Vigil@nce - OpenSSL: denial of service via ECDH
June 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker, who is located on a TLS server, can use Anonymous
ECDH, in order to trigger a denial of service in OpenSSL client
applications.
– Impacted products: ArubaOS, ProxyAV, ProxySG, Cisco ASR, Cisco
ACE, ASA, AsyncOS, Cisco Catalyst, CiscoWorks, Cisco Content SMA,
Cisco ESA, IOS, IOS XE, IOS XR, Cisco IP Communicator, Cisco IPS,
IronPort Email, IronPort Encryption, IronPort Management, IronPort
Web, Cisco Nexus, NX-OS, Cisco Prime, Secure ACS, Cisco CUCM,
Cisco Unified CCX, Cisco IP Phone, Cisco Wireless IP Phone, Cisco
Unity, Cisco WSA, Debian, Fedora, FortiAnalyzer, FortiAnalyzer
Virtual Appliance, FortiClient, FortiManager, FortiManager Virtual
Appliance, FreeBSD, HP-UX, AIX, JUNOS, Junos Pulse, Juniper
Network Connect, Juniper UAC, MBS, MES, McAfee Web Gateway,
NetBSD, OpenBSD, OpenSSL, openSUSE, RHEL, Slackware, stunnel, SUSE
Linux Enterprise Desktop, SLES, Ubuntu, ESXi, vCenter, VMware
vSphere, VMware vSphere Hypervisor
– Severity: 2/4
– Creation date: 05/06/2014
DESCRIPTION OF THE VULNERABILITY
A client based on the OpenSSL library can create an encrypted
session using elliptic curves (ECDH : elliptic curves and
Diffie-Hellman).
However, a malicious server can negotiate an Anonymous ECDH
ciphersuite, in order to trigger a denial of service in the
OpenSSL client.
An attacker, who is located on a TLS server, can therefore use
Anonymous ECDH, in order to trigger a denial of service in OpenSSL
client applications.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/OpenSSL-denial-of-service-via-ECDH-14847