#VU33290 Security Features in OpenSSL - CVE-2015-1793


| Updated: 2020-08-03

Vulnerability identifier: #VU33290

Vulnerability risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2015-1793

CWE-ID: CWE-254

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
OpenSSL
Server applications / Encryption software

Vendor: OpenSSL Software Foundation

Description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints cA values during identification of alternative certificate chains, which allows remote attackers to spoof a Certification Authority role and trigger unintended certificate verifications via a valid leaf certificate.

Mitigation
Install update from vendor's website.

Vulnerable software versions

OpenSSL: 1.0.1n

External links
https://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery
https://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10694
https://lists.fedoraproject.org/pipermail/package-announce/2015-July/161747.html
https://lists.fedoraproject.org/pipermail/package-announce/2015-July/161782.html
https://marc.info/?l=bugtraq&m=143880121627664&w=2
https://marc.info/?l=bugtraq&m=144370846326989&w=2
https://openssl.org/news/secadv_20150709.txt
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150710-openssl
https://www.fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery
https://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
https://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
https://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
https://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
https://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
https://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
https://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
https://www.securityfocus.com/bid/75652
https://www.securityfocus.com/bid/91787
https://www.securitytracker.com/id/1032817
https://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.561427
https://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454058.htm
https://git.openssl.org/?p=openssl.git;a=commit;h=9a0db453ba017ebcaccbee933ee6511a9ae4d1c8
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04822825
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351
https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes
https://kc.mcafee.com/corporate/index?page=content&id=SB10125
https://security.gentoo.org/glsa/201507-15
https://www.exploit-db.com/exploits/38640/
https://www.freebsd.org/security/advisories/FreeBSD-SA-15:12.openssl.asc

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Security features in HP Cloud Service Automation
Gentoo update for OpenSSL
Slackware Linux update for openssl
Security Features in OpenSSL
Security Features in openssl (Alpine package)
Amazon Linux AMI update for openssl