#VU41413 Input validation error in OpenSSL - CVE-2014-3511

Cybersecurity Help s.r.o.

Published: 2014-08-14 | Updated: 2020-08-10

Vulnerability identifier: #VU41413

Vulnerability risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2014-3511

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
OpenSSL
Server applications / Encryption software

Vendor: OpenSSL Software Foundation

Description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 1.0.1 before 1.0.1i allows man-in-the-middle attackers to force the use of TLS 1.0 by triggering ClientHello message fragmentation in communication between a client and server that both support later TLS versions, related to a "protocol downgrade" issue.

Mitigation
Install update from vendor's website.

Vulnerable software versions

OpenSSL: 1.0.0k - 1.0.0, 1.0.1c - 1.0.1

External links
https:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.asc
https://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc
https://linux.oracle.com/errata/ELSA-2014-1052.html
https://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html
https://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html
https://lists.opensuse.org/opensuse-updates/2014-08/msg00036.html
https://marc.info/?l=bugtraq&m=142350350616251&w=2
https://marc.info/?l=bugtraq&m=142495837901899&w=2
https://marc.info/?l=bugtraq&m=142624590206005&w=2
https://marc.info/?l=bugtraq&m=142660345230545&w=2
https://marc.info/?l=bugtraq&m=142791032306609&w=2
https://marc.info/?l=bugtraq&m=143290437727362&w=2
https://marc.info/?l=bugtraq&m=143290522027658&w=2
https://rhn.redhat.com/errata/RHSA-2015-0126.html
https://rhn.redhat.com/errata/RHSA-2015-0197.html
https://secunia.com/advisories/58962
https://secunia.com/advisories/59700
https://secunia.com/advisories/59710
https://secunia.com/advisories/59756
https://secunia.com/advisories/59887
https://secunia.com/advisories/60022
https://secunia.com/advisories/60221
https://secunia.com/advisories/60377
https://secunia.com/advisories/60493
https://secunia.com/advisories/60684
https://secunia.com/advisories/60803
https://secunia.com/advisories/60810
https://secunia.com/advisories/60890
https://secunia.com/advisories/60917
https://secunia.com/advisories/60921
https://secunia.com/advisories/60938
https://secunia.com/advisories/61017
https://secunia.com/advisories/61043
https://secunia.com/advisories/61100
https://secunia.com/advisories/61139
https://secunia.com/advisories/61184
https://secunia.com/advisories/61775
https://secunia.com/advisories/61959
https://security.gentoo.org/glsa/glsa-201412-39.xml
https://support.f5.com/kb/en-us/solutions/public/15000/500/sol15564.html
https://www.arubanetworks.com/support/alerts/aid-08182014.txt
https://www.debian.org/security/2014/dsa-2998
https://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm
https://www.securityfocus.com/bid/69079
https://www.securitytracker.com/id/1030693
https://www.splunk.com/view/SP-CAAANHS
https://www.tenable.com/security/tns-2014-06
https://www-01.ibm.com/support/docview.wss?uid=nas8N1020240
https://www-01.ibm.com/support/docview.wss?uid=swg21682293
https://www-01.ibm.com/support/docview.wss?uid=swg21683389
https://www-01.ibm.com/support/docview.wss?uid=swg21686997
https://bugzilla.redhat.com/show_bug.cgi?id=1127504
https://exchange.xforce.ibmcloud.com/vulnerabilities/95162
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=280b1f1ad12131defcd986676a8fc9717aaa601b
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380
https://kc.mcafee.com/corporate/index?page=content&id=SB10084
https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-September/000196.html
https://support.citrix.com/article/CTX216642
https://techzone.ergon.ch/CVE-2014-3511
https://www.freebsd.org/security/advisories/FreeBSD-SA-14:18.openssl.asc
https://www.openssl.org/news/secadv_20140806.txt

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in IBM SAN Volume Controller and Storwize Family

Multiple vulnerabilities in Lenovo SAN Volume Controller and Storwize Family

Multiple vulnerabilities in HP Insight Control server deployment on Linux and Windows

Multiple vulnerabilities in HP Systems Insight Manager

Multiple vulnerabilities in IBM FlashSystem (and TMS RAMSAN) 710, 720, 810, and 820 systems

Multiple vulnerabilities in IBM FlashSystem 840 and V840

Multiple vulnerabilities in HP Service Manager

Gentoo update for OpenSSL

Fedora EPEL 7 update for mingw-openssl

Fedora 21 update for mingw-openssl