BSDSec

deadsimple BSD Security Advisories and Announcements

NetBSD Security Advisory 2014-015: OpenSSL and SSLv3 vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

		NetBSD Security Advisory 2014-015
		=================================

Topic:		OpenSSL and SSLv3 vulnerabilities


Version:	NetBSD-current:		source prior to Oct 18th, 2014
		NetBSD 6.1 - 6.1.5:	affected
		NetBSD 6.0 - 6.0.6:	affected
		NetBSD 5.1 - 5.1.4:	affected
		NetBSD 5.2 - 5.2.2:	affected

Severity:	confidentiality breach, remote DoS

Fixed:		NetBSD-current:		Oct 17th, 2014
		NetBSD-7 branch:	Oct 19th, 2014
		NetBSD-6-0 branch:	Oct 26th, 2014
		NetBSD-6-1 branch:	Oct 26th, 2014
		NetBSD-6 branch:	Oct 26th, 2014
		NetBSD-5-2 branch:	Oct 19th, 2014
		NetBSD-5-1 branch:	Oct 19th, 2014
		NetBSD-5 branch:	Oct 19th, 2014

Teeny versions released later than the fix date will contain the fix.

Please note that NetBSD releases prior to 5.1 are no longer supported.
It is recommended that all users upgrade to a supported release.


Abstract
========

This advisory covers the OpenSSL Security Advisory of Oct 15th, 2014,
which lists four different vulnerabilities:

SRTP Memory Leak (CVE-2014-3513), a remotely DoSable memory leak
  (not present in NetBSD 5.*)
 
Session Ticket Memory Leak (CVE-2014-3567), a remotely DoSable memory leak

SSLv3 has recently been shown to be breakable by an attacker able to
intercept the data stream between the communication partners (POODLE,
CVE-2014-3566).
OpenSSL has added a mitigation mechanism:
SSL 3.0 Fallback protection - add support for TLS_FALLBACK_SCSV which
signals not to do downgrades to SSLv3 from TLS

Build option no-ssl3 is incomplete (CVE-2014-3568), OpenSSL explicitly
built with no SSLv3 support would still use this protocol as a fallback.



Technical Details
=================

see https://en.wikipedia.org/wiki/POODLE for the SSLv3 protocol
vulnerability and http://www.openssl.org/news/secadv_20141015.txt
for the OpenSSL issues.


Solutions and Workarounds
=========================

Disable SSLv3 in servers and clients.
Update the OpenSSL libraries so the prohibition of SSLv3 actually works.
Make sure the old libssl is no longer in use.
While the issue is only in libssl, unrelated source changes make it
adviseable to update libcrypto as well.

- From source:
+-----------
Update src and rebuild and install.
Note: OpenSSL in NetBSD-6 and NetBSD-current has been updated to
version 1.0.1j; updating the entire src tree is recommended.

- From tarballs:
+-------------
To obtain fixed binaries, fetch the appropriate base.tgz and comp.tgz
from a daily build later than the fix dates, from
http://nyftp.netbsd.org/pub/NetBSD-daily/<rel>/<date>/<arch>/binary/sets/
with a date later than the fix date for your branch as listed above,
and your release version and architecture
(e.g. http://nyftp.netbsd.org/pub/NetBSD-daily/netbsd-6-1/201410250200Z/amd64/binary/sets/),
and then extract the files:

Shared libraries:

tar xzpf base.tgz \*libssl\* \*libcrypto\*

And static libraries and linker config files:

tar xzpf comp.tgz \*libssl\* \*libcrypto\*

Get the fixed library into use
+-----------------------------
Since the vulnerability is in a shared library, getting the old
library purged and the fixed one into use requires restarting
all programs that load libssl.
The easiest way to do this is to reboot the system.
Another method: using /bin/sh,
ps ax -o pid | (while read pid; do \
        pmap $pid | egrep '(libssl|libcrypto)' && echo found $pid ;\
done)
will find non-chrooted programs that have the affected libraries open;
restart them. sshd will not show up in this list since it runs chrooted
and re-exec'ed but also needs to be restartet.
ldd <programname> will show the shared libraries a program will want to use.

Fixed versions, code only; note updating only these files will not work
due to additional changes, but updating the subdirectoriess e.g. from
anoncvs will:

relative to src/crypto/external/bsd/openssl/dist:
File			HEAD	netbsd-7
+--------------------------------------------------------------------------------
apps/s_client.c		1.7	1.6.2.1
crypto/err/openssl.ec	1.2	1.1.1.1.26.1
ssl/d1_lib.c		1.2	1.1.1.6.2.1
ssl/d1_srtp.c		1.2	1.1.1.2.10.1
ssl/dtls1.h		1.2	1.1.1.5.10.1
ssl/s23_clnt.c		1.7	1.6.2.1
ssl/s23_srvr.c		1.2	1.1.1.4.2.1
ssl/s2_lib.c		1.2	1.1.1.2.2.1
ssl/s3_enc.c		1.7	1.6.2.1
ssl/s3_lib.c		1.12	1.11.2.1
ssl/ssl.h		1.9	1.8.2.1
ssl/ssl3.h		1.7	1.6.2.1
ssl/ssl_err.c		1.7	1.6.2.1
ssl/ssl_lib.c		1.2	1.1.1.9.2.1
ssl/t1_enc.c		1.11	1.10.2.1
ssl/t1_lib.c		1.14	1.13.2.1
ssl/tls1.h		1.2	1.1.1.5.2.1

File			netbsd-6	netbsd-6-1		netbsd-6-0
+--------------------------------------------------------------------------------
apps/s_client.c		1.2.4.4		1.2.4.1.6.3		1.2.4.1.4.3
crypto/err/openssl.ec	1.1.1.1.8.1	1.1.1.1.22.1		1.1.1.1.14.1
ssl/d1_lib.c		1.1.1.3.4.4	1.1.1.3.4.1.6.3		1.1.1.3.4.1.4.3
ssl/d1_srtp.c		1.1.1.1.2.4	1.1.1.1.2.2.6.2		1.1.1.1.2.2.4.2
ssl/dtls1.h		1.1.1.3.4.3	1.1.1.3.4.1.6.2		1.1.1.3.4.1.4.2
ssl/s23_clnt.c		1.3.4.3		1.3.4.1.6.2		1.3.4.1.4.2
ssl/s23_srvr.c		1.1.1.3.4.2	1.1.1.3.18.2		1.1.1.3.10.2
ssl/s2_lib.c		1.1.1.1.8.2	1.1.1.1.22.2		1.1.1.1.14.2
ssl/s3_enc.c		1.4.2.3		1.4.10.3		1.4.8.3
ssl/s3_lib.c		1.7.2.4		1.7.2.1.6.3		1.7.2.1.4.3
ssl/ssl.h		1.2.2.5		1.2.2.1.6.4		1.2.2.1.4.4
ssl/ssl3.h		1.2.2.4		1.2.2.1.6.3		1.2.2.1.4.3
ssl/ssl_err.c		1.2.2.5		1.2.2.1.6.4		1.2.2.1.4.4
ssl/ssl_lib.c		1.1.1.3.4.5	1.1.1.3.4.1.6.4		1.1.1.3.4.1.4.4
ssl/t1_enc.c		1.3.4.6		1.3.4.2.6.4		1.3.4.2.4.4
ssl/t1_lib.c		1.5.4.5		1.5.4.1.6.4		1.5.4.1.4.4
ssl/tls1.h		1.1.1.3.4.3	1.1.1.3.4.1.6.2		1.1.1.3.4.1.4.2


relative to src/crypto/dist/openssl:
File                    netbsd-5	netbsd-5-2		netbsd-5-1
+--------------------------------------------------------------------------------
apps/s_client.c         1.1.1.11.4.1	1.1.1.11.2.1		1.1.1.11.12.1
crypto/err/openssl.ec   1.1.1.7.4.1	1.1.1.7.2.1		1.1.1.7.12.1
ssl/s23_clnt.c          1.1.1.10.4.1	1.1.1.10.2.1		1.1.1.10.12.1
ssl/s23_srvr.c          1.6.4.2		1.6.2.2			1.6.12.2
ssl/s2_lib.c            1.12.4.1	1.12.2.1		1.12.12.1
ssl/s3_enc.c            1.1.1.12.4.3	1.1.1.12.4.2.2.1	1.1.1.12.4.1.2.2
ssl/s3_lib.c            1.14.4.2	1.14.4.1.6.1		1.14.4.1.2.1
ssl/ssl.h               1.18.4.2	1.18.4.1.6.1		1.18.4.1.2.1
ssl/ssl3.h              1.8.4.2		1.8.2.2			1.8.12.2
ssl/ssl_err.c           1.12.4.2	1.12.4.1.6.1		1.12.4.1.2.1
ssl/ssl_lib.c           1.5.4.1		1.5.2.1			1.5.12.1
ssl/t1_enc.c            1.1.1.12.4.2	1.1.1.12.4.1.6.1	1.1.1.12.4.1.2.1
ssl/t1_lib.c            1.2.4.5		1.2.4.3.2.2		1.2.12.5
ssl/tls1.h		1.1.1.8.4.1	1.1.1.8.2.1		1.1.1.8.12.1



Thanks To
=========

Thanks to the OpenSSL team, the LibreSSL team, and Akamai Technologies
for the OpenSSL fixes and Bodo Möller, Thai Duong and Krzysztof Kotowicz
from the Google Security Team for finding and publishing about POODLE.


Revision History
================

	2014-11-03	Initial release


More Information
================

Advisories may be updated as new information becomes available.
The most recent version of this advisory (PGP signed) can be found at 
  http://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.asc

Information about NetBSD and NetBSD security can be found at
http://www.NetBSD.org/ and http://www.NetBSD.org/Security/ .


Copyright 2014, The NetBSD Foundation, Inc.  All Rights Reserved.
Redistribution permitted only in full, unmodified form.

$NetBSD: NetBSD-SA2014-015.txt,v 1.1 2014/11/02 22:17:45 spz Exp $

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (NetBSD)

iQIcBAEBAgAGBQJUV/DaAAoJEAZJc6xMSnBuJH8P/2xAMGkbX8jCdP6yE/1cCcyt
XspFUGUWVs6hkvBxm534+zrbVsyXLsyajy1fdBdhamUHKTEtQsDGuq8lWGmKMIhk
AmXXGUvISZcTMA2QTwOCHwdlcOn6eGUs123USywsfveU7ZkNN1UzlckSFlwXDAfJ
UCFW1jZxNsC3PH+71taACHmqV/BO+SY8KqdVbK9LC3NLswAK+2Y+KlGpZD6S1vtH
ZeJxvp/fd4p87xnQP4SPVtbFn1MY1n3PWxm/Vk919TFn5jygArl/1fvagwJIxQq5
EOLa6cVUQXSbPh1PsHZOE+kpEPQf0poA706lQnR8McxLygPXycW6qX+O62l+w9Ev
ZtVrgZsrRKy8ETuQjPuTu6S5b5KfTH0+x1SzroGx9wKIaXFPcdrL9Gc6O8zvvurH
9mlJugXaL/kATXG8MEcAv2qiTonLtv2I8qz287z6oqw/vTsORtSfb34LvPKD+pe6
dqu4u43QFgzWiDff1OfrO0ssK0C/q9RBH8h4Uf2JLeW8YNfz9b2S5qguTHbs9655
h1nEvAfW10zf1XC3I2q5eudXchukAA2LrI2jLifpxWTLdacGtahhcyudMdgsBQQI
uF723i5z/u/WcuLU9sMsyDXUYFMSeK+CqAICh8gVlkAGI1HjpMc40yNaiUGTXQpe
8DGwVP3FCgEXXfTpWPUp
=hnkQ
-----END PGP SIGNATURE-----