ID CVE-2015-1793
Summary The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints cA values during identification of alternative certificate chains, which allows remote attackers to spoof a Certification Authority role and trigger unintended certificate verifications via a valid leaf certificate.
References
Vulnerable Configurations
  • Oracle Supply Chain Products Suite 6.1.2.2
    cpe:2.3:a:oracle:supply_chain_products_suite:6.1.2.2
  • Oracle Supply Chain Products Suite 6.1.3.0
    cpe:2.3:a:oracle:supply_chain_products_suite:6.1.3.0
  • Oracle Supply Chain Products Suite 6.2.0
    cpe:2.3:a:oracle:supply_chain_products_suite:6.2.0
  • Oracle JD Edwards EnterpriseOne Tools 9.1
    cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.1
  • Oracle JD Edwards EnterpriseOne Tools 9.2
    cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2
  • OpenSSL Project OpenSSL 1.0.1n
    cpe:2.3:a:openssl:openssl:1.0.1n
  • OpenSSL Project OpenSSL 1.0.1o
    cpe:2.3:a:openssl:openssl:1.0.1o
  • OpenSSL Project OpenSSL 1.0.2b
    cpe:2.3:a:openssl:openssl:1.0.2b
  • OpenSSL Project OpenSSL 1.0.2c
    cpe:2.3:a:openssl:openssl:1.0.2c
  • Oracle Opus 10g Ethernet Switch Family 2.0.0.6
    cpe:2.3:o:oracle:opus_10g_ethernet_switch_family:2.0.0.6
CVSS
Base: 6.4 (as of 22-04-2016 - 12:42)
Impact:
Exploitability:
CWE CWE-254
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
exploit-db via4
description OpenSSL Alternative Chains Certificate Forgery. CVE-2015-1793. Webapps exploits for multiple platform
file exploits/multiple/webapps/38640.rb
id EDB-ID:38640
last seen 2016-02-04
modified 2015-11-05
platform multiple
port
published 2015-11-05
reporter Ramon de C Valle
source https://www.exploit-db.com/download/38640/
title OpenSSL Alternative Chains Certificate Forgery
type webapps
metasploit via4
description This module exploits a logic error in OpenSSL by impersonating the server and sending a specially-crafted chain of certificates, resulting in certain checks on untrusted certificates to be bypassed on the client, allowing it to use a valid leaf certificate as a CA certificate to sign a fake certificate. The SSL/TLS session is then proxied to the server allowing the session to continue normally and application data transmitted between the peers to be saved. The valid leaf certificate must not contain the keyUsage extension or it must have at least the keyCertSign bit set (see X509_check_issued function in crypto/x509v3/v3_purp.c); otherwise; X509_verify_cert fails with X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY. This module requires an active man-in-the-middle attack.
id MSF:AUXILIARY/SERVER/OPENSSL_ALTCHAINSFORGERY_MITM_PROXY
last seen 2019-02-12
modified 2017-07-24
published 2015-07-16
reliability Normal
reporter Rapid7
source https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/server/openssl_altchainsforgery_mitm_proxy.rb
title OpenSSL Alternative Chains Certificate Forgery MITM Proxy
nessus via4
  • NASL family Web Servers
    NASL id HPSMH_7_5_4.NASL
    description According to the web server's banner, the version of HP System Management Homepage (SMH) hosted on the remote web server is a version prior to 7.5.4. It is, therefore, affected by the following vulnerabilities : - A denial of service vulnerability exists when processing an ECParameters structure due to an infinite loop that occurs when a specified curve is over a malformed binary polynomial field. A remote attacker can exploit this to perform a denial of service against any system that processes public keys, certificate requests, or certificates. This includes TLS clients and TLS servers with client authentication enabled. (CVE-2015-1788) - A denial of service vulnerability exists due to improper validation of the content and length of the ASN1_TIME string by the X509_cmp_time() function. A remote attacker can exploit this, via a malformed certificate and CRLs of various sizes, to cause a segmentation fault, resulting in a denial of service condition. TLS clients that verify CRLs are affected. TLS clients and servers with client authentication enabled may be affected if they use custom verification callbacks. (CVE-2015-1789) - A NULL pointer dereference flaw exists in the PKCS#7 parsing code due to incorrect handling of missing inner 'EncryptedContent'. This allows a remote attacker, via specially crafted ASN.1-encoded PKCS#7 blobs with missing content, to cause a denial of service condition or other potential unspecified impacts. (CVE-2015-1790) - A double-free error exists due to a race condition that occurs when a NewSessionTicket is received by a multi-threaded client when attempting to reuse a previous ticket. (CVE-2015-1791) - A denial of service vulnerability exists in the CMS code due to an infinite loop that occurs when verifying a signedData message. A remote attacker can exploit this to cause a denial of service condition. (CVE-2015-1792) - A certificate validation bypass vulnerability exists in the Security:Encryption subcomponent due to a flaw in the X509_verify_cert() function in x509_vfy.c that is triggered when locating alternate certificate chains when the first attempt to build such a chain fails. A remote attacker can exploit this, by using a valid leaf certificate as a certificate authority (CA), to issue invalid certificates that will bypass authentication. (CVE-2015-1793) - A cross-request authentication bypass vulnerability exists in libcurl due to the use of an existing, authenticated connection when performing a subsequent unauthenticated NTLM HTTP request. An attacker can exploit this to bypass authentication mechanisms. (CVE-2015-3143) - A denial of service vulnerability exists in libcurl due to a flaw in the sanitize_cookie_path() function that is triggered when handling a cookie path element that consists of a single double-quote. An attacker can exploit this to cause the application to crash. (CVE-2015-3145) - A cross-request authentication bypass vulnerability exists in libcurl due to a flaw that is triggered when a request is 'Negotiate' authenticated, which can cause the program to treat the entire connection as authenticated rather than just that specific request. An attacker can exploit this to bypass authentication mechanisms for subsequent requests. (CVE-2015-3148) - A man-in-the-middle vulnerability, known as Logjam, exists due to a flaw in the SSL/TLS protocol. A remote attacker can exploit this flaw to downgrade connections using ephemeral Diffie-Hellman key exchange to 512-bit export-grade cryptography. (CVE-2015-4000) - A flaw exists in the multipart_buffer_headers() function in rfc1867.c due to improper handling of multipart/form-data in HTTP requests. A remote attacker can exploit this flaw to cause a consumption of CPU resources, resulting in a denial of service condition. (CVE-2015-4024) - An unspecified flaw exists that allows an authenticated, remote attacker to impact confidentiality and integrity. (CVE-2016-1993) - An unspecified information disclosure vulnerability exists that allows an authenticated, remote attacker to gain unauthorized access to information. (CVE-2016-1994) - An unspecified remote code execution vulnerability exists that allows an unauthenticated, remote attacker to take complete control of the system. (CVE-2016-1995) - An unspecified flaw exists that allows a local attacker to impact confidentiality and integrity. (CVE-2016-1996)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 90150
    published 2016-03-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90150
    title HP System Management Homepage < 7.5.4 Multiple Vulnerabilities (Logjam)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2015-2303-1.NASL
    description The mysql package was updated to version 5.5.46 to fixs several security and non security issues. - bnc#951391: update to version 5.5.46 - changes: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5- 46.html - fixed CVEs: CVE-2015-1793, CVE-2015-0286, CVE-2015-0288, CVE-2015-1789, CVE-2015-4730, CVE-2015-4766, CVE-2015-4792, CVE-2015-4800, CVE-2015-4802, CVE-2015-4815, CVE-2015-4816, CVE-2015-4819, CVE-2015-4826, CVE-2015-4830, CVE-2015-4833, CVE-2015-4836, CVE-2015-4858, CVE-2015-4861, CVE-2015-4862, CVE-2015-4864, CVE-2015-4866, CVE-2015-4870, CVE-2015-4879, CVE-2015-4890, CVE-2015-4895, CVE-2015-4904, CVE-2015-4905, CVE-2015-4910, CVE-2015-4913 - bnc#952196: Fixed a build error for ppc*, s390* and ia64 architectures. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 87525
    published 2015-12-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87525
    title SUSE SLED11 / SLES11 Security Update : mysql (SUSE-SU-2015:2303-1)
  • NASL family Misc.
    NASL id ORACLE_ENTERPRISE_MANAGER_JAN_2016_CPU.NASL
    description The version of Oracle Enterprise Manager Cloud Control installed on the remote host is affected by multiple unspecified vulnerabilities in the following subcomponents of the Enterprise Manager Base Platform component : - Agent Next Gen - Discovery Framework - Loader Service - UI Framework Note that the product was formerly known as Enterprise Manager Grid Control.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 88043
    published 2016-01-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88043
    title Oracle Enterprise Manager Cloud Control Multiple Vulnerabilities (January 2016 CPU)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_075952FE267E11E59D033C970E169BC2.NASL
    description OpenSSL reports : During certificate verification, OpenSSL (starting from version 1.0.1n and 1.0.2b) will attempt to find an alternative certificate chain if the first attempt to build such a chain fails. An error in the implementation of this logic can mean that an attacker could cause certain checks on untrusted certificates to be bypassed, such as the CA flag, enabling them to use a valid leaf certificate to act as a CA and 'issue' an invalid certificate.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 84651
    published 2015-07-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84651
    title FreeBSD : openssl -- alternate chains certificate forgery vulnerability (075952fe-267e-11e5-9d03-3c970e169bc2)
  • NASL family Web Servers
    NASL id OPENSSL_1_0_1P.NASL
    description According to its banner, the remote host is running a version of OpenSSL 1.0.1 prior to 1.0.1p. It is, therefore, affected by the following vulnerabilities : - A certificate validation bypass vulnerability exists due to a flaw in the X509_verify_cert() function in x509_vfy.c that is triggered when locating alternate certificate chains when the first attempt to build such a chain fails. A remote attacker can exploit this, by using a valid leaf certificate as a certificate authority (CA), to issue invalid certificates that will bypass authentication. Note that this issue affects only versions 1.0.1n and 1.0.1o. (CVE-2015-1793) - A race condition exists in s3_clnt.c that is triggered when PSK identity hints are incorrectly updated in the parent SSL_CTX structure when they are received by a multi-threaded client. A remote attacker can exploit this, via a crafted ServerKeyExchange message, to cause a double-free memory error, resulting in a denial of service. (CVE-2015-3196)
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 84636
    published 2015-07-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84636
    title OpenSSL 1.0.1 < 1.0.1p Multiple Vulnerabilities
  • NASL family Databases
    NASL id MYSQL_5_6_27.NASL
    description The version of MySQL running on the remote host is 5.6.x prior to 5.6.27. It is, therefore, potentially affected by the following vulnerabilities : - A certificate validation bypass vulnerability exists in the Security:Encryption subcomponent due to a flaw in the X509_verify_cert() function in x509_vfy.c that is triggered when locating alternate certificate chains when the first attempt to build such a chain fails. A remote attacker can exploit this, by using a valid leaf certificate as a certificate authority (CA), to issue invalid certificates that will bypass authentication. (CVE-2015-1793) - An unspecified flaw exists in the Client Programs subcomponent. A local attacker can exploit this to gain elevated privileges. (CVE-2015-4819) - An unspecified flaw exists in the Types subcomponent. An authenticated, remote attacker can exploit this to gain access to sensitive information. (CVE-2015-4826) - An unspecified flaws exist in the Security:Privileges subcomponent. An authenticated, remote attacker can exploit these to impact integrity. (CVE-2015-4830, CVE-2015-4864) - An unspecified flaw exists in the DLM subcomponent. An authenticated, remote attacker can exploit this to impact integrity. (CVE-2015-4879) - An unspecified flaw exists in the Server Security Encryption subcomponent that allows an authenticated, remote attacker to disclose sensitive information. (CVE-2015-7744) Additionally, unspecified denial of service vulnerabilities can also exist in the following MySQL subcomponents : - DDL (CVE-2015-4815) - DML (CVE-2015-4858, CVE-2015-4862, CVE-2015-4905, CVE-2015-4913) - InnoDB (CVE-2015-4861, CVE-2015-4866, CVE-2015-4895) - libmysqld (CVE-2015-4904) - Memcached (CVE-2015-4910) - Optimizer (CVE-2015-4800) - Parser (CVE-2015-4870) - Partition (CVE-2015-4792, CVE-2015-4802, CVE-2015-4833) - Query (CVE-2015-4807) - Replication (CVE-2015-4890) - Security : Firewall (CVE-2015-4766) - Server : General (CVE-2016-0605) - Security : Privileges (CVE-2015-4791) - SP (CVE-2015-4836) - Types (CVE-2015-4730)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 86547
    published 2015-10-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86547
    title MySQL 5.6.x < 5.6.27 Multiple Vulnerabilities
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2015-11414.NASL
    description Security fix for CVE-2015-1793 high severity issue. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-10-18
    plugin id 84690
    published 2015-07-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84690
    title Fedora 21 : openssl-1.0.1k-11.fc21 (2015-11414)
  • NASL family CISCO
    NASL id CISCO-SA-20150710-OPENSSL-VSG.NASL
    description The remote Cisco Virtual Security Gateway device is affected by a certificate validation bypass vulnerability in the bundled OpenSSL library due to a flaw in the X509_verify_cert() function in x509_vfy.c that is triggered when locating alternate certificate chains in cases where the first attempt to build such a chain fails. A remote attacker can exploit this, by using a valid leaf certificate as a certificate authority (CA), to issue invalid certificates that will bypass authentication.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 85685
    published 2015-08-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85685
    title Cisco Virtual Security Gateway OpenSSL Alternative Certificate Validation Bypass (cisco-sa-20150710-openssl)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2015-889.NASL
    description MySQL was updated to 5.6.27 to fix security issues and bugs. The following vulnerabilities were fixed as part of the upstream release [boo#951391]: CVE-2015-1793, CVE-2015-0286, CVE-2015-0288, CVE-2015-1789, CVE-2015-4730, CVE-2015-4766, CVE-2015-4792, CVE-2015-4800, CVE-2015-4802, CVE-2015-4815, CVE-2015-4816, CVE-2015-4819, CVE-2015-4826, CVE-2015-4830, CVE-2015-4833, CVE-2015-4836, CVE-2015-4858, CVE-2015-4861, CVE-2015-4862, CVE-2015-4864, CVE-2015-4866, CVE-2015-4870, CVE-2015-4879, CVE-2015-4890, CVE-2015-4895, CVE-2015-4904, CVE-2015-4905, CVE-2015-4910, CVE-2015-4913 Details on these and other changes can be found at: http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-27.html The following security relevant changes are included additionally : - CVE-2015-3152: MySQL lacked SSL enforcement. Using --ssl-verify-server-cert and --ssl[-*] implies that the ssl connection is required. The mysql client will now print an error if ssl is required, but the server can not handle a ssl connection [boo#924663], [boo#928962]
    last seen 2019-02-21
    modified 2018-11-19
    plugin id 87442
    published 2015-12-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87442
    title openSUSE Security Update : mysql (openSUSE-2015-889) (BACKRONYM)
  • NASL family CGI abuses
    NASL id SPLUNK_625.NASL
    description According to its version number, the instance of Splunk hosted on the remote web server is Enterprise 5.0.x prior to 5.0.14, 6.0.x prior to 6.0.10, 6.1.x prior to 6.1.9, 6.2.x prior to 6.2.5, or Light 6.2.x prior to 6.2.5. It is, therefore, affected by the following vulnerabilities in the bundled OpenSSL library : - A denial of service vulnerability exists when processing an ECParameters structure due to an infinite loop that occurs when a specified curve is over a malformed binary polynomial field. A remote attacker can exploit this to perform a denial of service against any system that processes public keys, certificate requests, or certificates. This includes TLS clients and TLS servers with client authentication enabled. (CVE-2015-1788) - A denial of service vulnerability exists due to improper validation of the content and length of the ASN1_TIME string by the X509_cmp_time() function. A remote attacker can exploit this, via a malformed certificate and CRLs of various sizes, to cause a segmentation fault, resulting in a denial of service condition. TLS clients that verify CRLs are affected. TLS clients and servers with client authentication enabled may be affected if they use custom verification callbacks. (CVE-2015-1789) - A NULL pointer dereference flaw exists in the PKCS#7 parsing code due to incorrect handling of missing inner 'EncryptedContent'. This allows a remote attacker, via specially crafted ASN.1-encoded PKCS#7 blobs with missing content, to cause a denial of service condition or other potential unspecified impacts. (CVE-2015-1790) - A double-free error exists due to a race condition that occurs when a NewSessionTicket is received by a multi-threaded client when attempting to reuse a previous ticket. (CVE-2015-1791) - A denial of service vulnerability exists in the CMS code due to an infinite loop that occurs when verifying a signedData message. A remote attacker can exploit this to cause a denial of service condition. (CVE-2015-1792) - A certificate validation bypass vulnerability exists due to a flaw in the X509_verify_cert() function in file x509_vfy.c, which occurs when locating alternate certificate chains whenever the first attempt to build such a chain fails. A remote attacker can exploit this, by using a valid leaf certificate as a certificate authority (CA), to issue invalid certificates that will bypass authentication. (CVE-2015-1793) Additionally, a cross-site scripting vulnerability exists in Splunk Enterprise due to improper validation of user-supplied input before returning it to users. An attacker can exploit this, via a crafted request, to execute arbitrary script code. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 85581
    published 2015-08-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85581
    title Splunk Enterprise < 5.0.14 / 6.0.10 / 6.1.9 / 6.2.5 or Splunk Light < 6.2.5 Multiple Vulnerabilities
  • NASL family Databases
    NASL id MYSQL_5_6_26_RPM.NASL
    description The version of Oracle MySQL installed on the remote host is 5.6.x prior to 5.6.26. It is, therefore, affected by the following vulnerabilities : - A certificate validation bypass vulnerability exists in the Security:Encryption subcomponent due to a flaw in the X509_verify_cert() function in x509_vfy.c that is triggered when locating alternate certificate chains when the first attempt to build such a chain fails. A remote attacker can exploit this, by using a valid leaf certificate as a certificate authority (CA), to issue invalid certificates that will bypass authentication. (CVE-2015-1793) - An unspecified flaw exists in the Client Programs subcomponent. A local attacker can exploit this to gain elevated privileges. (CVE-2015-4819) - An unspecified flaw exists in the DLM subcomponent. An authenticated, remote attacker can exploit this to impact integrity. (CVE-2015-4879) Additionally, unspecified denial of service vulnerabilities exist in the following MySQL subcomponents : - InnoDB (CVE-2015-4895) - libmysqld (CVE-2015-4904) - Partition (CVE-2015-4833) - Security:Firewall (CVE-2015-4766)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 86660
    published 2015-10-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86660
    title Oracle MySQL 5.6.x < 5.6.26 Multiple Vulnerabilities (October 2015 CPU)
  • NASL family CISCO
    NASL id CISCO-SA-CSCUV26213-ASA-CX.NASL
    description The remote ASA Next-Generation Firewall (NGFW) host is missing a security patch. It is, therefore, affected by a certificate validation bypass vulnerability in the bundled version of OpenSSL. The vulnerability exists due to a flaw in the X509_verify_cert() function in x509_vfy.c that is triggered when locating alternate certificate chains when the first attempt to build such a chain fails. A remote attacker can exploit this, by using a valid leaf certificate as a certificate authority (CA), to issue invalid certificates that will bypass authentication.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 86104
    published 2015-09-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86104
    title Cisco ASA Next-Generation Firewall OpenSSL Alternative Chains Certificate Forgery (cisco-sa-20150710-openssl)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201507-15.NASL
    description The remote host is affected by the vulnerability described in GLSA-201507-15 (OpenSSL: Alternate chains certificate forgery) During certificate verification, OpenSSL attempts to find an alternative certificate chain if the first attempt to build such a chain fails. Impact : A remote attacker could cause certain checks on untrusted certificates to be bypassed, such as the CA flag, enabling them to use a valid leaf certificate to act as a CA and “issue” an invalid certificate. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2017-10-02
    plugin id 86084
    published 2015-09-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86084
    title GLSA-201507-15 : OpenSSL: Alternate chains certificate forgery
  • NASL family CGI abuses
    NASL id CISCO-SA-CSCUV26213-PRSM.NASL
    description According to its self-reported version number, the version of Cisco Prime Security Manager installed on the remote host has a bundled version of OpenSSL that is affected by a certificate validation bypass vulnerability. The vulnerability exists due to a flaw in the X509_verify_cert() function in x509_vfy.c that is triggered when locating alternate certificate chains when the first attempt to build such a chain fails. A remote attacker can exploit this, by using a valid leaf certificate as a certificate authority (CA), to issue invalid certificates that will bypass authentication.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 86105
    published 2015-09-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86105
    title Cisco Prime Security Manager OpenSSL Alternative Chains Certificate Forgery (cisco-sa-20150710-openssl)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2015-11475.NASL
    description Security fix for CVE-2015-1793 high severity issue. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-10-18
    plugin id 84691
    published 2015-07-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84691
    title Fedora 22 : openssl-1.0.1k-11.fc22 (2015-11475)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2015-190-01.NASL
    description New openssl packages are available for Slackware 14.0, 14.1, and -current to fix a security issue.
    last seen 2018-09-01
    modified 2016-12-28
    plugin id 84646
    published 2015-07-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84646
    title Slackware 14.0 / 14.1 / current : openssl (SSA:2015-190-01)
  • NASL family Misc.
    NASL id SECURITYCENTER_OPENSSL_1_0_1P.NASL
    description The SecurityCenter application installed on the remote host is affected by a certificate validation bypass vulnerability in the bundled OpenSSL library. The library is version 1.0.1n or later and prior to 1.0.1p. It is, therefore, affected by a flaw in the X509_verify_cert() function that is triggered when locating alternate certificate chains in cases where the first attempt to build such a chain fails. A remote attacker can exploit this to cause certain certificate checks to be bypassed, resulting in an invalid certificate being considered valid.
    last seen 2019-02-21
    modified 2018-12-14
    plugin id 85565
    published 2015-08-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85565
    title Tenable SecurityCenter Alternative Certificate Validation Bypass Vulnerability (TNS-2015-08)
  • NASL family Web Servers
    NASL id OPENSSL_1_0_2D.NASL
    description According to its banner, the remote host is running a version of OpenSSL 1.0.2 prior to 1.0.2d. It is, therefore, affected by the following vulnerabilities : - A certificate validation bypass vulnerability exists due to a flaw in the X509_verify_cert() function in x509_vfy.c that is triggered when locating alternate certificate chains when the first attempt to build such a chain fails. A remote attacker can exploit this, by using a valid leaf certificate as a certificate authority (CA), to issue invalid certificates that will bypass authentication. (CVE-2015-1793) - A race condition exists in s3_clnt.c that is triggered when PSK identity hints are incorrectly updated in the parent SSL_CTX structure when they are received by a multi-threaded client. A remote attacker can exploit this, via a crafted ServerKeyExchange message, to cause a double-free memory error, resulting in a denial of service. (CVE-2015-3196)
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 84637
    published 2015-07-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84637
    title OpenSSL 1.0.2 < 1.0.2d Multiple Vulnerabilities
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2015-564.NASL
    description During certificate verfification, OpenSSL (starting from version 1.0.1n and 1.0.2b) will attempt to find an alternative certificate chain if the first attempt to build such a chain fails. An error in the implementation of this logic can mean that an attacker could cause certain checks on untrusted certificates to be bypassed, such as the CA flag, enabling them to use a valid leaf certificate to act as a CA and 'issue' an invalid certificate. This issue will impact any application that verifies certificates including SSL/TLS/DTLS clients and SSL/TLS/DTLS servers using client authentication. The only version of OpenSSL from the Amazon Linux AMI that is impacted by this CVE is openssl-1.0.1k-10.86.amzn1, which was published as ALAS-2015-550.
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 84647
    published 2015-07-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84647
    title Amazon Linux AMI : openssl (ALAS-2015-564)
packetstorm via4
refmap via4
bid
  • 75652
  • 91787
cisco 20150710 OpenSSL Alternative Chains Certificate Forgery Vulnerability (July 2015) Affecting Cisco Products
confirm
exploit-db 38640
fedora
  • FEDORA-2015-11414
  • FEDORA-2015-11475
freebsd FreeBSD-SA-15:12
gentoo GLSA-201507-15
hp
  • HPSBGN03424
  • HPSBUX03388
  • SSRT102180
netbsd NetBSD-SA2015-008
sectrack 1032817
slackware SSA:2015-190-01
the hacker news via4
id THN:222E7964C49D6C2FA7B49F28896E3933
last seen 2018-01-27
modified 2015-07-09
published 2015-07-09
reporter Mohit Kumar
source https://thehackernews.com/2015/07/openssl-vulnerability-ssl-certificate.html
title Critical OpenSSL Flaw Allows Hackers to Impersonate Any Trusted SSL Certificate
Last major update 27-12-2016 - 21:59
Published 09-07-2015 - 15:17
Last modified 30-11-2018 - 16:30
Back to Top