FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2014-3566

This CVE name corresponds to:

Entered Topic
2015-05-23 davmail -- fix potential CVE-2014-3566 vulnerability (POODLE)
2014-10-21 asterisk -- Asterisk Susceptibility to POODLE Vulnerability
2014-10-15 OpenSSL -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2014-3566 at cve.mitre.org

Details

Type Candidate
Name CVE-2014-3566
Phase Assigned(20140514)

Description

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.

References

Source Reference
MLIST [openssl-dev] 20141014 Patch to mitigate CVE-2014-3566 ("POODLE")
MISC http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html
MISC https://www.openssl.org/~bodo/ssl-poodle.pdf
MISC http://askubuntu.com/questions/537196/how-do-i-patch-workaround-sslv3-poodle-vulnerability-cve-2014-3566
MISC http://blog.cryptographyengineering.com/2014/10/attack-of-week-poodle.html
MISC https://www.dfranke.us/posts/2014-10-14-how-poodle-happened.html
MISC https://www.imperialviolet.org/2014/10/14/poodle.html
CONFIRM http://blogs.technet.com/b/msrc/archive/2014/10/14/security-advisory-3009008-released.aspx
CONFIRM https://technet.microsoft.com/library/security/3009008.aspx
CONFIRM http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3566.html
CONFIRM https://access.redhat.com/articles/1232123
CONFIRM https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/
CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=1076983
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=1152789
CONFIRM https://devcentral.f5.com/articles/cve-2014-3566-removing-sslv3-from-big-ip
CONFIRM https://www.suse.com/support/kb/doc.php?id=7015773
CONFIRM https://support.apple.com/kb/HT6535
CONFIRM https://support.apple.com/kb/HT6536
CONFIRM https://support.apple.com/kb/HT6541
CONFIRM https://support.apple.com/kb/HT6542
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21687172
CONFIRM https://bto.bluecoat.com/security-advisory/sa83
CONFIRM https://support.apple.com/kb/HT6527
CONFIRM https://support.apple.com/kb/HT6529
CONFIRM https://support.apple.com/kb/HT6531
CONFIRM https://www.openssl.org/news/secadv_20141015.txt
CONFIRM http://support.citrix.com/article/CTX200238
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=isg3T1021431
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=isg3T1021439
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21687611
CONFIRM https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6
CONFIRM http://advisories.mageia.org/MGASA-2014-0416.html
CONFIRM http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc
CONFIRM http://blog.nodejs.org/2014/10/23/node-v0-10-33-stable/
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21686997
CONFIRM https://groups.google.com/forum/#!topic/docker-user/oYm0i3xShJU
CONFIRM http://downloads.asterisk.org/pub/security/AST-2014-011.html
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21688283
CONFIRM https://www-01.ibm.com/support/docview.wss?uid=swg21688165
CONFIRM http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
CONFIRM http://support.apple.com/HT204244
CONFIRM http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0
CONFIRM http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html
CONFIRM https://www.elastic.co/blog/logstash-1-4-3-released
CONFIRM http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
CONFIRM https://support.apple.com/HT205217
CONFIRM http://docs.ipswitch.com/MOVEit/DMZ82/ReleaseNotes/MOVEitReleaseNotes82.pdf
CONFIRM http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
CONFIRM https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667
CONFIRM https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05068681
CONFIRM http://www.vmware.com/security/advisories/VMSA-2015-0003.html
CONFIRM http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
APPLE APPLE-SA-2014-10-16-1
APPLE APPLE-SA-2014-10-16-3
APPLE APPLE-SA-2014-10-20-1
APPLE APPLE-SA-2014-10-20-2
APPLE APPLE-SA-2014-10-16-4
APPLE APPLE-SA-2015-01-27-4
APPLE APPLE-SA-2015-09-16-2
CISCO 20141014 SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability
DEBIAN DSA-3053
DEBIAN DSA-3144
DEBIAN DSA-3147
DEBIAN DSA-3253
FEDORA FEDORA-2014-12951
FEDORA FEDORA-2014-13012
FEDORA FEDORA-2014-13069
GENTOO GLSA-201606-11
HP HPSBHF03156
HP HPSBMU03152
HP HPSBUX03162
HP SSRT101767
HP HPSBGN03201
HP HPSBGN03202
HP HPSBGN03203
HP HPSBGN03209
HP HPSBMU03214
HP HPSBGN03205
HP HPSBST03265
HP HPSBGN03222
HP HPSBGN03237
HP HPSBGN03251
HP HPSBUX03273
HP SSRT101838
HP SSRT101854
HP SSRT101899
HP SSRT101951
HP HPSBGN03208
HP HPSBGN03252
HP HPSBGN03253
HP HPSBGN03254
HP HPSBGN03255
HP HPSBMU03221
HP HPSBMU03260
HP HPSBOV03227
HP SSRT101779
HP SSRT101849
HP SSRT101894
HP SSRT101896
HP SSRT101897
HP SSRT101898
HP SSRT101928
HP HPSBGN03233
HP SSRT101739
HP SSRT101868
HP HPSBUX03281
HP SSRT101968
HP HPSBMU03259
HP HPSBMU03262
HP HPSBMU03267
HP HPSBMU03283
HP SSRT101916
HP SSRT101921
HP SSRT101922
HP HPSBHF03293
HP SSRT101846
HP HPSBMU03301
HP SSRT101998
HP HPSBHF03275
HP SSRT101790
HP HPSBMU03294
HP SSRT101795
HP HPSBMU03304
HP HPSBHF03300
HP HPSBST03195
HP HPSBMU03241
HP SSRT101892
HP HPSBUX03194
HP SSRT101834
MANDRIVA MDVSA-2014:203
MANDRIVA MDVSA-2015:062
NETBSD NetBSD-SA2014-015
REDHAT RHSA-2014:1652
REDHAT RHSA-2014:1692
REDHAT RHSA-2014:1653
REDHAT RHSA-2014:1920
REDHAT RHSA-2014:1876
REDHAT RHSA-2014:1877
REDHAT RHSA-2014:1880
REDHAT RHSA-2014:1881
REDHAT RHSA-2014:1882
REDHAT RHSA-2014:1948
REDHAT RHSA-2015:0068
REDHAT RHSA-2015:0079
REDHAT RHSA-2015:0080
REDHAT RHSA-2015:0085
REDHAT RHSA-2015:0086
REDHAT RHSA-2015:0264
REDHAT RHSA-2015:0698
REDHAT RHSA-2015:1545
REDHAT RHSA-2015:1546
SUSE openSUSE-SU-2014:1331
SUSE SUSE-SU-2014:1357
SUSE SUSE-SU-2014:1361
SUSE SUSE-SU-2014:1526
SUSE SUSE-SU-2014:1549
SUSE SUSE-SU-2015:0336
SUSE SUSE-SU-2015:0344
SUSE SUSE-SU-2015:0345
SUSE SUSE-SU-2015:0376
SUSE SUSE-SU-2015:0392
SUSE openSUSE-SU-2015:0190
SUSE SUSE-SU-2015:0503
SUSE SUSE-SU-2015:0578
UBUNTU USN-2486-1
UBUNTU USN-2487-1
CERT TA14-290A
CERT-VN VU#577193
BID 70574
SECTRACK 1031029
SECTRACK 1031085
SECTRACK 1031086
SECTRACK 1031087
SECTRACK 1031088
SECTRACK 1031089
SECTRACK 1031090
SECTRACK 1031091
SECTRACK 1031092
SECTRACK 1031093
SECTRACK 1031094
SECTRACK 1031095
SECTRACK 1031096
SECTRACK 1031039
SECTRACK 1031105
SECTRACK 1031106
SECTRACK 1031107
SECTRACK 1031123
SECTRACK 1031120
SECTRACK 1031124
SECTRACK 1031130
SECTRACK 1031131
SECTRACK 1031132
SECUNIA 61825
SECUNIA 61827
SECUNIA 60056
SECUNIA 60792
SECUNIA 61019
SECUNIA 61303
SECUNIA 61345
SECUNIA 61359
SECUNIA 61782
SECUNIA 61810
SECUNIA 60206
SECUNIA 60859
SECUNIA 61130
SECUNIA 61316
SECUNIA 61819
SECUNIA 59627
SECUNIA 61926
SECUNIA 61995

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.