SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (VPN)  >   OpenSSL Vendors:   OpenSSL.org
(CentOS Issues Fix) OpenSSL Bugs Let Remote Users Deny Service and Potentially Execute Arbitrary Code
SecurityTracker Alert ID:  1032958
SecurityTracker URL:  http://securitytracker.com/id/1032958
CVE Reference:   CVE-2015-1789, CVE-2015-1790   (Links to External Site)
Date:  Jul 16 2015
Impact:   Denial of service via network, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 0.9.8, 1.0.0, 1.0.1, 1.0.2
Description:   Multiple vulnerabilities were reported in OpenSSL. A remote user can cause denial of service conditions on the target system. A remote authenticated user may be able to execute arbitrary code on the target system.

A remote authenticated user can send specially crafted application data to a connected DTLS peer between the ChangeCipherSpec and Finished messages to trigger an invalid memory free and cause a segmentation fault or memory corruption error and potentially execute arbitrary code [CVE-2014-8176]. Versions 0.9.8 prior to 0.9.8za, 1.0.0 prior to 1.0.0m, and 1.0.1 prior to 1.0.1h are affected.

Praveen Kariyanahalli and Ivan Fratric and Felix Groebert of Google separately reported this vulnerability.

A remote user can send specially crafted ECParameters to cause the target service to enter an infinite loop [CVE-2015-1788]. Applications that process public keys, certificate requests, or certificates are affected. TLS clients and TLS servers with client authentication enabled are affected. Versions 1.0.1 and 1.0.2 are affected.

Joseph Birr-Pixton reported this vulnerability on April 6, 2015.

A remote user can create a specially crafted certificate or certificate revocation list (CRL) that, when processed by the target application, will trigger an out-of-bound memory read in X509_cmp_time() and cause a segmentation fault [CVE-2015-1789]. TLS clients that verify CRLs are affected. TLS clients and servers with client authentication enabled and that use custom verification callbacks may be affected.

Robert Swiecki of Google reported this vulnerability on April 8, 2015 and Hanno Bock independently reported this vulnerability on April 11, 2015.

A remote user can create specially crafted ASN.1-encoded PKCS#7 data with a missing EnvelopedContent component to trigger a null pointer dereference [CVE-2015-1790]. Applications that decrypt or parse PKCS#7 data from untrusted sources are affected. OpenSSL clients and servers are not affected. The impact was not specified.

Michal Zalewski of Google reported this vulnerability on April 18, 2015.

A remote user can create a specially crafted signedData message that specifies an unknown hash function OID to trigger an infinite loop in the CMS code [CVE-2015-1792]. Applications that verify signedData messages using the CMS code are affected.

Johannes Bauer reported this vulnerability on March 31, 2015.

Impact:   A remote user can cause the target application to crash or enter an infinite loop.

A remote authenticated user may be able to execute arbitrary code on the target system.

The impact of one vulnerability was not disclosed.

Solution:   CentOS has issued a fix for CVE-2015-1789 and CVE-2015-1790 for CentOS 5.

i386:
8b8c609255b3fc78e8a8227dfcf456fc6fad6ee44402b00741d66eb7a7c91b02 openssl-0.9.8e-36.el5_11.i386.rpm
61f39339bba2e5d56667ccf56d5209e48dc3bce26b45d1b0d043ae5a5f4cd96c openssl-0.9.8e-36.el5_11.i686.rpm
00f5e3d2df2c933bbc7d49df3a0496212963eae0923ea1a8ab78c698bd67ab30 openssl-devel-0.9.8e-36.el5_11.i386.rpm
6e76fd11355d47b0ba0afc79f8cfe97fea5ec3434dc4ec0a75d426fd2a1f3d09 openssl-perl-0.9.8e-36.el5_11.i386.rpm

x86_64:
61f39339bba2e5d56667ccf56d5209e48dc3bce26b45d1b0d043ae5a5f4cd96c openssl-0.9.8e-36.el5_11.i686.rpm
9f922500d3726e5e910e3291bd6ababbd82df79b9b504f654e8711e3922d24a7 openssl-0.9.8e-36.el5_11.x86_64.rpm
00f5e3d2df2c933bbc7d49df3a0496212963eae0923ea1a8ab78c698bd67ab30 openssl-devel-0.9.8e-36.el5_11.i386.rpm
be2e32d534efa94c2be0077f4cd9fcb4923f4cf1c5f34002ad865ea28e127f6a openssl-devel-0.9.8e-36.el5_11.x86_64.rpm
949a68f470e7baaa9385c6a5b6efbab45762e8693a2258e2b5cf2a755fadfc16 openssl-perl-0.9.8e-36.el5_11.x86_64.rpm

Source:
d3fd488129138efbffee4176587436a22c10e54950bc274f1fd894dc355adf55 openssl-0.9.8e-36.el5_11.src.rpm

Vendor URL:  openssl.org/news/secadv_20150611.txt (Links to External Site)
Cause:   Access control error, Boundary error, Not specified, State error
Underlying OS:  Linux (CentOS)
Underlying OS Comments:  5

Message History:   This archive entry is a follow-up to the message listed below.
Jun 11 2015 OpenSSL Bugs Let Remote Users Deny Service and Potentially Execute Arbitrary Code



 Source Message Contents

Subject:  [CentOS-announce] CESA-2015:1197 Moderate CentOS 5 openssl Security Update


CentOS Errata and Security Advisory 2015:1197 Moderate

Upstream details at : https://rhn.redhat.com/errata/RHSA-2015-1197.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
8b8c609255b3fc78e8a8227dfcf456fc6fad6ee44402b00741d66eb7a7c91b02  openssl-0.9.8e-36.el5_11.i386.rpm
61f39339bba2e5d56667ccf56d5209e48dc3bce26b45d1b0d043ae5a5f4cd96c  openssl-0.9.8e-36.el5_11.i686.rpm
00f5e3d2df2c933bbc7d49df3a0496212963eae0923ea1a8ab78c698bd67ab30  openssl-devel-0.9.8e-36.el5_11.i386.rpm
6e76fd11355d47b0ba0afc79f8cfe97fea5ec3434dc4ec0a75d426fd2a1f3d09  openssl-perl-0.9.8e-36.el5_11.i386.rpm

x86_64:
61f39339bba2e5d56667ccf56d5209e48dc3bce26b45d1b0d043ae5a5f4cd96c  openssl-0.9.8e-36.el5_11.i686.rpm
9f922500d3726e5e910e3291bd6ababbd82df79b9b504f654e8711e3922d24a7  openssl-0.9.8e-36.el5_11.x86_64.rpm
00f5e3d2df2c933bbc7d49df3a0496212963eae0923ea1a8ab78c698bd67ab30  openssl-devel-0.9.8e-36.el5_11.i386.rpm
be2e32d534efa94c2be0077f4cd9fcb4923f4cf1c5f34002ad865ea28e127f6a  openssl-devel-0.9.8e-36.el5_11.x86_64.rpm
949a68f470e7baaa9385c6a5b6efbab45762e8693a2258e2b5cf2a755fadfc16  openssl-perl-0.9.8e-36.el5_11.x86_64.rpm

Source:
d3fd488129138efbffee4176587436a22c10e54950bc274f1fd894dc355adf55  openssl-0.9.8e-36.el5_11.src.rpm



-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC