Bug 1127504 (CVE-2014-3511) - CVE-2014-3511 openssl: TLS protocol downgrade attack
Summary: CVE-2014-3511 openssl: TLS protocol downgrade attack
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2014-3511
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1127695 1127696 1127697 1127698 1127704 1127705 1127709 1128405 1128406 1128961 1181611
Blocks: 1127468 1127506
TreeView+ depends on / blocked
 
Reported: 2014-08-07 02:12 UTC by Andrew Griffiths
Modified: 2021-10-20 10:45 UTC (History)
45 users (show)

Fixed In Version: openssl 1.0.1i
Doc Type: Bug Fix
Doc Text:
A flaw was found in the way OpenSSL handled fragmented handshake packets. A man-in-the-middle attacker could use this flaw to force a TLS/SSL server using OpenSSL to use TLS 1.0, even if both the client and the server supported newer protocol versions.
Clone Of:
Environment:
Last Closed: 2021-10-20 10:45:33 UTC
Embargoed:

Attachments (Terms of Use)
CVE-2014-3511 patch (2.10 KB, patch)
2014-08-07 07:13 UTC, Loganaden Velvindron 		no flags Details | Diff
View All


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2014:1052 0 normal SHIPPED_LIVE Moderate: openssl security update 2014-08-14 01:32:03 UTC
Red Hat Product Errata RHSA-2014:1054 0 normal SHIPPED_LIVE Moderate: openssl security update 2014-08-14 08:44:38 UTC
Red Hat Product Errata RHSA-2015:0126 0 normal SHIPPED_LIVE Critical: rhev-hypervisor6 security update 2015-02-04 22:52:31 UTC
Red Hat Product Errata RHSA-2015:0197 0 normal SHIPPED_LIVE Moderate: rhevm-spice-client security and bug fix update 2015-02-11 22:35:16 UTC

Description Andrew Griffiths 2014-08-07 02:12:10 UTC 
By pathologically modifying a clients ClientHello message with fragmentation, it's possible to cause the server to negotiate TLS 1.0 instead of a higher version, even if both client and server support a higher protocol version.
Comment 1 Arun Babu Neelicattu 2014-08-07 05:52:49 UTC 
External References:

https://www.openssl.org/news/secadv_20140806.txt
Comment 3 Loganaden Velvindron 2014-08-07 06:43:41 UTC 
Description below:

OpenSSL TLS protocol downgrade attack (CVE-2014-3511)
=====================================================

A flaw in the OpenSSL SSL/TLS server code causes the server to negotiate
TLS 1.0 instead of higher protocol versions when the ClientHello message is
badly fragmented. This allows a man-in-the-middle attacker to force a
downgrade to TLS 1.0 even if both the server and the client support a higher
protocol version, by modifying the client's TLS records.

OpenSSL 1.0.1 SSL/TLS server users should upgrade to 1.0.1i.

Thanks to David Benjamin and Adam Langley (Google) for discovering and
researching this issue. This issue was reported to OpenSSL on 21st July 2014.

The fix was developed by David Benjamin.
Comment 4 Tomas Hoger 2014-08-07 06:46:31 UTC 
Upstream commit:
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=280b1f1ad12131defcd986676a8fc9717aaa601b
Comment 5 Tomas Hoger 2014-08-07 06:54:06 UTC 
Support for TLS versions 1.1 and 1.2 was added upstream in OpenSSL version 1.0.1.  Red Hat Enterprise Linux 6 before 6.5 provided openssl packages based on version 1.0.0.  Hence Red Hat Enterprise Linux 6 packages prior to update RHBA-2013:1585 released as part of Red Hat Enterprise Linux 6.5, as well as packages in Red Hat Enterprise Linux 5 and earlier, were not affected as TLS 1.0 is the highest supported protocol version.
Comment 6 Loganaden Velvindron 2014-08-07 07:13:40 UTC 
Created attachment 924724 [details]
CVE-2014-3511 patch

CVE-2014-3511 patch for CentOS 6.5.
Comment 8 Tomas Hoger 2014-08-07 11:36:49 UTC 
Created openssl tracking bugs for this issue:

Affects: fedora-all [bug 1127704]
Comment 9 Tomas Hoger 2014-08-07 11:36:56 UTC 
Created mingw-openssl tracking bugs for this issue:

Affects: fedora-all [bug 1127705]
Comment 10 Tomas Hoger 2014-08-07 11:40:59 UTC 
Created mingw-openssl tracking bugs for this issue:

Affects: epel-7 [bug 1127709]
Comment 11 Fedora Update System 2014-08-09 07:34:50 UTC 
openssl-1.0.1e-39.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 12 Fedora Update System 2014-08-09 07:35:58 UTC 
openssl-1.0.1e-39.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 14 Martin Prpič 2014-08-12 07:42:03 UTC 
IssueDescription:

A flaw was found in the way OpenSSL handled fragmented handshake packets. A man-in-the-middle attacker could use this flaw to force a TLS/SSL server using OpenSSL to use TLS 1.0, even if both the client and the server supported newer protocol versions.
Comment 15 errata-xmlrpc 2014-08-13 21:33:53 UTC 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6
  Red Hat Enterprise Linux 7

Via RHSA-2014:1052 https://rhn.redhat.com/errata/RHSA-2014-1052.html
Comment 16 errata-xmlrpc 2014-08-14 04:45:23 UTC 
This issue has been addressed in following products:

  Red Hat Storage 2.1

Via RHSA-2014:1054 https://rhn.redhat.com/errata/RHSA-2014-1054.html
Comment 18 errata-xmlrpc 2015-02-04 17:52:41 UTC 
This issue has been addressed in the following products:

  RHEV-H and Agents for RHEL-6

Via RHSA-2015:0126 https://rhn.redhat.com/errata/RHSA-2015-0126.html
Comment 19 errata-xmlrpc 2015-02-11 17:44:20 UTC 
This issue has been addressed in the following products:

  RHEV Manager version 3.5

Via RHSA-2015:0197 https://rhn.redhat.com/errata/RHSA-2015-0197.html
Note You need to log in before you can comment on or make changes to this bug.