Bug 1180185 (CVE-2014-3572)

Summary: CVE-2014-3572 openssl: ECDH downgrade bug fix
Product: [Other] Security Response Reporter: Vasyl Kaigorodov <vkaigoro>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: carnil, cdewolf, chrisw, dandread, darran.lofthouse, erich, grocha, jason.greene, jawilson, jclere, jdoyle, john.haxby, lgao, myarboro, nlevinki, pslavice, rfortier, rhs-bugs, rsvoboda, vtunka, weli
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: OpenSSL 1.0.1k, OpenSSL 1.0.0p, OpenSSL 0.9.8zd Doc Type: Bug Fix
Doc Text:
It was discovered that OpenSSL would perform an ECDH key exchange with a non-ephemeral key even when the ephemeral ECDH cipher suite was selected. A malicious server could make a TLS/SSL client using OpenSSL use a weaker key exchange method than the one requested by the user.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2021-10-20 10:48:31 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1180189, 1181015, 1181016, 1181017, 1181018    
Bug Blocks: 1180194    

Description Vasyl Kaigorodov 2015-01-08 15:18:01 UTC 
New release of OpenSSL [1] fixes the following bug:

Fix bug where an OpenSSL client would accept a handshake using an ephemeral ECDH ciphersuites with the server key exchange message omitted.

Upstream patches:
- master: https://github.com/openssl/openssl/commit/b15f8769644b00ef7283521593360b7b2135cb63
- 0.9.8: https://github.com/openssl/openssl/commit/e42a2abadc90664e2615dc63ba7f79cf163f780a
- 1.0.1: https://github.com/openssl/openssl/commit/ef28c6d6767a6a30df5add36171894c96628fe98

[1]: https://www.openssl.org/news/changelog.html
Comment 1 Vincent Danen 2015-01-08 18:25:28 UTC 
Upstream commit that looks to fix the problem:

https://github.com/openssl/openssl/commit/b15f8769644b00ef7283521593360b7b2135cb63


External References:

https://www.openssl.org/news/secadv_20150108.txt
Comment 3 Tomas Mraz 2015-01-13 17:09:46 UTC 
I am not sure whether this affects also the ephemeral DH ciphersuites or not. The patch adds the requirement for ServerKeyExchange message for ephemeral DH as well.
Comment 4 Huzaifa S. Sidhpurwala 2015-01-16 04:12:11 UTC 
Statement:

This issue does not affect the version of openssl and openssl097a as shipped with Red Hat Enterprise Linux 5. This issue does not affect the version of openssl098e as shipped with Red Hat Enterprise Linux 6 and 7.
Comment 5 errata-xmlrpc 2015-01-21 21:28:53 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6
  Red Hat Enterprise Linux 7

Via RHSA-2015:0066 https://rhn.redhat.com/errata/RHSA-2015-0066.html