Information disclosure in OpenSSL

#VU41410 Information disclosure in OpenSSL

Published: 2014-08-14 | Updated: 2020-08-10

Vulnerability identifier: #VU41410

Vulnerability risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2014-3508

CWE-ID: CWE-200

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
OpenSSL
Server applications / Encryption software

Vendor: OpenSSL Software Foundation

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The OBJ_obj2txt function in crypto/objects/obj_dat.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, when pretty printing is used, does not ensure the presence of '' characters, which allows context-dependent attackers to obtain sensitive information from process stack memory by reading output from X509_name_oneline, X509_name_print_ex, and unspecified other functions.

Mitigation
Install update from vendor's website.

Vulnerable software versions

OpenSSL: 0.9.8 - 0.9.8za, 1.0.0 - 1.0.0m, 1.0.1 - 1.0.1h

External links
http:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.asc
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc
http://linux.oracle.com/errata/ELSA-2014-1052.html
http://linux.oracle.com/errata/ELSA-2014-1053.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.html
http://marc.info/?l=bugtraq&m=140853041709441&w=2
http://marc.info/?l=bugtraq&m=140973896703549&w=2
http://marc.info/?l=bugtraq&m=141077370928502&w=2
http://marc.info/?l=bugtraq&m=142495837901899&w=2
http://marc.info/?l=bugtraq&m=142624590206005&w=2
http://marc.info/?l=bugtraq&m=142660345230545&w=2
http://marc.info/?l=bugtraq&m=142791032306609&w=2
http://marc.info/?l=bugtraq&m=143290437727362&w=2
http://marc.info/?l=bugtraq&m=143290522027658&w=2
http://rhn.redhat.com/errata/RHSA-2014-1256.html
http://rhn.redhat.com/errata/RHSA-2014-1297.html
http://secunia.com/advisories/58962
http://secunia.com/advisories/59221
http://secunia.com/advisories/59700
http://secunia.com/advisories/59710
http://secunia.com/advisories/59743
http://secunia.com/advisories/59756
http://secunia.com/advisories/60022
http://secunia.com/advisories/60221
http://secunia.com/advisories/60410
http://secunia.com/advisories/60493
http://secunia.com/advisories/60684
http://secunia.com/advisories/60687
http://secunia.com/advisories/60778
http://secunia.com/advisories/60803
http://secunia.com/advisories/60824
http://secunia.com/advisories/60861
http://secunia.com/advisories/60917
http://secunia.com/advisories/60921
http://secunia.com/advisories/60938
http://secunia.com/advisories/61017
http://secunia.com/advisories/61100
http://secunia.com/advisories/61171
http://secunia.com/advisories/61184
http://secunia.com/advisories/61214
http://secunia.com/advisories/61250
http://secunia.com/advisories/61392
http://secunia.com/advisories/61775
http://secunia.com/advisories/61959
http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15571.html
http://www.debian.org/security/2014/dsa-2998
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm
http://www.mandriva.com/security/advisories?name=MDVSA-2014:158
http://www.securityfocus.com/bid/69075
http://www.securitytracker.com/id/1030693
http://www.tenable.com/security/tns-2014-06
http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240
http://www-01.ibm.com/support/docview.wss?uid=swg21681752
http://www-01.ibm.com/support/docview.wss?uid=swg21682293
http://www-01.ibm.com/support/docview.wss?uid=swg21683389
http://www-01.ibm.com/support/docview.wss?uid=swg21686997
http://blogs.oracle.com/sunsecurity/entry/cve_2014_3508_information_disclosure
http://bugzilla.redhat.com/show_bug.cgi?id=1127490
http://exchange.xforce.ibmcloud.com/vulnerabilities/95165
http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=0042fb5fd1c9d257d713b15a1f45da05cf5c1c87
http://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888
http://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380
http://lists.balabit.hu/pipermail/syslog-ng-announce/2014-September/000196.html
http://support.citrix.com/article/CTX216642
http://www.freebsd.org/security/advisories/FreeBSD-SA-14:18.openssl.asc
http://www.openssl.org/news/secadv_20140806.txt

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in IBM SAN Volume Controller and Storwize Family

Multiple vulnerabilities in Lenovo SAN Volume Controller and Storwize Family

Multiple vulnerabilities in HP Insight Control server deployment on Linux and Windows

Multiple vulnerabilities in HP Systems Insight Manager

Information disclosure in HP IceWall SSO Dfw, SSO Agent and MCRP

Multiple vulnerabilities in IBM FlashSystem (and TMS RAMSAN) 710, 720, 810, and 820 systems

Multiple vulnerabilities in IBM FlashSystem 840 and V840

Multiple vulnerabilities in HP OpenVMS running OpenSSL

Multiple vulnerabilities in OpenSSL

Multiple vulnerabilities in HP-UX running OpenSSL