#VU41413 Input validation error in OpenSSL


Published: 2014-08-14 | Updated: 2020-08-10

Vulnerability identifier: #VU41413

Vulnerability risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2014-3511

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
OpenSSL
Server applications / Encryption software

Vendor: OpenSSL Software Foundation

Description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 1.0.1 before 1.0.1i allows man-in-the-middle attackers to force the use of TLS 1.0 by triggering ClientHello message fragmentation in communication between a client and server that both support later TLS versions, related to a "protocol downgrade" issue.

Mitigation
Install update from vendor's website.

Vulnerable software versions

OpenSSL: 1.0.0 - 1.0.0m, 1.0.1 - 1.0.1h

External links
http:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.asc
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc
http://linux.oracle.com/errata/ELSA-2014-1052.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html
http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.html
http://marc.info/?l=bugtraq&m=142350350616251&w=2
http://marc.info/?l=bugtraq&m=142495837901899&w=2
http://marc.info/?l=bugtraq&m=142624590206005&w=2
http://marc.info/?l=bugtraq&m=142660345230545&w=2
http://marc.info/?l=bugtraq&m=142791032306609&w=2
http://marc.info/?l=bugtraq&m=143290437727362&w=2
http://marc.info/?l=bugtraq&m=143290522027658&w=2
http://rhn.redhat.com/errata/RHSA-2015-0126.html
http://rhn.redhat.com/errata/RHSA-2015-0197.html
http://secunia.com/advisories/58962
http://secunia.com/advisories/59700
http://secunia.com/advisories/59710
http://secunia.com/advisories/59756
http://secunia.com/advisories/59887
http://secunia.com/advisories/60022
http://secunia.com/advisories/60221
http://secunia.com/advisories/60377
http://secunia.com/advisories/60493
http://secunia.com/advisories/60684
http://secunia.com/advisories/60803
http://secunia.com/advisories/60810
http://secunia.com/advisories/60890
http://secunia.com/advisories/60917
http://secunia.com/advisories/60921
http://secunia.com/advisories/60938
http://secunia.com/advisories/61017
http://secunia.com/advisories/61043
http://secunia.com/advisories/61100
http://secunia.com/advisories/61139
http://secunia.com/advisories/61184
http://secunia.com/advisories/61775
http://secunia.com/advisories/61959
http://security.gentoo.org/glsa/glsa-201412-39.xml
http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15564.html
http://www.arubanetworks.com/support/alerts/aid-08182014.txt
http://www.debian.org/security/2014/dsa-2998
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm
http://www.securityfocus.com/bid/69079
http://www.securitytracker.com/id/1030693
http://www.splunk.com/view/SP-CAAANHS
http://www.tenable.com/security/tns-2014-06
http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240
http://www-01.ibm.com/support/docview.wss?uid=swg21682293
http://www-01.ibm.com/support/docview.wss?uid=swg21683389
http://www-01.ibm.com/support/docview.wss?uid=swg21686997
http://bugzilla.redhat.com/show_bug.cgi?id=1127504
http://exchange.xforce.ibmcloud.com/vulnerabilities/95162
http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=280b1f1ad12131defcd986676a8fc9717aaa601b
http://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888
http://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380
http://kc.mcafee.com/corporate/index?page=content&id=SB10084
http://lists.balabit.hu/pipermail/syslog-ng-announce/2014-September/000196.html
http://support.citrix.com/article/CTX216642
http://techzone.ergon.ch/CVE-2014-3511
http://www.freebsd.org/security/advisories/FreeBSD-SA-14:18.openssl.asc
http://www.openssl.org/news/secadv_20140806.txt

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in IBM SAN Volume Controller and Storwize Family
Multiple vulnerabilities in Lenovo SAN Volume Controller and Storwize Family
Multiple vulnerabilities in HP Insight Control server deployment on Linux and Windows
Multiple vulnerabilities in HP Systems Insight Manager
Multiple vulnerabilities in IBM FlashSystem (and TMS RAMSAN) 710, 720, 810, and 820 systems
Multiple vulnerabilities in IBM FlashSystem 840 and V840
Multiple vulnerabilities in HP Service Manager
Gentoo update for OpenSSL
Multiple vulnerabilities in OpenSSL
Slackware Linux update for openssl