The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of OpenSSL: NULL pointer dereference via Certificate Verification

Synthesis of the vulnerability 

An attacker can force a NULL pointer to be dereferenced during the certificate verification of OpenSSL (in client or server mode), in order to trigger a denial of service.
Impacted products: SES, SNS, Tomcat, Mac OS X, ProxyAV, ProxySG par Blue Coat, SGOS by Blue Coat, FabricOS, Brocade Network Advisor, Brocade vTM, Cisco ASR, Cisco ATA, Cisco AnyConnect Secure Mobility Client, ASA, AsyncOS, Cisco Content SMA, Cisco ESA, Nexus by Cisco, NX-OS, Cisco Prime Access Registrar, Prime Collaboration Assurance, Cisco Prime DCNM, Prime Infrastructure, Cisco PRSM, Secure ACS, Cisco CUCM, Cisco MeetingPlace, Cisco WSA, Cisco Wireless Controller, Debian, Unisphere EMC, BIG-IP Hardware, TMOS, Fedora, FortiAnalyzer, FortiAnalyzer Virtual Appliance, FortiClient, FortiGate, FortiGate Virtual Appliance, FortiManager, FortiManager Virtual Appliance, FortiOS, FreeBSD, HP Switch, AIX, IRAD, QRadar SIEM, Tivoli Storage Manager, WebSphere MQ, IVE OS, Juniper J-Series, Junos OS, Junos Space, MAG Series by Juniper, NSM Central Manager, NSMXpress, Juniper SA, Juniper SBR, MariaDB ~ precise, McAfee Email Gateway, MySQL Enterprise, Data ONTAP 7-Mode, NETASQ, NetScreen Firewall, ScreenOS, Nodejs Core, OpenBSD, OpenSSL, openSUSE, openSUSE Leap, Oracle Communications, Solaris, pfSense, Pulse Connect Secure, MAG Series by Pulse Secure, Pulse Secure SBR, Puppet, RHEL, Slackware, stunnel, SUSE Linux Enterprise Desktop, SLES, Synology DS***, Synology RS***, Ubuntu, Unix (platform) ~ not comprehensive.
Severity of this bulletin: 2/4.
Creation date: 03/12/2015.
Références of this threat: 1972951, 1976113, 1976148, 1985739, 1986593, 2003480, 2003620, 2003673, 9010051, BSA-2016-006, bulletinjan2016, c05398322, CERTFR-2015-AVI-517, cisco-sa-20151204-openssl, cpuoct2017, CVE-2015-3194, DSA-2020-062, DSA-3413-1, FEDORA-2015-605de37b7f, FEDORA-2015-d87d60b9a9, FreeBSD-SA-15:26.openssl, HPESBHF03709, HT209139, JSA10759, NTAP-20151207-0001, openSUSE-SU-2015:2288-1, openSUSE-SU-2015:2289-1, openSUSE-SU-2015:2318-1, openSUSE-SU-2016:0637-1, openSUSE-SU-2016:1327-1, RHSA-2015:2617-01, SA105, SA40100, SB10203, SOL12824341, SOL30714460, SOL55540723, SOL86772626, SSA:2015-349-04, STORM-2015-017, SUSE-SU-2019:14246-1, USN-2830-1, VIGILANCE-VUL-18435.

Description of the vulnerability 

The OpenSSL library can use the RSA PSS algorithm to check the validity of X.509 certificates.

However, if the "mask generation" parameter is missing during the verification of a signature in ASN.1 format, OpenSSL does not check if a pointer is NULL, before using it.

An attacker can therefore force a NULL pointer to be dereferenced during the certificate verification of OpenSSL (in client or server mode), in order to trigger a denial of service.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This security vulnerability impacts software or systems such as SES, SNS, Tomcat, Mac OS X, ProxyAV, ProxySG par Blue Coat, SGOS by Blue Coat, FabricOS, Brocade Network Advisor, Brocade vTM, Cisco ASR, Cisco ATA, Cisco AnyConnect Secure Mobility Client, ASA, AsyncOS, Cisco Content SMA, Cisco ESA, Nexus by Cisco, NX-OS, Cisco Prime Access Registrar, Prime Collaboration Assurance, Cisco Prime DCNM, Prime Infrastructure, Cisco PRSM, Secure ACS, Cisco CUCM, Cisco MeetingPlace, Cisco WSA, Cisco Wireless Controller, Debian, Unisphere EMC, BIG-IP Hardware, TMOS, Fedora, FortiAnalyzer, FortiAnalyzer Virtual Appliance, FortiClient, FortiGate, FortiGate Virtual Appliance, FortiManager, FortiManager Virtual Appliance, FortiOS, FreeBSD, HP Switch, AIX, IRAD, QRadar SIEM, Tivoli Storage Manager, WebSphere MQ, IVE OS, Juniper J-Series, Junos OS, Junos Space, MAG Series by Juniper, NSM Central Manager, NSMXpress, Juniper SA, Juniper SBR, MariaDB ~ precise, McAfee Email Gateway, MySQL Enterprise, Data ONTAP 7-Mode, NETASQ, NetScreen Firewall, ScreenOS, Nodejs Core, OpenBSD, OpenSSL, openSUSE, openSUSE Leap, Oracle Communications, Solaris, pfSense, Pulse Connect Secure, MAG Series by Pulse Secure, Pulse Secure SBR, Puppet, RHEL, Slackware, stunnel, SUSE Linux Enterprise Desktop, SLES, Synology DS***, Synology RS***, Ubuntu, Unix (platform) ~ not comprehensive.

Our Vigil@nce team determined that the severity of this computer weakness bulletin is medium.

The trust level is of type confirmed by the editor, with an origin of internet client.

An attacker with a expert ability can exploit this security note.

Solutions for this threat 

OpenSSL: version 1.0.2e.
The version 1.0.2e is fixed:
  http://openssl.org/source/

OpenSSL: version 1.0.1q.
The version 1.0.1q is fixed:
  http://openssl.org/source/

AIX: patch for OpenSSL.
A patch is indicated in information sources.

Apache Tomcat: version 8.0.32.
The version 8.0.32 is fixed:
  http://tomcat.apache.org/download-80.cgi

Apple macOS: version 10.14.
The version 10.14 is fixed:
  https://support.apple.com/

Blue Coat: solution for OpenSSL.
The solution depends on the product:
  CAS: version 1.3.6.1.
  ProxyAV 3.5: version 3.5.4.1.
  ProxySG 6.5: version 6.5.9.2.
  ProxySG 6.6: future.

Brocade: solution for Multiple Vulnerabilities.
The solution is indicated in information sources.

Cisco: solution for OpenSSL.
The solution is indicated in information sources.

Debian: new openssl packages.
New packages are available:
  Debian 7: openssl 1.0.1e-2+deb7u18
  Debian 8: openssl 1.0.1k-3+deb8u2

Dell EMC Unisphere for PowerMax: solution.
The solution is indicated in information sources.

F5 BIG-IP: solution for OpenSSL.
The solution is indicated in information sources.

Fedora 22: new openssl packages.
New packages are available:
  Fedora 22: openssl 1.0.1k-13.fc22

Fedora 23: new openssl packages.
New packages are available:
  Fedora 23: openssl 1.0.2e-1.fc23

Fortinet: fixed versions for OpenSSL.
Fixed versions are indicated in information sources.

FreeBSD: patch for OpenSSL.
A patch is available:
  https://security.FreeBSD.org/patches/SA-15:26/openssl-9.3.patch
  https://security.FreeBSD.org/patches/SA-15:26/openssl-10.1.patch
  https://security.FreeBSD.org/patches/SA-15:26/openssl-10.2.patch

HPE Comware Switch: solution for OpenSSL.
The solution is indicated in information sources.

IBM Bigfix Platform: solution for OpenSSL.
The solution is indicated in information sources.

IBM Rational Application Developer: patch for OpenSSL.
A patch is indicated in information sources.

IBM Security QRadar SIEM: patch for OpenSSL.
A patch is available:
  IBM QRadar/QRM/QVM/QRIF 7.2.6 Patch 2: http://www.ibm.com/support/fixcentral/swg/quickorder?product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=7.2.0&platform=Linux&function=fixId&fixids=7.2.6-QRADAR-QRSIEM-20160121152811&includeRequisites=0&includeSupersedes=0&downloadMethod=http&source=fc
  IBM QRadar 7.1 MR2 Patch 12 Interim Fix 1: http://www.ibm.com/support/fixcentral/swg/quickorder?parent=Security%2BSystems&product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=7.1.0&platform=Linux&function=fixId&fixids=7.1.0-QRADAR-QRSIEM-1104447INT&includeRequisites=0&includeSupersedes=0&downloadMethod=http&source=fc

IBM Spectrum Protect: versions 7.1.6.5 and 8.1.0.2.
Versions 7.1.6.5 and 8.1.0.2 are fixed:
  Version 7.1.6.5 : http://www-01.ibm.com/support/docview.wss?uid=swg24042496
  Version 8.1.0.2: http://www.ibm.com/support/docview.wss?uid=swg24043351

Juniper: solution for OpenSSL.
The solution is indicated in information sources.

LibreSSL: versions 2.1.9 and 2.2.5.
Versions 2.1.9 and 2.2.5 are fixed:
  http://www.libressl.org/

McAfee Email Gateway: version 7.6.404-3328.101.
The version 7.6.404-3328.101 is fixed:
  https://kc.mcafee.com/corporate/index?page=content&id=KB56057

MySQL Enterprise: version 5.6.29.
The version 5.6.29 is fixed.

MySQL Enterprise: version 5.7.11.
The version 5.7.11 is fixed:
  http://dev.mysql.com/downloads/mysql/

NetApp Data ONTAP: patch for OpenSSL 12/2015.
A patch is available:
  Data ONTAP SMI-S Agent: https://mysupport.netapp.com/NOW/cgi-bin/bol?Type=Detail&Display=971461

Netasq: version 9.1.7.
The version 9.1.7 is fixed:
  https://www.stormshield.eu/

Node.js: version 0.10.41.
The version 0.10.41 is fixed:
  http://nodejs.org/dist/v0.10.41/

Node.js: version 0.12.9.
The version 0.12.9 is fixed:
  https://nodejs.org/en/download/

Node.js: version 4.2.3.
The version 4.2.3 is fixed:
  https://nodejs.org/en/download/

Node.js: version 5.1.1.
The version 5.1.1 is fixed:
  https://nodejs.org/en/download/

OpenBSD 5.7: patch for OpenSSL.
A patch is available:
  http://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/021_clientcert.patch.sig

OpenBSD 5.8: patch for OpenSSL.
A patch is available:
  http://ftp.openbsd.org/pub/OpenBSD/patches/5.8/common/009_clientcert.patch.sig

OpenBSD: patch for LibreSSL.
A patch is available:
  http://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/021_clientcert.patch.sig
  http://ftp.openbsd.org/pub/OpenBSD/patches/5.8/common/009_clientcert.patch.sig
This bulletin is a duplicate of VIGILANCE-SOL-43848 and VIGILANCE-SOL-43849.

openSUSE 11.4: new openssl packages.
New packages are available:
  openSUSE 11.4: openssl 1.0.1p-71.1

openSUSE 13.2: new libressl packages (18/05/2016).
New packages are available:
  openSUSE 13.2: libressl 2.2.7-2.13.1

openSUSE: new libressl packages.
New packages are available:
  openSUSE 13.2: libressl 2.2.1-2.10.1
  openSUSE Leap 42.1: libressl 2.3.0-7.1

openSUSE: new openssl packages.
New packages are available:
  openSUSE 13.1: openssl 1.0.1k-11.75.1
  openSUSE 13.2: openssl 1.0.1k-2.27.1
  openSUSE Leap 42.1: openssl 1.0.1i-9.1

Oracle Communications: CPU of October 2017.
A Critical Patch Update is available.

pfSense: version 2.2.6.
The version 2.2.6 is fixed:
  https://pfsense.org/download/

Pulse Secure: solution for OpenSSL.
The solution is indicated in information sources.

Puppet Agent: version 1.3.4.
The version 1.3.4 is fixed:
  https://puppetlabs.com/

RHEL: new openssl packages.
New packages are available:
  RHEL 6: openssl 1.0.1e-42.el6_7.1
  RHEL 7: openssl 1.0.1e-51.el7_2.1

Slackware: new openssl packages.
New packages are available:
  Slackware 13.0: openssl 0.9.8zh-*-1_slack13.0
  Slackware 13.1: openssl 0.9.8zh-*-1_slack13.1
  Slackware 13.37: openssl 0.9.8zh-*-1_slack13.37
  Slackware 14.0: openssl 1.0.1q-*-1_slack14.0
  Slackware 14.1: openssl 1.0.1q-*-1_slack14.1

Solaris: patch for Third Party (01/2016).
A patch is available:
  https://support.oracle.com/rs?type=doc&id=1448883.1

Stormshield Endpoint Security: version 6.0.21, 7.1.08 et 7.2.05.
The version 6.0.21, 7.1.08 et 7.2.05 is fixed:
  https://www.stormshield.eu/

Stormshield Network Security: versions 2.3.1, 2.2.4 and 1.4.3.
Versions 2.3.1, 2.2.4 and 1.4.3 are fixed:
  https://www.stormshield.eu/

stunnel: version 5.27.
The version 5.27 is fixed:
  https://www.stunnel.org/downloads.html

SUSE LE 11 SP4: new MozillaFirefox packages (12/12/2019).
New packages are available:
  SUSE LE 11 SP4: MozillaFirefox 68.2.0-78.51.4

Synology DS, RS: version 5.2-5644 Update 3.
The version 5.2-5644 Update 3 is fixed:
  https://www.synology.com

Ubuntu: new libssl1.0.0 packages.
New packages are available:
  Ubuntu 15.10: libssl1.0.0 1.0.2d-0ubuntu1.2
  Ubuntu 15.04: libssl1.0.0 1.0.1f-1ubuntu11.5
  Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.16
  Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.32

WebSphere MQ: solution for OpenSSL.
The solution is indicated in information sources.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a system vulnerability database. Each administrator can customize the list of products for which he wants to receive vulnerability alerts.