SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (Other)  >   Apple iOS Vendors:   Apple
(Apple Issues Fix for Apple iOS) OpenSSL Multiple Flaws Let Remote Users Deny Service
SecurityTracker Alert ID:  1033605
SecurityTracker URL:  http://securitytracker.com/id/1033605
CVE Reference:   CVE-2015-0286, CVE-2015-0287   (Links to External Site)
Date:  Sep 17 2015
Impact:   Denial of service via network, Modification of system information, Not specified
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 9.0
Description:   Several vulnerabilities were reported in OpenSSL. A remote user can cause denial of service conditions on the target system. Apple iOS is affected.

A remote user can send a specially crafted ClientHello message to trigger a segmentation fault in DTLSv1_listen() and cause the target service to crash [CVE-2015-0207]. Only version 1.0.2 is affected. DTLS systems are affected. Per Allansson reported this vulnerability.

A remote user can send an ASN.1 signature using the RSA PSS algorithm and specially crafted parameters to cause the target application to crash [CVE-2015-0208]. Only version 1.0.2 is affected. Brian Carpenter reported this vulnerability.

A user can invoke the d2i_ECPrivateKey() function with a specially crafted EC private key file to trigger a memory free error and cause denial of service conditions [CVE-2015-0209]. Applications that receive EC private keys from untrusted sources may be affected. The BoringSSL project reported this vulnerability.

In certain situations, a client may complete a handshake with using an unseeded PRNG [CVE-2015-0285]. As a result, information generated (such as keys) may be predictable. Only version 1.0.2 is affected. Matt Caswell of the OpenSSL development team reported this vulnerability.

A remote user can send a specially crafted ASN.1 boolean type to trigger a flaw in the ASN1_TYPE_cmp() function and cause the target application to crash [CVE-2015-0286]. Stephen Henson of the OpenSSL development team reported this vulnerability.

A remote user can send specially crafted ASN.1 data to trigger a memory corruption error in the target application [CVE-2015-0287]. Applications that parse structures containing CHOICE or ANY DEFINED BY components may be affected. OpenSSL clients and servers are not affected. Emilia Kasper reported this vulnerability.

A user can invoke the X509_to_X509_REQ() function with an invalid certificate key to trigger a null pointer dereference and cause the target application to crash [CVE-2015-0288]. Brian Carpenter reported this vulnerability.

A remote user can send specially crafted ASN.1-encoded PKCS#7 blobs with missing ContentInfo to trigger a null pointer dereference and cause the target application to crash [CVE-2015-0289]. OpenSSL clients and servers are not affected. Michal Zalewski of Google and Emilia Kasper of the OpenSSL development team reported this vulnerability.

A remote user may be able to trigger a flaw in the 'multiblock' code on 64-bit x86 systems that support AES NI instructions and cause the target system to potentially crash [CVE-2015-0290]. Only version 1.0.2 is affected. Daniel Danner and Rainer Mueller reported this vulnerability.

A remote user can renegotiate with an invalid signature algorithm extension to trigger a null pointer dereference and cause the target service to crash [CVE-2015-0291]. Only version 1.0.2 is affected. David Ramos (@ramosbugs) of Stanford University reported this vulnerability.

A remote user can send base64 encoded data to trigger a flaw in OpenSSL and cause the target application or service to crash [CVE-2015-0292]. Versions 0.9.8, 1.0.0, and 1.0.1 are affected. Robert Dugal and David Ramos separately reported this vulnerability.

[Editor's note: This vulnerability was previously fixed in source code commits d0666f289a (1.0.1), 84fe686173 (1.0.0) and 9febee0272 (0.9.8) but was not disclosed in a security advisory.]

A remote user can send a specially crafted SSLv2 CLIENT-MASTER-KEY message to cause the target server to crash [CVE-2015-0293]. Systems that both support SSLv2 and enable export cipher suites are affected. Sean Burford of Google and Emilia Kasper of the OpenSSL development team reported this vulnerability.

A remote user can select a DHE ciphersuite and send a zero length ClientKeyExchange message to cause the target service to crash [CVE-2015-1787]. Only version 1.0.2 is affected. Matt Caswell of the OpenSSL development team reported this vulnerability.

Impact:   A remote user can cause denial of service conditions on the target system.

A remote user may be able to more readily predict keys in certain cases.

Solution:   Apple has issued a fix for CVE-2015-0286 and CVE-2015-0287 for Apple iOS (9.0).

The Apple advisory is available at:

https://support.apple.com/en-us/HT205212

Vendor URL:  support.apple.com/en-us/HT205212 (Links to External Site)
Cause:   Access control error, Randomization error, State error

Message History:   This archive entry is a follow-up to the message listed below.
Mar 16 2015 OpenSSL Multiple Flaws Let Remote Users Deny Service



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2022, SecurityGlobal.net LLC