CVE-2015-1794
https://notcve.org/view.php?id=CVE-2015-1794
The ssl3_get_key_exchange function in ssl/s3_clnt.c in OpenSSL 1.0.2 before 1.0.2e allows remote servers to cause a denial of service (segmentation fault) via a zero p value in an anonymous Diffie-Hellman (DH) ServerKeyExchange message. La función ssl3_get_key_exchange en ssl/s3_clnt.c en OpenSSL 1.0.2 en versiones anteriores a 1.0.2e permite a servidores remotos provocar una denegación de servicio (fallo de segmentación) a través de un valor cero p en un mensaje anónimo de Diffie-Hellman (DH) ServerKeyExchange. • http://fortiguard.com/advisory/openssl-advisory-december-2015 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761 http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html http://openssl.org/news/secadv/20151203.txt http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-openssl http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html http://www.securitytracker.com • CWE-189: Numeric Errors •
CVE-2015-3194 – OpenSSL: Certificate verify crash with missing PSS parameter
https://notcve.org/view.php?id=CVE-2015-3194
crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1 signature that lacks a mask generation function parameter. crypto/rsa/rsa_ameth.c en OpenSSL 1.0.1 en versiones anteriores a 1.0.1q y 1.0.2 en versiones anteriores a 1.0.2e permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL y caída de aplicación) a través de una firma RSA PSS ASN.1 que carece de un parámetro de función de generación de máscara. A NULL pointer dereference flaw was found in the way OpenSSL verified signatures using the RSA PSS algorithm. A remote attacker could possibly use this flaw to crash a TLS/SSL client using OpenSSL, or a TLS/SSL server using OpenSSL if it enabled client authentication. • http://fortiguard.com/advisory/openssl-advisory-december-2015 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761 http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173801.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html http://lists.opensuse.org/opensuse-updates/2015-12/msg00070.html http://lists.opensus • CWE-476: NULL Pointer Dereference •
CVE-2015-1793 – OpenSSL - Alternative Chains Certificate Forgery
https://notcve.org/view.php?id=CVE-2015-1793
The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints cA values during identification of alternative certificate chains, which allows remote attackers to spoof a Certification Authority role and trigger unintended certificate verifications via a valid leaf certificate. La función de verificación de certificado X509 en crypto/x509/x509_vfy.c en OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, y 1.0.2c no procesa correctamente los valores cA de restricción básica del X.509 durante la identificación de cadenas de certificado alternativo, lo que permite a atacantes remotos suplantar una función de autoridad de certificación y propiciar verificaciones de certificado involuntarias a través de un leaf certificate válido. • https://www.exploit-db.com/exploits/38640 http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10694 http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161747.html http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161782.html http://marc.info/?l=bugtraq&m=143880121627664&w=2 http • CWE-254: 7PK - Security Features CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVE-2015-1790 – OpenSSL: PKCS7 crash with missing EnvelopedContent
https://notcve.org/view.php?id=CVE-2015-1790
The PKCS7_dataDecodefunction in crypto/pkcs7/pk7_doit.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a PKCS#7 blob that uses ASN.1 encoding and lacks inner EncryptedContent data. La función PKCS7_dataDecode en crypto/pkcs7/pk7_doit.c en OpenSSL anterior a 0.9.8zg, 1.0.0 anterior a 1.0.0s, 1.0.1 anterior a 1.0.1n, y 1.0.2 anterior a 1.0.2b permite a atacantes remotos causar una denegación de servicio (referencia a puntero nulo y caída de aplicación) a través de un blob PKCS#7 que utiliza la codificación ASN.1 y al que le faltan datos EncryptedContent internos. A NULL pointer dereference was found in the way OpenSSL handled certain PKCS#7 inputs. An attacker able to make an application using OpenSSL verify, decrypt, or parse a specially crafted PKCS#7 input could cause that application to crash. TLS/SSL clients and servers using OpenSSL were not affected by this flaw. • http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015 http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10694 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10733 http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160436.html http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160647.html http& •
CVE-2015-1788
https://notcve.org/view.php?id=CVE-2015-1788
The BN_GF2m_mod_inv function in crypto/bn/bn_gf2m.c in OpenSSL before 0.9.8s, 1.0.0 before 1.0.0e, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b does not properly handle ECParameters structures in which the curve is over a malformed binary polynomial field, which allows remote attackers to cause a denial of service (infinite loop) via a session that uses an Elliptic Curve algorithm, as demonstrated by an attack against a server that supports client authentication. La función BN_GF2m_mod_inv en crypto/bn/bn_gf2m.c en OpenSSL anterior a 0.9.8s, 1.0.0 anterior a 1.0.0e, 1.0.1 anterior a 1.0.1n, y 1.0.2 anterior a 1.0.2b no maneja correctamente las estructuras ECParameters en las cuales la curva está por un campo polinomio binario malformado, lo que permite a atacantes remotos causar una denegación de servicio (bucle infinito) a través de una sesión que utiliza un algoritmo Elliptic Curve, tal y como fue demostrado mediante un ataque sobre un servidor que soporta la autenticación de clientes. • http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015 http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10694 http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html http://lists.opensuse.org/opensuse-security-announce • CWE-399: Resource Management Errors •