SSL: OpenSSL Alternative Chains Certificate Forgery Policy Bypass (1)
This signature detects attempts to exploit a known vulnerability against OpenSSL. A successful attack could allow a remote attacker to bypass authentication by impersonating users or services.
Extended Description
The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints cA values during identification of alternative certificate chains, which allows remote attackers to spoof a Certification Authority role and trigger unintended certificate verifications via a valid leaf certificate.
Affected Products
Oracle opus_10g_ethernet_switch_family
References
BugTraq: 75652
CVE: CVE-2015-1793
URL: http://openssl.org/news/secadv_20150709.txt http://securitytracker.com/id?1032817
Short Name
SSL:OPENSSL-CHAINS-CERT-FORG
Severity
Major
Recommended
False
Recommended Action
Drop
Category
SSL
Keywords
(1) Alternative Bypass CVE-2015-1793 Certificate Chains Forgery OpenSSL Policy bid:75652
Release Date
07/22/2015
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3590
False Positive
Unknown
Vendors
Oracle
Openssl
CVSS Score
6.4