BSDSec

deadsimple BSD Security Advisories and Announcements

NetBSD Security Advisory 2015-006: OpenSSL and SSLv3 vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

		NetBSD Security Advisory 2015-006
		=================================

Topic:		OpenSSL and SSLv3 vulnerabilities


Version:	NetBSD-current:		source prior to Jan 14th
		NetBSD 6.1 - 6.1.5:	affected
		NetBSD 6.0 - 6.0.6:	affected
		NetBSD 5.1 - 5.1.4:	affected
		NetBSD 5.2 - 5.2.2:	affected

Severity:	remote DoS, confidentiality compromise

Fixed:		NetBSD-current:		Jan 14th, 2015
		NetBSD-7 branch:	Jan 18th, 2015
		NetBSD-6-0 branch:	Jan 17th, 2015
		NetBSD-6-1 branch:	Jan 17th, 2015
		NetBSD-6 branch:	Jan 17th, 2015
		NetBSD-5-2 branch:	Jan 27th, 2015
		NetBSD-5-1 branch:	Jan 27th, 2015
		NetBSD-5 branch:	Jan 27th, 2015

Teeny versions released later than the fix date will contain the fix.

Please note that NetBSD releases prior to 5.1 are no longer supported.
It is recommended that all users upgrade to a supported release.


Abstract
========

This advisory covers the OpenSSL Security Advisory of Jan 8th, 2015
which lists eight different vulnerabilities:

DTLS segmentation fault in dtls1_get_record (CVE-2014-3571)             
DTLS memory leak in dtls1_buffer_record (CVE-2015-0206)                 
no-ssl3 configuration sets method to NULL (CVE-2014-3569)               
ECDHE silently downgrades to ECDH [Client] (CVE-2014-3572)              
RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204)          
DH client certificates accepted without verification [Server] (CVE-2015-0205)
Certificate fingerprints can be modified (CVE-2014-8275)                
Bignum squaring may produce incorrect results (CVE-2014-3570)           

Please note that the OpenSSL project has announced the release of
a new version of OpenSSL, with advisories, on March 19th, 2015.


Technical Details
=================

see https://www.openssl.org/news/secadv_20150108.txt



Solutions and Workarounds
=========================

Workarounds: the MiTM weakening of chosen encryption will not work
if the server does not allow weak encryption; this is usually
configurable on the server side.

Solution:
Update the OpenSSL libraries.

- From source:
+-----------
Update src and rebuild and install.
Note: OpenSSL in NetBSD-6, NetBSD-7 and NetBSD-current has been updated
to version 1.0.1k; NetBSD-5 received a more selective patch but that's
still 59 files touched. Updating the entire src tree is recommended.


- From tarballs:
+-------------
To obtain fixed binaries, fetch the appropriate base.tgz and comp.tgz
from a daily build later than the fix dates, from
http://nyftp.netbsd.org/pub/NetBSD-daily/<rel>/<date>/<arch>/binary/sets/
with a date later than the fix date for your branch as listed above,
and your release version and architecture
(e.g. http://nyftp.netbsd.org/pub/NetBSD-daily/netbsd-6-1/201501300500Z/amd64/binary/sets/),
and then extract the files:

Shared libraries:

tar xzpf base.tgz \*libssl\* \*libcrypto\*

And static libraries and linker config files:

tar xzpf comp.tgz \*libssl\* \*libcrypto\*

Get the fixed library into use
+-----------------------------
Since the vulnerability is in a shared library, getting the old
library purged and the fixed one into use requires restarting
all programs that load libssl.
The easiest way to do this is to reboot the system.
Another method: using /bin/sh,
ps ax -o pid | (while read pid; do \
        pmap $pid | egrep '(libssl|libcrypto)' && echo found $pid ;\
done)
will find non-chrooted programs that have the affected libraries open;
restart them. sshd will not show up in this list since it runs chrooted
and re-exec'ed but also needs to be restartet.
ldd <programname> will show the shared libraries a program will want to use.


Thanks To
=========

Thanks to the OpenSSL team for the advisory and fixes,
Markus Stenberg of Cisco Systems, Inc. for reporting CVE-2014-3571,
Chris Mueller for reporting CVE-2015-0206,
Frank Schmirler for reporting CVE-2014-3569,
Karthikeyan Bhargavan of the PROSECCO team at INRIA for reporting
	CVE-2014-3572, CVE-2015-0204 and CVE-2015-0205,
Antti Karjalainen and Tuomo Untinen from the Codenomicon CROSS program,
and Konrad Kraszewski from Google, for reporting CVE-2014-8275,
Pieter Wuille from Blockstream, for reporting CVE-2014-3570 and suggesting
an initial fix, and Adam Langley of Google for further analysis of the issue.


Revision History
================

	2015-03-17	Initial release


More Information
================

Advisories may be updated as new information becomes available.
The most recent version of this advisory (PGP signed) can be found at 
  http://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2015-006.txt.asc

Information about NetBSD and NetBSD security can be found at
http://www.NetBSD.org/ and http://www.NetBSD.org/Security/ .


Copyright 2015, The NetBSD Foundation, Inc.  All Rights Reserved.
Redistribution permitted only in full, unmodified form.

$NetBSD: NetBSD-SA2015-006.txt,v 1.1 2015/03/17 06:58:44 spz Exp $

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJVCweSAAoJEAZJc6xMSnBu29sP/2x28vgdCOJI9PC1O3qdnzZt
a2CFdH6S03b/teyrW2/wW1eLOeW4giJ6hMOR9j0z6SpK9tKcWxRXTuRmFpo01K6c
+OOiMDg22qEaEdUsPWBscYM6gYV1SYmlibk/6mRSaV+Yb69m/sTYcONPBdG2elad
6aTtdaZe2TDIHisYEm+xw2ewI1JLZT0ao/6UIaeFjfrso0XLb4MnevARY24AZzi1
64ReVul+EtSG/qqiAawVi14LT5g3INqhq4Po7P+Ks66zK24tz2naa1EtPMHnfnBq
9OITiNPgh1qiF6YqB4DKVwW3QBjK13LStZ9MUgzjSEcgD6H8JCyiA/RaZBvBVnh2
6f9dUEdDbXwVhwJl3Sek0HzK5X0rNpNZVhLUfINpEn9cCslZvKleFuZnMzSCJeGv
ugAm+wSzCsZ3d3pFtf5Ff8IB8uEO4QAf9P8ZQoCL7EkDm9ou3X+I6iFxEM17A3+s
1yzNbKkf/87UYDqFhLhEOvBaJ3L7Rvtx3TSc32dpcbzFvrmD/TKUELalHH463f1e
YsF8olLwUAd2/F+Sr11bccBEPU4tim8r4seGraCyLnN7p//3WjSLd+v1Dyl2k0G3
95sMPMI7LkxjfXnL7j2CzlO+MmlArRZwrWqWyKDmMXPEqwGC0KLSeayIyugKaFTx
kJ6qw80GQeHF8+oTV1iO
=0Los
-----END PGP SIGNATURE-----