FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2014-0224

This CVE name corresponds to:

Entered Topic
2014-06-05 OpenSSL -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2014-0224 at cve.mitre.org

Details

Type Candidate
Name CVE-2014-0224
Phase Assigned(20131203)

Description

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability.

References

Source Reference
BUGTRAQ 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
FULLDISC 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
MISC http://ccsinjection.lepidum.co.jp
MISC https://www.imperialviolet.org/2014/06/05/earlyccs.html
CONFIRM http://www.openssl.org/news/secadv_20140605.txt
CONFIRM https://access.redhat.com/site/blogs/766093/posts/908133
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=1103586
CONFIRM https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=bc8923b1ec9c467755cd86f7848c50ee8812e441
CONFIRM https://kb.bluecoat.com/index?page=content&id=SA80
CONFIRM http://www.kerio.com/support/kerio-control/release-history
CONFIRM http://esupport.trendmicro.com/solution/en-US/1103813.aspx
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=nas8N1020172
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21676035
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21676062
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21676419
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21676496
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21676655
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21676845
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21677390
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg24037761
CONFIRM http://www.blackberry.com/btsc/KB36051
CONFIRM http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm
CONFIRM http://www.novell.com/support/kb/doc.php?id=7015264
CONFIRM http://www.novell.com/support/kb/doc.php?id=7015300
CONFIRM http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=6060&myns=phmc&mync=E
CONFIRM http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=6061&myns=phmc&mync=E
CONFIRM https://kc.mcafee.com/corporate/index?page=content&id=SB10075
CONFIRM http://dev.mysql.com/doc/relnotes/workbench/en/wb-news-6-1-7.html
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21673137
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21677828
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21677527
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21677695
CONFIRM http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095740
CONFIRM https://www.intersectalliance.com/wp-content/uploads/release_notes/ReleaseNotes_for_SNARE_for_MSSQL.pdf
CONFIRM https://www.intersectalliance.com/wp-content/uploads/release_notes/ReleaseNotes_for_Snare_for_Windows.pdf
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004690
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21677567
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21678167
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21678289
CONFIRM http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095737
CONFIRM http://www.splunk.com/view/SP-CAAAM2D
CONFIRM http://www.tenable.com/blog/nessus-527-and-pvs-403-are-available-for-download
CONFIRM https://discussions.nessus.org/thread/7517
CONFIRM http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=isg400001841
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=isg400001843
CONFIRM http://www.fortiguard.com/advisory/FG-IR-14-018/
CONFIRM https://blogs.oracle.com/sunsecurity/entry/cve_2014_0224_cryptographic_issues
CONFIRM https://filezilla-project.org/versions.php?type=server
CONFIRM http://puppetlabs.com/security/cve/cve-2014-0224
CONFIRM http://linux.oracle.com/errata/ELSA-2014-1053.html
CONFIRM http://support.apple.com/kb/HT6443
CONFIRM http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
CONFIRM http://www.vmware.com/security/advisories/VMSA-2014-0012.html
CONFIRM http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
CONFIRM http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0
CONFIRM http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
CISCO 20140605 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products
HP HPSBMU03070
HP HPSBMU03053
HP HPSBMU03058
HP HPSBHF03145
HP HPSBMU03083
HP HPSBPI03107
HP HPSBST03097
HP HPSBST03103
HP HPSBST03106
HP HPSBST03265
HP HPSBMU03216
HP SSRT101818
HP HPSBST03195
MANDRIVA MDVSA-2015:062
REDHAT RHSA-2014:0624
REDHAT RHSA-2014:0626
REDHAT RHSA-2014:0627
REDHAT RHSA-2014:0630
REDHAT RHSA-2014:0631
REDHAT RHSA-2014:0632
REDHAT RHSA-2014:0633
REDHAT RHSA-2014:0680
SUSE openSUSE-SU-2015:0229
SUSE SUSE-SU-2015:0578
CERT-VN VU#978508
SECTRACK 1031032
SECTRACK 1031594
SECUNIA 58579
SECUNIA 59191
SECUNIA 58128
SECUNIA 58385
SECUNIA 58939
SECUNIA 59043
SECUNIA 59055
SECUNIA 59063
SECUNIA 59120
SECUNIA 59126
SECUNIA 59162
SECUNIA 59300
SECUNIA 59383
SECUNIA 59438
SECUNIA 59442
SECUNIA 59450
SECUNIA 59491
SECUNIA 59495
SECUNIA 59514
SECUNIA 59528
SECUNIA 59490
SECUNIA 59655
SECUNIA 59721
SECUNIA 59827
SECUNIA 58930
SECUNIA 59413
SECUNIA 59602
SECUNIA 59669
SECUNIA 58639
SECUNIA 58759
SECUNIA 59012
SECUNIA 59301
SECUNIA 59370
SECUNIA 59659
SECUNIA 59666
SECUNIA 59824
SECUNIA 58745
SECUNIA 59459
SECUNIA 59885
SECUNIA 59342
SECUNIA 59451
SECUNIA 59894
SECUNIA 59916
SECUNIA 60049
SECUNIA 58743
SECUNIA 59325
SECUNIA 59354
SECUNIA 59506
SECUNIA 59530
SECUNIA 59589
SECUNIA 60066
SECUNIA 59784
SECUNIA 59878
SECUNIA 59990
SECUNIA 60176
SECUNIA 60522
SECUNIA 60567
SECUNIA 60571
SECUNIA 60577
SECUNIA 60819
SECUNIA 61815

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.