Lucene search

F5F5:K15356

HistoryAug 13, 2014 - 12:00 a.m.

K15356 : OpenSSL vulnerability CVE-2014-0195

2014-08-1300:00:00

my.f5.com

8.1 High

AI Score

Confidence

High

0.968 High

EPSS

Percentile

99.7%

JSON

Security Advisory Description

The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment. (CVE-2014-0195)

Impact

An attacker may be able to exploit an OpenSSL Datagram Transport Layer Security (DTLS) client or server by sending invalid DTLS fragments. As a result, the attacker may be able to run arbitrary code or cause a denial-of-service (DoS).

Server-side impact for F5 products

The server-side components are vulnerable in the event that an attacker is able to launch an attack from a client to an affected server component. BIG-IP 11.3.0 and earlier contains the following vulnerable server-side code:

COMPAT SSL ciphers

Virtual servers using a ClientSSL profile configured to use ciphers from the COMPAT SSL stack are vulnerable to this attack. The BIG-IP ClientSSL profile enables the BIG-IP system to accept and terminate client requests that are sent using the SSL protocol. In this context, the BIG-IP system functions as an SSL server, handling incoming SSL traffic.

Note: NATIVE SSL ciphers on affected versions are not vulnerable. However, some vulnerability scanners may generate false positive reports when run against BIG-IP virtual servers that are configured to use ciphers supported by the NATIVE SSL stack. This includes all ciphers enabled by the default cipher string.

Client-side impact for F5 products

The client-side components are vulnerable in the event that an attacker is able to launch an attack from a server to an affected client component. BIG-IP 11.5.1 and earlier contains the following vulnerable server-side code:

COMPAT SSL ciphers

Virtual servers using a ServerSSL profile configured to use ciphers from the COMPAT SSL stack are vulnerable to this attack. The BIG-IP ServerSSL profile enables the BIG-IP system to initiate secure connections to SSL servers using the SSL protocol. In this context, the BIG-IP system functions as an SSL client, initiating outbound SSL traffic.

Host-initiated SSL connections

An example here is when you use openssl s_client or configure a DTLS monitor to initiate SSL connections.

CPENameOperatorVersion
big-ip afmeq11.3.0
big-ip afmeq11.4.0
big-ip afmeq11.4.1
big-ip afmeq11.5.0
big-ip afmeq11.5.1
big-ip afmeq11.5.2
big-ip afmeq11.5.3
big-ip afmeq11.6.0
big-ip analyticseq11.0.0
big-ip analyticseq11.1.0

Name	Operator	Version
big-ip afm	eq	11.3.0
big-ip afm	eq	11.4.0
big-ip afm	eq	11.4.1
big-ip afm	eq	11.5.0
big-ip afm	eq	11.5.1
big-ip afm	eq	11.5.2
big-ip afm	eq	11.5.3
big-ip afm	eq	11.6.0
big-ip analytics	eq	11.0.0
big-ip analytics	eq	11.1.0

Rows per page:

1-10 of 1861