| 兩邊的前次修訂版前次修改
下次修改 | 前次修改
|
| cve:cve-2014-0224 [2014/06/26 08:35] – jal | cve:cve-2014-0224 [2014/06/26 11:07] (目前版本) – jal |
|---|
| ====== CVE-2014-0224 OpenSSL MITM ChangeCipherSpec (CCS) Injection flaw ====== | ====== CVE-2014-0224 OpenSSL MITM ChangeCipherSpec (CCS) Injection flaw ====== |
| | In additon, OpenSSL also regarding following seven vulnerabilities. Some of vendor had max tham to a "Security Advisories" |
| | |
| | ^ CVE Number ^ CVSS base score ^ Description ^ |
| | | [[http://www.cvedetails.com/cve/CVE-2014-0224|CVE-2014-0224]] | 6.8 | SSL/TLS MITM vulnerability | |
| | | [[http://www.cvedetails.com/cve/CVE-2014-0221|CVE-2014-0221]] | 4.3 | DTLS recursion flaw | |
| | | [[http://www.cvedetails.com/cve/CVE-2014-0195|CVE-2014-0195]] | 6.8 | DTLS invalid fragment vulnerability | |
| | | [[http://www.cvedetails.com/cve/CVE-2014-0198|CVE-2014-0198]] | 4.3 | SSL_MODE_RELEASE_BUFFERS NULL pointer dereference | |
| | | [[http://www.cvedetails.com/cve/CVE-2010-5298|CVE-2010-5298]] | 4.0 | SSL_MODE_RELEASE_BUFFERS session injection or denial of service | |
| | | [[http://www.cvedetails.com/cve/CVE-2014-3470|CVE-2014-3470]] | 4.3 | Anonymous ECDH denial of service | |
| | | [[http://www.cvedetails.com/cve/CVE-2014-0076|CVE-2014-0076]] | 4.3 | ECDSA nonce disclosure using side-channel attack | |
| |
| ===== About Networking Vendors ===== | ===== About Networking Vendors ===== |
| ^ Vendor ^ Affected ^ Announcement ^ Announce Date ^ | ^ Vendor ^ Affected ^ Announcement ^ Announce Date ^ |
| | A10 | Yes:!: | [[https://www.a10networks.com/support-axseries/openssl_security_advisory.php/|Link at A10(login required)]] | 2014-06-05 | | | A10 | :!: Yes | [[https://www.a10networks.com/support-axseries/openssl_security_advisory.php/|Link at A10(login required)]] | 2014-06-05 | |
| | Arbor Networks | -- | https://arbor.custhelp.com/app/answers/detail/a_id/2379 | 2014-06-05 | | | Arbor Networks | -- | https://arbor.custhelp.com/app/answers/detail/a_id/2379 | 2014-06-05 | |
| | Aruba Networks | Yes:!: | [[http://www.arubanetworks.com/support/alerts/aid-06062014.txt|External Document at Aruba Alert]] | 2014-06-06 | | | Aruba Networks | :!: Yes | [[http://www.arubanetworks.com/support/alerts/aid-06062014.txt|External Document at Aruba Alert]] | 2014-06-06 | |
| | BlueCoat | Yes:!: | [[https://kb.bluecoat.com/index?page=content&id=SA80&pmv=print&impressions=false|External link at BlueCoat KB]] | 2014-06-06 | | | BlueCoat | :!: Yes | [[https://kb.bluecoat.com/index?page=content&id=SA80&pmv=print&impressions=false|External link at BlueCoat KB]] | 2014-06-06 | |
| | Brocade | -- | | | | | Brocade | -- | | | |
| | CheckPoint | No | [[https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk101186|External link at CheckPoint]] | 2014-06-06 | | | CheckPoint | No | [[https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk101186|External link at CheckPoint]] | 2014-06-06 | |
| | Cisco | Yes:!: | [[http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl|External link at Cisco]] | 2014-06-05 | | | Cisco | :!: Yes | [[http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl|External link at Cisco]] | 2014-06-05 | |
| | Dlink | -- | | | | | Dlink | -- | | | |
| | Enterasys (Part of Extreme) | -- | | | | | Enterasys (Part of Extreme) | -- | | | |
| | Extreme Networks | -- | | | | | Extreme Networks | -- | | | |
| | F5 | Yes:!: | [[http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15325.html|External link at F5]] | 2014-06-05 | | | F5 | :!: Yes | [[http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15325.html|External link at F5]] | 2014-06-05 | |
| | FireEye | Yes:!: | [[http://www.fireeye.com/support/support-notices.html|External link at FireEye]] | 2014-06-09 | | | FireEye | :!: Yes | [[http://www.fireeye.com/support/support-notices.html|External link at FireEye]] | 2014-06-09 | |
| | Fortinet | Yes:!: | [[http://www.fortiguard.com/advisory/FG-IR-14-018/|External link at FortiGuard]] | 2014-06-06 | | | Fortinet | :!: Yes | [[http://www.fortiguard.com/advisory/FG-IR-14-018/|External link at FortiGuard]] | 2014-06-06 | |
| | iMPERVA | Yes:!: Only 10.5 | [[https://www.imperva.com/sign_in.asp?retURL=/articles/Solution/OpenSSL-Vulnerability-issue-CVE-2014-0224| External link at iMPERVA (login required)]] | 2014-06-07 | | | iMPERVA | :!: Yes Only 10.5 | [[https://www.imperva.com/sign_in.asp?retURL=/articles/Solution/OpenSSL-Vulnerability-issue-CVE-2014-0224| External link at iMPERVA (login required)]] | 2014-06-07 | |
| | Juniper | Yes:!: | [[http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629|External link at Juniper KB]] | 2014-06-?? | | | Juniper | :!: Yes | [[http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629|External link at Juniper KB]] | 2014-06-?? | |
| | McAfee | Yes:!: | [[https://kc.mcafee.com/corporate/index?page=content&id=SB10075|External link at McAfee]] | 2014-06-?? | | | McAfee | :!: Yes | [[https://kc.mcafee.com/corporate/index?page=content&id=SB10075|External link at McAfee]] | 2014-06-?? | |
| | NetAxle | -- | [[http://www.netaxle.com.tw/|External link at NetAxle]] | -- | | | NetAxle | -- | [[http://www.netaxle.com.tw/|External link at NetAxle]] | -- | |
| | Palo Alto | Yes:!: | [[https://live.paloaltonetworks.com/docs/DOC-7150|External link at Palo Alto]] | 2014-06-09 | | | Palo Alto | :!: Yes | [[https://live.paloaltonetworks.com/docs/DOC-7150|External link at Palo Alto]] | 2014-06-09 | |
| | Ruckus Wireless | -- | [[http://www.ruckuswireless.com/security| External link at Ruckus Security]] | | | | Ruckus Wireless | -- | [[http://www.ruckuswireless.com/security| External link at Ruckus Security]] | | |
| | Sophers | -- | | | | | Sophers | -- | | | |
| | Sourcefire (Part of Cisco) | -- | Check Cisco | | | | Sourcefire (Part of Cisco) | -- | Check Cisco | | |
| | Splunk | Yes:!: | [[http://blogs.splunk.com/2014/06/09/splunk-and-the-latest-openssl-vulnerabilities/| External link at Splunk Answers ]] | 2014-06-09 | | | Splunk | :!: Yes | [[http://blogs.splunk.com/2014/06/09/splunk-and-the-latest-openssl-vulnerabilities/| External link at Splunk Answers ]] | 2014-06-09 | |
| | TippingPoint | -- | | | | | TippingPoint | -- | | | |
| | VMware | Yes:!: | [[http://www.vmware.com/security/advisories/VMSA-2014-0006.html|External link at VMware KB]] | 2014-06-10 | | | VMware | :!: Yes | [[http://www.vmware.com/security/advisories/VMSA-2014-0006.html|External link at VMware KB]] | 2014-06-10 | |
| | Websense | Yes:!: | [[http://www.websense.com/support/article/kbarticle/OpenSSL-Man-in-the-Middle-Vulnerability-CVE-2014-0224|External link at Websense ]] | 2014-04-09 | | | Websense | :!: Yes | [[http://www.websense.com/support/article/kbarticle/OpenSSL-Man-in-the-Middle-Vulnerability-CVE-2014-0224|External link at Websense ]] | 2014-06-12 | |
| |
| ===== Best Practices ===== | ===== Best Practices ===== |