Debian DSA-3125-1 : openssl - security update (FREAK)

Medium Nessus Plugin ID 80446


The remote Debian host is missing a security-related update.


Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues :

- CVE-2014-3569 Frank Schmirler reported that the ssl23_get_client_hello function in OpenSSL does not properly handle attempts to use unsupported protocols. When OpenSSL is built with the no-ssl3 option and a SSL v3 ClientHello is received, the ssl method would be set to NULL which could later result in a NULL pointer dereference and daemon crash.

- CVE-2014-3570 Pieter Wuille of Blockstream reported that the bignum squaring (BN_sqr) may produce incorrect results on some platforms, which might make it easier for remote attackers to defeat cryptographic protection mechanisms.

- CVE-2014-3571 Markus Stenberg of Cisco Systems, Inc. reported that a carefully crafted DTLS message can cause a segmentation fault in OpenSSL due to a NULL pointer dereference. A remote attacker could use this flaw to mount a denial of service attack.

- CVE-2014-3572 Karthikeyan Bhargavan of the PROSECCO team at INRIA reported that an OpenSSL client would accept a handshake using an ephemeral ECDH ciphersuite if the server key exchange message is omitted. This allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy.

- CVE-2014-8275 Antti Karjalainen and Tuomo Untinen of the Codenomicon CROSS project and Konrad Kraszewski of Google reported various certificate fingerprint issues, which allow remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism.

- CVE-2015-0204 Karthikeyan Bhargavan of the PROSECCO team at INRIA reported that an OpenSSL client will accept the use of an ephemeral RSA key in a non-export RSA key exchange ciphersuite, violating the TLS standard. This allows remote SSL servers to downgrade the security of the session.

- CVE-2015-0205 Karthikeyan Bhargavan of the PROSECCO team at INRIA reported that an OpenSSL server will accept a DH certificate for client authentication without the certificate verify message. This flaw effectively allows a client to authenticate without the use of a private key via crafted TLS handshake protocol traffic to a server that recognizes a certification authority with DH support.

- CVE-2015-0206 Chris Mueller discovered a memory leak in the dtls1_buffer_record function. A remote attacker could exploit this flaw to mount a denial of service through memory exhaustion by repeatedly sending specially crafted DTLS records.


Upgrade the openssl packages.

For the stable distribution (wheezy), these problems have been fixed in version 1.0.1e-2+deb7u14.

For the upcoming stable distribution (jessie), these problems will be fixed soon.

See Also

Plugin Details

Severity: Medium

ID: 80446

File Name: debian_DSA-3125.nasl

Version: 1.15

Type: local

Agent: unix

Published: 2015/01/12

Updated: 2020/03/12

Dependencies: 12634

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:openssl, cpe:/o:debian:debian_linux:7.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2015/01/11

Vulnerability Publication Date: 2014/12/24

Reference Information

CVE: CVE-2014-3569, CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0205, CVE-2015-0206

BID: 71934, 71935, 71936, 71937, 71939, 71940, 71941, 71942

DSA: 3125