OpenSSL Certificate verification Security Restriction Bypass Vulnerability (CVE-2015-1793)

OpenSSL Certificate verification Security Restriction Bypass Vulnerability (CVE-2015-1793)
OpenSSL Certificate verification Security Restriction Bypass Vulnerability (CVE-2015-1793)

Release date:
Updated on:

Affected Systems:

OpenSSL Project OpenSSL 1.0.2c
OpenSSL Project OpenSSL 1.0.2b
OpenSSL Project OpenSSL 1.0.1o
OpenSSL Project OpenSSL 1.0.1n

Description:

Bugtraq id: 75652
CVE (CAN) ID: CVE-2015-1793

OpenSSL is an open-source SSL implementation that implements high-strength encryption for network communication. It is widely used in various network applications.

OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, 1.0.2c, and the function X509_verify_cert in crypto/x509/x509_vfy.c does not properly handle X.509 Basic Constraints cA values during the process of replacing the certificate chain, which has, this allows man-in-the-middle attackers to use valid leaf certificates to impersonate a CA and publish invalid certificates.

<* Source: Adam Langley
David Benjamin

Link: https://www.openssl.org/news/secadv_20150709.txt
*>

Suggestion:

Vendor patch:

OpenSSL Project
---------------
The OpenSSL Project has released a Security Bulletin (secadv_20150709) and corresponding patches:
Secadv_20150709: Alternative chains certificate forgery (CVE-2015-1793)
Link: https://www.openssl.org/news/secadv_20150709.txt

Provides FTP + SSL/TLS authentication through OpenSSL and implements secure data transmission.

Use OpenSSL to generate certificates in Linux

Use OpenSSL to sign multi-domain certificates

OpenSSL details: click here
OpenSSL: click here

This article permanently updates the link address: