ID CVE-2014-3470
Summary The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value.
References
Vulnerable Configurations
  • OpenSSL Project OpenSSL 1.0.1
    cpe:2.3:a:openssl:openssl:1.0.1
  • OpenSSL Project OpenSSL 1.0.1 Beta1
    cpe:2.3:a:openssl:openssl:1.0.1:beta1
  • OpenSSL Project OpenSSL 1.0.1 Beta2
    cpe:2.3:a:openssl:openssl:1.0.1:beta2
  • OpenSSL Project OpenSSL 1.0.1 Beta3
    cpe:2.3:a:openssl:openssl:1.0.1:beta3
  • OpenSSL Project OpenSSL 1.0.1a
    cpe:2.3:a:openssl:openssl:1.0.1a
  • OpenSSL Project OpenSSL 1.0.1b
    cpe:2.3:a:openssl:openssl:1.0.1b
  • OpenSSL Project OpenSSL 1.0.1c
    cpe:2.3:a:openssl:openssl:1.0.1c
  • OpenSSL Project OpenSSL 1.0.1d
    cpe:2.3:a:openssl:openssl:1.0.1d
  • OpenSSL Project OpenSSL 1.0.1e
    cpe:2.3:a:openssl:openssl:1.0.1e
  • OpenSSL Project OpenSSL 1.0.1f
    cpe:2.3:a:openssl:openssl:1.0.1f
  • OpenSSL Project OpenSSL 1.0.1g
    cpe:2.3:a:openssl:openssl:1.0.1g
  • OpenSSL Project OpenSSL 1.0.0
    cpe:2.3:a:openssl:openssl:1.0.0
  • OpenSSL Project OpenSSL 1.0.0 Beta1
    cpe:2.3:a:openssl:openssl:1.0.0:beta1
  • OpenSSL Project OpenSSL 1.0.0 Beta2
    cpe:2.3:a:openssl:openssl:1.0.0:beta2
  • OpenSSL Project OpenSSL 1.0.0 Beta3
    cpe:2.3:a:openssl:openssl:1.0.0:beta3
  • OpenSSL Project OpenSSL 1.0.0 Beta4
    cpe:2.3:a:openssl:openssl:1.0.0:beta4
  • OpenSSL Project OpenSSL 1.0.0 Beta5
    cpe:2.3:a:openssl:openssl:1.0.0:beta5
  • OpenSSL Project OpenSSL 1.0.0a
    cpe:2.3:a:openssl:openssl:1.0.0a
  • OpenSSL Project OpenSSL 1.0.0b
    cpe:2.3:a:openssl:openssl:1.0.0b
  • OpenSSL Project OpenSSL 1.0.0c
    cpe:2.3:a:openssl:openssl:1.0.0c
  • OpenSSL Project OpenSSL 1.0.0d
    cpe:2.3:a:openssl:openssl:1.0.0d
  • OpenSSL Project OpenSSL 1.0.0e
    cpe:2.3:a:openssl:openssl:1.0.0e
  • OpenSSL Project OpenSSL 1.0.0f
    cpe:2.3:a:openssl:openssl:1.0.0f
  • OpenSSL Project OpenSSL 1.0.0g
    cpe:2.3:a:openssl:openssl:1.0.0g
  • OpenSSL Project OpenSSL 1.0.0h
    cpe:2.3:a:openssl:openssl:1.0.0h
  • OpenSSL Project OpenSSL 1.0.0i
    cpe:2.3:a:openssl:openssl:1.0.0i
  • OpenSSL Project OpenSSL 1.0.0j
    cpe:2.3:a:openssl:openssl:1.0.0j
  • OpenSSL Project OpenSSL 1.0.0k
    cpe:2.3:a:openssl:openssl:1.0.0k
  • OpenSSL Project OpenSSL 1.0.0l
    cpe:2.3:a:openssl:openssl:1.0.0l
  • OpenSSL Project OpenSSL 0.9.8
    cpe:2.3:a:openssl:openssl:0.9.8
  • OpenSSL Project OpenSSL 0.9.8a
    cpe:2.3:a:openssl:openssl:0.9.8a
  • OpenSSL Project OpenSSL 0.9.8b
    cpe:2.3:a:openssl:openssl:0.9.8b
  • OpenSSL Project OpenSSL 0.9.8c
    cpe:2.3:a:openssl:openssl:0.9.8c
  • OpenSSL Project OpenSSL 0.9.8d
    cpe:2.3:a:openssl:openssl:0.9.8d
  • OpenSSL Project OpenSSL 0.9.8e
    cpe:2.3:a:openssl:openssl:0.9.8e
  • OpenSSL Project OpenSSL 0.9.8f
    cpe:2.3:a:openssl:openssl:0.9.8f
  • OpenSSL Project OpenSSL 0.9.8g
    cpe:2.3:a:openssl:openssl:0.9.8g
  • OpenSSL Project OpenSSL 0.9.8h
    cpe:2.3:a:openssl:openssl:0.9.8h
  • OpenSSL Project OpenSSL 0.9.8i
    cpe:2.3:a:openssl:openssl:0.9.8i
  • OpenSSL Project OpenSSL 0.9.8j
    cpe:2.3:a:openssl:openssl:0.9.8j
  • OpenSSL Project OpenSSL 0.9.8k
    cpe:2.3:a:openssl:openssl:0.9.8k
  • OpenSSL Project OpenSSL 0.9.8l
    cpe:2.3:a:openssl:openssl:0.9.8l
  • OpenSSL Project OpenSSL 0.9.8m
    cpe:2.3:a:openssl:openssl:0.9.8m
  • OpenSSL Project OpenSSL 0.9.8m Beta1
    cpe:2.3:a:openssl:openssl:0.9.8m:beta1
  • OpenSSL Project OpenSSL 0.9.8n
    cpe:2.3:a:openssl:openssl:0.9.8n
  • OpenSSL Project OpenSSL 0.9.8o
    cpe:2.3:a:openssl:openssl:0.9.8o
  • OpenSSL Project OpenSSL 0.9.8p
    cpe:2.3:a:openssl:openssl:0.9.8p
  • OpenSSL Project OpenSSL 0.9.8q
    cpe:2.3:a:openssl:openssl:0.9.8q
  • OpenSSL Project OpenSSL 0.9.8r
    cpe:2.3:a:openssl:openssl:0.9.8r
  • OpenSSL Project OpenSSL 0.9.8s
    cpe:2.3:a:openssl:openssl:0.9.8s
  • OpenSSL Project OpenSSL 0.9.8t
    cpe:2.3:a:openssl:openssl:0.9.8t
  • OpenSSL Project OpenSSL 0.9.8u
    cpe:2.3:a:openssl:openssl:0.9.8u
  • OpenSSL Project OpenSSL 0.9.8v
    cpe:2.3:a:openssl:openssl:0.9.8v
  • OpenSSL Project OpenSSL 0.9.8w
    cpe:2.3:a:openssl:openssl:0.9.8w
  • OpenSSL Project OpenSSL 0.9.8x
    cpe:2.3:a:openssl:openssl:0.9.8x
  • OpenSSL Project OpenSSL 0.9.8y
    cpe:2.3:a:openssl:openssl:0.9.8y
  • Red Hat Storage 2.1
    cpe:2.3:a:redhat:storage:2.1
  • Fedora
    cpe:2.3:o:fedoraproject:fedora
  • Red Hat Enterprise Linux 5
    cpe:2.3:o:redhat:enterprise_linux:5
  • Red Hat Enterprise Linux 6
    cpe:2.3:o:redhat:enterprise_linux:6
CVSS
Base: 4.3 (as of 08-07-2016 - 11:47)
Impact:
Exploitability:
CWE CWE-310
CAPEC
  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
redhat via4
advisories
  • bugzilla
    id 1103600
    title CVE-2014-3470 openssl: client-side denial of service when using anonymous ECDH
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhsa:tst:20100842001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhsa:tst:20100842002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20100842003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20100842004
    • OR
      • AND
        • comment openssl-devel is earlier than 0:1.0.1e-16.el6_5.14
          oval oval:com.redhat.rhsa:tst:20140625009
        • comment openssl-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100888012
      • AND
        • comment openssl-static is earlier than 0:1.0.1e-16.el6_5.14
          oval oval:com.redhat.rhsa:tst:20140625007
        • comment openssl-static is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100888010
      • AND
        • comment openssl-perl is earlier than 0:1.0.1e-16.el6_5.14
          oval oval:com.redhat.rhsa:tst:20140625011
        • comment openssl-perl is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100888008
      • AND
        • comment openssl is earlier than 0:1.0.1e-16.el6_5.14
          oval oval:com.redhat.rhsa:tst:20140625005
        • comment openssl is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100888006
    rhsa
    id RHSA-2014:0625
    released 2014-06-05
    severity Important
    title RHSA-2014:0625: openssl security update (Important)
  • bugzilla
    id 1103600
    title CVE-2014-3470 openssl: client-side denial of service when using anonymous ECDH
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 7 Client is installed
        oval oval:com.redhat.rhsa:tst:20140675001
      • comment Red Hat Enterprise Linux 7 Server is installed
        oval oval:com.redhat.rhsa:tst:20140675002
      • comment Red Hat Enterprise Linux 7 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20140675003
      • comment Red Hat Enterprise Linux 7 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20140675004
    • OR
      • AND
        • comment openssl-static is earlier than 1:1.0.1e-34.el7_0.3
          oval oval:com.redhat.rhsa:tst:20140679011
        • comment openssl-static is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100888010
      • AND
        • comment openssl-devel is earlier than 1:1.0.1e-34.el7_0.3
          oval oval:com.redhat.rhsa:tst:20140679007
        • comment openssl-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100888012
      • AND
        • comment openssl-perl is earlier than 1:1.0.1e-34.el7_0.3
          oval oval:com.redhat.rhsa:tst:20140679009
        • comment openssl-perl is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100888008
      • AND
        • comment openssl is earlier than 1:1.0.1e-34.el7_0.3
          oval oval:com.redhat.rhsa:tst:20140679005
        • comment openssl is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100888006
      • AND
        • comment openssl-libs is earlier than 1:1.0.1e-34.el7_0.3
          oval oval:com.redhat.rhsa:tst:20140679013
        • comment openssl-libs is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140679014
    rhsa
    id RHSA-2014:0679
    released 2014-06-10
    severity Important
    title RHSA-2014:0679: openssl security update (Important)
rpms
  • openssl-devel-0:1.0.1e-16.el6_5.14
  • openssl-static-0:1.0.1e-16.el6_5.14
  • openssl-perl-0:1.0.1e-16.el6_5.14
  • openssl-0:1.0.1e-16.el6_5.14
  • openssl-static-1:1.0.1e-34.el7_0.3
  • openssl-devel-1:1.0.1e-34.el7_0.3
  • openssl-perl-1:1.0.1e-34.el7_0.3
  • openssl-1:1.0.1e-34.el7_0.3
  • openssl-libs-1:1.0.1e-34.el7_0.3
refmap via4
bid 67898
bugtraq 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
cisco 20140605 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products
confirm
fedora
  • FEDORA-2014-9301
  • FEDORA-2014-9308
fulldisc 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
gentoo GLSA-201407-05
hp
  • HPSBGN03050
  • HPSBMU03051
  • HPSBMU03055
  • HPSBMU03056
  • HPSBMU03057
  • HPSBMU03062
  • HPSBMU03065
  • HPSBMU03069
  • HPSBMU03074
  • HPSBMU03076
  • HPSBOV03047
  • HPSBUX03046
  • SSRT101590
mandriva
  • MDVSA-2014:105
  • MDVSA-2014:106
  • MDVSA-2015:062
secunia
  • 58337
  • 58579
  • 58615
  • 58667
  • 58713
  • 58714
  • 58716
  • 58742
  • 58797
  • 58939
  • 58945
  • 58977
  • 59120
  • 59126
  • 59162
  • 59167
  • 59175
  • 59189
  • 59191
  • 59192
  • 59223
  • 59264
  • 59282
  • 59284
  • 59287
  • 59300
  • 59301
  • 59306
  • 59310
  • 59340
  • 59342
  • 59362
  • 59364
  • 59365
  • 59413
  • 59431
  • 59437
  • 59438
  • 59440
  • 59441
  • 59442
  • 59445
  • 59449
  • 59450
  • 59451
  • 59459
  • 59460
  • 59483
  • 59490
  • 59491
  • 59495
  • 59514
  • 59518
  • 59525
  • 59655
  • 59659
  • 59666
  • 59669
  • 59721
  • 59784
  • 59895
  • 59916
  • 59990
  • 60571
  • 61254
suse
  • SUSE-SU-2015:0578
  • SUSE-SU-2015:0743
  • openSUSE-SU-2016:0640
vmware via4
description OpenSSL libraries have been updated in multiple products to versions 0.9.8za and 1.0.1h in order to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2014-0224CVE-2014-0198 CVE-2010-5298CVE-2014-3470CVE-2014-0221 and CVE-2014-0195 to these issues. The most important of these issues is CVE-2014-0224.CVE-2014-0198CVE-2010-5298 and CVE-2014-3470 are considered to be of moderate severity. Exploitation is highly unlikely or is mitigated due to the application configuration.CVE-2014-0221 and CVE-2014-0195which are listed in the OpenSSL Security Advisory (see Reference section below)do not affect any VMware products. CVE-2014-0224 may lead to a Man-in-the-Middle attack if a server is running a vulnerable version of OpenSSL 1.0.1 and clients are running a vulnerable version of OpenSSL 0.9.8 or 1.0.1. Updating the server will mitigate this issue for both the server and all affected clients.CVE-2014-0224 may affect products differently depending on whether the product is acting as a client or a server and of which version of OpenSSL the product is using. For readability the affected products have been split into 3 tables below based on the different client-server configurations and deployment scenarios.
id VMSA-2014-0006
last_updated 2014-10-09T00:00:00
published 2014-06-10T00:00:00
title OpenSSL update for multiple products
workaround None
Last major update 18-01-2017 - 21:59
Published 05-06-2014 - 17:55
Last modified 14-11-2017 - 21:29
Back to Top