#VU70407 Input validation error in OpenSSL - CVE-2015-0286


Vulnerability identifier: #VU70407

Vulnerability risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2015-0286

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
OpenSSL
Server applications / Encryption software

Vendor: OpenSSL Software Foundation

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to the affected device does not properly perform boolean-type comparisons within the ASN1_TYPE_cmp function in crypto/asn1/a_type.c. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

OpenSSL: 0.9.8ze - 0.9.8p, 1.0.0g - 1.0.0p, 1.0.1l - 1.0.1, 1.0.2

External links
https://bugzilla.redhat.com/show_bug.cgi?id=1202366
https://www.openssl.org/news/secadv_20150319.txt
https://git.openssl.org/?p=openssl.git;a=commit;h=c3c7fb07dc975dc3c9de0eddb7d8fd79fc9c67c1
https://lists.fedoraproject.org/pipermail/package-announce/2015-March/152844.html
https://lists.fedoraproject.org/pipermail/package-announce/2015-March/152733.html
https://lists.fedoraproject.org/pipermail/package-announce/2015-March/152734.html
https://www.debian.org/security/2015/dsa-3197
https://lists.opensuse.org/opensuse-updates/2015-03/msg00062.html
https://www.freebsd.org/security/advisories/FreeBSD-SA-15%3A06.openssl.asc
https://lists.opensuse.org/opensuse-security-announce/2015-03/msg00022.html
https://www.ubuntu.com/usn/USN-2537-1
https://www.securitytracker.com/id/1031929
https://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html
https://rhn.redhat.com/errata/RHSA-2015-0716.html
https://www.mandriva.com/security/advisories?name=MDVSA-2015:063
https://www.mandriva.com/security/advisories?name=MDVSA-2015:062
https://rhn.redhat.com/errata/RHSA-2015-0752.html
https://rhn.redhat.com/errata/RHSA-2015-0715.html
https://marc.info/?l=bugtraq&m=142841429220765&w=2
https://access.redhat.com/articles/1384453
https://www.securityfocus.com/bid/73225
https://lists.fedoraproject.org/pipermail/package-announce/2015-May/156823.html
https://lists.fedoraproject.org/pipermail/package-announce/2015-May/157177.html
https://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html
https://support.apple.com/kb/HT204942
https://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
https://support.apple.com/HT205212
https://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html
https://support.apple.com/HT205267
https://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html
https://bto.bluecoat.com/security-advisory/sa92
https://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
https://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
https://marc.info/?l=bugtraq&m=144050297101809&w=2
https://marc.info/?l=bugtraq&m=144050254401665&w=2
https://marc.info/?l=bugtraq&m=143213830203296&w=2
https://marc.info/?l=bugtraq&m=143748090628601&w=2
https://marc.info/?l=bugtraq&m=144050155601375&w=2
https://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
https://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
https://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
https://www.fortiguard.com/advisory/2015-03-24-openssl-vulnerabilities-march-2015
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10680
https://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html
https://kc.mcafee.com/corporate/index?page=content&id=SB10110
https://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
https://www.securitytracker.com/id/1032917
https://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
https://support.citrix.com/article/CTX216642
https://rhn.redhat.com/errata/RHSA-2016-2957.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in IBM FOS Firmware
Multiple vulnerabilities in QLogic 8Gb Intelligent Pass-thru Module and SAN Switch Module for BladeCenter
Input validation error in SAN Volume Controller and Storwize Family
Multiple vulnerabilities in IBM Integrated Management Module (IMM)
Denial of service in OpenSSL