SynopsisThe remote web server is running an outdated instance of OpenSSL and thus may be missing patches for multiple vulnerabilities.
DescriptionOpenSSL before 0.9.8zd, 1.0.0p, or 1.0.1k are unpatched for the following vulnerabilities:
- A DTLS segmentation fault due to a null pointer dereference, which can lead to a denial of service attack (CVE-2014-3571)
- A memory leak when handling repeated DTLS records with the same sequence number but the next epoch, which can result in denial of service (CVE-2015-0206)
- A null pointer dereference when handling SSL v3 ClientHelloes can result in denial of service when openssl is built with the no-ssl3 option (CVE-2014-3569)
- ECDHE silently downgrades to ECDH ciphersuite when the server key exchange message is omitted; this removes forward secrecy from the ciphersuite (CVE-2014-3572)
- A server could present a weak temporary RSA key to silently downgrade the session's security from a non-export RSA key exchange ciphersuite (CVE-2015-0204)
- For openssl servers that trust client certificate authorities that issue certificates containing DH keys, a bug exists wherein client certificates are accepted without verification (CVE-2015-0205)
- OpenSSL does not enforce a match between the signed and unsigned portions of the certificate for several non-DER variants of certificate signature algorithms and signature encodings; while this does not affect OpenSSL servers and clients, custom applications relying on the uniqueness of the fingerprint may be affected (CVE-2014-8275)
- Bignum squaring may produce incorrect results at random on some platforms, including x86_64, although the impact of this is unknown, and its occurrence is rare (CVE-2014-3570)
SolutionOpenSSL versions 0.9.8zd, 1.0.0p, and 1.0.1k are patched against these vulnerabilities. Apply the vendors patch, or update to these versions or later.