385
VMScore

CVE-2015-1789

Published: 12/06/2015 Updated: 15/11/2017
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 385
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Vulnerability Summary

The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL prior to 0.9.8zg, 1.0.0 prior to 1.0.0s, 1.0.1 prior to 1.0.1n, and 1.0.2 prior to 1.0.2b allows remote malicious users to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIME data, as demonstrated by an attack against a server that supports client authentication with a custom verification callback.

Vendor Advisories

An out-of-bounds read flaw was found in the X509_cmp_time() function of OpenSSL, which is used to test the expiry dates of SSL/TLS certificates An attacker could possibly use a specially crafted SSL/TLS certificate or CRL (Certificate Revocation List), which when parsed by an application would cause that application to crash ...
Several security issues were fixed in OpenSSL ...
LOGJAM: A flaw was found in the way the TLS protocol composes the Diffie-Hellman exchange (for both export and non-export grade cipher suites) An attacker could use this flaw to downgrade a DHE connection to use export-grade key sizes, which could then be broken by sufficient pre-computation This can lead to a passive man-in-the-middle attack in ...
Nessus and SecurityCenter are potentially impacted by several vulnerabilities in OpenSSL that were recently disclosed and fixed Note that due to the time involved in doing a full analysis of each issue, Tenable has opted to patch the included version of OpenSSL as a precaution, and to save time CVE-2015-1788 - OpenSSL crypto/bn/bn_gf2mc BN_GF2m ...
On June 11, 2015, the OpenSSL Project released a security advisory detailing six distinct vulnerabilities, and another fix that provides hardening protections against exploits as described in the Logjam research Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthe ...
<!-- Start - Changes for Security Advisory Channel --> Security Advisory ID SYMSA1325 Initial Publication Date: Advisory Status: Advisory Severity: CVSS Base Score: Legacy ID 17 Jun 2015 Open High CVSS v2: 75 SA98 ...
<!-- content goes here --> Oracle Solaris Third Party Bulletin - July 2015 Description The Oracle Solaris Third Party Bulletin announces patches for one or more security vulnerabilities fixed in third party software that is included in Oracle Solaris distributions Starting January 20, 2015, Third Party Bulletins are released on the same day when ...
For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available To learn more about Apple Product Security, see the Apple Product Security website For information about the Apple Product Security PGP Key, see How to use ...

Github Repositories

honggfuzz Description A security oriented, feedback-driven, evolutionary, easy-to-use fuzzer with interesting analysis options See USAGE for more data on the usage It's multi-threaded and multi-process: no need to run multiple copies of your fuzzer, as honggfuzz can unlock potential of all your available CPU cores The file corpus is shared between threads (and fuzzed i

honggfuzz Description A security oriented, feedback-driven, evolutionary, easy-to-use fuzzer with interesting analysis options See USAGE for more data on the usage It's multi-threaded and multi-process: no need to run multiple copies of your fuzzer, as honggfuzz can unlock potential of all your available CPU cores The file corpus is shared between threads (and fuzzed i

honggfuzz Description A security oriented, feedback-driven, evolutionary, easy-to-use fuzzer with interesting analysis options See USAGE for more data on the usage It's multi-threaded and multi-process: no need to run multiple copies of your fuzzer, as honggfuzz can unlock potential of all your available CPU cores The file corpus is shared between threads (and fuzzed i

honggfuzz Description A security oriented, feedback-driven, evolutionary, easy-to-use fuzzer with interesting analysis options See USAGE for more data on the usage It's multi-threaded and multi-process: no need to run multiple copies of your fuzzer, as honggfuzz can unlock potential of all your available CPU cores The file corpus is shared between threads (and fuzzed i

阅读honggfuzz的注释

honggfuzz Description A security oriented, feedback-driven, evolutionary, easy-to-use fuzzer with interesting analysis options See USAGE for the description of command-line options It's multi-process and multi-threaded: no need to run multiple copies of your fuzzer, as honggfuzz can unlock potential of all your available CPU cores with a single supervising process The

Security oriented software fuzzer. Supports evolutionary, feedback-driven fuzzing based on code coverage (SW and HW based)

Honggfuzz Description A security oriented, feedback-driven, evolutionary, easy-to-use fuzzer with interesting analysis options See the Usage document for a primer on Honggfuzz use Code Latest stable version: 23 Changelog Features It's multi-process and multi-threaded: there's no need to run multiple copies of your fuzzer, as honggfuzz can unlock potential of all

Recent Articles

HPE rushes out patch for more than a year of OpenSSL vulns
The Register • Richard Chirgwin • 06 Jul 2016

Logjam in patch pipeline cleared at last

HP Enterprise has popped into its Tardis, and gone back in time to patch OpenSSL bugs dating back to 2014 – including the infamous Logjam bug.
The bugs are in various network products: Intelligent Management Center (iMC), the VCX unified communications products, and the Comware network operating system.
The company's notice cites Common Vulnerability and Exposure (CVE) advisories CVE-2014-8176, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792, and CVE-2015-...

References

CWE-119http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.aschttp://kb.juniper.net/InfoCenter/index?page=content&id=JSA10694http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10733http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-June/160436.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-June/160647.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-07/msg00003.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-07/msg00005.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.htmlhttp://marc.info/?l=bugtraq&m=143654156615516&w=2http://marc.info/?l=bugtraq&m=143880121627664&w=2http://marc.info/?l=bugtraq&m=144050155601375&w=2http://rhn.redhat.com/errata/RHSA-2015-1115.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1197.htmlhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-opensslhttp://www.debian.org/security/2015/dsa-3287http://www.fortiguard.com/advisory/2015-06-11-fortinet-vulnerability-openssl-vulnerabilities-june-2015http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.htmlhttp://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.htmlhttp://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlhttp://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.htmlhttp://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.htmlhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.htmlhttp://www.securityfocus.com/bid/75156http://www.securityfocus.com/bid/91787http://www.securitytracker.com/id/1032564http://www.ubuntu.com/usn/USN-2639-1https://bto.bluecoat.com/security-advisory/sa98https://github.com/openssl/openssl/commit/f48b83b4fb7d6689584cf25f61ca63a4891f5b11https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131044https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05353965https://kc.mcafee.com/corporate/index?page=content&id=SB10122https://openssl.org/news/secadv/20150611.txthttps://security.gentoo.org/glsa/201506-02https://support.apple.com/kb/HT205031https://support.citrix.com/article/CTX216642https://www.openssl.org/news/secadv_20150611.txthttps://nvd.nist.govhttps://www.securityfocus.com/bid/75156https://access.redhat.com/security/cve/cve-2015-1789https://usn.ubuntu.com/2639-1/https://www.rapid7.com/db/vulnerabilities/aix-6.1-openssl_advisory14_cve-2015-1789