The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Vulnerability of OpenSSL: information disclosure via X509_ATTRIBUTE

Synthesis of the vulnerability

An attacker can read a memory fragment via X509_ATTRIBUTE of OpenSSL processing PKCS#7 or CMS data, in order to obtain sensitive information.
Severity of this computer vulnerability: 2/4.
Creation date: 03/12/2015.
Références of this announce: 1972951, 1976113, 1976148, 1985739, 2003480, 2003620, 2003673, 9010051, BSA-2016-006, bulletinjan2016, c05398322, CERTFR-2015-AVI-517, CERTFR-2016-AVI-128, cisco-sa-20151204-openssl, cpuapr2017, cpuoct2016, cpuoct2017, CVE-2015-3195, DSA-3413-1, FEDORA-2015-605de37b7f, FEDORA-2015-d87d60b9a9, FreeBSD-SA-15:26.openssl, HPESBHF03709, JSA10733, JSA10759, NTAP-20151207-0001, openSUSE-SU-2015:2288-1, openSUSE-SU-2015:2289-1, openSUSE-SU-2015:2318-1, openSUSE-SU-2015:2349-1, openSUSE-SU-2016:0637-1, openSUSE-SU-2016:0640-1, openSUSE-SU-2016:1327-1, PAN-SA-2016-0020, PAN-SA-2016-0028, RHSA-2015:2616-01, RHSA-2015:2617-01, RHSA-2016:2054-01, RHSA-2016:2055-01, RHSA-2016:2056-01, SA105, SA40100, SB10203, SOL12824341, SOL30714460, SOL55540723, SOL86772626, SSA:2015-349-04, SUSE-SU-2016:0678-1, USN-2830-1, VIGILANCE-VUL-18436.

Description of the vulnerability

The OpenSSL library supports the PKCS#7 and CMS formats.

However, if an X509_ATTRIBUTE structure is malformed, OpenSSL does not initialize a memory area before returning it to the user reading PKCS#7 or CMS data.

It can be noted that SSL/TLS is not impacted.

An attacker can therefore read a memory fragment via X509_ATTRIBUTE of OpenSSL processing PKCS#7 or CMS data, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Request your free trial)

This vulnerability alert impacts software or systems such as OpenOffice, Tomcat, ProxyAV, ProxySG par Blue Coat, SGOS by Blue Coat, FabricOS, Brocade Network Advisor, Brocade vTM, Cisco ASR, Cisco ATA, Cisco AnyConnect Secure Mobility Client, ASA, AsyncOS, Cisco Content SMA, Cisco ESA, Nexus by Cisco, NX-OS, Cisco Prime Access Registrar, Prime Collaboration Assurance, Cisco Prime DCNM, Prime Infrastructure, Cisco PRSM, Secure ACS, Cisco CUCM, Cisco MeetingPlace, Cisco WSA, Cisco Wireless Controller, Debian, BIG-IP Hardware, TMOS, Fedora, FortiAnalyzer, FortiAnalyzer Virtual Appliance, FortiClient, FortiGate, FortiGate Virtual Appliance, FortiManager, FortiManager Virtual Appliance, FortiOS, FreeBSD, HP Switch, AIX, IRAD, QRadar SIEM, Tivoli Storage Manager, IVE OS, Juniper J-Series, Junos OS, Junos Space, MAG Series by Juniper, NSM Central Manager, NSMXpress, Juniper SA, Juniper SBR, MariaDB ~ precise, McAfee Email Gateway, MySQL Enterprise, Data ONTAP 7-Mode, NetScreen Firewall, ScreenOS, OpenBSD, OpenSSL, openSUSE, openSUSE Leap, Oracle Communications, Solaris, Palo Alto Firewall PA***, PAN-OS, pfSense, Pulse Connect Secure, MAG Series by Pulse Secure, Pulse Secure SBR, Puppet, RHEL, JBoss EAP by Red Hat, Slackware, stunnel, SUSE Linux Enterprise Desktop, SLES, Synology DS***, Synology RS***, Ubuntu, Unix (platform) ~ not comprehensive.

Our Vigil@nce team determined that the severity of this computer weakness alert is medium.

The trust level is of type confirmed by the editor, with an origin of user shell.

An attacker with a expert ability can exploit this computer vulnerability.

Solutions for this threat

OpenSSL: version 1.0.2e.
The version 1.0.2e is fixed:
  http://openssl.org/source/

OpenSSL: version 1.0.1q.
The version 1.0.1q is fixed:
  http://openssl.org/source/

OpenSSL: version 1.0.0t.
The version 1.0.0t is fixed:
  http://openssl.org/source/

OpenSSL: version 0.9.8zh.
The version 0.9.8zh is fixed:
  http://openssl.org/source/

AIX: patch for OpenSSL.
A patch is indicated in information sources.

Apache OpenOffice: version 4.1.6.
The version 4.1.6 is fixed:
  https://www.openoffice.org/download/

Apache Tomcat: version 8.0.32.
The version 8.0.32 is fixed:
  http://tomcat.apache.org/download-80.cgi

Blue Coat: solution for OpenSSL.
The solution depends on the product:
  CAS: version 1.3.6.1.
  ProxyAV 3.5: version 3.5.4.1.
  ProxySG 6.5: version 6.5.9.2.
  ProxySG 6.6: future.

Brocade: solution for Multiple Vulnerabilities.
The solution is indicated in information sources.

Cisco: solution for OpenSSL.
The solution is indicated in information sources.

Debian: new openssl packages.
New packages are available:
  Debian 7: openssl 1.0.1e-2+deb7u18
  Debian 8: openssl 1.0.1k-3+deb8u2

F5 BIG-IP: solution for OpenSSL.
The solution is indicated in information sources.

Fedora 22: new openssl packages.
New packages are available:
  Fedora 22: openssl 1.0.1k-13.fc22

Fedora 23: new openssl packages.
New packages are available:
  Fedora 23: openssl 1.0.2e-1.fc23

Fortinet: fixed versions for OpenSSL.
Fixed versions are indicated in information sources.

FreeBSD: patch for OpenSSL.
A patch is available:
  https://security.FreeBSD.org/patches/SA-15:26/openssl-9.3.patch
  https://security.FreeBSD.org/patches/SA-15:26/openssl-10.1.patch
  https://security.FreeBSD.org/patches/SA-15:26/openssl-10.2.patch

HPE Comware Switch: solution for OpenSSL.
The solution is indicated in information sources.

IBM Bigfix Platform: solution for OpenSSL.
The solution is indicated in information sources.

IBM Rational Application Developer: patch for OpenSSL.
A patch is indicated in information sources.

IBM Security QRadar SIEM: patch for OpenSSL.
A patch is available:
  IBM QRadar/QRM/QVM/QRIF 7.2.6 Patch 2: http://www.ibm.com/support/fixcentral/swg/quickorder?product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=7.2.0&platform=Linux&function=fixId&fixids=7.2.6-QRADAR-QRSIEM-20160121152811&includeRequisites=0&includeSupersedes=0&downloadMethod=http&source=fc
  IBM QRadar 7.1 MR2 Patch 12 Interim Fix 1: http://www.ibm.com/support/fixcentral/swg/quickorder?parent=Security%2BSystems&product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=7.1.0&platform=Linux&function=fixId&fixids=7.1.0-QRADAR-QRSIEM-1104447INT&includeRequisites=0&includeSupersedes=0&downloadMethod=http&source=fc

IBM Spectrum Protect: versions 7.1.6.5 and 8.1.0.2.
Versions 7.1.6.5 and 8.1.0.2 are fixed:
  Version 7.1.6.5 : http://www-01.ibm.com/support/docview.wss?uid=swg24042496
  Version 8.1.0.2: http://www.ibm.com/support/docview.wss?uid=swg24043351

Juniper: solution for OpenSSL.
The solution is indicated in information sources.

LibreSSL: versions 2.1.9 and 2.2.5.
Versions 2.1.9 and 2.2.5 are fixed:
  http://www.libressl.org/

McAfee Email Gateway: version 7.6.404-3328.101.
The version 7.6.404-3328.101 is fixed:
  https://kc.mcafee.com/corporate/index?page=content&id=KB56057

MySQL Enterprise: version 5.6.29.
The version 5.6.29 is fixed.

MySQL Enterprise: version 5.7.11.
The version 5.7.11 is fixed:
  http://dev.mysql.com/downloads/mysql/

NetApp Data ONTAP: patch for OpenSSL 12/2015.
A patch is available:
  Data ONTAP SMI-S Agent: https://mysupport.netapp.com/NOW/cgi-bin/bol?Type=Detail&Display=971461

OpenBSD: patch for LibreSSL.
A patch is available:
  http://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/021_clientcert.patch.sig
  http://ftp.openbsd.org/pub/OpenBSD/patches/5.8/common/009_clientcert.patch.sig
This bulletin is a duplicate of VIGILANCE-SOL-43848 and VIGILANCE-SOL-43849.

openSUSE 11.4: new openssl packages.
New packages are available:
  openSUSE 11.4: openssl 1.0.1p-71.1

openSUSE 13.2: new libressl packages (18/05/2016).
New packages are available:
  openSUSE 13.2: libressl 2.2.7-2.13.1

openSUSE Leap 42.1: new compat-openssl098 packages.
New packages are available:
  openSUSE Leap 42.1: compat-openssl098 0.9.8j-6.1

openSUSE: new libopenssl0_9_8 packages.
New packages are available:
  openSUSE 13.2: libopenssl0_9_8 0.9.8zh-9.3.1
  openSUSE Leap 42.1: libopenssl0_9_8 0.9.8zh-14.1

openSUSE: new libressl packages.
New packages are available:
  openSUSE 13.2: libressl 2.2.1-2.10.1
  openSUSE Leap 42.1: libressl 2.3.0-7.1

openSUSE: new openssl packages.
New packages are available:
  openSUSE 13.1: openssl 1.0.1k-11.75.1
  openSUSE 13.2: openssl 1.0.1k-2.27.1
  openSUSE Leap 42.1: openssl 1.0.1i-9.1

Oracle Communications: CPU of April 2017.
A Critical Patch Update is available:
  https://support.oracle.com/rs?type=doc&id=2247453.1
  https://support.oracle.com/rs?type=doc&id=2248470.1
  https://support.oracle.com/rs?type=doc&id=2251718.1
  https://support.oracle.com/rs?type=doc&id=2245233.1
  https://support.oracle.com/rs?type=doc&id=2248526.1
  https://support.oracle.com/rs?type=doc&id=2250567.1

Oracle Communications: CPU of October 2016.
A Critical Patch Update is available:
  https://support.oracle.com/rs?type=doc&id=2188694.1

Oracle Communications: CPU of October 2017.
A Critical Patch Update is available.

PAN-OS: versions 5.0.20, 5.1.13, 6.0.14, 6.1.13, 7.0.9 and 7.1.4.
Versions 5.0.20, 5.1.13, 6.0.14, 6.1.13, 7.0.9 and 7.1.4 are fixed.

pfSense: version 2.2.6.
The version 2.2.6 is fixed:
  https://pfsense.org/download/

Pulse Secure: solution for OpenSSL.
The solution is indicated in information sources.

Puppet Agent: version 1.3.4.
The version 1.3.4 is fixed:
  https://puppetlabs.com/

Red Hat JBoss Enterprise Application Platform: version 6.4.10.
The version 6.4.10 is fixed:
  https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform&downloadType=securityPatches&version=6.4

RHEL 5: new openssl packages.
New packages are available:
  RHEL 5: openssl 0.9.8e-37.el5_11

RHEL: new openssl packages.
New packages are available:
  RHEL 6: openssl 1.0.1e-42.el6_7.1
  RHEL 7: openssl 1.0.1e-51.el7_2.1

ScreenOS: version 6.3.0r22.
The version 6.3.0r22 is fixed:
  https://www.juniper.net/

Slackware: new openssl packages.
New packages are available:
  Slackware 13.0: openssl 0.9.8zh-*-1_slack13.0
  Slackware 13.1: openssl 0.9.8zh-*-1_slack13.1
  Slackware 13.37: openssl 0.9.8zh-*-1_slack13.37
  Slackware 14.0: openssl 1.0.1q-*-1_slack14.0
  Slackware 14.1: openssl 1.0.1q-*-1_slack14.1

Solaris: patch for Third Party (01/2016).
A patch is available:
  https://support.oracle.com/rs?type=doc&id=1448883.1

stunnel: version 5.27.
The version 5.27 is fixed:
  https://www.stunnel.org/downloads.html

SUSE LE 10 SP4: new openssl packages.
New packages are available:
  SUSE LE 10 SP4: openssl 0.9.8a-18.94.2

Synology DS, RS: version 5.2-5644 Update 3.
The version 5.2-5644 Update 3 is fixed:
  https://www.synology.com

Ubuntu: new libssl1.0.0 packages.
New packages are available:
  Ubuntu 15.10: libssl1.0.0 1.0.2d-0ubuntu1.2
  Ubuntu 15.04: libssl1.0.0 1.0.1f-1ubuntu11.5
  Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.16
  Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.32
Full Vigil@nce bulletin... (Request your free trial)

Computer vulnerabilities tracking service

Vigil@nce provides computer vulnerability bulletins. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications.