000029490 - RSA Authentication Manager 7.1.4 - 8.1.1 Multiple Vulnerabilities (Jan2015-OpenSSL)  Part-1 - False Positive

Document created by RSA Customer Support Employee on Jun 14, 2016
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000029490
Applies ToRSA Authentication Manager 7.1.4
RSA Authentication Manager Appliance 3.0.4
RSA Authentication Manager 8.1.1
 
OSrPath Linux
-or-
SUSE Linux Entrprise Server - SLES 11.3 with patches
 
CVE IDCVE-2014-3571, CVE-2015-0206, CVE-2014-3569, CVE-2014-3572, CVE-2015-0204
Article SummaryResponses related to OpenSSL security fixes released in January 2015
Plus an additional issue: Misfortune Cookie
Link to AdvisoriesThe vulnerabilities are described in the following notices:
Alert ImpactNot Applicable
Technical DetailsFalse positive
Technical Details Explanation
IdentifierDescriptionDetails and Response
CVE-2014-3571 - DTLS segmentation fault in dtls1_get_record
    
OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DTLS message that is processed with a different read operation for the handshake header than for the handshake body, related to the dtls1_get_record function in d1_pkt.c and the ssl3_read_n function in s3_pkt.c.
    
   CVSS v2 Base Score: 5.0
    
DTLS segmentation fault in dtls1_get_record (CVE-2014-3571)
    
   Severity: Moderate
    
   A carefully crafted DTLS message can cause a segmentation fault in OpenSSL due
   to a NULL pointer dereference. This could lead to a Denial Of Service attack.
    
   This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.
    
   OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1k.
   OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0p.
   OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8zd.
    
   This issue was reported to OpenSSL on 22nd October 2014 by Markus Stenberg of
   Cisco Systems, Inc. The fix was developed by Stephen Henson of the OpenSSL
   core team.
    
    
   Response: The flaw does not exist
   AM 7.1.4, AM 3.0.4 Appliance and AM 8.1.1 - Does not use OpenSSL DTLS messages
    
    
CVE-2015-0206 - DTLS memory leak in dtls1_buffer_record
    
Memory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate records for the next epoch, leading to failure of replay detection.
    
   CVSS v2 Base Score: 5.0
    
DTLS memory leak in dtls1_buffer_record (CVE-2015-0206)
    
   Severity: Moderate
    
   A memory leak can occur in the dtls1_buffer_record function under certain
   conditions. In particular this could occur if an attacker sent repeated DTLS
   records with the same sequence number but for the next epoch. The memory leak
   could be exploited by an attacker in a Denial of Service attack through memory
   exhaustion.
    
   This issue affects OpenSSL versions: 1.0.1 and 1.0.0.
    
   OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1k.
   OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0p.
    
   This issue was reported to OpenSSL on 7th January 2015 by Chris Mueller who also
   provided an initial patch. Further analysis was performed by Matt Caswell of the
   OpenSSL development team, who also developed the final patch.
    
    
   Response: The flaw does not exist
   AM 7.1.4, AM 3.0.4 Appliance and AM 8.1.1 - Does not use OpenSSL DTLS messages
    
    
CVE-2014-3569 - no-ssl3 configuration sets method to NULL
    
The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 0.9.8zc, 1.0.0o, and 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unexpected handshake, as demonstrated by an SSLv3 handshake to a no-ssl3 application with certain error handling. NOTE: this issue became relevant after the CVE-2014-3568 fix.
                                  
   CVSS v2 Base Score: 5.0
    
no-ssl3 configuration sets method to NULL (CVE-2014-3569)
    
   Severity: Low
    
   When openssl is built with the no-ssl3 option and a SSL v3 ClientHello is
   received the ssl method would be set to NULL which could later result in
   a NULL pointer dereference.
    
   This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.
    
   OpenSSL 1.0.1 users should upgrade to 1.0.1k.
   OpenSSL 1.0.0 users should upgrade to 1.0.0p.
   OpenSSL 0.9.8 users should upgrade to 0.9.8zd.
    
   This issue was reported to OpenSSL on 17th October 2014 by Frank Schmirler. The
   fix was developed by Kurt Roeckx.
    
    
   Response: The flaw does not exist
   AM 7.1.4, AM 3.0.4 Appliance and AM 8.1.1 - Does not use OpenSSL source code built with the required no-ssl3 option
    
    
CVE-2014-3572 - ECDHE silently downgrades to ECDH [Client]
    
The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message.
    
   CVSS v2 Base Score: 5.0
    
ECDHE silently downgrades to ECDH [Client] (CVE-2014-3572)
    
   Severity: Low
    
   An OpenSSL client will accept a handshake using an ephemeral ECDH ciphersuite
   using an ECDSA certificate if the server key exchange message is omitted. This
   effectively removes forward secrecy from the ciphersuite.
    
   This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.
    
   OpenSSL 1.0.1 users should upgrade to 1.0.1k.
   OpenSSL 1.0.0 users should upgrade to 1.0.0p.
   OpenSSL 0.9.8 users should upgrade to 0.9.8zd.
    
   This issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan
   Bhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen
   Henson of the OpenSSL core team.
    
    
   Response: The flaw does not exist
   AM 7.1.4 - Does not use OpenSSL
    
   Response: The flaw does not exist  

AM 3.0.4 Appliance and AM 8.1.1 - This is an attack on a client (running on the AM appliance) by a remote server (controlled by an attacker) when the client initiates a SSL connection to the compromised server.. The AM appliance is not a client for connections using OpenSSL.

    
    
CVE-2015-0204 - RSA silently downgrades to EXPORT_RSA [Client]The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role.
    
   CVSS v2 Base Score: 5.0
    
RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204)
    
   Severity: Low
    
   An OpenSSL client will accept the use of an RSA temporary key in a non-export
   RSA key exchange ciphersuite. A server could present a weak temporary key
   and downgrade the security of the session.
    
   This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.
    
   OpenSSL 1.0.1 users should upgrade to 1.0.1k.
   OpenSSL 1.0.0 users should upgrade to 1.0.0p.
   OpenSSL 0.9.8 users should upgrade to 0.9.8zd.
    
   This issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan
   Bhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen
   Henson of the OpenSSL core team.
    
    
   Response: The flaw does not exist
   AM 7.1.4 - Does not use OpenSSL
    
   Response: The flaw does not exist  

AM 3.0.4 Appliance and AM 8.1.1 - This is an attack on a client (running on the AM appliance) by a remote server (controlled by an attacker) when the client initiates a SSL connection to the compromised server.. The AM appliance is not a client for connections using OpenSSL.

    
    
CVE-2015-0205 - DH client certificates accepted without verification [Server]The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support.
    
   CVSS v2 Base Score: 5.0
    
DH client certificates accepted without verification [Server] (CVE-2015-0205)
    
   Severity: Low
    
   An OpenSSL server will accept a DH certificate for client authentication
   without the certificate verify message. This effectively allows a client
   to authenticate without the use of a private key. This only affects servers
   which trust a client certificate authority which issues certificates
   containing DH keys: these are extremely rare and hardly ever encountered.
    
   This issue affects OpenSSL versions: 1.0.1 and 1.0.0.
    
   OpenSSL 1.0.1 users should upgrade to 1.0.1k.
   OpenSSL 1.0.0 users should upgrade to 1.0.0p.
    
   This issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan
   Bhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen
   Henson of the OpenSSL core team.
    
    
   Response: The flaw does not exist
   AM 7.1.4 and AM 3.0.4 Appliance - Does not use a vulnerable version of OpenSSL
   AM 8.1.1 - OpenSSL connections to the AM 8.1 appliance do not use client authentication.
    
    
Notes
Note: AM 7.1.4 and AM 3.0.4 Appliance have reached the end of primary support.  AM 8.1 service pack SP1 contains the latest OS patches for the appliance (but built late last fall so it does not include the January OpenSSL updates).  The following are the CVE requested by the customers for AM 7.1.4 but I have also included the responses for AM 3.0.4 Appliance and AM 8.1.1 as well.  Descriptions and CVSSv2 scores are from the NVD.  Other information is from OpenSSL, etc.
 

 

Disclaimer

Read and use the information in this RSA Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this product alert, contact RSA Software Technical Support at 1- 800 995 5095. RSA Corporation distributes RSA Security Advisories, in order to bring to the attention of users of the affected RSA products, important security information. RSA recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided 'as is' without warranty of any kind. RSA disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event, shall RSA or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if RSA or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply.

Attachments

    Outcomes