OpenSSL Alternative Chains Certificate Forgery (CVE-2015-1793)

Advisory ID: 15-0008
Publish Date: 2015-07-31
Revision: 1.0

Summary

A security vulnerability was identified in specific versions of OpenSSL which, if successfully exploited, would allow remote attackers to spoof a Certification Authority role and trigger unintended certificate verifications via a valid leaf certificate.

Detailed Description

As reported by the OpenSSL Software Foundation:

During certificate verification, OpenSSL (starting from version 1.0.1n and 1.0.2b) will attempt to find an alternative certificate chain if the first attempt to build such a chain fails. An error in the implementation of this logic can mean that an attacker could cause certain checks on untrusted certificates to be bypassed, such as the CA flag, enabling them to use a valid leaf certificate to act as a CA and "issue" an invalid certificate.

This issue will impact any application that verifies certificates including SSL/TLS/DTLS clients and SSL/TLS/DTLS servers using client authentication

The affected versions were released as follows (a/p OpenSSL release notes):

OpenSSL 1.0.1n / 1.0.2b - June 11, 2015
OpenSSL 1.0.1o / 1.0.2c - June 12, 2015

Affected Products

Mitel has conducted a review of released products.  No Mitel products have been identified as being affected by this vulnerability.  This advisory will be updated with new information in the event new information becomes available.

Risk Assessment

CVE-2015-1793 has assigned a CVSS v2 Base Score of 6.3.

No risk to Mitel products has been identified.

Mitigation / Recommended Action

No mitigation for Mitel products is required as products are unaffected.

Mitel recommends customers review the versions of OpenSSL in use in their operating systems, and contact the respective vendor for additional information and solutions as required.

External References

http://openssl.org/news/secadv_20150709.txt
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1793
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1793

Related CVEs / Advisories

CVE-2015-1793

Möchten Sie mit unserem Sales Team sprechen?