exploit the possibilities
Showing 1 - 10 of 10 RSS Feed

CVE-2015-1793

Status Candidate

Overview

The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints cA values during identification of alternative certificate chains, which allows remote attackers to spoof a Certification Authority role and trigger unintended certificate verifications via a valid leaf certificate.

Related Files

HP Security Bulletin HPSBHF03613 1
Posted Jul 5, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF03613 1 - Potential security vulnerabilities in OpenSSL have been addressed with HPE network products including iMC, VCX, Comware 5 and Comware 7. The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS) or unauthorized access. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
advisories | CVE-2014-8176, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792, CVE-2015-1793
SHA-256 | 9167fdcf073265b0be894bab391505d9b9700dc7bb114d588f30e9567cafc92b
OpenSSL Alternative Chains Certificate Forgery
Posted Nov 6, 2015
Authored by Ramon de C Valle

OpenSSL alternative chains certificate forgery exploit that has been tested on OpenSSL 1.0.2c, 1.0.2b, 1.0.1o, 1.0.1n, and Fedora 22 (1.0.1k-fips). This is a stand-alone ruby exploit and does not require Metasploit.

tags | exploit, ruby
systems | linux, fedora
advisories | CVE-2015-1793
SHA-256 | 8b6f9bcf361b0d86c9e3b63d69ba09cc9e41ac56045a61d07a3c130a7c9e1009
HP Security Bulletin HPSBGN03424 1
Posted Oct 1, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03424 1 - A potential security vulnerability was been identified in HP Cloud Service Automation version v4.5. The vulnerability could be exploited to allow remote authentication bypass. Note: HP C.A. contains a version of Node.js, that when used in FIPS mode is affected by Alternative Chains Certificate Forgery Vulnerability (CVE-2015-1793). The vulnerability may allow remote attacker to spoof a Certification Authority role and trigger unintended certificate verification. Revision 1 of this advisory.

tags | advisory, remote, spoof
advisories | CVE-2015-1793
SHA-256 | 68063a09ba235e57ef08ea3c582568655dc17f3738ca1db97fe8ccd65d0c3a3c
HPE Security Bulletin HPSBUX03388 SSRT102180 1
Posted Aug 6, 2015
Authored by Hewlett Packard Enterprise | Site hpe.com

HPE Security Bulletin HPSBUX03388 SSRT102180 1 - A potential security vulnerability has been identified with HP-UX running OpenSSL with SSL/TLS enabled. This is the TLS vulnerability using US export-grade 512-bit keys in Diffie-Hellman key exchange known as Logjam which could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.

tags | advisory
systems | hpux
advisories | CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792, CVE-2015-1793, CVE-2015-4000
SHA-256 | f1baefdd8fc532cad3b81cfd65b89cde5c0b763dce7ec8f780f53b520447f879
OpenSSL Alternative Chains Certificate Forgery MITM Proxy
Posted Jul 27, 2015
Authored by Ramon de C Valle, Adam Langley, David Benjamin | Site metasploit.com

This Metasploit module exploits a logic error in OpenSSL by impersonating the server and sending a specially-crafted chain of certificates, resulting in certain checks on untrusted certificates to be bypassed on the client, allowing it to use a valid leaf certificate as a CA certificate to sign a fake certificate. The SSL/TLS session is then proxied to the server allowing the session to continue normally and application data transmitted between the peers to be saved. The valid leaf certificate must not contain the keyUsage extension or it must have at least the keyCertSign bit set (see X509_check_issued function in crypto/x509v3/v3_purp.c); otherwise; X509_verify_cert fails with X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY. This Metasploit module requires an active man-in-the-middle attack.

tags | exploit, crypto
advisories | CVE-2015-1793
SHA-256 | 0be0198fd35b0f082fb3872672e7f1dbe40db0a2ae2abc971e5936c264d03b3b
FreeBSD Security Advisory - OpenSSL Certificate Forgery
Posted Jul 10, 2015
Authored by Adam Langley, David Benjamin | Site security.freebsd.org

FreeBSD Security Advisory - During certificate verification, OpenSSL will attempt to find an alternative certificate chain if the first attempt to build such a chain fails, unless the application explicitly specifies X509_V_FLAG_NO_ALT_CHAINS. An error in the implementation of this logic could erroneously mark certificate as trusted when they should not. An attacker could cause certain checks on untrusted certificates, such as the CA (certificate authority) flag, to be bypassed, which would enable them to use a valid leaf certificate to act as a CA and issue an invalid certificate.

tags | advisory
systems | freebsd
advisories | CVE-2015-1793
SHA-256 | 7506aba3461e8c1915436a9531f38abc96e09fee2b93caefa87da64dce1a32d3
Gentoo Linux Security Advisory 201507-15
Posted Jul 10, 2015
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201507-15 - Certain checks on untrusted certificates can be bypassed. Versions less than 1.0.1p are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2015-1793
SHA-256 | a2cdd3e13ff08aecad86dae1e1117c6751bff280917deb2d2154138c8a75ffa1
Slackware Security Advisory - openssl Updates
Posted Jul 10, 2015
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New openssl packages are available for Slackware 14.0, 14.1, and -current to fix a security issue.

tags | advisory
systems | linux, slackware
advisories | CVE-2015-1793
SHA-256 | fab3a5f845a8a609a8f716281160940dde18a47c55720da981a19fa511dce1a8
OpenSSL Toolkit 1.0.2d
Posted Jul 9, 2015
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.

Changes: Addressed certificate forgery vulnerability.
tags | tool, encryption, protocol
systems | unix
advisories | CVE-2015-1793
SHA-256 | 671c36487785628a703374c652ad2cebea45fa920ae5681515df25d9f2c9a8c8
OpenSSL Security Advisory - Certificate Forgery
Posted Jul 9, 2015
Site openssl.org

During certificate verification, OpenSSL (starting from version 1.0.1n and 1.0.2b) will attempt to find an alternative certificate chain if the first attempt to build such a chain fails. An error in the implementation of this logic can mean that an attacker could cause certain checks on untrusted certificates to be bypassed, such as the CA flag, enabling them to use a valid leaf certificate to act as a CA and "issue" an invalid certificate. This issue will impact any application that verifies certificates including SSL/TLS/DTLS clients and SSL/TLS/DTLS servers using client authentication. This issue affects OpenSSL versions 1.0.2c, 1.0.2b, 1.0.1n and 1.0.1o.

tags | advisory
advisories | CVE-2015-1793
SHA-256 | cfc5b150eaaface19d5bc83171cbff00f8f18c960fc0ee96be5169072ac0faf9
Page 1 of 1
Back1Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close