Vigil@nce - OpenSSL: multiple vulnerabilities
January 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use several vulnerabilities of OpenSSL.
Impacted products: Debian, Fedora, FreeBSD, MBS, OpenSSL, RHEL,
Slackware, stunnel, Ubuntu
Severity: 2/4
Creation date: 08/01/2015
DESCRIPTION OF THE VULNERABILITY
Several vulnerabilities were announced in OpenSSL.
An attacker can send a DTLS message, to force a NULL pointer to be
dereferenced in dtls1_get_record(), in order to trigger a denial
of service. [severity:2/4; CVE-2014-3571]
An attacker can send a DTLS message, to create a memory leak in
dtls1_buffer_record(), in order to trigger a denial of service.
[severity:1/4; CVE-2015-0206]
An attacker can force a TLS client to use ECDH instead of ECDHE
(ephemeral). [severity:2/4; CVE-2014-3572]
An attacker can force a TLS client to use EXPORT_RSA instead of
RSA. [severity:2/4; CVE-2015-0204]
An attacker can authenticate without using a private key, in the
case where the server trusts a certification authority publishing
certificates with DH keys (rare case). [severity:2/4;
CVE-2015-0205]
An attacker can change the fingerprint of a certificate, with no
known consequence on security. [severity:1/4; CVE-2014-8275]
In some rare cases, the BN_sqr() function produces an invalid
result, with no known consequence on security. [severity:1/4;
CVE-2014-3570]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/OpenSSL-multiple-vulnerabilities-15934