake messages.OpenSSL 0.9.8 DTLS client users should upgrade to 0.9.8zbOpenSSL 1.0.0 DTLS client users should upgrade to 1.0.0n.OpenSSL 1.0.1 DTLS client users should upgrade to 1.0.1i.Thanks to Felix Gröbert (Google) for discovering and researching this issue.This issue was reported to OpenSSL on 18th July 2014.The fix was developed by Emilia Käsper of the OpenSSL development team.OpenSSL TLS protocol downgrade attack (CVE-2014-3511)=====================================================A flaw in the OpenSSL SSL/TLS server code causes the server to negotiateTLS 1.0 instead of higher protocol versions when the ClientHello message isbadly fragmented. This allows a man-in-the-middle attacker to force adowngrade to TLS 1.0 even if both the server and the client support a higherprotocol version, by modifying the client's TLS records.OpenSSL 1.0.1 SSL/TLS server users should upgrade to 1.0.1i.Thanks to David Benjamin and Adam Langley (Google) for discovering andresearching this issue. This issue was reported to OpenSSL on 21st July 2014.The fix was developed by David Benjamin.SRP buffer overrun (CVE-2014-3512)==================================A malicious client or server can send invalid SRP parameters and overrunan internal buffer. Only applications which are explicitly set up for SRPuse are affected.OpenSSL 1.0.1 SSL/TLS users should upgrade to 1.0.1i.Thanks to Sean Devlin and Watson Ladd (Cryptography Services, NCCGroup) for discovering this issue. This issue was reported to OpenSSLon 31st July 2014.The fix was developed by Stephen Henson of the OpenSSL core team.References==========URL for this Security Advisory:http://www.openssl.org/news/secadv_20140806.txtNote: the online version of the advisory may be updated with additionaldetails over time.

 

[OpenSourcerer 1409]

Quite normal bugs. They just sound dangerous.

People discover these things everyday in every piece of software aviable, just look at SecurityFocus' Vulnerabilities RSS feed. You will find quite similar things there.