Bug 1103586 (CVE-2014-0224)

Summary: CVE-2014-0224 openssl: SSL/TLS MITM vulnerability
Product: [Other] Security Response Reporter: Huzaifa S. Sidhpurwala <huzaifas>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: aavati, abaron, acathrow, aneelica, aortega, apevec, ayoung, bazulay, bigbangiyan, carnil, cdewolf, cfergeau, chrisw, cpelland, dallan, darran.lofthouse, dblechte, fdeutsch, fnasser, fweimer, gkotton, hkario, huwang, idith, iheim, jawilson, jclere, jkurik, jrusnack, kengert, lgao, lhh, markmc, mmcallis, mturk, myarboro, nlevinki, pgier, pmatouse, pslavice, rbryant, rfortier, rsvoboda, sclewis, security-response-team, ssaha, tmraz, vbellur, vtunka, weli, yeylon
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: openssl 1.0.1h, openssl 1.0.0m, openssl 0.9.8za Doc Type: Bug Fix
Doc Text:
It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2014-06-11 05:28:24 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1096233, 1096234, 1103604, 1103605, 1103606, 1103607, 1103608, 1103609, 1103610, 1103611, 1103632, 1103633, 1103634, 1103635, 1103653, 1103654, 1103655, 1103656, 1103657, 1103659, 1103723, 1103724, 1103741, 1103885, 1103886, 1103887, 1103888, 1103889, 1103890, 1104349, 1104350, 1127888, 1127889    
Bug Blocks: 1103601, 1103903, 1103904, 1103905    
Attachments:
Description Flags
Upstream patch none

Description Huzaifa S. Sidhpurwala 2014-06-02 07:17:00 UTC 
It was found that OpenSSL was vulnerable to a SSL/TLS MITM vulnerability. An attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. This can be exploited by a Man-in-the-middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server.

As per the upstream advisory:

The attack can only be performed between a vulnerable client *and* server. OpenSSL clients are vulnerable in all versions of OpenSSL. Servers are only known to be vulnerable in OpenSSL 1.0.1 and 1.0.2-beta1. Users of OpenSSL servers earlier than 1.0.1 are advised to upgrade as a precaution.

OpenSSL 0.9.8 SSL/TLS users (client and/or server) should upgrade to 0.9.8za.
OpenSSL 1.0.0 SSL/TLS users (client and/or server) should upgrade to 1.0.0m.
OpenSSL 1.0.1 SSL/TLS users (client and/or server) should upgrade to 1.0.1h.


Acknowledgements:

Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter of this issue.
Comment 4 Huzaifa S. Sidhpurwala 2014-06-02 08:30:26 UTC 
Created attachment 901373 [details]
Upstream patch
Comment 19 Huzaifa S. Sidhpurwala 2014-06-05 11:32:02 UTC 
External References:

https://www.openssl.org/news/secadv_20140605.txt
https://access.redhat.com/site/articles/904433
https://access.redhat.com/site/solutions/905793
Comment 20 Huzaifa S. Sidhpurwala 2014-06-05 11:35:51 UTC 
Upstream commits:

OpenSSL-1.0.1:
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=bc8923b1ec9c467755cd86f7848c50ee8812e441
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=006cd7083f76ed5cb0d9a914857e9231ef1bc317

OpenSSL-0.9.8:
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=410a49a4fa1d2a1a9775ee29f9e40cbbda79c149
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=897169fdf06bf75b4d0c503d61abb45656dd90a6
Comment 21 Tomas Hoger 2014-06-05 11:39:35 UTC 
Fixed upstream in versions 1.0.1h, 1.0.0m and 0.9.8za.
Comment 22 errata-xmlrpc 2014-06-05 11:54:06 UTC 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2014:0625 https://rhn.redhat.com/errata/RHSA-2014-0625.html
Comment 23 errata-xmlrpc 2014-06-05 11:54:49 UTC 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2014:0624 https://rhn.redhat.com/errata/RHSA-2014-0624.html
Comment 24 errata-xmlrpc 2014-06-05 12:04:43 UTC 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5
  Red Hat Enterprise Linux 6

Via RHSA-2014:0626 https://rhn.redhat.com/errata/RHSA-2014-0626.html
Comment 25 Huzaifa S. Sidhpurwala 2014-06-05 12:12:30 UTC 
Created openssl tracking bugs for this issue:

Affects: fedora-all [bug 1096233]
Comment 26 Huzaifa S. Sidhpurwala 2014-06-05 12:12:34 UTC 
Created mingw-openssl tracking bugs for this issue:

Affects: fedora-all [bug 1096234]
Comment 27 errata-xmlrpc 2014-06-05 12:15:57 UTC 
This issue has been addressed in following products:

  Red Hat Storage 2.1

Via RHSA-2014:0628 https://rhn.redhat.com/errata/RHSA-2014-0628.html
Comment 28 errata-xmlrpc 2014-06-05 12:16:41 UTC 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 4 Extended Lifecycle Support
  Red Hat Enterprise Linux 5.6 Long Life
  Red Hat Enterprise Linux 5.9 EUS - Server Only
  Red Hat Enterprise Linux 6.3 EUS - Server and Compute Node Only
  Red Hat Enterprise Linux 6.4 EUS - Server and Compute Node Only
  Red Hat Enterprise Linux 6.2 AUS

Via RHSA-2014:0627 https://rhn.redhat.com/errata/RHSA-2014-0627.html
Comment 29 Vincent Danen 2014-06-05 14:52:32 UTC 
IssueDescription:

It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server.
Comment 30 errata-xmlrpc 2014-06-05 14:57:29 UTC 
This issue has been addressed in following products:

  Red Hat JBoss Enterprise Web Platform 5.2.0

Via RHSA-2014:0633 https://rhn.redhat.com/errata/RHSA-2014-0633.html
Comment 31 errata-xmlrpc 2014-06-05 14:58:26 UTC 
This issue has been addressed in following products:

  Red Hat JBoss Web Server 2.0.1

Via RHSA-2014:0632 https://rhn.redhat.com/errata/RHSA-2014-0632.html
Comment 32 errata-xmlrpc 2014-06-05 14:58:42 UTC 
This issue has been addressed in following products:

  Red Hat JBoss Enterprise Application Platform 5.2.0

Via RHSA-2014:0630 https://rhn.redhat.com/errata/RHSA-2014-0630.html
Comment 33 errata-xmlrpc 2014-06-05 14:58:57 UTC 
This issue has been addressed in following products:

  RHEV-H and Agents for RHEL-6

Via RHSA-2014:0629 https://rhn.redhat.com/errata/RHSA-2014-0629.html
Comment 34 errata-xmlrpc 2014-06-05 15:27:57 UTC 
This issue has been addressed in following products:

  Red Hat JBoss Enterprise Application Platform 6.2.3

Via RHSA-2014:0631 https://rhn.redhat.com/errata/RHSA-2014-0631.html
Comment 35 Fedora Update System 2014-06-05 21:53:51 UTC 
openssl-1.0.1e-38.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 36 Fedora Update System 2014-06-05 21:54:48 UTC 
openssl-1.0.1e-38.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 37 errata-xmlrpc 2014-06-10 12:25:01 UTC 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 7

Via RHSA-2014:0680 https://rhn.redhat.com/errata/RHSA-2014-0680.html
Comment 38 errata-xmlrpc 2014-06-10 12:28:15 UTC 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 7

Via RHSA-2014:0679 https://rhn.redhat.com/errata/RHSA-2014-0679.html
Comment 41 Tomas Hoger 2014-08-07 18:38:37 UTC 
Created mingw32-openssl tracking bugs for this issue:

Affects: epel-5 [bug 1127888]