#VU77552 Information disclosure in OpenSSL - CVE-2015-3195


Vulnerability identifier: #VU77552

Vulnerability risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2015-3195

CWE-ID: CWE-200

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
OpenSSL
Server applications / Encryption software

Vendor: OpenSSL Software Foundation

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists in the ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL. A remote attacker can gain unauthorized access to sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

OpenSSL: before 0.9.8zh, 1.0.0t, 1.0.1q, 1.0.2e, 0.9.8zh, 0.9.8zh, 0.9.8zh, 0.9.8zh

External links
https://openssl.org/news/secadv/20151203.txt
https://git.openssl.org/?p=openssl.git;a=commit;h=cc598f321fbac9c04da5766243ed55d55948637d
https://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
https://support.apple.com/HT206167
https://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40100
https://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
https://marc.info/?l=bugtraq&m=145382583417444&w=2
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131085
https://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
https://www.securityfocus.com/bid/91787
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944173
https://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
https://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
https://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
https://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
https://www.securityfocus.com/bid/78626
https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html
https://fortiguard.com/advisory/openssl-advisory-december-2015
https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00017.html
https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10733
https://www.fortiguard.com/advisory/openssl-advisory-december-2015
https://lists.opensuse.org/opensuse-updates/2015-12/msg00087.html
https://lists.fedoraproject.org/pipermail/package-announce/2015-December/173801.html
https://www.debian.org/security/2015/dsa-3413
https://lists.opensuse.org/opensuse-updates/2015-12/msg00071.html
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-openssl
https://rhn.redhat.com/errata/RHSA-2015-2617.html
https://rhn.redhat.com/errata/RHSA-2015-2616.html
https://www.ubuntu.com/usn/USN-2830-1
https://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.754583
https://lists.opensuse.org/opensuse-updates/2015-12/msg00070.html
https://lists.opensuse.org/opensuse-updates/2015-12/msg00103.html
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05398322
https://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
https://www.securitytracker.com/id/1034294
https://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
https://rhn.redhat.com/errata/RHSA-2016-2957.html
https://rhn.redhat.com/errata/RHSA-2016-2056.html
https://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in IBM b-type SAN switches and directors
Information disclosure in Oracle HTTP Server
Multiple vulnerabilities in N series Products
Multiple vulnerabilities in IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter systems
Multiple vulnerabilities in IBM BladeCenter Advanced Management Module (AMM)