SSL: OpenSSL X509_cmp_time Denial-of-Service

This signature detects attempts to exploit a known vulnerability against OpenSSL. A successful attack can result in a denial-of-service condition.

Extended Description

The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIME data, as demonstrated by an attack against a server that supports client authentication with a custom verification callback.

Affected Products

Oracle sparc-opl_service_processor

References

BugTraq: 75156

CVE: CVE-2015-1789

URL: https://www.openssl.org/news/secadv/20150611.txt https://blog.fuzzing-project.org/15-out-of-bounds-read-in-openssl-function-x509_cmp_time-cve-2015-1789-and-other-minor-issues.html

Short Name

SSL:VULN:OPENSSL-X509-DOS

Severity

Major

Recommended

True

Recommended Action

Drop

SSL: OpenSSL X509_cmp_time Denial-of-Service

Extended Description

Affected Products

References

Found a potential security threat?