|
|||
Rule General Information |
---|
Release Date: | 2015-10-13 | |
Rule Name: | Openssl Alternative Chains Certificate Forgery Policy Bypass Vulnerability -2 (CVE-2015-1793) | |
Severity: | ||
CVE ID: | ||
Rule Protection Details |
---|
Description: | The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints cA values during identification of alternative certificate chains, which allows remote attackers to spoof a Certification Authority role and trigger unintended certificate verifications via a valid leaf certificate. | |
Impact: | An attacker can take advantage of the vulnerability to bypass the security policy implemented by the software administrator, and perform unauthorized actions to the target system. | |
Affected OS: | Windows, Solaris, Other Unix, FreeBSD, Linux | |
Reference: | SecurityFocusBID:75652 SecurityTrackerID:1032817 ExploitDB:38640 http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery |
|
Solutions |
---|
More advisories have been published on the website, please visit for more suggestions: http://openssl.org/news/secadv_20150709.txt |