Executive Summary

Summary
Title Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products
Informations
Name cisco-sa-20150612-openssl First vendor Publication 2015-06-12
Vendor Cisco Last vendor Modification 2015-06-12
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

On June 11, 2015, the OpenSSL Project released a security advisory detailing six distinct vulnerabilities, and another fix that provides hardening protections against exploits as described in the Logjam research.

Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or corrupt portions of OpenSSL process memory.

This advisory will be updated as additional information becomes available.

Cisco will release free software updates that address these vulnerabilities.

Workarounds that mitigate these vulnerabilities may be available.

This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl

BEGIN PGP SIGNATURE Version: GnuPG v1.4.5 (SunOS)

iQIVAwUBVXsWB4pI1I6i1Mx3AQKNfBAAlt7XWQOMZwZGoK7wOD89e4hDalLvm1M9 IGqYVEXoyh23K8ByyWhaa4dff+SyrcUon9l/NAs8YITZtQyjXCqDh5LVce/dPR0N L89Dc6mjSkIW0mNvxyHZmbjEzzwzhTi3nEpJqPdhX+M3kgmVFM5N+QIfyvRgbm1T oAETsg0QB/gte5roZYLTtxwXlhksNoRkhzaaE6cIqk2JOWjcdEdd6eCeCt0s0cct 4qhF7JzXy9gUWHBoVNHWykEUNN48KD/fG3szOKm0bA6hkuC6i47vy9N4n4i5NzB9 ZYYiT3L4Avam36ZFimOI9vcRzKtU5XNr1GKDTSAwqzDp3oBjaX/eC9iw9sG0Fy3t prXgGqYaODkZM2/d3VCa0IYAP+pjqzMqcyah0kqOxaFvK5IE0K7a/tIsO8RsItzv YcYD9bdNbEcK1QapkFtCbs4hRFFVixtBR1EOY24ftxR7F+AbYnbeoqkce5D4wm0U 8XViJaP1s+6Fe5JOLoF3nza8YUC0QjSkbWogDJmIXGL+Hzjy3TDSRUK0y2aq9urt OsXIyogikNi1FKKG5DCG7XVVHX3I/04daYKEqmmsXmjE7oldlI+9aczucWAFX4cV hqZzKk+Ey+7+Raf+gn5dOjwWDWgahV8ctUEWeCvMXALawDjRVdfY4kX4y74B/yp1 aWyDePGjyXQ= =iEzF END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com

Original Source

Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...)

CWE : Common Weakness Enumeration

% Id Name
40 % CWE-399 Resource Management Errors
40 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
20 % CWE-362 Race Condition

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:28506
 
Oval ID: oval:org.mitre.oval:def:28506
Title: AIX OpenSSL NewSessionTicket vulnerability
Description: Race condition in the ssl3_get_new_session_ticket function in ssl/s3_clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a multi-threaded client, allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact by providing a NewSessionTicket during an attempt to reuse a ticket that had been obtained earlier.
Family: unix Class: vulnerability
Reference(s): CVE-2015-1791
 Version: 5
Platform(s): IBM AIX 6.1
IBM AIX 7.1
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28583
 
Oval ID: oval:org.mitre.oval:def:28583
Title: USN-2639-1 -- openssl vulnerabilities
Description: openssl: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL.
Family: unix Class: patch
Reference(s): USN-2639-1
CVE-2014-8176
CVE-2015-1788
CVE-2015-1789
CVE-2015-1790
CVE-2015-1791
CVE-2015-1792
 Version: 3
Platform(s): Ubuntu 14.04
Ubuntu 12.04
Ubuntu 15.04
Ubuntu 14.10
 Product(s): openssl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29017
 
Oval ID: oval:org.mitre.oval:def:29017
Title: AIX OpenSSL PKCS#7 parsing code vulnerability
Description: The PKCS7_dataDecodefunction in crypto/pkcs7/pk7_doit.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a PKCS#7 blob that uses ASN.1 encoding and lacks inner EncryptedContent data.
Family: unix Class: vulnerability
Reference(s): CVE-2015-1790
 Version: 5
Platform(s): IBM AIX 6.1
IBM AIX 7.1
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29160
 
Oval ID: oval:org.mitre.oval:def:29160
Title: USN-2639-1 -- openssl vulnerabilities
Description: openssl: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL.
Family: unix Class: patch
Reference(s): USN-2639-1
CVE-2014-8176
CVE-2015-1788
CVE-2015-1789
CVE-2015-1790
CVE-2015-1791
CVE-2015-1792
 Version: 3
Platform(s): Ubuntu 14.04
Ubuntu 12.04
Ubuntu 15.04
Ubuntu 14.10
 Product(s): openssl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29191
 
Oval ID: oval:org.mitre.oval:def:29191
Title: HP-UX OpenSSL Vulnerability (Exploitable out-of-bounds read in X509_cmp_time)
Description: The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIME data, as demonstrated by an attack against a server that supports client authentication with a custom verification callback.
Family: unix Class: vulnerability
Reference(s): CVE-2015-1789
 Version: 1
Platform(s): HP-UX 11
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29224
 
Oval ID: oval:org.mitre.oval:def:29224
Title: HP-UX OpenSSL Vulnerability (Malformed ECParameters causes infinite loop)
Description: The BN_GF2m_mod_inv function in crypto/bn/bn_gf2m.c in OpenSSL before 0.9.8s, 1.0.0 before 1.0.0e, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b does not properly handle ECParameters structures in which the curve is over a malformed binary polynomial field, which allows remote attackers to cause a denial of service (infinite loop) via a session that uses an Elliptic Curve algorithm, as demonstrated by an attack against a server that supports client authentication.
Family: unix Class: vulnerability
Reference(s): CVE-2015-1788
 Version: 1
Platform(s): HP-UX 11
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29229
 
Oval ID: oval:org.mitre.oval:def:29229
Title: HP-UX OpenSSL Vulnerability (PKCS7 crash with missing EnvelopedContent)
Description: The PKCS7_dataDecodefunction in crypto/pkcs7/pk7_doit.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a PKCS#7 blob that uses ASN.1 encoding and lacks inner EncryptedContent data.
Family: unix Class: vulnerability
Reference(s): CVE-2015-1790
 Version: 1
Platform(s): HP-UX 11
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29239
 
Oval ID: oval:org.mitre.oval:def:29239
Title: HP-UX OpenSSL Vulnerability (Race condition handling NewSessionTicket)
Description: Race condition in the ssl3_get_new_session_ticket function in ssl/s3_clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a multi-threaded client, allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact by providing a NewSessionTicket during an attempt to reuse a ticket that had been obtained earlier.
Family: unix Class: vulnerability
Reference(s): CVE-2015-1791
 Version: 1
Platform(s): HP-UX 11
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29305
 
Oval ID: oval:org.mitre.oval:def:29305
Title: AIX OpenSSL X509_cmp_time vulnerability
Description: The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIME data, as demonstrated by an attack against a server that supports client authentication with a custom verification callback.
Family: unix Class: vulnerability
Reference(s): CVE-2015-1789
 Version: 5
Platform(s): IBM AIX 6.1
IBM AIX 7.1
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29344
 
Oval ID: oval:org.mitre.oval:def:29344
Title: AIX OpenSSL binary polynomial field vulnerability
Description: The BN_GF2m_mod_inv function in crypto/bn/bn_gf2m.c in OpenSSL before 0.9.8s, 1.0.0 before 1.0.0e, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b does not properly handle ECParameters structures in which the curve is over a malformed binary polynomial field, which allows remote attackers to cause a denial of service (infinite loop) via a session that uses an Elliptic Curve algorithm, as demonstrated by an attack against a server that supports client authentication.
Family: unix Class: vulnerability
Reference(s): CVE-2015-1788
 Version: 5
Platform(s): IBM AIX 6.1
IBM AIX 7.1
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29364
 
Oval ID: oval:org.mitre.oval:def:29364
Title: AIX OpenSSL DTLS peer vulnerability (segmentation fault or memory corruption)
Description: The dtls1_clear_queues function in ssl/d1_lib.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h frees data structures without considering that application data can arrive between a ChangeCipherSpec message and a Finished message, which allows remote DTLS peers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unexpected application data.
Family: unix Class: vulnerability
Reference(s): CVE-2014-8176
 Version: 5
Platform(s): IBM AIX 6.1
IBM AIX 7.1
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29435
 
Oval ID: oval:org.mitre.oval:def:29435
Title: AIX OpenSSL CMS Code vulnerability
Description: The do_free_upto function in crypto/cms/cms_smime.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (infinite loop) via vectors that trigger a NULL value of a BIO data structure, as demonstrated by an unrecognized X.660 OID for a hash function.
Family: unix Class: vulnerability
Reference(s): CVE-2015-1792
 Version: 5
Platform(s): IBM AIX 6.1
IBM AIX 7.1
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29466
 
Oval ID: oval:org.mitre.oval:def:29466
Title: HP-UX OpenSSL Vulnerability (CMS verify infinite loop with unknown hash function)
Description: The do_free_upto function in crypto/cms/cms_smime.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (infinite loop) via vectors that trigger a NULL value of a BIO data structure, as demonstrated by an unrecognized X.660 OID for a hash function.
Family: unix Class: vulnerability
Reference(s): CVE-2015-1792
 Version: 1
Platform(s): HP-UX 11
 Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 298

Information Assurance Vulnerability Management (IAVM)

Date Description
2015-08-20 IAVM : 2015-A-0199 - Multiple Vulnerabilities in Apple Mac OS X
Severity : Category I - VMSKEY : V0061337

Nessus® Vulnerability Scanner

Date Description
2017-12-04 Name : The remote host is missing a vendor-supplied security patch.
File : check_point_gaia_sk106499.nasl - Type : ACT_GATHER_INFO
2016-09-08 Name : The remote host is affected by multiple vulnerabilities.
File : screenos_JSA10733.nasl - Type : ACT_GATHER_INFO
2016-06-01 Name : The remote device is affected by multiple vulnerabilities.
File : cisco_ace_A5_3_3.nasl - Type : ACT_GATHER_INFO
2016-03-29 Name : The remote web server is affected by multiple vulnerabilities.
File : hpsmh_7_2_6.nasl - Type : ACT_GATHER_INFO
2016-03-24 Name : The remote web server is affected by multiple vulnerabilities.
File : hpsmh_7_5_4.nasl - Type : ACT_GATHER_INFO
2016-03-04 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2016-294.nasl - Type : ACT_GATHER_INFO
2016-01-28 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL16913.nasl - Type : ACT_GATHER_INFO
2016-01-28 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL16898.nasl - Type : ACT_GATHER_INFO
2016-01-06 Name : The remote database server is affected by multiple vulnerabilities.
File : db2_105fp7_win.nasl - Type : ACT_GATHER_INFO
2016-01-06 Name : The remote database server is affected by multiple vulnerabilities.
File : db2_105fp7_nix.nasl - Type : ACT_GATHER_INFO
2015-12-21 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2015-2303-1.nasl - Type : ACT_GATHER_INFO
2015-12-17 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2015-889.nasl - Type : ACT_GATHER_INFO
2015-11-19 Name : The remote Nessus installation is affected by multiple denial of service vuln...
File : nessus_tns_2015_07.nasl - Type : ACT_GATHER_INFO
2015-09-18 Name : The remote IBM HTTP Server is affected by multiple vulnerabilities.
File : websphere_8_5_5_7.nasl - Type : ACT_GATHER_INFO
2015-09-18 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL16914.nasl - Type : ACT_GATHER_INFO
2015-08-21 Name : The remote web server is running an application that is affected by multiple ...
File : splunk_625.nasl - Type : ACT_GATHER_INFO
2015-08-17 Name : The remote host is missing a Mac OS X update that fixes multiple security vul...
File : macosx_SecUpd2015-006.nasl - Type : ACT_GATHER_INFO
2015-08-17 Name : The remote host is missing a Mac OS X update that fixes multiple security vul...
File : macosx_10_10_5.nasl - Type : ACT_GATHER_INFO
2015-07-27 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2015-507.nasl - Type : ACT_GATHER_INFO
2015-07-23 Name : A web application on the remote host is affected by multiple vulnerabilities.
File : puppet_enterprise_activemq_psql_ssl.nasl - Type : ACT_GATHER_INFO
2015-07-20 Name : The remote AIX host has a version of OpenSSL installed that is affected by mu...
File : aix_openssl_advisory14.nasl - Type : ACT_GATHER_INFO
2015-07-18 Name : The remote database server is affected by multiple vulnerabilities.
File : db2_97fp10_multi_vuln.nasl - Type : ACT_GATHER_INFO
2015-07-07 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2015-1182-2.nasl - Type : ACT_GATHER_INFO
2015-07-07 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2015-1184-2.nasl - Type : ACT_GATHER_INFO
2015-07-07 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2015-1183-2.nasl - Type : ACT_GATHER_INFO
2015-07-07 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2015-1181-2.nasl - Type : ACT_GATHER_INFO
2015-07-06 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20150630_openssl_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2015-07-06 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2015-1184-1.nasl - Type : ACT_GATHER_INFO
2015-07-06 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2015-1197.nasl - Type : ACT_GATHER_INFO
2015-07-01 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2015-1197.nasl - Type : ACT_GATHER_INFO
2015-06-30 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2015-1197.nasl - Type : ACT_GATHER_INFO
2015-06-29 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2015-1150-1.nasl - Type : ACT_GATHER_INFO
2015-06-26 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2015-1143-1.nasl - Type : ACT_GATHER_INFO
2015-06-26 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2015-447.nasl - Type : ACT_GATHER_INFO
2015-06-25 Name : The remote Fedora host is missing a security update.
File : fedora_2015-10108.nasl - Type : ACT_GATHER_INFO
2015-06-23 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201506-02.nasl - Type : ACT_GATHER_INFO
2015-06-22 Name : The remote Fedora host is missing a security update.
File : fedora_2015-10047.nasl - Type : ACT_GATHER_INFO
2015-06-18 Name : The remote Debian host is missing a security update.
File : debian_DLA-247.nasl - Type : ACT_GATHER_INFO
2015-06-18 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2015-550.nasl - Type : ACT_GATHER_INFO
2015-06-17 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20150615_openssl_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2015-06-16 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2015-1115.nasl - Type : ACT_GATHER_INFO
2015-06-16 Name : The remote OracleVM host is missing a security update.
File : oraclevm_OVMSA-2015-0070.nasl - Type : ACT_GATHER_INFO
2015-06-16 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2015-1115.nasl - Type : ACT_GATHER_INFO
2015-06-16 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2015-1115.nasl - Type : ACT_GATHER_INFO
2015-06-15 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3287.nasl - Type : ACT_GATHER_INFO
2015-06-12 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_8305e215108011e58ba2000c2980a9f3.nasl - Type : ACT_GATHER_INFO
2015-06-12 Name : The remote service is affected by multiple vulnerabilities.
File : openssl_0_9_8zg.nasl - Type : ACT_GATHER_INFO
2015-06-12 Name : The remote service is affected by multiple vulnerabilities.
File : openssl_1_0_0s.nasl - Type : ACT_GATHER_INFO
2015-06-12 Name : The remote service is affected by multiple vulnerabilities.
File : openssl_1_0_1n.nasl - Type : ACT_GATHER_INFO
2015-06-12 Name : The remote service is affected by multiple vulnerabilities.
File : openssl_1_0_2b.nasl - Type : ACT_GATHER_INFO
2015-06-12 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2639-1.nasl - Type : ACT_GATHER_INFO
2015-06-12 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2015-162-01.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2016-12-31 09:26:03
  • Multiple Updates
2015-06-12 21:25:19
  • First insertion