-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= pfSense-SA-14_07.openssl Security Advisory pfSense Topic: OpenSSL multiple vulnerabilities Category: pfSense Base System and Packages Module: openssl Announced: 2014-06-05 Credits: KIKUCHI Masashi (Lepidum Co. Ltd.) [CVE-2014-0224] Imre Rad (Search-Lab Ltd.) [CVE-2014-0221] Jüri Aedla [CVE-2014-0195] Felix Gröbert and Ivan Fratric at Google [CVE-2014-3470] Affects: pfSense <= 2.1.3 OpenVPN Client Export Package <= 1.2.10 Corrected: 2014-06-05 19:23:00 UTC (Base system) 2014-06-05 20:45:00 UTC (Packages) CVE Name: CVE-2014-0224, CVE-2014-0195, CVE-2014-0221, CVE-2014-3470 FreeBSD SA: FreeBSD-SA-14:14.openssl 0. Revision History v1.0 2014-06-05 Initial release. I. Background pfSense is a free network firewall distribution. pfSense is based on the FreeBSD operating system with a custom kernel and other changes. pfSense includes third-party free software packages for additional functionality. pfSense provides most of the functionality of common commercial firewalls, and much more. pfSense includes a web interface for the configuration of all included components. Knowledge of FreeBSD is not necessary. Unlike similar GNU/Linux- based firewall distributions, there is no need for any UNIX knowledge. The command line is never used, and there is no need to ever manually edit any rule sets. The majority of pfSense users have never installed or used a stock FreeBSD system. Users familiar with commercial firewalls will quickly understand the web interface. Users unfamiliar with commercial-grade firewalls may encounter a short learning curve. II. Problem Description - From the FreeBSD SA[1]: * Carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. [CVE-2014-0224] The following additional vulnerabilities are also corrected but are not relevant to the pfSense base system or any known package. The following two vulnerabilities are not relevant because no area of the official pfSense base system or packages utilizes DTLS: * Receipt of an invalid DTLS fragment on an OpenSSL DTLS client or server can lead to a buffer overrun. [CVE-2014-0195] * Receipt of an invalid DTLS handshake on an OpenSSL DTLS client can lead the code to unnecessary recurse. [CVE-2014-0221] The following vulnerability is not relevant because no area of the official pfSense base system or packages utilizes Anonymous ECDH ciphersuites: * Carefully crafted packets can lead to a NULL pointer deference in OpenSSL TLS client code if anonymous ECDH ciphersuites are enabled. [CVE-2014- 3470] III. Impact CVE-2014-0224: OpenSSL accepts ChangeCipherSpec (CCS) inappropriately during a handshake which permits a Man-in-the-Middle attack leading to possible data disclosure by enabling decryption of SSL traffic[2][3]. The attack requires several conditions to be met, which drastically reduce its potential for exploitation. All of the following are required criteria for exploitation: * A vulnerable server, such as the pfSense GUI or OpenVPN server. * AND A vulnerable client, such as a browser or OpenVPN client. * AND A position of power between the client and server where packets may be intercepted and inserted. (e.g. untrusted wifi hotspot) Further reducing the potential for exploitation are the following mitigating factors: * Most browsers are not vulnerable as they do not use OpenSSL (Chrome for Android being a notable exception[4].) * OpenVPN is only vulnerable in SSL/TLS mode WITHOUT a TLS Authentication key. CVE-2014-0195, CVE-2014-0221, CVE-2014-3470: No impact unless third party software or manual modifications enable or use the vulnerable features. IV. Workaround CVE-2014-0224: No workaround is available, however the threat may be partially mitigated by limiting access to the web interface to only trusted interfaces accessed via trusted networks, not using add-on packages to offer SSL-enabled public services, and by using TLS keys in combination with SSL-based OpenVPN connections. Updating client software such as browsers and OpenVPN remote access clients will further mitigate the issue. CVE-2014-0195, CVE-2014-0221, CVE-2014-3470: No workaround is required. If third party software or manual modifications enabled use of the vulnerable features, remove or disable the software and modifications. V. Solution 1) Upgrade to pfSense 2.1.4 upon its release. This may be performed in the web interface or from the console. See https://doc.pfsense.org/index.php/Upgrade_Guide 2) Ensure that all packages are up-to-date after the upgrade. pfSense uses PBI style packages which include their own copy of the libraries they require. Such packages must be updated independently to ensure that no vulnerable libraries are still in use. 3) Ensure that the OpenVPN Client Export package is at version 1.2.11 or later. VI. Correction details The OpenSSL package was updated to 1.0.1_13 (1.0.1h + Patches) Additionally, packages were recompiled against the udpated library. The OpenSSL library was updated to 1.0.1_13 from FreeBSD ports (1.0.1h + Patches). Firmware images and packages were rebuilt using the updated library. The OpenVPN Client Export package was updated to 1.2.12 which contains OpenVPN client installer 2.3.4-I002, built with OpenSSL 1.0.1h. VII. References 1: 2: 3: 4: The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE40XvjEU56XSUPIMdE7mH/ZIU+NoFAmElU9UACgkQE7mH/ZIU +NrmFRAApvWRdVK3b4eb7ZcaNZDxBibl5bgWegrGlHvjAfbUI1AAQ8RyvmX/zrku LElvnPzst/SvJMejZUGMubsc+W8sUUCvKrJwm3KRJzYPkeahEwC+TkkgD2W/nAAM W0yu5lEv/d09ogtDgM17VfvnqNrRoyDlqy7EBAg0UeirbYOmcmaHc65Gwg2fi/74 CQ0FAm8IjICO/We5WxHDTjfcPwj8rdm2pjRtFgYU5Mwdrra9ryixdqfSBioIaxrw J/jjQFx5w3n/TI4hdD0o3QsX9ZGm7baaBCfkZD3G6K1JL66PQqewF3+X71aZziAR +En0K7h3Mu2TtxIrEfNRLFWmcDq5cNTFhH/qkJmjSRmC82/D7MfC0bsHihEtrXQs wkhc5weOOu9ZKKOcq56rlEv+rGyk4UettEEGDxEhhVWB4UJs7BALYtNrofG9wDIQ bQ/8cSbiLonr607CbPcjHOaEqpJKyyeJRaB8gXkg+0xudWvByqGQFhDk7iozn9zC /7qeLPI4xT1ZzpkI+zSnX/vNUDbF/5wAgjiugiPT9aHq1dV5CAqrki9rsHJXmKfT WLNooIvvNO+XChggKNNXXjBS4Kl4CFoRedB+UAJ6SUIwLoPpp+M/QriNfxu2mL9x kHZVsVFVgoxUsS6vQIk99fCpBKU18/0YLVeOKoMQD8ddiEGn5H0= =UUP8 -----END PGP SIGNATURE-----