Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

Unknown

Privileges Required

Unknown

Attack Vector

Unknown

0

CVE-2015-1789

Disclosure Date: June 12, 2015 •

Description

The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIME data, as demonstrated by an attack against a server that supports client authentication with a custom verification callback.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

None

Impact Score:

Unknown

Exploitability Score:

Unknown

Vector:

Attack Vector (AV):

Unknown

Attack Complexity (AC):

Unknown

Privileges Required (PR):

Unknown

User Interaction (UI):

Unknown

Scope (S):

Unknown

Confidentiality (C):

Unknown

Integrity (I):

Unknown

Availability (A):

Unknown

References

Canonical

CVE-2015-1789 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1789)

BID-91787 (http://www.securityfocus.com/bid/91787)

BID-75156 (http://www.securityfocus.com/bid/75156)

Advisory

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html

SSRT102180 (http://marc.info?l=bugtraq&m=143880121627664&w=2)

DSA-3287 (http://www.debian.org/security/2015/dsa-3287)

http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html

https://kc.mcafee.com/corporate/index?page=content&id=SB10122

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00005.html

https://github.com/openssl/openssl/commit/f48b83b4fb7d6689584cf25f61ca63a4891f5b11

http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667

HPSBMU03409 (http://marc.info?l=bugtraq&m=144050155601375&w=2)

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05353965

https://openssl.org/news/secadv/20150611.txt

http://rhn.redhat.com/errata/RHSA-2015-1115.html

http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

http://rhn.redhat.com/errata/RHSA-2015-1197.html

http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html

http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888

http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351

http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html

http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

SECTRACK-1032564 (http://www.securitytracker.com/id/1032564)

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380

http://www.fortiguard.com/advisory/2015-06-11-fortinet-vulnerability-openssl-vulnerabilities-june-2015

FEDORA-2015-10108 (http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160647.html)

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

20150612 Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products (http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl)

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00003.html

APPLE-SA-2015-08-13-2 (http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html)

USN-2639-1 (http://www.ubuntu.com/usn/USN-2639-1)

http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015

GLSA-201506-02 (https://security.gentoo.org/glsa/201506-02)

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131044

http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763

FEDORA-2015-10047 (http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160436.html)

https://support.apple.com/kb/HT205031

http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

https://support.citrix.com/article/CTX216642

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10694

http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html

https://bto.bluecoat.com/security-advisory/sa98

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10733

https://www.openssl.org/news/secadv_20150611.txt

HPSBGN03371 (http://marc.info?l=bugtraq&m=143654156615516&w=2)

SSRT102180 (http://marc.info/?l=bugtraq&m=143880121627664&w=2)

HPSBMU03409 (http://marc.info/?l=bugtraq&m=144050155601375&w=2)

HPSBGN03371 (http://marc.info/?l=bugtraq&m=143654156615516&w=2)

Miscellaneous

NetBSD-SA2015-008 (http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc)

https://www.arista.com/en/support/advisories-notices/security-advisories/1144-security-advisory-11

https://access.redhat.com/errata/RHSA-2015:1115

https://access.redhat.com/errata/RHSA-2015:1197

https://access.redhat.com/security/cve/CVE-2015-1789

https://bugzilla.redhat.com/show_bug.cgi?id=1228603

https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

Rapid7

Technical Analysis