Уязвимость CVE-2014-0224: Информация

Описание

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability.

Важность: HIGH (7,4) Вектор: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

URL: https://nvd.nist.gov/vuln/detail/CVE-2014-0224

Опубликовано: 6 июня 2014 г.

Изменено: 7 ноября 2023 г.

Идентификатор типа ошибки: CWE-326

Исправленные пакеты

Имя пакета	Ветка	Исправлено в версии	Версия в репозитории	Errata ID	№ Задания	Состояние
node	sisyphus	4.2.6-alt1	20.12.2-alt1	ALT-PU-2016-1086-1	158576	Исправлено
node	p10	4.2.6-alt1	16.19.1-alt1	ALT-PU-2016-1086-1	158576	Исправлено
node	p9	4.2.6-alt1	14.17.2-alt1	ALT-PU-2016-1086-1	158576	Исправлено
node	c10f1	4.2.6-alt1	16.19.1-alt1	ALT-PU-2016-1086-1	158576	Исправлено
node	c9f2	4.2.6-alt1	16.19.1-alt0.c9.1	ALT-PU-2016-1086-1	158576	Исправлено
openssl10	p9	1.0.1h-alt1	1.0.2u-alt1.p9.2	ALT-PU-2014-1734-1	120900	Исправлено
openssl10	c9f2	1.0.1h-alt1	1.0.2u-alt1.p9.1	ALT-PU-2014-1734-1	120900	Исправлено
openssl10	c7	1.0.1j-alt1.M70C.1	1.0.1u-alt0.M70C.1	ALT-PU-2014-2316-1	133754	Исправлено
python	sisyphus	2.7.8-alt1	2.7.18-alt11	ALT-PU-2014-2376-1	134641	Исправлено
python	p10	2.7.8-alt1	2.7.18-alt10	ALT-PU-2014-2376-1	134641	Исправлено
python	p9	2.7.8-alt1	2.7.16-alt1.M90P.2	ALT-PU-2014-2376-1	134641	Исправлено
python	c10f1	2.7.8-alt1	2.7.18-alt10	ALT-PU-2014-2376-1	134641	Исправлено
python	c9f2	2.7.8-alt1	2.7.18-alt0.MC9.1	ALT-PU-2014-2376-1	134641	Исправлено

Ссылки на рекомендации, решения и инструменты

Ссылка	Ресурс
http://www.openssl.org/news/secadv_20140605.txt	Vendor Advisory
http://ccsinjection.lepidum.co.jp	Third Party Advisory
VU#978508	Third Party Advisory US Government Resource
https://bugzilla.redhat.com/show_bug.cgi?id=1103586	Issue Tracking
https://www.imperialviolet.org/2014/06/05/earlyccs.html	Exploit
https://access.redhat.com/site/blogs/766093/posts/908133	Third Party Advisory
59191	Third Party Advisory
58579	Third Party Advisory
https://kb.bluecoat.com/index?page=content&id=SA80	Third Party Advisory
20140605 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products	Third Party Advisory
http://www.kerio.com/support/kerio-control/release-history	Third Party Advisory
59438	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21676035	Third Party Advisory
59301	Third Party Advisory
59721	Third Party Advisory
59491	Third Party Advisory
59450	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21676845	Third Party Advisory
59655	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21677695	Third Party Advisory
59659	Third Party Advisory
58639	Third Party Advisory
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095737	Third Party Advisory
58759	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21678289	Third Party Advisory
59043	Third Party Advisory
59666	Third Party Advisory
59126	Third Party Advisory
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095740	Third Party Advisory
HPSBMU03070	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21677567	Third Party Advisory
59055	Third Party Advisory
59490	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21676419	Third Party Advisory
https://www.intersectalliance.com/wp-content/uploads/release_notes/ReleaseNotes_for_SNARE_for_MSSQL.pdf	Third Party Advisory
http://www.novell.com/support/kb/doc.php?id=7015300	Third Party Advisory
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21673137	Third Party Advisory
59514	Third Party Advisory
http://dev.mysql.com/doc/relnotes/workbench/en/wb-news-6-1-7.html	Third Party Advisory
59602	Third Party Advisory
59495	Third Party Advisory
http://www.novell.com/support/kb/doc.php?id=7015264	Third Party Advisory
http://esupport.trendmicro.com/solution/en-US/1103813.aspx	Third Party Advisory
58930	Third Party Advisory
59370	Third Party Advisory
59012	Third Party Advisory
http://www.blackberry.com/btsc/KB36051	Third Party Advisory
58385	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21676655	Third Party Advisory
59120	Third Party Advisory
59162	Third Party Advisory
58939	Third Party Advisory
59528	Third Party Advisory
59063	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21677828	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=nas8N1020172	Third Party Advisory
58128	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21676062	Third Party Advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10075	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21676496	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21678167	Third Party Advisory
59442	Third Party Advisory
59824	Third Party Advisory
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=6060&myns=phmc&mync=E	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21677527	Third Party Advisory
https://www.intersectalliance.com/wp-content/uploads/release_notes/ReleaseNotes_for_Snare_for_Windows.pdf	Third Party Advisory
59827	Third Party Advisory
59669	Third Party Advisory
59413	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg24037761	Third Party Advisory
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=6061&myns=phmc&mync=E	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21677390	Third Party Advisory
59300	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004690	Third Party Advisory
59383	Third Party Advisory
http://www.splunk.com/view/SP-CAAAM2D	Third Party Advisory
https://discussions.nessus.org/thread/7517	Third Party Advisory
59885	Third Party Advisory
http://www.tenable.com/blog/nessus-527-and-pvs-403-are-available-for-download	Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html	Third Party Advisory
59459	Third Party Advisory
58745	Third Party Advisory
59530	Third Party Advisory
59589	Third Party Advisory
59451	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=isg400001843	Third Party Advisory
http://www.fortiguard.com/advisory/FG-IR-14-018/	Third Party Advisory
59506	Third Party Advisory
https://filezilla-project.org/versions.php?type=server	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=isg400001841	Third Party Advisory
59894	Third Party Advisory
60049	Third Party Advisory
https://blogs.oracle.com/sunsecurity/entry/cve_2014_0224_cryptographic_issues	Third Party Advisory
58743	Third Party Advisory
59342	Third Party Advisory
59325	Third Party Advisory
59354	Third Party Advisory
59916	Third Party Advisory
RHSA-2014:0624	Third Party Advisory
HPSBMU03058	Third Party Advisory
RHSA-2014:0631	Third Party Advisory
RHSA-2014:0632	Third Party Advisory
RHSA-2014:0630	Third Party Advisory
RHSA-2014:0627	Third Party Advisory
HPSBMU03053	Third Party Advisory
RHSA-2014:0680	Third Party Advisory
RHSA-2014:0633	Third Party Advisory
RHSA-2014:0626	Third Party Advisory
60066	Third Party Advisory
http://puppetlabs.com/security/cve/cve-2014-0224	Third Party Advisory
59990	Third Party Advisory
60522	Third Party Advisory
http://linux.oracle.com/errata/ELSA-2014-1053.html	Third Party Advisory
60577	Third Party Advisory
59784	Third Party Advisory
59878	Third Party Advisory
60176	Third Party Advisory
60567	Third Party Advisory
60571	Third Party Advisory
60819	Third Party Advisory
http://support.apple.com/kb/HT6443	Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html	Third Party Advisory
HPSBST03103	Third Party Advisory
HPSBHF03145	Third Party Advisory
HPSBST03106	Third Party Advisory
HPSBST03097	Third Party Advisory
HPSBPI03107	Third Party Advisory
HPSBMU03083	Third Party Advisory
61815	Third Party Advisory
1031032	Third Party Advisory VDB Entry
http://www.vmware.com/security/advisories/VMSA-2014-0012.html	Third Party Advisory
20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities	Mailing List Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html	Third Party Advisory
1031594	Third Party Advisory VDB Entry
HPSBST03265	Third Party Advisory
SSRT101818	Third Party Advisory
openSUSE-SU-2015:0229	Third Party Advisory
SUSE-SU-2015:0578	Third Party Advisory
http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0	Third Party Advisory
MDVSA-2015:062	Third Party Advisory
HPSBST03195	Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html	Patch
HPSBHF03052	Third Party Advisory
HPSBMU03051	Third Party Advisory
HPSBMU03065	Third Party Advisory
HPSBMU03074	Third Party Advisory
HPSBGN03050	Third Party Advisory
HPSBST03098	Third Party Advisory
HPSBMU03089	Third Party Advisory
HPSBMU03101	Third Party Advisory
HPSBMU03071	Third Party Advisory
HPSBMU03055	Third Party Advisory
HPSBUX03046	Third Party Advisory
HPSBMU03094	Third Party Advisory
HPSBGN03068	Third Party Advisory
HPSBMU03057	Third Party Advisory
HPSBMU03078	Third Party Advisory
HPSBOV03047	Third Party Advisory
HPSBMU03076	Third Party Advisory
HPSBMU03056	Third Party Advisory
HPSBMU03062	Third Party Advisory
HPSBHF03088	Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946	Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html	Patch Third Party Advisory
openSUSE-SU-2016:0640	Third Party Advisory
SUSE-SU-2015:0743	Third Party Advisory
https://www.novell.com/support/kb/doc.php?id=7015271	Third Party Advisory
https://www.ibm.com/support/docview.wss?uid=ssg1S1004671	Third Party Advisory
https://www.ibm.com/support/docview.wss?uid=ssg1S1004670	Third Party Advisory
https://blogs.oracle.com/sunsecurity/entry/cve_2014_0224_cryptographic_issues1	Third Party Advisory
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095757	Third Party Advisory
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095756	Third Party Advisory
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095755	Third Party Advisory
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095754	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg24037870	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg24037732	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg24037731	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg24037730	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg24037729	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg24037727	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21683332	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21678233	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21677836	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21677131	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21677080	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21676889	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21676879	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21676833	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21676786	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21676644	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21676615	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21676536	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21676529	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21676501	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21676478	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21676334	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21676333	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21676071	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21675821	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21675626	Third Party Advisory
IV61506	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=nas8N1020163	Third Party Advisory
http://www.vmware.com/security/advisories/VMSA-2014-0006.html	Third Party Advisory
MDVSA-2014:106	Third Party Advisory
MDVSA-2014:105	Third Party Advisory
http://www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_Release_Notes.pdf	Third Party Advisory
http://www.ibm.com/support/docview.wss?uid=swg24037783	Third Party Advisory
http://www.ibm.com/support/docview.wss?uid=swg21676877	Third Party Advisory
http://www.ibm.com/support/docview.wss?uid=swg21676793	Broken Link
http://www.ibm.com/support/docview.wss?uid=swg21676356	Third Party Advisory
IT02314	Third Party Advisory
http://www.ibm.com/support/docview.wss?uid=ssg1S1004678	Third Party Advisory
http://www.ibm.com/support/docview.wss?uid=isg3T1020948	Broken Link
http://www.f-secure.com/en/web/labs_global/fsc-2014-6	Third Party Advisory
http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15325.html	Third Party Advisory
http://support.citrix.com/article/CTX140876	Third Party Advisory
GLSA-201407-05	Third Party Advisory
61254	Third Party Advisory
59677	Third Party Advisory
59661	Third Party Advisory
59529	Third Party Advisory
59525	Third Party Advisory
59518	Third Party Advisory
59502	Third Party Advisory
59483	Third Party Advisory
59460	Third Party Advisory
59454	Third Party Advisory
59449	Third Party Advisory
59448	Third Party Advisory
59447	Third Party Advisory
59446	Third Party Advisory
59445	Third Party Advisory
59444	Third Party Advisory
59441	Third Party Advisory
59440	Third Party Advisory
59437	Third Party Advisory
59435	Third Party Advisory
59429	Third Party Advisory
59389	Third Party Advisory
59380	Third Party Advisory
59375	Third Party Advisory
59374	Third Party Advisory
59368	Third Party Advisory
59365	Third Party Advisory
59364	Third Party Advisory
59362	Third Party Advisory
59347	Third Party Advisory
59338	Third Party Advisory
59310	Third Party Advisory
59306	Third Party Advisory
59305	Third Party Advisory
59287	Third Party Advisory
59284	Third Party Advisory
59282	Third Party Advisory
59264	Third Party Advisory
59231	Third Party Advisory
59223	Third Party Advisory
59215	Third Party Advisory
59214	Third Party Advisory
59211	Third Party Advisory
59202	Third Party Advisory
59192	Third Party Advisory
59190	Third Party Advisory
59189	Third Party Advisory
59188	Third Party Advisory
59186	Third Party Advisory
59175	Third Party Advisory
59167	Third Party Advisory
59163	Third Party Advisory
59142	Third Party Advisory
59135	Third Party Advisory
59132	Third Party Advisory
59101	Third Party Advisory
59093	Third Party Advisory
59040	Third Party Advisory
59004	Third Party Advisory
58977	Third Party Advisory
58945	Third Party Advisory
58742	Third Party Advisory
58719	Third Party Advisory
58716	Third Party Advisory
58714	Third Party Advisory
58713	Third Party Advisory
58667	Third Party Advisory
58660	Third Party Advisory
58615	Third Party Advisory
58492	Third Party Advisory
58433	Third Party Advisory
58337	Third Party Advisory
20140607 Re: More OpenSSL issues	Mailing List Third Party Advisory
FEDORA-2014-9308	Third Party Advisory
FEDORA-2014-9301	Third Party Advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=KB29217	Third Party Advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=KB29195	Not Applicable
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629	Not Applicable
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc	Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html	Patch Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html	Patch Third Party Advisory
20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities	Not Applicable Third Party Advisory VDB Entry
https://cert-portal.siemens.com/productcert/pdf/ssa-234763.pdf	Third Party Advisory
https://www.arista.com/en/support/advisories-notices/security-advisories/941-security-advisory-0005	Broken Link
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=bc8923b1ec9c467755cd86f7848c50ee8812e441

Подверженные конфигурации:
1. Конфигурация 1
  cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*
  Start including
  1.0.0
  End excliding
  1.0.0m
  cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*
  Start including
  1.0.1
  End excliding
  1.0.1h
  cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*
  End excliding
  0.9.8za
  
  Конфигурация 2
  cpe:2.3:a:redhat:jboss_enterprise_web_platform:5.2.0:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
  cpe:2.3:a:redhat:storage:2.1:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux:4:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
  cpe:2.3:a:redhat:jboss_enterprise_web_server:2.0.1:*:*:*:*:*:*:*
  cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.2.0:*:*:*:*:*:*:*
  cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*
  cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.2.3:*:*:*:*:*:*:*
  cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*
  cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
  cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
  
  Конфигурация 3
  cpe:2.3:a:filezilla-project:filezilla_server:*:*:*:*:*:*:*:*
  End excliding
  0.9.45
  
  Конфигурация 4
  cpe:2.3:o:siemens:application_processing_engine_firmware:*:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:h:siemens:application_processing_engine:-:*:*:*:*:*:*:*
  
  Конфигурация 5
  cpe:2.3:o:siemens:cp1543-1_firmware:*:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:h:siemens:cp1543-1:-:*:*:*:*:*:*:*
  
  Конфигурация 6
  cpe:2.3:o:siemens:s7-1500_firmware:*:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:h:siemens:s7-1500:-:*:*:*:*:*:*:*
  
  Конфигурация 7
  cpe:2.3:o:siemens:rox_firmware:*:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:h:siemens:rox:-:*:*:*:*:*:*:*
  
  Конфигурация 8
  cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
  Start including
  10.0.0
  End excliding
  10.0.13
  
  Конфигурация 9
  cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
  Start including
  3.4.0
  End excliding
  3.4.2
  cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
  Start including
  2.7.0
  End excliding
  2.7.8
  
  Конфигурация 10
  cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*
  End excliding
  0.10.29

Версия: v24.4.2

Наверх

Уязвимость CVE-2014-0224: Информация

Описание

Исправленные пакеты

Ссылки на рекомендации, решения и инструменты

Конфигурация 1

Конфигурация 2

Конфигурация 3

Конфигурация 4

Конфигурация 5

Конфигурация 6

Конфигурация 7

Конфигурация 8

Конфигурация 9

Конфигурация 10