CVE-2014-0224

classic Classic list List threaded Threaded
10 messages Options
Reply | Threaded
Open this post in threaded view
|

CVE-2014-0224

Jeffrey Walton-3
CVE-2014-0224 looks like an interesting issue
(https://www.openssl.org/news/secadv_20140605.txt):

    An attacker using a carefully crafted handshake
    can force the use of weak keying material in
    OpenSSL SSL/TLS clients and servers. This can
    be exploited by a Man-in-the-middle (MITM)
    attack where the attacker can decrypt and
    modify traffic from the attacked client and server.

Can anyone explain the vulnerability?
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: CVE-2014-0224

Salz, Rich
> Can anyone explain the vulnerability?

A handful of links

Here's the timeline, a public document:
        https://plus.google.com/u/0/+MarkJCox/posts/L8i6PSsKJKs

And this blog entry from the guy who found the bug.  BTW, it's 16 years old.
        http://ccsinjection.lepidum.co.jp/blog/2014-06-05/CCS-Injection-en/index.html

Adam Langley's writeup full of technical and protocol details
        https://www.imperialviolet.org/2014/06/05/earlyccs.html

--  
Principal Security Engineer
Akamai Technologies, Cambridge, MA
IM: [hidden email]; Twitter: RichSalz

:��I"Ϯ��r�m���� (���Z+�K�+����1���x ��h���[�z�(���Z+� ��f�y������f���h��)z{,���
Reply | Threaded
Open this post in threaded view
|

Re: CVE-2014-0224

Jeroen de Neef
In reply to this post by Jeffrey Walton-3
I am also quite curious.
Also, how long has this exploit been around, and could hackers have exploited this already?


2014-06-05 22:46 GMT+02:00 Jeffrey Walton <[hidden email]>:
CVE-2014-0224 looks like an interesting issue
(https://www.openssl.org/news/secadv_20140605.txt):

    An attacker using a carefully crafted handshake
    can force the use of weak keying material in
    OpenSSL SSL/TLS clients and servers. This can
    be exploited by a Man-in-the-middle (MITM)
    attack where the attacker can decrypt and
    modify traffic from the attacked client and server.

Can anyone explain the vulnerability?
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: CVE-2014-0224

Jeffrey Walton-3
In reply to this post by Salz, Rich
On Thu, Jun 5, 2014 at 4:49 PM, Salz, Rich <[hidden email]> wrote:

>> Can anyone explain the vulnerability?
>
> A handful of links
>
> Here's the timeline, a public document:
>         https://plus.google.com/u/0/+MarkJCox/posts/L8i6PSsKJKs
>
> And this blog entry from the guy who found the bug.  BTW, it's 16 years old.
>         http://ccsinjection.lepidum.co.jp/blog/2014-06-05/CCS-Injection-en/index.html
>
> Adam Langley's writeup full of technical and protocol details
>         https://www.imperialviolet.org/2014/06/05/earlyccs.html
>
Thanks Rich.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: CVE-2014-0224

Tim Hudson
I've also added these into the wiki at
http://wiki.openssl.org/index.php/SECADV_20140605 - so that others
looking back through the issues can find a handy reference to the
additional information from various locations - the link at
http://wiki.openssl.org/index.php/Security_Advisories basically notes
when there is additional information available beyond the advisory
details for a given issue.

If there are other useful references to this item or to other items in
the security vulnerability announcement then updating the wiki to note
them there would be helpful.

Thanks,
Tim.

On 6/06/2014 9:42 AM, Jeffrey Walton wrote:

> On Thu, Jun 5, 2014 at 4:49 PM, Salz, Rich <[hidden email]> wrote:
>>> Can anyone explain the vulnerability?
>> A handful of links
>>
>> Here's the timeline, a public document:
>>         https://plus.google.com/u/0/+MarkJCox/posts/L8i6PSsKJKs
>>
>> And this blog entry from the guy who found the bug.  BTW, it's 16 years old.
>>         http://ccsinjection.lepidum.co.jp/blog/2014-06-05/CCS-Injection-en/index.html
>>
>> Adam Langley's writeup full of technical and protocol details
>>         https://www.imperialviolet.org/2014/06/05/earlyccs.html
>>
> Thanks Rich.
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [hidden email]
> Automated List Manager                           [hidden email]

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

CVE-2014-0224

Scott Neugroschl-2
In reply to this post by Jeffrey Walton-3
Hi guys,

I know 0.9.7 is no longer under development, but for various reasons, I have an app that is still using 0.9.7g.
Is 0.9.7g subject to the vulnerability from CVD-0214-0224?

Thanks,

ScottN


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: CVE-2014-0224

Dr. Stephen Henson
On Wed, Jun 11, 2014, Scott Neugroschl wrote:

> Hi guys,
>
> I know 0.9.7 is no longer under development, but for various reasons, I have an app that is still using 0.9.7g.
> Is 0.9.7g subject to the vulnerability from CVD-0214-0224?
>

I think you mean CVE-2014-0224. Yes it is vulnerable as an SSL/TLS client
you're advised to fix servers too as a precaution.

It shouldn't be too hard to backport the patches.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: CVE-2014-0224

Viktor Dukhovni
In reply to this post by Scott Neugroschl-2
On Wed, Jun 11, 2014 at 04:09:47PM +0000, Scott Neugroschl wrote:

> I know 0.9.7 is no longer under development, but for various
> reasons, I have an app that is still using 0.9.7g.
> Is 0.9.7g subject to the vulnerability from CVD-0214-0224?

There are I expect many unresolved issues (even if not the particular
one in question) in the long ago un-maintained 0.9.7 release.  So
my advice is that if this application is communicating over the
public Internet, it needs to be upgraded or retired.

--
        Viktor.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: CVE-2014-0224

Scott Neugroschl-2

From Victor:
>On Wed, Jun 11, 2014 at 04:09:47PM +0000, Scott Neugroschl wrote:

>> I know 0.9.7 is no longer under development, but for various reasons,
>> I have an app that is still using 0.9.7g.
>> Is 0.9.7g subject to the vulnerability from CVD-0214-0224?

>There are I expect many unresolved issues (even if not the particular one in question) in the long ago un-maintained 0.9.7 release.  So my advice is that if this application is communicating over the public Internet, it needs to be upgraded or retired.

We are aware of this, and are looking to upgrade.  Does anyone have a recommendation as to 0.9.8 vs 1.0.0 (1.0.1 is too bleeding edge)?  If you have a recommendation, may I ask what led you to choose that path?

Thanks,

ScottN

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: CVE-2014-0224

Viktor Dukhovni
On Wed, Jun 11, 2014 at 07:07:09PM +0000, Scott Neugroschl wrote:

> We are aware of this, and are looking to upgrade.  Does anyone
> have a recommendation as to 0.9.8 vs 1.0.0 (1.0.1 is too bleeding
> edge)?  If you have a recommendation, may I ask what led you to
> choose that path?

I would recommend 1.0.1 (not signficantly more bleeding edge than
1.0.0 at this point).  I think more O/S distributions are shipping
with 1.0.1 than 1.0.0.  Even if you compile against 1.0.0, unless
you ship your own library or link statically, you may find your
code running on a platform with 1.0.1, the ABI version is 1.0.0.

--
        Viktor.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]