Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.130104
Category:Mageia Linux Local Security Checks
Title:Mageia Linux Local Check: mgasa-2015-0274
Summary:Mageia Linux Local Security Checks mgasa-2015-0274
Description:Summary:
Mageia Linux Local Security Checks mgasa-2015-0274

Vulnerability Insight:
During certificate verification, OpenSSL (starting from version 1.0.1n and 1.0.2b) will attempt to find an alternative certificate chain if the first attempt to build such a chain fails. An error in the implementation of this logic can mean that an attacker could cause certain checks on untrusted certificates to be bypassed, such as the CA flag, enabling them to use a valid leaf certificate to act as a CA and issue an invalid certificate (CVE-2015-1793).

Solution:
Update the affected packages to the latest available version.

CVSS Score:
6.4

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:N

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2015-1793
BugTraq ID: 75652
http://www.securityfocus.com/bid/75652
BugTraq ID: 91787
http://www.securityfocus.com/bid/91787
Cisco Security Advisory: 20150710 OpenSSL Alternative Chains Certificate Forgery Vulnerability (July 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150710-openssl
https://www.exploit-db.com/exploits/38640/
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161747.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161782.html
FreeBSD Security Advisory: FreeBSD-SA-15:12
https://www.freebsd.org/security/advisories/FreeBSD-SA-15:12.openssl.asc
https://security.gentoo.org/glsa/201507-15
HPdes Security Advisory: HPSBGN03424
http://marc.info/?l=bugtraq&m=144370846326989&w=2
HPdes Security Advisory: HPSBUX03388
http://marc.info/?l=bugtraq&m=143880121627664&w=2
HPdes Security Advisory: SSRT102180
NETBSD Security Advisory: NetBSD-SA2015-008
http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc
http://www.securitytracker.com/id/1032817
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.561427
CopyrightCopyright (C) 2015 Eero Volotinen

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.