You are here

Potential key material leak in OpenSSL and Stunnel

IDs: 
CVE-2014-0076, CVE-2014-0016
Keywords: 
openssl, stunnel, ECDSA, DSA
Description: 

Two following two vulnerabilities affect OpenSSL through 1.0.1f and stunnel before 5.00 as used by Apache httpd and the SSL-VPN module in Airlock 4.2.6 and 5.0. Both vulnerabilities could affect the secrecy of key material. Airlock is not affected by the vulnerabilities.

Details

CVE-2014-0016

stunnel before 5.00, when using fork threading, does not properly update the state of the OpenSSL pseudo-random number generator (PRNG), which causes subsequent children with the same process ID to use the same entropy pool and allows remote attackers to obtain private keys for EC (ECDSA) or DSA certificates.

Airlock is not affected because stunnel is using pthreads instead of processes (fork) on Airlock.

CVE-2014-0076

The Montgomery ladder implementation in OpenSSL through 1.0.1f does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack.

Airlock is not affected because the side-channel attack relies on local access to the system/processes. Local access to Airlock is only available for trusted users (root).

Component: 
Airlock
Airlock Vulnerability Status: 
Does not affect Airlock
Back-end Vulnerability Status: 
Does not affect back-end behind Airlock