SB2017062024 - Gentoo update for mbed TLS

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2017062024

SB2017062024 - Gentoo update for mbed TLS

Published: June 20, 2017 Updated: June 20, 2017

Security Bulletin ID SB2017062024
Severity
High
Patch available
YES
Number of vulnerabilities 3
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 33% Medium 67%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.


1) Code Injection (CVE-ID: CVE-2015-5291)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation in a long hostname to the server name indication (SNI) extension, which is not properly handled when creating a ClientHello message. NOTE: this identifier has been SPLIT per ADT3 due to different affected version ranges. See CVE-2015-8036 for the session ticket issue that was introduced in 1.3.0. A remote attacker can send a specially crafted request and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


2) Data Handling (CVE-ID: CVE-2015-7575)

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision.


3) Improper Certificate Validation (CVE-ID: CVE-2017-2784)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

An exploitable free of a stack pointer vulnerability exists in the x509 certificate parsing code of ARM mbed TLS before 1.3.19, 2.x before 2.1.7, and 2.4.x before 2.4.2. A specially crafted x509 certificate, when parsed by mbed TLS library, can cause an invalid free of a stack pointer leading to a potential remote code execution. In order to exploit this vulnerability, an attacker can act as either a client or a server on a network to deliver malicious x509 certificates to vulnerable applications.


Remediation

Install update from vendor's website.

References