-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= pfSense-SA-14_14.openssl Security Advisory pfSense Topic: OpenSSL multiple vulnerabilities Category: pfSense Base System and Packages Module: openssl Announced: 2014-08-08 Credits: OpenSSL Project, many others credited in [1]. Affects: pfSense <= 2.1.4 OpenVPN Client Export Package <= 1.2.12 Corrected: 2014-08-08 (Base system) 2014-08-08 (Packages) CVE Name: CVE-2014-3508, CVE-2014-5139, CVE-2014-3509, CVE-2014-3505, CVE-2014-3506, CVE-2014-3507, CVE-2014-3510, CVE-2014-3511, CVE-2014-3512 FreeBSD SA: 0. Revision History v1.0 2014-08-08 Initial release. I. Background pfSense is a free network firewall distribution. pfSense is based on the FreeBSD operating system with a custom kernel and other changes. pfSense includes third-party free software packages for additional functionality. pfSense provides most of the functionality of common commercial firewalls, and much more. pfSense includes a web interface for the configuration of all included components. Knowledge of FreeBSD is not necessary. Unlike similar GNU/Linux- based firewall distributions, there is no need for any UNIX knowledge. The command line is never used, and there is no need to ever manually edit any rule sets. The majority of pfSense users have never installed or used a stock FreeBSD system. Users familiar with commercial firewalls will quickly understand the web interface. Users unfamiliar with commercial-grade firewalls may encounter a short learning curve. II. Problem Description Multiple vulnerabilities have been discovered in the OpenSSL library. * Information leak in pretty printing functions [CVE-2014-3508] * Crash with SRP ciphersuite in Server Hello message [CVE-2014-5139] * Race condition in ssl_parse_serverhello_tlsext [CVE-2014-3509] * OpenSSL TLS protocol downgrade attack [CVE-2014-3511] * SRP buffer overrun [CVE-2014-3512] The following vulnerabilities are not relevant because no area of the official pfSense base system or packages utilizes DTLS: * Double Free when processing DTLS packets [CVE-2014-3505] * DTLS memory exhaustion [CVE-2014-3506] * DTLS memory leak from zero-length fragments [CVE-2014-3507] * OpenSSL DTLS anonymous EC(DH) denial of service [CVE-2014-3510] III. Impact These security defects are considered by the OpenSSL project to be of moderate severity or less [1]. Information leak in pretty printing functions [CVE-2014-3508] ============================================================= A flaw in OBJ_obj2txt may cause pretty printing functions such as X509_name_oneline, X509_name_print_ex et al. to leak some information from the stack. Applications may be affected if they echo pretty printing output to the attacker. OpenSSL SSL/TLS clients and servers themselves are not affected. Crash with SRP ciphersuite in Server Hello message [CVE-2014-5139] ================================================================== The issue affects OpenSSL clients and allows a malicious server to crash the client with a null pointer dereference (read) by specifying an SRP ciphersuite even though it was not properly negotiated with the client. This can be exploited through a Denial of Service attack. Race condition in ssl_parse_serverhello_tlsext [CVE-2014-3509] ============================================================== If a multithreaded client connects to a malicious server using a resumed session and the server sends an ec point format extension it could write up to 255 bytes to freed memory. OpenSSL TLS protocol downgrade attack [CVE-2014-3511] ===================================================== A flaw in the OpenSSL SSL/TLS server code causes the server to negotiate TLS 1.0 instead of higher protocol versions when the ClientHello message is badly fragmented. This allows a man-in-the-middle attacker to force a downgrade to TLS 1.0 even if both the server and the client support a higher protocol version, by modifying the client's TLS records. SRP buffer overrun [CVE-2014-3512] ================================== A malicious client or server can send invalid SRP parameters and overrun an internal buffer. Only applications which are explicitly set up for SRP use are affected. Details for the other items included in this release which are not relevant to pfSense may be found at [1]. IV. Workaround No workaround is available. Upgrade to pfSense 2.1.5 or later which includes fixes for these issues. V. Solution 1) Upgrade to pfSense 2.1.5 upon its release. This may be performed in the web interface or from the console. See https://doc.pfsense.org/index.php/Upgrade_Guide 2) Ensure that all packages are up-to-date after the upgrade. pfSense uses PBI style packages which include their own copy of the libraries they require. Such packages must be updated independently to ensure that no vulnerable libraries are still in use. 3) Ensure that the OpenVPN Client Export package is at version 1.2.13 or later. VI. Correction details The OpenSSL package was updated to 1.0.1_14 (1.0.1i + Patches) Additionally, packages were recompiled against the udpated library. The OpenSSL library was updated to 1.0.1_14 from FreeBSD ports (1.0.1i + Patches). Firmware images and packages were rebuilt using the updated library. The OpenVPN Client Export package was updated to 1.2.13 which contains OpenVPN client installer 2.3.4-I003, built with OpenSSL 1.0.1i. VII. References 1: The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJT/3oSAAoJEBO5h/2SFPjaf44QAM+ngmi3xADWB/jrcI/8oelN MHXT76aQ+AcSBbUmDSIF5+WjAGL+k9YMVUG/AH3bUO1J/L6tJeHAr5n7PbXb0OIq 66OscBR4p+WGpvXTvaxFoUSJPkFWCXPZxKpoknFpQlB/K3Y+SHixQyDG/tnLnJgS jB9LXujWWnCPLDA1yNclLl9Q4ji8Ua92jW8xqZUnTctWyydCRrVX8FEwfPspSt/3 ag172w24emSxRnSlmM7phzksDVUNWPzujmwbgaT58TYqLICdnsCE05jTtBEZDHak uPku6MEfsYa/BpeKfToV2Hbm+r2tAz7fFYZ7QAPjvS2zdDax5qhuVWoSeJtdsV3b JO59YCf1/C/QJFxlEH/5QF1uAIrnMZ26SlICt8JTydrxVwzOZMbpTV2x8P00xa2V O2UxLPMNPtlqmXixLMMJ+4KKEHMYogI9AibDGgkDjiSptz3BBTG+OqxqHcgkx+uw 0miiVtQlM70jSVQi1oJf+T4oeXE6Co0WOfRoGpTTsdOuI0n5E6eBAR9ofitm5R7R TYc8BkYh85G5ZGraPV4A+1AGYwFOkWTd/rKMcVrFvplz9EtZ6n1eujqoUTUoIaio Ik8LtFMjmIoVWO8NJhKZOOe04lgxj3k3ReimYjNbdpfmLGPmEG3qGUfLdQBCuB6v 7eTXQWq1pl8lIgMgkHMy =TOk2 -----END PGP SIGNATURE-----