Vulnerability Name:

CVE-2014-3569

Assigned:2014-12-24
Published:2014-12-24
Updated:2017-11-14
Summary:The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 0.9.8zc, 1.0.0o, and 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unexpected handshake, as demonstrated by an SSLv3 handshake to a no-ssl3 application with certain error handling. NOTE: this issue became relevant after the CVE-2014-3568 fix.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
References:Source: CONFIRM
Type: UNKNOWN
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10679

Source: APPLE
Type: UNKNOWN
APPLE-SA-2015-04-08-2

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2015:0130

Source: SUSE
Type: UNKNOWN
SUSE-SU-2015:0946

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2016:0640

Source: HP
Type: UNKNOWN
HPSBUX03162

Source: HP
Type: UNKNOWN
SSRT101885

Source: HP
Type: UNKNOWN
HPSBHF03289

Source: HP
Type: UNKNOWN
HPSBOV03318

Source: HP
Type: UNKNOWN
HPSBMU03380

Source: HP
Type: UNKNOWN
HPSBMU03409

Source: HP
Type: UNKNOWN
HPSBMU03396

Source: HP
Type: UNKNOWN
HPSBMU03413

Source: HP
Type: UNKNOWN
HPSBMU03397

Source: CONFIRM
Type: UNKNOWN
http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3569.html

Source: CONFIRM
Type: UNKNOWN
http://rt.openssl.org/Ticket/Display.html?id=3571&user=guest&pass=guest

Source: CISCO
Type: UNKNOWN
20150310 Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products

Source: DEBIAN
Type: UNKNOWN
DSA-3125

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2015:019

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2015:062

Source: CONFIRM
Type: UNKNOWN
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

Source: CONFIRM
Type: UNKNOWN
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

Source: CONFIRM
Type: UNKNOWN
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html

Source: CONFIRM
Type: UNKNOWN
http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html

Source: CONFIRM
Type: UNKNOWN
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

Source: CONFIRM
Type: UNKNOWN
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html

Source: BID
Type: UNKNOWN
71934

Source: SECTRACK
Type: UNKNOWN
1033378

Source: CONFIRM
Type: UNKNOWN
https://bto.bluecoat.com/security-advisory/sa88

Source: XF
Type: UNKNOWN
openssl-cve20143569-dos(99706)

Source: CONFIRM
Type: UNKNOWN
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=392fa7a952e97d82eac6958c81ed1e256e6b8ca5

Source: CONFIRM
Type: UNKNOWN
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=6ce9687b5aba5391fc0de50e18779eb676d0e04d

Source: CONFIRM
Type: UNKNOWN
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=b82924741b4bd590da890619be671f4635e46c2b

Source: CONFIRM
Type: UNKNOWN
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888

Source: CONFIRM
Type: UNKNOWN
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380

Source: CONFIRM
Type: UNKNOWN
https://kc.mcafee.com/corporate/index?page=content&id=SB10102

Source: CONFIRM
Type: UNKNOWN
https://kc.mcafee.com/corporate/index?page=content&id=SB10108

Source: CONFIRM
Type: UNKNOWN
https://security-tracker.debian.org/tracker/CVE-2014-3569

Source: CONFIRM
Type: UNKNOWN
https://support.apple.com/HT204659

Source: CONFIRM
Type: UNKNOWN
https://support.citrix.com/article/CTX216642

Source: CONFIRM
Type: UNKNOWN
https://www.openssl.org/news/secadv_20150108.txt

Vulnerable Configuration:Configuration 1:
  • cpe:/a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:openssl:openssl:0.9.8:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:1.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:1.0.1:*:*:*:*:*:*:*
  • AND
  • cpe:/a:ibm:tivoli_management_framework:4.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cognos_business_intelligence:8.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_netcool/reporter:2.2.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cognos_tm1:9.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:service_delivery_manager:7.2.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:service_delivery_manager:7.2.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cognos_business_intelligence:10.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cognos_business_intelligence:10.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cognos_business_intelligence:10.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:sterling_b2b_integrator:5.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:sterling_b2b_integrator:5.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:sametime:8.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:sametime:8.5.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_insight:1.1.1.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_insight:1.1.1.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cognos_tm1:10.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:flex_system_manager:1.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cognos_business_intelligence:10.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:campaign:8.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:campaign:9.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:flex_system_manager:1.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:sametime:9.0.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:sametime:9.0.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:messagesight_jms_client:1.1.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_access_manager_for_mobile:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_workload_scheduler:9.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:flex_system_manager:1.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:flex_system_manager:1.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cognos_tm1:10.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_access_manager_for_mobile:8.0.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_access_manager_for_mobile:8.0.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_access_manager_for_mobile:8.0.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_workload_scheduler:8.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_workload_scheduler:9.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_access_manager_for_mobile:8.0.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_insight:1.1.1.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cognos_tm1:10.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_software_architect:9.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_software_architect:9.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:powerkvm:2.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cognos_business_intelligence:10.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:messagesight:1.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_access_manager_for_mobile:8.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_common_reporting:2.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_common_reporting:2.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_common_reporting:3.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_common_reporting:3.1.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_common_reporting:3.1.0.2:*:*:*:*:*:*:*
  • OR cpe:/h:ibm:integrated_management_module_ii:-:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:campaign:9.1.1:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20143569
    V
    CVE-2014-3569
    2018-08-15
    oval:org.cisecurity:def:205
    P
    DSA-3125-1 -- openssl -- security update
    2016-02-08
    oval:org.mitre.oval:def:28535
    V
    Potential security vulnerabilities have been identified with HP-UX running OpenSSL.These vulnerabilities could be exploited remotely to create a remote Denial of Service(DoS) and other vulnerabilites.
    2015-05-11
    oval:com.ubuntu.precise:def:20143569000
    V
    CVE-2014-3569 on Ubuntu 12.04 LTS (precise) - low.
    2014-12-24
    oval:com.ubuntu.trusty:def:20143569000
    V
    CVE-2014-3569 on Ubuntu 14.04 LTS (trusty) - low.
    2014-12-24
    oval:com.ubuntu.xenial:def:20143569000
    V
    CVE-2014-3569 on Ubuntu 16.04 LTS (xenial) - low.
    2014-12-24
    oval:com.ubuntu.artful:def:20143569000
    V
    CVE-2014-3569 on Ubuntu 17.10 (artful) - low.
    2014-12-24
    BACK
    openssl openssl 1.0.1j
    openssl openssl 0.9.8
    openssl openssl 1.0.0
    openssl openssl 1.0.1
    ibm tivoli management framework 4.1.1
    ibm cognos business intelligence 8.4.1
    ibm tivoli netcool/reporter 2.2.0.1
    ibm cognos tm1 9.5.2
    ibm service delivery manager 7.2.1.0
    ibm service delivery manager 7.2.2.0
    ibm cognos business intelligence 10.1
    ibm cognos business intelligence 10.1.1
    ibm cognos business intelligence 10.2
    ibm sterling b2b integrator 5.1
    ibm sterling b2b integrator 5.2
    ibm sametime 8.5.2
    ibm sametime 8.5.2.1
    ibm rational insight 1.1.1.5
    ibm rational insight 1.1.1.5
    ibm cognos tm1 10.1.1
    ibm flex system manager 1.3.0
    ibm cognos business intelligence 10.2.1
    ibm campaign 8.6
    ibm campaign 9.1
    ibm flex system manager 1.2.0
    ibm sametime 9.0.0.0
    ibm sametime 9.0.0.1
    ibm messagesight jms client 1.1.0.0
    ibm security access manager for mobile 8.0
    ibm tivoli workload scheduler 9.1
    ibm flex system manager 1.2.1
    ibm flex system manager 1.3.1
    ibm cognos tm1 10.2.2
    ibm security access manager for mobile 8.0.0.1
    ibm security access manager for mobile 8.0.0.3
    ibm security access manager for mobile 8.0.0.4
    ibm tivoli workload scheduler 8.6
    ibm tivoli workload scheduler 9.2
    ibm security access manager for mobile 8.0.0.5
    ibm rational insight 1.1.1.5
    ibm cognos tm1 10.2
    ibm rational software architect 9.1.0
    ibm rational software architect 9.1.1
    ibm powerkvm 2.1
    ibm cognos business intelligence 10.2.2
    ibm messagesight 1.2
    ibm security access manager for mobile 8.0.1
    ibm tivoli common reporting 2.1
    ibm tivoli common reporting 2.1.1
    ibm tivoli common reporting 3.1
    ibm tivoli common reporting 3.1.0.1
    ibm tivoli common reporting 3.1.0.2
    ibm integrated management module ii -
    ibm campaign 9.1.1