#VU70414 Buffer overflow in OpenSSL - CVE-2015-0292


Vulnerability identifier: #VU70414

Vulnerability risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2015-0292

CWE-ID: CWE-119

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
OpenSSL
Server applications / Encryption software

Vendor: OpenSSL Software Foundation

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to a boundary error in the EVP_DecodeUpdate function in crypto/evp/encode.c in the base64-decoding implementation. A remote attacker can trigger memory corruption and perform a denial of service (DoS) attack or possibly have unspecified other impact.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

OpenSSL: 0.9.8y - 0.9.8p, 1.0.0c - 1.0.0, 1.0.1g - 1.0.1

External links
https://www.openssl.org/news/secadv_20150319.txt
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=d0666f289ac013094bbbf547bfbcd616199b7d2d
https://rt.openssl.org/Ticket/Display.html?id=2608&user=guest&pass=guest
https://bugzilla.redhat.com/show_bug.cgi?id=1202395
https://lists.fedoraproject.org/pipermail/package-announce/2015-March/152844.html
https://lists.fedoraproject.org/pipermail/package-announce/2015-March/152733.html
https://lists.fedoraproject.org/pipermail/package-announce/2015-March/152734.html
https://www.debian.org/security/2015/dsa-3197
https://www.ubuntu.com/usn/USN-2537-1
https://www.securitytracker.com/id/1031929
https://rhn.redhat.com/errata/RHSA-2015-0716.html
https://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html
https://rhn.redhat.com/errata/RHSA-2015-0752.html
https://rhn.redhat.com/errata/RHSA-2015-0715.html
https://rhn.redhat.com/errata/RHSA-2015-0800.html
https://access.redhat.com/articles/1384453
https://www.securityfocus.com/bid/73228
https://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
https://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
https://bto.bluecoat.com/security-advisory/sa92
https://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
https://marc.info/?l=bugtraq&m=144050297101809&w=2
https://marc.info/?l=bugtraq&m=143213830203296&w=2
https://marc.info/?l=bugtraq&m=143748090628601&w=2
https://marc.info/?l=bugtraq&m=144050155601375&w=2
https://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
https://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
https://www.fortiguard.com/advisory/2015-03-24-openssl-vulnerabilities-march-2015
https://security.gentoo.org/glsa/201503-11
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10680
https://kc.mcafee.com/corporate/index?page=content&id=SB10110
https://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
https://support.citrix.com/article/CTX216642

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in IBM FOS Firmware
Multiple vulnerabilities in QLogic 8Gb Intelligent Pass-thru Module and SAN Switch Module for BladeCenter
Multiple vulnerabilities in IBM Integrated Management Module (IMM)
Buffer overflow in OpenSSL
Fedora 21 update for openssl
Fedora 22 update for openssl
Gentoo update for OpenSSL