The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

cybersecurity alert CVE-2015-0207 CVE-2015-0208 CVE-2015-0286

OpenSSL 1.0.2: nine vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of OpenSSL 1.0.2.
Severity of this weakness: 3/4.
Number of vulnerabilities in this bulletin: 9.
Creation date: 19/03/2015.
Références of this bulletin: 1701038, 1701334, 1902519, 1960491, 1964410, 1975397, 7043086, 9010031, CERTFR-2015-AVI-117, CERTFR-2015-AVI-177, CERTFR-2015-AVI-259, CERTFR-2016-AVI-303, cisco-sa-20150408-ntpd, cpuapr2017, cpuoct2016, cpuoct2017, CTX216642, CVE-2015-0207, CVE-2015-0208, CVE-2015-0286, CVE-2015-0287, CVE-2015-0289, CVE-2015-0290, CVE-2015-0291, CVE-2015-0293, CVE-2015-1787, FEDORA-2015-6855, MDVSA-2015:062, MDVSA-2015:063, NetBSD-SA2015-007, NTAP-20150323-0002, openSUSE-SU-2016:0640-1, RHSA-2015:0800-01, SA92, SSA:2015-111-09, SUSE-SU-2015:0541-1, SUSE-SU-2015:0553-1, SUSE-SU-2015:0553-2, SUSE-SU-2015:0578-1, SUSE-SU-2016:0678-1, TSB16661, VIGILANCE-VUL-16428.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in OpenSSL 1.0.2.

An attacker can connect to a SSL server, and renegotiate with an invalid signature algorithm, to force a NULL pointer to be dereferenced, in order to trigger a denial of service. [severity:3/4; CVE-2015-0291]

An attacker can force a NULL pointer to be dereferenced in the Multiblock feature, in order to trigger a denial of service. [severity:2/4; CVE-2015-0290]

An attacker can force a read at an invalid address in DTLSv1_listen, in order to trigger a denial of service. [severity:2/4; CVE-2015-0207]

An attacker can force a read at an invalid address in ASN1_TYPE_cmp, in order to trigger a denial of service. [severity:2/4; CVE-2015-0286]

An attacker can force a NULL pointer to be dereferenced with an invalid PSS parameter, in order to trigger a denial of service. [severity:2/4; CVE-2015-0208]

An attacker can generate a memory corruption in ASN.1, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-0287]

An attacker can force a NULL pointer to be dereferenced in PKCS#7, in order to trigger a denial of service. [severity:2/4; CVE-2015-0289]

An attacker can generate an OPENSSL_assert, in order to trigger a denial of service. [severity:2/4; CVE-2015-0293]

An attacker can use DHE and a zero lenght ClientKeyExchange message, in order to trigger a denial of service. [severity:2/4; CVE-2015-1787]
Full Vigil@nce bulletin... (Free trial)

This weakness impacts software or systems such as ProxyAV, ProxySG par Blue Coat, SGOS by Blue Coat, Fedora, AIX, IRAD, Tivoli Storage Manager, Tivoli Workload Scheduler, WebSphere MQ, Junos Pulse, Juniper Network Connect, Juniper SBR, Data ONTAP 7-Mode, NetBSD, OpenSSL, openSUSE, openSUSE Leap, Oracle Communications, RHEL, Slackware, stunnel, SUSE Linux Enterprise Desktop, SLES, Unix (platform) ~ not comprehensive.

Our Vigil@nce team determined that the severity of this vulnerability announce is important.

The trust level is of type confirmed by the editor, with an origin of internet client.

This bulletin is about 9 vulnerabilities.

A proof of concept or an attack tool is available, so your teams have to process this alert. An attacker with a technician ability can exploit this threat bulletin.

Solutions for this threat

OpenSSL: version 1.0.2a.
The version 1.0.2a is fixed:
  https://www.openssl.org/

Blue Coat: fixed versions for OpenSSL.
Fixed versions are indicated in information sources.

Blue Coat ProxySG: version 6.2.16.4.
The version 6.2.16.4 is fixed.

Blue Coat ProxySG: version 6.5.7.5.
The version 6.5.7.5 is fixed.

Citrix NetScaler: fixed versions for LOM Firmware.
Fixed versions are indicated in information sources.

Citrix NetScaler Platform IPMI LOM: solution.
The solution is indicated in information sources.

Fedora 21: new mingw-openssl packages.
New packages are available:
  Fedora 21: mingw-openssl 1.0.2a-1.fc21

IBM AIX: patch for OpenSSL.
A patch is available:
  ftp://aix.software.ibm.com/aix/efixes/security/openssl_fix13.tar

IBM Rational Application Developer: solution for OpenSSL.
The solution is indicated in information sources.

IBM Tivoli Storage Manager: patch for OpenSSL.
A patch is indicated in information sources, for each product and installed version number.

IBM Tivoli Workload Scheduler Application: solution for OpenSSL.
The solution is indicated in information sources.

IBM Tivoli Workload Scheduler: solution for OpenSSL.
The solution is indicated in information sources.

Juniper: solution for OpenSSL.
The solution is indicated in information sources.

LibreSSL: version 2.1.6.
The version 2.1.6 is fixed:
  http://www.libressl.org/

Mandriva BS1: new openssl packages.
New packages are available:
  Mandriva BS1: openssl 1.0.0r-1.mbs1

Mandriva BS2: new openssl packages.
New packages are available:
  Mandriva BS2: openssl 1.0.1m-1.mbs2

NetApp Data ONTAP: patch for OpenSSL 03/2015.
A patch is available:
  Data ONTAP Edge: http://mysupport.netapp.com/NOW/cgi-bin/bol?Type=Detail&Display=899856
  Data ONTAP operating in 7-Mode: http://mysupport.netapp.com/NOW/cgi-bin/bol?Type=Detail&Display=899855
  Data ONTAP SMI-S Agent: http://mysupport.netapp.com/NOW/cgi-bin/bol?Type=Detail&Display=899852

NetBSD: patch for OpenSSL (20/08/2015).
A patch is available in information sources.

openSUSE: new libopenssl0_9_8 packages.
New packages are available:
  openSUSE 13.2: libopenssl0_9_8 0.9.8zh-9.3.1
  openSUSE Leap 42.1: libopenssl0_9_8 0.9.8zh-14.1

Oracle Communications: CPU of April 2017.
A Critical Patch Update is available:
  https://support.oracle.com/rs?type=doc&id=2247453.1
  https://support.oracle.com/rs?type=doc&id=2248470.1
  https://support.oracle.com/rs?type=doc&id=2251718.1
  https://support.oracle.com/rs?type=doc&id=2245233.1
  https://support.oracle.com/rs?type=doc&id=2248526.1
  https://support.oracle.com/rs?type=doc&id=2250567.1

Oracle Communications: CPU of October 2016.
A Critical Patch Update is available:
  https://support.oracle.com/rs?type=doc&id=2188694.1

Oracle Communications: CPU of October 2017.
A Critical Patch Update is available.

RHEL 5: new openssl packages.
New packages are available:
  RHEL 5: openssl 0.9.8e-33.el5_11

Slackware: new openssl packages.
New packages are available:
  Slackware 13.0: openssl 0.9.8zf-*-1_slack13.0
  Slackware 13.1: openssl 0.9.8zf-*-1_slack13.1
  Slackware 13.37: openssl 0.9.8zf-*-1_slack13.37
  Slackware 14.0: openssl 1.0.1m-*-1_slack14.0
  Slackware 14.1: openssl 1.0.1m-*-1_slack14.1

stunnel: version 5.12.
The version 5.12 is fixed:
  https://www.stunnel.org/downloads.html

SUSE LE 10 SP4: new openssl packages.
New packages are available:
  SUSE LE 10 SP4: openssl 0.9.8a-18.94.2

SUSE LE 12: new openssl packages.
New packages are available:
  SUSE LE 12: openssl 1.0.1i-20.1

WebSphere MQ: version 8.0.0.3.
The version 8.0.0.3 is fixed:
  http://www-01.ibm.com/support/docview.wss?rs=171&uid=swg21959554
Full Vigil@nce bulletin... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides software vulnerabilities bulletins. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system. The technology watch team tracks security threats targeting the computer system.