2 Replies Latest reply on Jun 6, 2014 8:14 AM by bobcaruso62

    Is a FASL script in the works for 2014-0224 (the new OpenSSL issue)?

    bobcaruso62

      Could you comment on the plan to check for the latest OpenSSL bug, 2014-0224, which allows sessions to be MiM'd if both client and server are running the vulnerable version? We have many systems to check and evaluate, and a script would sure make this go faster. Thanks!

        • 1. Re: Is a FASL script in the works for 2014-0224 (the new OpenSSL issue)?
          foose

          The definition report posted yesterday afternoon (2014-06-05_23_29_49) has 2 FASL checks (16680 & 16681) both for OpenSSL

           

          new16680OpenSSL Multiple MITM and DTLS Invalid  Fragment Vulnerabilities10General Vulnerability Assessment ->  NonIntrusive -> Web Server
          CVE-2014-0195, CVE-2014-0224Multiple man-in-the-middle and buffer overrun  vulnerabilities are present in some versions of OpenSSL.OpenSSL is a widely used  open-source implementation of the SSL and TLS protocols.
             
             
             
              Multiple man-in-the-middle and buffer overrun vulnerabilities are present  in some versions of OpenSSL. A specially crafted handshake can force the use  of weak keys that can lead to man in the middle attacks. Invalid DTLS  fragments can cause buffer overrun conditions. The vulnerabilities can be  exploited to decrypt or modify the encrypted traffic or execution of  arbitrary code on the affected systems.
             
             
             
              Based on the server fingerprint, this host appears to be affected by this  vulnerability.
          new16681OpenSSL Multiple SSL_MODE_RELEASE_BUFFERS Denial Of Service  Vulnerabilities5General Vulnerability Assessment -> NonIntrusive -> Web Server
          CVE-2010-5298, CVE-2014-0198Multiple denial of service  vulnerabilities are present in some versions of OpenSSL.
             
             
             
             
          OpenSSL is a widely used  open-source implementation of the SSL and TLS protocols.
             
             
             
              Multiple denial of service vulnerabilities are present in some versions of  OpenSSL. The vulnerabilities are due to flaws in the do_ssl3_write and  ssl3_read_bytes functions that can cause null pointer dereference or session  injection leading to denial of service.
             
             
             
              The vulnerabilities are present only when SSL_MODE_RELEASE_BUFFERS is  enabled. This is not enabled by default and not used commonly.
             
             
             
              Based on the server fingerprint, this host appears to be affected by this  vulnerability.
             
             
             
             
             
             
          • 2. Re: Is a FASL script in the works for 2014-0224 (the new OpenSSL issue)?
            bobcaruso62

            Thanks! I had been looking for this on the McAfee MVM support portal, but there was no indication that it was even on the radar. As a suggestion, when future critical issues hit and a FASL script is in the pipeline of being written, tested, and verified, it would still be useful for us compliance managers to know when the expected ship date/time would be, so that we can plan accordingly.