#VU70417 Resource management error in OpenSSL - CVE-2015-1788


Vulnerability identifier: #VU70417

Vulnerability risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2015-1788

CWE-ID: CWE-399

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
OpenSSL
Server applications / Encryption software

Vendor: OpenSSL Software Foundation

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the application in the BN_GF2m_mod_inv function in crypto/bn/bn_gf2m.c. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

OpenSSL: 0.9.8r - 0.9.8p, 1.0.0k - 1.0.0, 1.0.1g - 1.0.1, 1.0.2a - 1.0.2

External links
https://github.com/openssl/openssl/commit/4924b37ee01f71ae19c94a8934b80eeb2f677932
https://www.openssl.org/news/secadv_20150611.txt
https://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
https://support.apple.com/kb/HT205031
https://marc.info/?l=bugtraq&m=143880121627664&w=2
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10694
https://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
https://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131044
https://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
https://www.securityfocus.com/bid/91787
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763
https://marc.info/?l=bugtraq&m=144050155601375&w=2
https://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
https://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
https://www.securityfocus.com/bid/75158
https://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery
https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
https://openssl.org/news/secadv/20150611.txt
https://fortiguard.com/advisory/openssl-vulnerabilities-june-2015
https://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015
https://www-304.ibm.com/support/docview.wss?uid=swg21960041
https://bto.bluecoat.com/security-advisory/sa98
https://www.fortiguard.com/advisory/2015-06-11-fortinet-vulnerability-openssl-vulnerabilities-june-2015
https://security.gentoo.org/glsa/201506-02
https://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html
https://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc
https://kc.mcafee.com/corporate/index?page=content&id=SB10122
https://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html
https://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html
https://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html
https://lists.opensuse.org/opensuse-security-announce/2015-07/msg00003.html
https://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html
https://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html
https://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html
https://www.ubuntu.com/usn/USN-2639-1
https://www.securitytracker.com/id/1032564
https://www.debian.org/security/2015/dsa-3287
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl
https://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
https://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
https://support.citrix.com/article/CTX216642

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in multiple N series products
Denial of service in OpenSSL
Multiple vulnerabilities in IBM SAN Volume Controller and Storwize Family
Multiple vulnerabilities in IBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru firmware, QLogic 8Gb Intelligent Pass-thru Module and SAN Switch Module and QLogic Virtual Fabric Extension Module
Multiple vulnerabilities in IBM Integrated Management Module (IMM)
Multiple vulnerabilities in IBM Integrated Management Module II (IMM2)
Multiple vulnerabilities in IBM FlashSystem models 840 and 900