FreeBSD : OpenSSL -- multiple vulnerabilities (03175e62-5494-11e4-9cc1-bc5ff4fb5e7b) (POODLE)

low Nessus Plugin ID 78495

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

The OpenSSL Project reports :

A flaw in the DTLS SRTP extension parsing code allows an attacker, who sends a carefully crafted handshake message, to cause OpenSSL to fail to free up to 64k of memory causing a memory leak. This could be exploited in a Denial Of Service attack. This issue affects OpenSSL 1.0.1 server implementations for both SSL/TLS and DTLS regardless of whether SRTP is used or configured. Implementations of OpenSSL that have been compiled with OPENSSL_NO_SRTP defined are not affected.
[CVE-2014-3513].

When an OpenSSL SSL/TLS/DTLS server receives a session ticket the integrity of that ticket is first verified. In the event of a session ticket integrity check failing, OpenSSL will fail to free memory causing a memory leak. By sending a large number of invalid session tickets an attacker could exploit this issue in a Denial Of Service attack. [CVE-2014-3567].

OpenSSL has added support for TLS_FALLBACK_SCSV to allow applications to block the ability for a MITM attacker to force a protocol downgrade.

Some client applications (such as browsers) will reconnect using a downgraded protocol to work around interoperability bugs in older servers. This could be exploited by an active man-in-the-middle to downgrade connections to SSL 3.0 even if both sides of the connection support higher protocols. SSL 3.0 contains a number of weaknesses including POODLE [CVE-2014-3566].

When OpenSSL is configured with 'no-ssl3' as a build option, servers could accept and complete a SSL 3.0 handshake, and clients could be configured to send them. [CVE-2014-3568].

Solution

Update the affected packages.

See Also

https://www.openssl.org/news/secadv/20141015.txt

http://www.nessus.org/u?a1d30c67

Plugin Details

Severity: Low

ID: 78495

File Name: freebsd_pkg_03175e62549411e49cc1bc5ff4fb5e7b.nasl

Version: 1.24

Type: local

Published: 10/16/2014

Updated: 6/26/2023

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.1

CVSS v2

Risk Factor: High

Base Score: 7.1

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C

CVSS v3

Risk Factor: Low

Base Score: 3.4

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:mingw32-openssl, p-cpe:/a:freebsd:freebsd:linux-c6-openssl, p-cpe:/a:freebsd:freebsd:openssl, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 10/15/2014

Vulnerability Publication Date: 10/15/2014

Reference Information

CVE: CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, CVE-2014-3568

BID: 70574, 70584, 70585, 70586

FreeBSD: SA-14:23.openssl