Multiple Vulnerabilities in OpenSSL

description-logo Description

The OpenSSL project released an advisory on June 5th, 2014, which describes the following vulnerabilities:
SSL/TLS MITM vulnerability (CVE-2014-0224)
DTLS recursion flaw (CVE-2014-0221)
DTLS invalid fragment vulnerability (CVE-2014-0195)
SSL_MODE_RELEASE_BUFFERS session injection or denial of service (CVE-2010-5298)
Anonymous ECDH denial of service (CVE-2014-3470)
More information on these issues can be found in the original OpenSSL advisory. Many Fortinet products utilize OpenSSL and are affected by this advisory.
2014-06-06, 1200 PST, Version 1: Initial advisory.
2014-06-09, 1700 PST, Version 2: Added FortiClient.
2014-06-12, 1400 PST, Version 3: Added release dates for FortiMail, FortiAuthenticator and FortiVoiceOS.
2014-06-16, 1400 PST, Version 4: Added tentative timelines and/or release dates for FortiOS, FortiClient, FortiManager/Analyzer, FortiWeb, FortiSandbox and FortiRecorder.
2014-06-19, 1400 PST, Version 5: Fixed IPS signature names.
2014-07-03, 2000 PST, Version 6: Added fixed versions of FortiOS 4.3, FortiAnalyzer, FortiManager and AscenLink.
2014-08-11, 1400 PST, Version 7: Added fixed version of FortiOS 5.0.x.

Impact Detail

Impact Detail

CVE-2014-0224 may allow an attacker with a privileged network position (man-in-the-middle) to decrypt SSL encrypted communications.
CVE-2014-0221 may allow an attacker to crash a DTLS client with an invalid handshake.
CVE-2014-0195 can result in a buffer overrun attack by sending invalid DTLS fragments to an OpenSSL DTLS client or server.
CVE-2014-0198 and CVE-2010-5298 may allow an attacker to cause a denial of service under certain conditions, when SSL_MODE_RELEASE_BUFFERS is enabled.
CVE-2014-3470 may allow an attacker to trigger a denial of service in SSL clients when anonymous ECDH ciphersuites are enabled. This issue does not affect Fortinet products.
CVE-2014-0076 can be used to discover ECDSA nonces on multi-user systems by exploiting timing attacks in CPU L3 caches. This does not apply to Fortinet products.

Affected Products

FortiOS, FortiClient, FortiSwitch, FortiAnalyzer, FortiManager, FortiMail, FortiAP, FortiVoiceOS, FortiWeb, FortiAuthenticator, FortiDNS, FortiDDoS, FortiCache, FortiRecorder, FortiSandbox, FortiADC, FortiADC-E, Equalizer LX/GX, AscenLink


FortiGuard labs has released IPS signatures entitled "OpenSSL.ChangeCipherSpec.Injection" to protect against CVE-2014-0224, "OpenSSL.dtls1_reassemble_fragment.Invalid.Fragment.BOF" to protect against CVE-2014-0195 and "OpenSSL.DTLS.recursion.Denial.of.Service" to protect against CVE-2014-0221. These signatures can be used on interface policies and transit policies to protect the FortiGate control plane and devices behind the FortiGate firewall, respectively. For more information on using IPS signatures, refer to the documentation.
Note that while many products are vulnerable to CVE-2014-0224, interception of communications requires that both client and server are vulnerable. All mainstream browsers do not utilize OpenSSL and are thus not affected.
Firmware Updates
Fortinet is making every effort to produce software fixes for these vulnerabilities. Tentative release dates and updated software versions are shown below.
4.3.16 (build 686), Released on 2014-06-30
5.2.0 (build 589), Released on 2014-06-16
5.0.8 (build 291), Released on 2014-07-28
5.2.0 (Release date TBD)
5.0.7 (build 321), Released on 2014-06-27
5.2.0 (build 591), Released on 2014-06-12
5.0.10 (Release date TBD)
5.1.3 (build 281), Released on 2014-06-11
5.0.6 (build 170), Released on 2014-06-10
4.3.8 (build 546), Released on 2014-06-10
3.0.3 (build 165), Released on 2014-06-11
3.1.0 (build 60), Released on 2014-06-16
5.3.1 (Tentative release in early August)
1.3.0 (build 86), Released on 2014-06-09
1.5.0 (Release date TBD)
1.4.2 (Release date TBD)
For information on FortiADC-E series and Coyote Point LX and GX products, please refer to the Coyote Point advisory.
AscenLink V7.1 - B5955, Released on 2014-07-03
All other product release dates are not yet available.