|
|
|||
| Rule General Information |
|---|
| Release Date: | 2015-10-13 | |
| Rule Name: | Openssl Alternative Chains Certificate Forgery Policy Bypass Vulnerability -2 (CVE-2015-1793) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints cA values during identification of alternative certificate chains, which allows remote attackers to spoof a Certification Authority role and trigger unintended certificate verifications via a valid leaf certificate. | |
| Impact: | An attacker can take advantage of the vulnerability to bypass the security policy implemented by the software administrator, and perform unauthorized actions to the target system. | |
| Affected OS: | Windows, Solaris, Other Unix, FreeBSD, Linux | |
| Reference: | SecurityFocusBID:75652 SecurityTrackerID:1032817 ExploitDB:38640 http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery |
|
| Solutions |
|---|
| More advisories have been published on the website, please visit for more suggestions: http://openssl.org/news/secadv_20150709.txt |