ID

VAR-201404-0008

CVE

CVE-2010-5298

TITLE

OpenSSL Competitive condition loophole

DESCRIPTION

Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment. OpenSSL is prone to a remote memory-corruption vulnerability. An attacker can exploit this issue to cause denial-of-service condition. Due to the nature of this issue, arbitrary code execution may be possible; however, this has not been confirmed. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-079: EMC Documentum Content Server Multiple Vulnerabilities EMC Identifier: ESA-2014-079 CVE Identifier: See below for individual CVEs Severity Rating: CVSS v2 Base Score: See below for individual CVSS score for each CVE Affected products: \x95 All EMC Documentum Content Server versions of 7.1 prior to P07 \x95 All EMC Documentum Content Server versions of 7.0 \x95 All EMC Documentum Content Server versions of 6.7 SP2 prior to P16 \x95 All EMC Documentum Content Server versions of 6.7 SP1 \x95 All EMC Documentum Content Server versions prior to 6.7 SP1 Summary: EMC Documentum Content Server contains fixes for multiple vulnerabilities which also include vulnerabilities disclosed by the OpenSSL project on June 5, 2014 in OpenSSL. Details: EMC Documentum Content Server may be susceptible to the following vulnerabilities: \x95 Arbitrary Code Execution (CVE-2014-4618): Authenticated non-privileged users can potentially execute Documentum methods with higher level privileges (up to and including superuser privileges) due to improper authorization checks being performed on user-created system objects. CVSS v2 Base Score: 8.2 (AV:N/AC:M/Au:S/C:C/I:C/A:P) \x95 DQL Injection (CVE-2014-2520): Certain DQL hints in EMC Documentum Content Server may be potentially exploited by an authenticated non-privileged malicious user to conduct DQL injection attacks and read the database contents. CVSS v2 Base Score: 6.3 (AV:N/AC:M/Au:S/C:C/I:N/A:N) \x95 Information Disclosure (CVE-2014-2521): Authenticated non-privileged users are allowed to retrieve meta-data of unauthorized system objects due to improper authorization checks being performed on certain RPC commands in Content Server. CVSS v2 Base Score: 6.3 (AV:N/AC:M/Au:S/C:C/I:N/A:N) \x95 Multiple OpenSSL vulnerabilities (See individual CVEs below and refer to NVD for each of their scores): SSL/TLS Man-in-the-middle (MITM) vulnerability (CVE-2014-0224) DTLS recursion flaw (CVE-2014-0221) DTLS invalid fragment vulnerability (CVE-2014-0195) SSL_MODE_RELEASE_BUFFERS NULL pointer deference (CVE-2014-0198) SSL_MODE_RELEASE_BUFFERS session injection or denial of service (CVE-2010-5298) Anonymous ECDH denial of service (CVE-2014-3470) FLUSH + RELOAD cache side-channel attack (CVE-2014-0076) For more information about these vulnerabilities, please visit the original OpenSSL advisory https://www.openssl.org/news/secadv_20140605.txt Resolution: The following versions contain the resolution for these issues: \x95 EMC Documentum Content Server version 7.1 P07 and later \x95 EMC Documentum Content Server version 7.0: Hotfixes are available for Windows & Linux. Contact EMC Support to obtain them. For Solaris and AIX, contact EMC Support to open Hotfix requests. \x95 EMC Documentum Content Server version 6.7 SP2 P16 and later \x95 EMC Documentum Content Server version 6.7 SP1: Hotfixes are available for Windows & Linux. Contact EMC Support to obtain them. For Solaris and AIX, contact EMC Support to open Hotfix requests. EMC recommends all customers to upgrade to one of the above versions at the earliest opportunity. Link to remedies: Registered EMC Online Support customers can download patches and software from support.emc.com at: https://support.emc.com/downloads/2732_Documentum-Server For Hotfix, contact EMC Support. Read and use the information in this EMC Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this product alert, contact EMC Software Technical Support at 1-877-534-2867. For an explanation of Severity Ratings, refer to EMC Knowledgebase solution emc218831. EMC recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability. EMC Corporation distributes EMC Security Advisories, in order to bring to the attention of users of the affected EMC products, important security information. EMC recommends that all users determine the applicability of this information to their individual situations and take appropriate action. EMC disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply. HP Systems Insight Manager v7.3 Hotfix kit HP Systems Insight Manager v7.2 Hotfix kit (The HP Systems Insight Manager v7.2 Hotfix kit is currently unavailable, but will be released at a later date. http://h18013.www1.hp.com/products/servers/management/hpsim/download.html NOTE: No reboot of the system is required after applying the HP SIM Hotfix kit. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04355095 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04355095 Version: 1 HPSBMU03062 rev.1 - HP Insight Control server deployment on Linux and Windows running OpenSSL, Multiple Vulnerabilities NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2014-08-08 Last Updated: 2014-08-08 Potential Security Impact: Remote denial of service (DoS), code execution, unauthorized access, disclosure of information Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP System Management Homepage (SMH), HP Smart Update Manager (SUM), and HP Version Control Agent (VCA) running on Linux and Windows. These components of HP Insight Control server deployment could be exploited remotely resulting in denial of service (DoS), code execution, unauthorized access, or disclosure of information. HP Insight Control server deployment packages HP System Management Homepage (SMH) and HP Version Control Agent (VCA), and HP Smart Update Manager (SUM) and deploys them through the following components. This bulletin provides the information needed to update the HP Insight Control server deployment solution. Install HP Management Agents for Windows x86/x64 Install HP Management Agents for RHEL 5 x64 Install HP Management Agents for RHEL 6 x64 Install HP Management Agents for SLES 10 x64 Install HP Management Agents for SLES 11 x64 Upgrade Proliant Firmware References: CVE-2010-5298 Remote Denial of Service CVE-2014-0076 Unauthorized Disclosure of Information CVE-2014-0195 Remote Unauthorized Access CVE-2014-0198 Remote Denial of Service CVE-2014-0221 Remote Denial of Service (DoS) CVE-2014-0224 Remote Unauthorized Access or Disclosure of Information CVE-2014-3470 Remote Code Execution or Unauthorized Access SSRT101628 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Insight Control server deployment v7.1.2, v7.2.0, v7.2.1, v7.2.2, v7.3.1 BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2010-5298 (AV:N/AC:H/Au:N/C:N/I:P/A:P) 4.0 CVE-2014-0076 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2014-0195 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-0198 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2014-0221 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2014-0224 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-3470 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has provided the following updates to v7.3.1 of HP Insight Control server deployment to resolve this vulnerability. HP has provided manual update steps if a version upgrade is not possible; if users wish to remain at v7.1.2, v7.2.0, or v7.2.1. Note: It is important to check your current running version of HP Insight Control server deployment and to follow the correct steps listed below. For HP Insight Control server deployment v7.2.2, users must upgrade to v7.3.1 and follow the steps below to remove the vulnerability. The vulnerability known as Heartbleed (CVE-2014-0160) was fixed in HP Insight Control server deployment v7.3.1. That Security Bulletin with instructions on how to upgrade to v7.3.1 can be found here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_n a-c04267749 HP Insight Control server deployment users of v7.1.2, v7.2.0, v7.2.1 should take the following steps to remove this vulnerability. Delete the files smhamd64-*.exe/smhx86-*.exe" from Component Copy Location listed in the following table, rows 1 and 2. Delete the files "vcax86-*.exe/vcaamd64-*.exe from Component Copy Location listed in the following table, rows 3 and 4. Delete the files hpsmh-7.*.rpm" from Component Copy Location listed in row 5. In sequence, perform the steps from left to right in the following table. First, download components from Download Link; Second, rename the component as suggested in Rename to. Third, copy the component to the location specified in Component Copy Location. Table Row Number Download Link Rename to Component Copy Location 1 http://www.hp.com/swpublishing/MTX-e8076c2a35804685ad65b2b1ba smhamd64-ccp023716.exe \\express\hpfeatures\hpagents-ws\components\Win2008 2 http://www.hp.com/swpublishing/MTX-3395d737d98f42149125b9bb05 smhx86-cp023715.exe \\express\hpfeatures\hpagents-ws\components\Win2008 3 http://www.hp.com/swpublishing/MTX-8aefeaf490284a7691eca97d13 vcax86-cp023742.exe \\express\hpfeatures\hpagents-ws\components\Win2008 4 http://www.hp.com/swpublishing/MTX-c0d32bac154a4d93839d8cd1f2 vcaamd64-cp023743.exe \\express\hpfeatures\hpagents-ws\components\Win2008 5 http://www.hp.com/swpublishing/MTX-bd9a1cf60e344c549c4888db93 Do not rename the downloaded component for this step. \\express\hpfeatures\hpagents-sles11-x64\components \\express\hpfeatures\hpagents-sles10-x64\components \\express\hpfeatures\hpagents-rhel5-x64\components \\express\hpfeatures\hpagents-rhel6-x64\components Download and extract the HPSUM 5.3.6 component from ftp://ftp.hp.com/pub/softlib2/software1/pubsw-windows/p750586112/v99793 Copy all content from extracted ZIP folder and paste into \\eXpress\hpfeatures\fw-proLiant\components Initiate Install HP Management Agents for SLES 11 x64 on targets running SLES11 x64. Initiate Install HP Management Agents for SLES 10 x64 on targets running SLES10 x64. Initiate Install HP Management Agents for RHEL 6 x64 on targets running RHEL 6 x64. Initiate Install HP Management Agents for RHEL 5 x64 on targets running RHEL 5 x64. Initiate Install HP Management Agents for Windows x86/x64 on targets running Windows. HP Insight Control server deployment users with v7.2.2: Please upgrade to Insight Control server deployment v7.3.1 and follow the steps below for v7.3.1. HP Insight Control server deployment users with v7.3.1: Perform steps 1 - 4 as outlined above for users with HP Insight Control server deployment v7.1.2, v7.2.0, and v7.2.1. Download the HP SUM ZIP file from http://www.hp.com/swpublishing/MTX-f6c141a7feeb4a358bbb28300f Extract the contents from the HP SUM ZIP file to \\eXpress\hpfeatures\fw-proLiant\components location on the Insight Control server deployment server Related security bulletins: For System Management Homepage please see Security bulletin HPSBMU03051 https ://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c04 345210 For HP Version Control Agent please see Security bulletin HPSBMU03057 https:/ /h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c0434 9897 HISTORY Version:1 (rev.1) - 8 August 2014 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iEYEARECAAYFAlPk9ewACgkQ4B86/C0qfVn1/gCfR2U/mZZXYwPms9ptZcBTua/5 MoQAn1qlQ3kmLRs7YFN5GzwBTRfSK5Go =r0qe -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201407-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: OpenSSL: Multiple vulnerabilities Date: July 27, 2014 Bugs: #512506 ID: 201407-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in OpenSSL, possibly allowing remote attackers to execute arbitrary code. Impact ====== A remote attacker could send specially crafted DTLS fragments to an OpenSSL DTLS client or server to possibly execute arbitrary code with the privileges of the process using OpenSSL. Workaround ========== There is no known workaround at this time. Resolution ========== All OpenSSL users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.1h-r1" References ========== [ 1 ] CVE-2010-5298 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-5298 [ 2 ] CVE-2014-0195 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0195 [ 3 ] CVE-2014-0198 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0198 [ 4 ] CVE-2014-0221 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0221 [ 5 ] CVE-2014-0224 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0224 [ 6 ] CVE-2014-3470 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3470 [ 7 ] OpenSSL Security Advisory [05 Jun 2014] http://www.openssl.org/news/secadv_20140605.txt Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201407-05.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . Unvalidated Redirect Vulnerability (CVE-2015-0512) A potential vulnerability in Unisphere Central may allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks. The attacker can specify the location of the arbitrary site in the unvalidated parameter of a crafted URL. If this URL is accessed, the browser is redirected to the arbitrary site specified in the parameter. CVSSv2 Base Score: 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N) 2. To search for a particular CVE, use the NVD database\x92s search utility at http://web.nvd.nist.gov/view/vuln/search Resolution: The following Unisphere Central release contains resolutions to the above issues: \x95 Unisphere Central version 4.0. These vulnerabilities include: * The SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "POODLE", which could be exploited remotely resulting in disclosure of information. - HP StoreVirtual VSA Software 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4130 600GB SAS Storage 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4130 600GB China SAS Storage 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4330 1TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4330 450GB SAS Storage 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4330 900GB SAS Storage 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4330 1TB MDL China SAS Storage 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4330 450GB China SAS Storage 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4330 900GB China SAS Storage 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4330 FC 900GB SAS Storage 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4330 FC 900GB China SAS Storage 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4530 2TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4530 3TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4530 450GB SAS Storage 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4530 600GB SAS Storage 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4630 900GB SAS Storage 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4730 600GB SAS Storage 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4730 900GB SAS Storage 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4730 FC 900GB SAS Storage 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4330 450GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4330 900GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4330 1TB MDL SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4530 3TB MDL SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4530 450GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4335 China Hybrid Storage 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4335 Hybrid Storage 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4530 4TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4130 600GB China SAS Storage 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4130 600GB SAS Storage 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4330 1TB MDL China SAS Storage 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4330 1TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4330 1TB MDL SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4330 450GB China SAS Storage 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4330 450GB SAS Storage 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4330 450GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4330 900GB China SAS Storage 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4330 900GB SAS Storage 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4330 900GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4330 FC 900GB China SAS Storage 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4330 FC 900GB SAS Storage 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4335 China Hybrid SAN Solution 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4335 China Hybrid Storage 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4335 Hybrid SAN Solution 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4335 Hybrid Storage 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4530 2TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4530 3TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4530 3TB MDL SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4530 450GB SAS Storage 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4530 450GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4530 4TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4530 600GB SAS Storage 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4530 600GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4630 900GB SAS Storage 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4730 600GB SAS Storage 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4730 600GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4730 900GB SAS Storage 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4730 900GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4730 FC 900GB SAS Storage 12.6, 12.5, 12.0, 11.5 BACKGROUND CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector CVE-2010-5298 4.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L 4.0 (AV:N/AC:H/Au:N/C:N/I:P/A:P) CVE-2014-0076 4.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 1.9 (AV:L/AC:M/Au:N/C:P/I:N/A:N) CVE-2014-0195 7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2014-0198 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P) CVE-2014-0221 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P) CVE-2014-0224 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2014-3470 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P) CVE-2014-3566 3.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N) CVE-2016-0705 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C) Information on CVSS is documented in HPE Customer Notice HPSN-2008-002 here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499 RESOLUTION HPE recommends applying the following software updates to resolve the vulnerabilities in the impacted versions of HPE StoreVirtual products running HPE LeftHand OS. LeftHand OS v11.5 - Patches 45019-00 and 45020 LeftHand OS v12.0 - Patches 50016-00 and 50017-00 LeftHand OS v12.5 - Patch 55016-00 LeftHand OS v12.6 - Patch 56002-00 **Notes:** These patches enable TLSv1.2 protocol and upgrades the OpenSSL RPM revision to OpenSSL v1.0.1e 48. These patches migrate Certificate Authority Hashing Algorithm from a weak hashing algorithm SHA1 to the stronger hashing algorithm SHA256. Summary VMware product updates address OpenSSL security vulnerabilities. 2. Relevant Releases ESXi 5.5 prior to ESXi550-201406401-SG 3. Problem Description a. OpenSSL update for multiple products. OpenSSL libraries have been updated in multiple products to versions 0.9.8za and 1.0.1h in order to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2014-0224, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470, CVE-2014-0221 and CVE-2014-0195 to these issues. The most important of these issues is CVE-2014-0224. CVE-2014-0198, CVE-2010-5298 and CVE-2014-3470 are considered to be of moderate severity. Exploitation is highly unlikely or is mitigated due to the application configuration. CVE-2014-0221 and CVE-2014-0195, which are listed in the OpenSSL Security Advisory (see Reference section below), do not affect any VMware products. CVE-2014-0224 may lead to a Man-in-the-Middle attack if a server is running a vulnerable version of OpenSSL 1.0.1 and clients are running a vulnerable version of OpenSSL 0.9.8 or 1.0.1. Updating the server will mitigate this issue for both the server and all affected clients. CVE-2014-0224 may affect products differently depending on whether the product is acting as a client or a server and of which version of OpenSSL the product is using. For readability the affected products have been split into 3 tables below, based on the different client-server configurations and deployment scenarios. MITIGATIONS Clients that communicate with a patched or non-vulnerable server are not vulnerable to CVE-2014-0224. Applying these patches to affected servers will mitigate the affected clients (See Table 1 below). Clients that communicate over untrusted networks such as public Wi-Fi and communicate to a server running a vulnerable version of OpenSSL 1.0.1. can be mitigated by using a secure network such as VPN (see Table 2 below). Clients and servers that are deployed on an isolated network are less exposed to CVE-2014-0224 (see Table 3 below). The affected products are typically deployed to communicate over the management network. RECOMMENDATIONS VMware recommends customers evaluate and deploy patches for affected Servers in Table 1 below as these patches become available. Patching these servers will remove the ability to exploit the vulnerability described in CVE-2014-0224 on both clients and servers. VMware recommends customers consider applying patches to products listed in Table 2 & 3 as required. Column 4 of the following tables lists the action required to remediate the vulnerability in each release, if a solution is available. Table 1 ======= Affected servers running a vulnerable version of OpenSSL 1.0.1. VMware Product Running Replace with/ Product Version on Apply Patch ============== ======= ======= ============= ESXi 5.5 ESXi ESXi550- 201406401-SG Big Data Extensions 1.1 patch pending Charge Back Manager 2.6 patch pending Horizon Workspace Server GATEWAY 1.8.1 patch pending Horizon Workspace Server GATEWAY 1.5 patch pending Horizon Workspace Server DATA 1.8.1 patch pending Horizon Mirage Edge Gateway 4.4.2 patch pending Horizon View 5.3.1 patch pending Horizon View Feature Pack 5.3 SP2 patch pending NSX for Multi-Hypervisor 4.1.2 patch pending NSX for Multi-Hypervisor 4.0.3 patch pending NSX for vSphere 6.0.4 patch pending NVP 3.2.2 patch pending vCAC 6.0.1 patch pending vCloud Networking and Security 5.5.2 patch pending vCloud Networking and Security 5.1.2 patch pending vFabric Web Server 5.3.4 patch pending vCHS - DPS-Data Protection 2.0 patch pending Service Table 2 ======== Affected clients running a vulnerable version of OpenSSL 0.9.8 or 1.0.1 and communicating over an untrusted network. VMware Product Running Replace with/ Product Version on Apply Patch ============== ======= ======= ============= vCSA 5.5 patch pending vCSA 5.1 patch pending vCSA 5.0 patch pending ESXi 5.1 ESXi patch pending ESXi 5.0 ESXi patch pending Workstation 10.0.2 any patch pending Workstation 9.0.3 any patch pending Fusion 6.x OSX patch pending Fusion 5.x OSX patch pending Player 10.0.2 any patch pending Player 9.0.3 any patch pending Chargeback Manager 2.5.x patch pending Horizon Workspace Client for 1.8.1 OSX patch pending Mac Horizon Workspace Client for 1.5 OSX patch pending Mac Horizon Workspace Client for 1.8.1 Windows patch pending Windows Horizon Workspace Client for 1.5 Windows patch pending OVF Tool 3.5.1 patch pending OVF Tool 3.0.1 patch pending vCenter Operations Manager 5.8.1 patch pending vCenter Support Assistant 5.5.0 patch pending vCenter Support Assistant 5.5.1 patch pending vCD 5.1.2 patch pending vCD 5.1.3 patch pending vCD 5.5.1.1 patch pending vCenter Site Recovery Manager 5.0.3.1 patch pending Table 3 ======= The following table lists all affected clients running a vulnerable version of OpenSSL 0.9.8 or 1.0.1 and communicating over an untrusted network. VMware Product Running Replace with/ Product Version on Apply Patch ============== ======= ======= ============= vCenter Server 5.5 any patch pending vCenter Server 5.1 any patch pending vCenter Server 5.0 any patch pending Update Manager 5.5 Windows patch pending Update Manager 5.1 Windows patch pending Update Manager 5.0 Windows patch pending Config Manager (VCM) 5.6 patch pending Horizon View Client 5.3.1 patch pending Horizon View Client 4.x patch pending Horizon Workspace 1.8.1 patch pending Horizon Workspace 1.5 patch pending ITBM Standard 1.0.1 patch pending ITBM Standard 1.0 patch pending Studio 2.6.0.0 patch pending Usage Meter 3.3 patch pending vCenter Chargeback Manager 2.6 patch pending vCenter Converter Standalone 5.5 patch pending vCenter Converter Standalone 5.1 patch pending vCD (VCHS) 5.6.2 patch pending vCenter Site Recovery Manager 5.5.1 patch pending vCenter Site Recovery Manager 5.1.1 patch pending vFabric Application Director 5.2.0 patch pending vFabric Application Director 5.0.0 patch pending View Client 5.3.1 patch pending View Client 4.x patch pending VIX API 5.5 patch pending VIX API 1.12 patch pending vMA (Management Assistant) 5.1.0.1 patch pending VMware Data Recovery 2.0.3 patch pending VMware vSphere CLI 5.5 patch pending vSphere Replication 5.5.1 patch pending vSphere Replication 5.6 patch pending vSphere SDK for Perl 5.5 patch pending vSphere Storage Appliance 5.5.1 patch pending vSphere Storage Appliance 5.1.3 patch pending vSphere Support Assistant 5.5.1 patch pending vSphere Support Assistant 5.5.0 patch pending vSphere Virtual Disk 5.5 patch pending Development Kit vSphere Virtual Disk 5.1 patch pending Development Kit vSphere Virtual Disk 5.0 patch pending Development Kit 4. Solution ESXi 5.5 ---------------------------- Download: https://www.vmware.com/patchmgr/download.portal Release Notes and Remediation Instructions: http://kb.vmware.com/kb/2077359 5. References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470 https://www.openssl.org/news/secadv_20140605.txt - ----------------------------------------------------------------------- 6. Change Log 2014-06-10 VMSA-2014-0006 Initial security advisory in conjunction with the release of ESXi 5.5 updates on 2014-06-10 - ----------------------------------------------------------------------- 7. Contact E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: security-announce at lists.vmware.com bugtraq at securityfocus.com fulldisclosure at seclists.org E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055 VMware Security Advisories http://www.vmware.com/security/advisories VMware Security Response Policy https://www.vmware.com/support/policies/security_response.html VMware Lifecycle Support Phases https://www.vmware.com/support/policies/lifecycle.html Twitter https://twitter.com/VMwareSRC Copyright 2014 VMware Inc. All rights reserved. Corrected: 2014-04-30 04:03:05 UTC (stable/10, 10.0-STABLE) 2014-04-30 04:04:42 UTC (releng/10.0, 10.0-RELEASE-p2) CVE Name: CVE-2010-5298 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:http://security.FreeBSD.org/>. Revision History v1.0 2014-04-30 Initial release. v1.1 2014-04-30 Added patch applying step in Solutions section. Background FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. OpenSSL context can be set to a mode called SSL_MODE_RELEASE_BUFFERS, which requests the library to release the memory it holds when a read or write buffer is no longer needed for the context. II. Problem Description The buffer may be released before the library have finished using it. It is possible that a different SSL connection in the same process would use the released buffer and write data into it. III. Impact An attacker may be able to inject data to a different connection that they should not be able to. IV. Workaround No workaround is available, but systems that do not use OpenSSL to implement the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, or not using SSL_MODE_RELEASE_BUFFERS and use the same process to handle multiple SSL connections, are not vulnerable. The FreeBSD base system service daemons and utilities do not use the SSL_MODE_RELEASE_BUFFERS mode. However, many third party software uses this mode to reduce their memory footprint and may therefore be affected by this issue. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. 2) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch http://security.FreeBSD.org/patches/SA-14:09/openssl.patch # fetch http://security.FreeBSD.org/patches/SA-14:09/openssl.patch.asc # gpg --verify openssl.patch.asc b) Execute the following commands as root: # cd /usr/src # patch < /path/to/patch Recompile the operating system using buildworld and installworld as described in <URL:http://www.FreeBSD.org/handbook/makeworld.html>. Restart all deamons using the library, or reboot the system. 3) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/10/ r265122 releng/10.0/ r265124 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: <URL:http://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> VII

AFFECTED PRODUCTS