Bug 1103586 (CVE-2014-0224)

Summary: CVE-2014-0224 openssl: SSL/TLS MITM vulnerability
Product: [Other] Security Response Reporter: Huzaifa S. Sidhpurwala <huzaifas>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: aavati, abaron, acathrow, aneelica, aortega, apevec, ayoung, bazulay, bigbangiyan, carnil, cdewolf, cfergeau, chrisw, cpelland, dallan, darran.lofthouse, dblechte, fdeutsch, fnasser, fweimer, gkotton, hkario, huwang, idith, iheim, jawilson, jclere, jkurik, jrusnack, kengert, lgao, lhh, markmc, mmcallis, mturk, myarboro, nlevinki, pgier, pmatouse, pslavice, rbryant, rfortier, rsvoboda, sclewis, security-response-team, ssaha, tmraz, vbellur, vtunka, weli, yeylon
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: impact=important,public=20140605,reported=20140602,source=upstream,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,rhel-5/openssl=affected,rhel-5/openssl097a=affected,rhel-6/openssl=affected,rhel-6/openssl098e=affected,rhel-7/openssl=affected,rhel-7/openssl098e=affected,rhel-4/openssl=affected,rhel-5.6.z/openssl=affected,rhel-5.9.z/openssl=affected,rhel-6.2.z/openssl=affected,rhel-6.3.z/openssl=affected,rhel-6.4.z/openssl=affected,rhes-2.1/openssl=affected,openstack-rdo/openssl=affected,eap-5/openssl=affected,eap-6/openssl=affected,jbews-1/openssl=wontfix,jbews-2/openssl=affected,jboss/others=notaffected,rhev-m-3/rhev-hypervisor=affected,fedora-all/openssl=affected,fedora-all/mingw-openssl=affected,epel-5/mingw32-openssl=affected,rhev-m-3/mingw-virt-viewer=notaffected,rhel-6/guest-images=notaffected,cwe=CWE-841
Fixed In Version: openssl 1.0.1h, openssl 1.0.0m, openssl 0.9.8za Doc Type: Bug Fix
Doc Text:
It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server.
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-06-11 05:28:24 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Bug Depends On: 1096233, 1096234, 1103604, 1103605, 1103606, 1103607, 1103608, 1103609, 1103610, 1103611, 1103632, 1103633, 1103634, 1103635, 1103653, 1103654, 1103655, 1103656, 1103657, 1103659, 1103723, 1103724, 1103741, 1103885, 1103886, 1103887, 1103888, 1103889, 1103890, 1104349, 1104350, 1127888, 1127889    
Bug Blocks: 1103601, 1103903, 1103904, 1103905    
Attachments:
Description Flags
Upstream patch none

Description Huzaifa S. Sidhpurwala 2014-06-02 07:17:00 UTC
It was found that OpenSSL was vulnerable to a SSL/TLS MITM vulnerability. An attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. This can be exploited by a Man-in-the-middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server.

As per the upstream advisory:

The attack can only be performed between a vulnerable client *and* server. OpenSSL clients are vulnerable in all versions of OpenSSL. Servers are only known to be vulnerable in OpenSSL 1.0.1 and 1.0.2-beta1. Users of OpenSSL servers earlier than 1.0.1 are advised to upgrade as a precaution.

OpenSSL 0.9.8 SSL/TLS users (client and/or server) should upgrade to 0.9.8za.
OpenSSL 1.0.0 SSL/TLS users (client and/or server) should upgrade to 1.0.0m.
OpenSSL 1.0.1 SSL/TLS users (client and/or server) should upgrade to 1.0.1h.


Acknowledgements:

Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter of this issue.

Comment 4 Huzaifa S. Sidhpurwala 2014-06-02 08:30:26 UTC
Created attachment 901373 [details]
Upstream patch

Comment 21 Tomas Hoger 2014-06-05 11:39:35 UTC
Fixed upstream in versions 1.0.1h, 1.0.0m and 0.9.8za.

Comment 22 errata-xmlrpc 2014-06-05 11:54:06 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2014:0625 https://rhn.redhat.com/errata/RHSA-2014-0625.html

Comment 23 errata-xmlrpc 2014-06-05 11:54:49 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2014:0624 https://rhn.redhat.com/errata/RHSA-2014-0624.html

Comment 24 errata-xmlrpc 2014-06-05 12:04:43 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5
  Red Hat Enterprise Linux 6

Via RHSA-2014:0626 https://rhn.redhat.com/errata/RHSA-2014-0626.html

Comment 25 Huzaifa S. Sidhpurwala 2014-06-05 12:12:30 UTC
Created openssl tracking bugs for this issue:

Affects: fedora-all [bug 1096233]

Comment 26 Huzaifa S. Sidhpurwala 2014-06-05 12:12:34 UTC
Created mingw-openssl tracking bugs for this issue:

Affects: fedora-all [bug 1096234]

Comment 27 errata-xmlrpc 2014-06-05 12:15:57 UTC
This issue has been addressed in following products:

  Red Hat Storage 2.1

Via RHSA-2014:0628 https://rhn.redhat.com/errata/RHSA-2014-0628.html

Comment 28 errata-xmlrpc 2014-06-05 12:16:41 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 4 Extended Lifecycle Support
  Red Hat Enterprise Linux 5.6 Long Life
  Red Hat Enterprise Linux 5.9 EUS - Server Only
  Red Hat Enterprise Linux 6.3 EUS - Server and Compute Node Only
  Red Hat Enterprise Linux 6.4 EUS - Server and Compute Node Only
  Red Hat Enterprise Linux 6.2 AUS

Via RHSA-2014:0627 https://rhn.redhat.com/errata/RHSA-2014-0627.html

Comment 29 Vincent Danen 2014-06-05 14:52:32 UTC
IssueDescription:

It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server.

Comment 30 errata-xmlrpc 2014-06-05 14:57:29 UTC
This issue has been addressed in following products:

  Red Hat JBoss Enterprise Web Platform 5.2.0

Via RHSA-2014:0633 https://rhn.redhat.com/errata/RHSA-2014-0633.html

Comment 31 errata-xmlrpc 2014-06-05 14:58:26 UTC
This issue has been addressed in following products:

  Red Hat JBoss Web Server 2.0.1

Via RHSA-2014:0632 https://rhn.redhat.com/errata/RHSA-2014-0632.html

Comment 32 errata-xmlrpc 2014-06-05 14:58:42 UTC
This issue has been addressed in following products:

  Red Hat JBoss Enterprise Application Platform 5.2.0

Via RHSA-2014:0630 https://rhn.redhat.com/errata/RHSA-2014-0630.html

Comment 33 errata-xmlrpc 2014-06-05 14:58:57 UTC
This issue has been addressed in following products:

  RHEV-H and Agents for RHEL-6

Via RHSA-2014:0629 https://rhn.redhat.com/errata/RHSA-2014-0629.html

Comment 34 errata-xmlrpc 2014-06-05 15:27:57 UTC
This issue has been addressed in following products:

  Red Hat JBoss Enterprise Application Platform 6.2.3

Via RHSA-2014:0631 https://rhn.redhat.com/errata/RHSA-2014-0631.html

Comment 35 Fedora Update System 2014-06-05 21:53:51 UTC
openssl-1.0.1e-38.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 36 Fedora Update System 2014-06-05 21:54:48 UTC
openssl-1.0.1e-38.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 37 errata-xmlrpc 2014-06-10 12:25:01 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 7

Via RHSA-2014:0680 https://rhn.redhat.com/errata/RHSA-2014-0680.html

Comment 38 errata-xmlrpc 2014-06-10 12:28:15 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 7

Via RHSA-2014:0679 https://rhn.redhat.com/errata/RHSA-2014-0679.html

Comment 41 Tomas Hoger 2014-08-07 18:38:37 UTC
Created mingw32-openssl tracking bugs for this issue:

Affects: epel-5 [bug 1127888]