FreeBSD : OpenSSL -- multiple vulnerabilities (8aff07eb-1dbd-11e4-b6ba-3c970e169bc2)

High Nessus Plugin ID 77036


The remote FreeBSD host is missing one or more security-related updates.


The OpenSSL Project reports :

A flaw in OBJ_obj2txt may cause pretty printing functions such as X509_name_oneline, X509_name_print_ex et al. to leak some information from the stack. [CVE-2014-3508]

The issue affects OpenSSL clients and allows a malicious server to crash the client with a NULL pointer dereference (read) by specifying an SRP ciphersuite even though it was not properly negotiated with the client. [CVE-2014-5139]

If a multithreaded client connects to a malicious server using a resumed session and the server sends an ec point format extension it could write up to 255 bytes to freed memory. [CVE-2014-3509]

An attacker can force an error condition which causes openssl to crash whilst processing DTLS packets due to memory being freed twice. This can be exploited through a Denial of Service attack. [CVE-2014-3505]

An attacker can force openssl to consume large amounts of memory whilst processing DTLS handshake messages. This can be exploited through a Denial of Service attack. [CVE-2014-3506]

By sending carefully crafted DTLS packets an attacker could cause openssl to leak memory. This can be exploited through a Denial of Service attack. [CVE-2014-3507]

OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject to a denial of service attack. A malicious server can crash the client with a NULL pointer dereference (read) by specifying an anonymous (EC)DH ciphersuite and sending carefully crafted handshake messages. [CVE-2014-3510]

A flaw in the OpenSSL SSL/TLS server code causes the server to negotiate TLS 1.0 instead of higher protocol versions when the ClientHello message is badly fragmented. This allows a man-in-the-middle attacker to force a downgrade to TLS 1.0 even if both the server and the client support a higher protocol version, by modifying the client's TLS records. [CVE-2014-3511]

A malicious client or server can send invalid SRP parameters and overrun an internal buffer. Only applications which are explicitly set up for SRP use are affected. [CVE-2014-3512]


Update the affected packages.

See Also

Plugin Details

Severity: High

ID: 77036

File Name: freebsd_pkg_8aff07eb1dbd11e4b6ba3c970e169bc2.nasl

Version: $Revision: 1.10 $

Type: local

Published: 2014/08/07

Modified: 2016/08/10

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:mingw32-openssl, p-cpe:/a:freebsd:freebsd:openssl, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2014/08/06

Vulnerability Publication Date: 2014/08/06

Reference Information

CVE: CVE-2014-3505, CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3509, CVE-2014-3510, CVE-2014-3511, CVE-2014-3512, CVE-2014-5139

BID: 69075, 69076, 69077, 69078, 69079, 69082, 69083, 69084

FreeBSD: SA-14:18.openssl