The OpenSSL Project disclosed eight vulnerabilities on January 8, 2015. One or more of these vulnerabilities affect both client and server installations of OpenSSL. The vulnerability names and the associated Common Vulnerabilities and Exposures (CVE) IDs are as follows.



The impact of these vulnerabilities on Cisco products may vary depending on the affected product.



For Cisco products, please refer to the information provided in the Cisco bug IDs listed in the Affected Products section of this document. Additional information and detailed instructions are available in the Cisco installation, configuration, and maintenance guides for each product. If additional clarification or advice is needed, please contact your support organization.



OpenSSL DTLS Message Processing Denial of Service Vulnerability



A vulnerability in OpenSSL could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.



The vulnerability is due to improper processing of network messages. An attacker could exploit this vulnerability by sending malicious network messages to a targeted system.



This vulnerability has been assigned CVE ID CVE-2014-3571.



OpenSSL dtls1_buffer_record Function DTLS Message Processing Denial of Service Vulnerability



OpenSSL contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.



The vulnerability is due to an error condition that occurs when the affected software processes crafted Datagram Transport Layer Security (DTLS) packets. An unauthenticated, remote attacker could exploit this vulnerability by sending crafted DTLS packets to an affected OpenSSL-based server. An exploit could allow the attacker to consume excessive memory resources, resulting in a DoS condition.



This vulnerability has been assigned CVE ID CVE-2015-0206.



OpenSSL no-ssl3 Option NULL Pointer Dereference Vulnerability



A vulnerability in OpenSSL could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a targeted system.



The vulnerability is due to improper implementation of the OpenSSL build configuration. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted SSL 3.0 handshake request to the targeted client. Processing the request could cause the affected software to terminate abnormally, leading to a DoS condition.



This vulnerability has been assigned CVE ID CVE-2014-3569.



OpenSSL Elliptic Curve Cryptographic Downgrade Vulnerability



A vulnerability in OpenSSL could allow an unauthenticated, remote attacker to conduct downgrade attacks.



The vulnerability is due to insecure implementation of ephemeral Elliptic Curve Diffie-Hellman (ECDH) ciphersuites by the affected software. An unauthenticated, remote attacker could exploit this vulnerability by transmitting crafted handshake requests to the targeted client system. When processed, the requests could allow the attacker to downgrade the server to use the weaker encryption protocol, which could allow the attacker to obtain sensitive information from the system.



This vulnerability has been assigned CVE ID CVE-2014-3572.



OpenSSL RSA Temporary Key Cryptographic Downgrade Vulnerability



A vulnerability in OpenSSL could allow an unauthenticated, remote attacker to bypass security restrictions.



The vulnerability is due to improper handling of an RSA temporary key. An attacker with a privileged network position could exploit the vulnerability by returning a weak temporary RSA key to a system using an application that uses the vulnerable OpenSSL library. When processed, the insecure temporary key could result in reduced cryptographic protections, which could allow the attacker to bypass security protections.



This vulnerability has been assigned CVE ID CVE-2015-0204.



OpenSSL Diffie-Hellman Certificate Validation Authentication Bypass Vulnerability



OpenSSL contains a vulnerability that could allow an unauthenticated, remote attacker to bypass certain security restrictions and access sensitive information on a targeted system.



The vulnerability is due to improper certificate verification by the affected software. An unauthenticated, remote attacker could exploit this vulnerability by transmitting a crafted Diffie-Hellman certificate without the certificate verify message to the affected server. The processing of such certificates could allow the attacker to bypass certain security restrictions and access sensitive information on the system.



This vulnerability has been assigned CVE ID CVE-2015-0205.



OpenSSL Certificate Fingerprint Validation Vulnerability



A vulnerability in OpenSSL could allow an unauthenticated, remote attacker to bypass fingerprint-based certificate validation mechanisms implemented by the affected software.



The vulnerability exists due to insufficient constraints applied on certificate data by the affected software. An attacker could exploit this vulnerability by including crafted data within a certificate's unsigned portion and submitting it to be processed by the affected software. If successful, an attacker could bypass the fingerprint-based certificate-blacklist protection mechanism implemented by the affected software.



This vulnerability has been assigned CVE ID CVE-2014-8275.



OpenSSL BN_sql Function Incorrect Mathematical Results Issue



An issue in OpenSSL could result in the calculation of incorrect mathematical results.



The issue is in the BN_sql function because the function does not properly calculate the square of a BIGNUM value. An unauthenticated, remote attacker could exploit this issue using an unspecified vector. Successful exploitation could cause the software to calculate incorrect results.



Reports suggest that no exploits are known and straightforward bug attacks fail because the attacker cannot control when the bug triggers and no private key material is involved.



This vulnerability has been assigned CVE ID CVE-2014-3570.