The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Vulnerability of OpenSSL: X.509 certification chain forgery

Synthesis of the vulnerability

An attacker can force OpenSSL to accept spoofed certificates, in order to listen for encrypted communications or bypass signature based authentication.
Severity of this bulletin: 3/4.
Creation date: 09/07/2015.
Références of this threat: 1962398, 1963151, BSA-2015-009, bulletinjul2015, c04760669, c05184351, CERTFR-2015-AVI-285, CERTFR-2015-AVI-431, cisco-sa-20150710-openssl, cpuoct2017, CVE-2015-1793, FEDORA-2015-11414, FEDORA-2015-11475, FreeBSD-SA-15:12.openssl, HPSBHF03613, HPSBUX03388, JSA10694, SB10125, SOL16937, SPL-103044, SSA:2015-190-01, SSRT102180, VIGILANCE-VUL-17337.

Description of the vulnerability

A certificate validation begins with the creation of a certificate chain, where each certificate provides the public key used to check the signature of the next certificate.

The creation of this chain may be non deterministic, especially when some identification X.509v3 extensions like "Authority Key Identifier" are not provided. When a candidate chain does not allow to validate a given certificate, OpenSSL 1.0.1 and 1.0.2 attempt to find another candidate chain. However, during these attempts, some required checks on the chain are not performed anymore. As a consequence, an attacker can make OpenSSL use its own certificate as a CA certificate, even if it includes the "basicConstraint" extension stating "CA: no". So it can create certificates for any name.

This vulnerability impacts clients checking a server certificate, and TLS servers checking a client certificate.

An attacker can therefore force OpenSSL to accept spoofed certificates, in order to listen for encrypted communications or bypass signature based authentication.
Full Vigil@nce bulletin... (Request your free trial)

This computer vulnerability bulletin impacts software or systems such as DCFM Enterprise, Brocade Network Advisor, Brocade vTM, ASA, Cisco Catalyst, IOS XE Cisco, Nexus by Cisco, NX-OS, Prime Infrastructure, Cisco PRSM, Cisco Router, Cisco CUCM, Clearswift Email Gateway, BIG-IP Hardware, TMOS, Fedora, FileZilla Server, FreeBSD, hMailServer, HP Switch, HP-UX, IRAD, Juniper J-Series, Junos OS, McAfee Email Gateway, McAfee NGFW, Nodejs Core, OpenSSL, Oracle Communications, Solaris, Slackware, Splunk Enterprise, stunnel, Synology DSM, Synology DS***, Synology RS***, Nessus, Websense Web Security, WinSCP, X2GoClient.

Our Vigil@nce team determined that the severity of this vulnerability bulletin is important.

The trust level is of type confirmed by the editor, with an origin of internet client.

A proof of concept or an attack tool is available, so your teams have to process this alert. An attacker with a technician ability can exploit this threat note.

Solutions for this threat

OpenSSL: version 1.0.2d.
The version 1.0.2d is fixed:
  https://www.openssl.org/source/openssl-1.0.2d.tar.gz

OpenSSL: version 1.0.1p.
The version 1.0.1p is fixed:
  https://www.openssl.org/source/openssl-1.0.1p.tar.gz

F5 BIG-IP: not vulnerable.
After analysis, BIG-IP is not vulnerable.

Brocade: fixed versions for Java, OpenSSL, OpenSSH, BIND.
Fixed versions are indicated in information sources.

Cisco: solution for OpenSSL.
The solution is indicated in information sources.

Clearswift SECURE Email Gateway: version 3.8.8.
The version 3.8.8 is fixed:
  http://web2.clearswift.com/support/msw/forums/topic.asp?TOPIC_ID=24581

Fedora: new openssl packages.
New packages are available:
  Fedora 21: openssl 1.0.1k-11.fc21
  Fedora 22: openssl 1.0.1k-11.fc22

FileZilla Server: version 0.9.54.
The version 0.9.54 is fixed:
  https://filezilla-project.org/versions.php?type=server

FreeBSD: patch for openssl.
In the branch stable/10/, the revision r285330 is fixed. Previous branches are not vulnerable.

hMailServer: version 5.6.4.
The version 5.6.4 is fixed:
  https://www.hmailserver.com/download

HPE Switch Comware: patch for OpenSSL.
A patch is indicated in information sources for numerous products of the families Comware 5 and Comware 7.

HP-UX: fixed versions for OpenSSL.
Fixed versions are indicated in information sources:
  OpenSSL_A.01.00.01p
  https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=OPENSSL11I

IBM Rational Application Developer: solution for OpenSSL.
The solution is indicated in information sources.

Juniper Junos: fixed versions for OpenSSL.
Fixed versions are indicated in information sources.

McAfee: fixed versions for OpenSSL CVE-2015-1793.
Fixed versions are indicated in information sources.

Nessus: version 6.4.2.
The version 6.4.2 is fixed:
  http://www.tenable.com/products/nessus-vulnerability-scanner

Node.js: version 0.12.7.
The version 0.12.7 is fixed:
  https://nodejs.org/download/

Oracle Communications: CPU of October 2017.
A Critical Patch Update is available.

slackware: new openssl packages.
New packages are available:
  Slackware 14.0: openssl 1.0.1p-*-1_slack14.0, openssl solibs-1.0.1p-*-1_slack14.0
  Slackware 14.1: openssl 1.0.1p-*-1_slack14.1, openssl solibs-1.0.1p-*-1_slack14.1

Snare Enterprise Agent: fixed versions for OpenSSL.
Fixed versions are indicated in information sources.

Snare Enterprise Agent for Windows: version 4.3.3.
The version 4.3.3 is fixed:
  http://www.intersectalliance.com/

Solaris: patch for Third Party (07/2015).
A patch is available:
  https://support.oracle.com/rs?type=doc&id=1448883.1

Splunk Enterprise: version 5.0.14.
The version 5.0.14 is fixed:
  http://www.splunk.com/

Splunk Enterprise: version 6.1.9.
The version 6.1.9 is fixed:
  http://www.splunk.com/

Splunk Enterprise: version 6.2.5.
The version 6.2.5 is fixed:
  http://www.splunk.com/

Splunk Enterprise: versions 6.0.10.
Versions 6.0.10 are fixed:
  http://www.splunk.com/

stunnel: version 5.20.
The version 5.20 is fixed:
  https://www.stunnel.org/downloads.html

Synology DS/RS: version 5.2-5592 Update 1.
The version 5.2-5592 Update 1 is fixed:
  https://www.synology.com/

Websense Web Security: version 7.8.2 HF 18.
The version 7.8.2 HF 18 is fixed.

WinSCP: version 5.7.5.
The version 5.7.5 is fixed:
  http://winscp.net/eng/download.php

X2Go Client: version 4.0.5.0.
The version 4.0.5.0 is fixed:
  http://wiki.x2go.org/doku.php
Full Vigil@nce bulletin... (Request your free trial)

Computer vulnerabilities tracking service

Vigil@nce provides computer vulnerability bulletins. The technology watch team tracks security threats targeting the computer system.