OpenSSL continues to bleed out more flaws – more critical vulnerabilities found

Cyberoam Blog
A bevy of security experts, tech giants and organizations are yet to overcome the impact of Heartbleed, since they are still occupied addressing potential risks associated with the bug discovered in the widely used OpenSSL encryption standard. Even as the world continues to reel in the aftermath of Heartbleed scare, OpenSSL has recently reported six new vulnerabilities in Open SSL library, urging users to apply available fixes / patches immediately. Among these new flaws, two are reported as critical. Unlike Heartbleed, which was a huge flaw in web encryption or SSL, these newly found vulnerabilities lead to different forms of attacks including man-in-the-middle, remote code execution, DoS etc as stems from the table below.

Cyberoam Blog

Information on associated Common Vulnerabilities and Exposures (CVE) IDs for new OpenSSL vulnerabilities:

CVE-2014-0198:

A denial of service vulnerability exists in OpenSSL. The vulnerability is due to an error in ssl3_write_bytes(). A remote unauthenticated attacker could exploit this vulnerability by triggering the generation of an Alert leading to a NULL pointer dereference and causing a denial of service condition.

CVE-2014-0224:

A security bypass vulnerability exists in OpenSSL. The vulnerability is due to a weakness in OpenSSL methods used for keying material. This vulnerability can be exploited through the use of a man in the middle attack, where an attacker may be able to decrypt and modify traffic in transit.

A remote unauthenticated attacker could exploit this vulnerability by using a specially crafted handshake to force the use of weak keying material. Successful exploitation could lead to a security bypass condition where an attacker could gain access to potentially sensitive information.

CVE-2014-0221:

A denial of service vulnerability exists in OpenSSL. The vulnerability is due to a weakness in OpenSSL methods used for processing DTLS handshake messages.

A remote unauthenticated attacker could exploit this vulnerability by sending a malicious DTLS handshake to a target. Successful exploitation could lead to a denial of service condition.

CVE-2014-0195:

A buffer-overflow vulnerability exists in OpenSSL. The vulnerability is due to a weakness in OpenSSL methods used for processing DTLS fragments.

A remote unauthenticated attacker could exploit this vulnerability by sending a malicious DTLS fragments to a target. Successful exploitation could lead to arbitrary code execution in the security context of the affected user.

CVE-2010-5298:

A denial of service vulnerability exists in OpenSSL. The vulnerability is due to a race condition in the ssl3_read_bytes function.

A remote unauthenticated attacker could exploit this vulnerability by sending a specially crafted packet to a target. Successful exploitation could allow an attacker to inject data into the target stream or lead to a denial of service condition.

CVE-2014-3470:

A denial of service vulnerability exists in OpenSSL. The vulnerability is due to an unspecified issue when processing anonymous ECDH Ciphersuites.

A remote unauthenticated attacker could exploit this vulnerability by sending a specially crafted packet to a target. Successful exploitation could lead to a denial of service condition.

Affected CyberoamOS Versions:

Like many other network security vendors, Cyberoam also uses OpenSSL, however, out of the Six (6) CVEs mentioned above, CyberoamOS is impacted by just Two (2) vulnerabilities i.e. SSL/TLS MITM vulnerability (CVE-2014-0224) and Anonymous ECDH denial of service (CVE-2014-3470).

  • CVE-2014-0224 – All publicly available CyberoamOS versions
  • CVE-2014-3470 – 10.6.XX only

IPS Signature released

Cyberoam Threat Research Labs has released an IPS signature namely “OpenSSL ChangeCipherSpec MITM Security Bypass” to address CVE-2014-0224 vulnerability. The signature can be used to mitigate security risks for customer networks placed behind Cyberoam network security appliances.

Solution

Cyberoam is pursuing further investigation for these vulnerabilities and shall announce a remedial solution shortly.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>