CVE-2014-8275
published 2015-01-09CVE-2014-8275: OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to…
PriorityP339medium5CVSS 2.0
AVNACLAuNCNIPAN
EPSS
16.53%
96.6th percentile
OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c.
Affected
38 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | os_x_yosemite_v10.10.3_and_security_update_2015-004 | — | — |
| cisco | products | — | — |
| debian | openssl | < openssl 1.0.1k-1 (bookworm) | openssl 1.0.1k-1 (bookworm) |
| dell | bsafe | >= 4.0.0 < 4.0.8 | 4.0.8 |
| dell | bsafe | >= 4.1.0 < 4.1.3 | 4.1.3 |
| dell | bsafe_ssl-c | <= 2.8.9 | — |
| dell | bsafe_ssl-j | < 6.2 | 6.2 |
| openssl | openssl | <= 0.9.8zc | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
osv5.0MEDIUM
vendor_cisco5.0MEDIUM
vendor_debian5.0MEDIUM
vendor_redhat5.0MEDIUM
vendor_ubuntu5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-85qv-mgh4-gm8w: OpenSSL before 0
ghsa_unreviewed·2022-05-17
CVE-2014-8275 [MEDIUM] GHSA-85qv-mgh4-gm8w: OpenSSL before 0
OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c.
GHSA
GHSA-89mf-fvh4-9cgq: EMC RSA BSAFE Micro Edition Suite (MES) 4
ghsa_unreviewed·2022-05-13·CVSS 5.0
CVE-2015-0534 [MEDIUM] CWE-295 GHSA-89mf-fvh4-9cgq: EMC RSA BSAFE Micro Edition Suite (MES) 4
EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3, RSA BSAFE Crypto-J before 6.2, RSA BSAFE SSL-J before 6.2, and RSA BSAFE SSL-C 2.8.9 and earlier do not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, a similar issue to CVE-2014-8275.
OSV
openssl vulnerabilities
osv·2015-01-12·CVSS 5.0
CVE-2014-3570 [MEDIUM] openssl vulnerabilities
openssl vulnerabilities
Pieter Wuille discovered that OpenSSL incorrectly handled Bignum squaring.
(CVE-2014-3570)
Markus Stenberg discovered that OpenSSL incorrectly handled certain crafted
DTLS messages. A remote attacker could use this issue to cause OpenSSL to
crash, resulting in a denial of service. (CVE-2014-3571)
Karthikeyan Bhargavan discovered that OpenSSL incorrectly handled certain
handshakes. A remote attacker could possibly use this issue to downgrade to
ECDH, removing forward secrecy from the ciphersuite. (CVE-2014-3572)
Antti Karjalainen, Tuomo Untinen and Konrad Kraszewski discovered that
OpenSSL incorrectly handled certain certificate fingerprints. A remote
attacker could possibly use this issue to trick certain applications that
rely on the uniqueness of fingerprints.
OSV
CVE-2014-8275: OpenSSL before 0
osv·2015-01-09·CVSS 5.0
CVE-2014-8275 [MEDIUM] CVE-2014-8275: OpenSSL before 0
OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c.
Cisco
Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products
vendor_cisco·2015-03-10·CVSS 5.0
CVE-2014-3569 [MEDIUM] CWE-20 Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products
Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products
Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service condition or perform a man-in-the-middle attack. On January 8, 2015, the OpenSSL Project released a security advisory detailing eight distinct vulnerabilities. The vulnerabilities are referenced in this document as follows:
CVE-2014-3571: OpenSSL DTLS Message Processing Denial of Service Vulnerability
CVE-2015-0206: OpenSSL dtls1_buffer_record Function DTLS Message Processing Denial of Service Vulnerability
CVE-2014-3569: OpenSSL no-ssl3 Option NULL Pointer Dereference Vulnerability
CVE-2014-3572: OpenSSL Elliptic Curve Crypt
BSD
FreeBSD-SA-15:01.openssl: OpenSSL multiple vulnerabilities
bsd_advisories·2015-01-14·CVSS 5.0
CVE-2014-3569 [MEDIUM] FreeBSD-SA-15:01.openssl: OpenSSL multiple vulnerabilities
FreeBSD-SA-15:01.openssl Security Advisory
The FreeBSD Project
Topic: OpenSSL multiple vulnerabilities
Category: contrib
Module: openssl
Announced: 2015-01-14
Affects: All supported versions of FreeBSD.
Corrected: 2015-01-09 00:58:20 UTC (stable/10, 10.1-STABLE)
2015-01-14 21:27:46 UTC (releng/10.1, 10.1-RELEASE-p4)
2015-01-14 21:27:46 UTC (releng/10.0, 10.0-RELEASE-p16)
2015-01-09 01:11:43 UTC (stable/9, 9.3-STABLE)
2015-01-14 21:27:46 UTC (releng/9.3, 9.3-RELEASE-p8)
2015-01-09 01:11:43 UTC (stable/8, 8.4-STABLE)
2015-01-14 21:27:46 UTC (releng/8.4, 8.4-RELEASE-p22)
CVE Name: CVE-2014-3571, CVE-2015-0206, CVE-2014-3569, CVE-2014-3572
CVE-2015-0204, CVE-2015-0205, CVE-2014-8275, CVE-2014-3570
For general information regarding FreeBSD Security Advisories,
including descriptions of the f
Ubuntu
OpenSSL vulnerabilities
vendor_ubuntu·2015-01-12·CVSS 5.0
CVE-2014-3570 [MEDIUM] OpenSSL vulnerabilities
Title: OpenSSL vulnerabilities
Summary: Several security issues were fixed in OpenSSL.
Pieter Wuille discovered that OpenSSL incorrectly handled Bignum squaring.
(CVE-2014-3570)
Markus Stenberg discovered that OpenSSL incorrectly handled certain crafted
DTLS messages. A remote attacker could use this issue to cause OpenSSL to
crash, resulting in a denial of service. (CVE-2014-3571)
Karthikeyan Bhargavan discovered that OpenSSL incorrectly handled certain
handshakes. A remote attacker could possibly use this issue to downgrade to
ECDH, removing forward secrecy from the ciphersuite. (CVE-2014-3572)
Antti Karjalainen, Tuomo Untinen and Konrad Kraszewski discovered that
OpenSSL incorrectly handled certain certificate fingerprints. A remote
attacker could possibly use this issue to trick c
Red Hat
openssl: Fix various certificate fingerprint issues
vendor_redhat·2015-01-05·CVSS 5.0
CVE-2014-8275 [MEDIUM] openssl: Fix various certificate fingerprint issues
openssl: Fix various certificate fingerprint issues
OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c.
Multiple flaws were found in the way OpenSSL parsed X.509 certificates. An attacker could use these flaws to modify an X.509 certificate to produce a certificate with a different fingerprint without invalidating its signature, and possibly bypass fingerprint-based blacklisting in applications.
Statement: This issue affects the version of o
Debian
CVE-2014-8275: openssl - OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not en...
vendor_debian·2014·CVSS 5.0
CVE-2014-8275 [MEDIUM] CVE-2014-8275: openssl - OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not en...
OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c.
Scope: local
bookworm: resolved (fixed in 1.0.1k-1)
bullseye: resolved (fixed in 1.0.1k-1)
forky: resolved (fixed in 1.0.1k-1)
sid: resolved (fixed in 1.0.1k-1)
trixie: resolved (fixed in 1.0.1k-1)
Cisco
Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products
vendor_cisco
CVE-2014-8275 Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products
CVE-2014-8275: Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products
Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service condition or perform a man-in-the-middle attack. On January 8, 2015, the OpenSSL Project released a security advisory detailing eight distinct vulnerabilities. The vulnerabilities are referenced in this document as follows: CVE-2014-3571: OpenSSL DTLS Message Processing Denial of Service Vulnerability CVE-2015-0206: OpenSSL dtls1_buffer_record Function DTLS Message Processing Denial of Service Vulnerability CVE-2014-3569: OpenSSL no-ssl3 Option NULL Pointer Dereference Vulnerability CVE-2014-3572: OpenSSL Ellipti
Cisco
Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products
vendor_cisco
CVE-2015-0204 Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products
CVE-2015-0204: Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products
Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service condition or perform a man-in-the-middle attack. On January 8, 2015, the OpenSSL Project released a security advisory detailing eight distinct vulnerabilities. The vulnerabilities are referenced in this document as follows: CVE-2014-3571: OpenSSL DTLS Message Processing Denial of Service Vulnerability CVE-2015-0206: OpenSSL dtls1_buffer_record Function DTLS Message Processing Denial of Service Vulnerability CVE-2014-3569: OpenSSL no-ssl3 Option NULL Pointer Dereference Vulnerability CVE-2014-3572: OpenSSL Ellipti
Cisco
Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products
vendor_cisco
CVE-2014-3570 Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products
CVE-2014-3570: Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products
Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service condition or perform a man-in-the-middle attack. On January 8, 2015, the OpenSSL Project released a security advisory detailing eight distinct vulnerabilities. The vulnerabilities are referenced in this document as follows: CVE-2014-3571: OpenSSL DTLS Message Processing Denial of Service Vulnerability CVE-2015-0206: OpenSSL dtls1_buffer_record Function DTLS Message Processing Denial of Service Vulnerability CVE-2014-3569: OpenSSL no-ssl3 Option NULL Pointer Dereference Vulnerability CVE-2014-3572: OpenSSL Ellipti
Cisco
Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products
vendor_cisco
CVE-2014-3572 Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products
CVE-2014-3572: Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products
Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service condition or perform a man-in-the-middle attack. On January 8, 2015, the OpenSSL Project released a security advisory detailing eight distinct vulnerabilities. The vulnerabilities are referenced in this document as follows: CVE-2014-3571: OpenSSL DTLS Message Processing Denial of Service Vulnerability CVE-2015-0206: OpenSSL dtls1_buffer_record Function DTLS Message Processing Denial of Service Vulnerability CVE-2014-3569: OpenSSL no-ssl3 Option NULL Pointer Dereference Vulnerability CVE-2014-3572: OpenSSL Ellipti
Cisco
Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products
vendor_cisco
CVE-2015-0205 Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products
CVE-2015-0205: Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products
Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service condition or perform a man-in-the-middle attack. On January 8, 2015, the OpenSSL Project released a security advisory detailing eight distinct vulnerabilities. The vulnerabilities are referenced in this document as follows: CVE-2014-3571: OpenSSL DTLS Message Processing Denial of Service Vulnerability CVE-2015-0206: OpenSSL dtls1_buffer_record Function DTLS Message Processing Denial of Service Vulnerability CVE-2014-3569: OpenSSL no-ssl3 Option NULL Pointer Dereference Vulnerability CVE-2014-3572: OpenSSL Ellipti
Cisco
Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products
vendor_cisco
CVE-2014-3569 Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products
CVE-2014-3569: Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products
Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service condition or perform a man-in-the-middle attack. On January 8, 2015, the OpenSSL Project released a security advisory detailing eight distinct vulnerabilities. The vulnerabilities are referenced in this document as follows: CVE-2014-3571: OpenSSL DTLS Message Processing Denial of Service Vulnerability CVE-2015-0206: OpenSSL dtls1_buffer_record Function DTLS Message Processing Denial of Service Vulnerability CVE-2014-3569: OpenSSL no-ssl3 Option NULL Pointer Dereference Vulnerability CVE-2014-3572: OpenSSL Ellipti
Cisco
Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products
vendor_cisco
CVE-2014-3571 Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products
CVE-2014-3571: Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products
Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service condition or perform a man-in-the-middle attack. On January 8, 2015, the OpenSSL Project released a security advisory detailing eight distinct vulnerabilities. The vulnerabilities are referenced in this document as follows: CVE-2014-3571: OpenSSL DTLS Message Processing Denial of Service Vulnerability CVE-2015-0206: OpenSSL dtls1_buffer_record Function DTLS Message Processing Denial of Service Vulnerability CVE-2014-3569: OpenSSL no-ssl3 Option NULL Pointer Dereference Vulnerability CVE-2014-3572: OpenSSL Ellipti
Cisco
Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products
vendor_cisco
CVE-2015-0206 Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products
CVE-2015-0206: Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products
Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service condition or perform a man-in-the-middle attack. On January 8, 2015, the OpenSSL Project released a security advisory detailing eight distinct vulnerabilities. The vulnerabilities are referenced in this document as follows: CVE-2014-3571: OpenSSL DTLS Message Processing Denial of Service Vulnerability CVE-2015-0206: OpenSSL dtls1_buffer_record Function DTLS Message Processing Denial of Service Vulnerability CVE-2014-3569: OpenSSL no-ssl3 Option NULL Pointer Dereference Vulnerability CVE-2014-3572: OpenSSL Ellipti
Apple
CVE-2014-8275: OS X Yosemite v10.10.3 and Security Update 2015-004
vendor_apple·CVSS 5.0
CVE-2014-8275 [MEDIUM] CVE-2014-8275: OS X Yosemite v10.10.3 and Security Update 2015-004
Apple Security Update: About the security content of OS X Yosemite v10.10.3 and Security Update 2015-004
Product: OS X Yosemite v10.10.3 and Security Update 2015-004
CVE: CVE-2014-8275
Component: CVE-2014-8275
No detection rules found.
No public exploits indexed.
Tenable
[R6] OpenSSL '20150319' Advisory Affects Tenable Products
blogs_tenable·2015-03-29
[R6] OpenSSL '20150319' Advisory Affects Tenable Products
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
arXiv
LLM-Enhanced Software Patch Localization
arxiv_fulltext·2024-09-13
LLM-Enhanced Software Patch Localization
LLM-Enhanced Software Patch Localization
[1]Jinhong Yu
[2,3]Yi Chen
[2]Di Tang
[1]Xiaozhong Liu
[2]XiaoFeng Wang
[4]Chen Wu
[2]Haixu Tang
[1]Worcester Polytechnic Institute
[2]Indiana University Bloomington
[3]The University of Hong Kong
[4]Microsoft
## Abstract
Open source software (OSS) is integral to modern product development, and any vulnerability within it potentially compromises numerous products. While developers strive to apply security patches, pinpointing these patches among extensive OSS updates remains a challenge. Security patch localization (SPL) recommendation methods are leading approaches to address this. However, existing SPL models often falter when a commit lacks a clear association with its corresponding CVE, and do not consider a scenario that a vulnerability has
arXiv
Coinbugs: Enumerating Common Blockchain Implementation-Level Vulnerabilities
arxiv_fulltext·2021-04-13
Coinbugs: Enumerating Common Blockchain Implementation-Level Vulnerabilities
Coinbugs: Enumerating Common Blockchain Implementation-Level Vulnerabilities
Aleksandar Kircanski and Terence Tarvis\ Group
## Abstract
A good amount of effort has been dedicated to surveying and systematizing Ethereum smart contract security bug classes, see e.g. . There is, however, a gap in literature when it comes to surveying implementation-level security bugs that commonly occur in basic PoW blockchain node implementations, discovered during the first decade of Bitcoin's existence. This paper attempts to fill this void. In particular, if software which participates in a network by validating and generating new blocks is developed from scratch, WCGW - What Could Go Wrong?
Ten broad bug type categories are listed and for each category, known examples are linked. Blockchain, as desig
Bugzilla
CVE-2015-0286 openssl: invalid pointer use in ASN1_TYPE_cmp()
bugzilla·2015-03-16·CVSS 5.0
CVE-2015-0286 [MEDIUM] CVE-2015-0286 openssl: invalid pointer use in ASN1_TYPE_cmp()
CVE-2015-0286 openssl: invalid pointer use in ASN1_TYPE_cmp()
The function ASN1_TYPE_cmp will crash with an invalid read if an attempt is made to compare ASN.1 boolean types. Since ASN1_TYPE_cmp is used to check certificate signature algorithm consistency this can be used to crash any certificate verification operation and exploited in a denial of service attack. Any application which performs certificate verification is vulnerable, including OpenSSL clients and servers which enable client authentication.
This issue affects OpenSSL versions: 1.0.2, 1.0.1, 1.0.0, and 0.9.8. This issue is fixed in versions: 1.0.2a, 1.0.1m, 1.0.0r, and 0.9.8zf.
Acknowledgements:
Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Stephen Henson of the OpenSSL de
Bugzilla
CVE-2014-8275 openssl: Fix various certificate fingerprint issues
bugzilla·2015-01-08·CVSS 5.0
CVE-2014-8275 [MEDIUM] CVE-2014-8275 openssl: Fix various certificate fingerprint issues
CVE-2014-8275 openssl: Fix various certificate fingerprint issues
New release of OpenSSL [1] fixes the following:
By using non-DER or invalid encodings outside the signed portion of a certificate the fingerprint can be changed without breaking the signature. Although no details of the signed portion of the certificate can be changed this can cause problems with some applications: e.g. those using the certificate fingerprint for blacklists.
1. Reject signatures with non zero unused bits.
If the BIT STRING containing the signature has non zero unused bits reject the signature. All current signature algorithms require zero unused bits.
2. Check certificate algorithm consistency.
Check the AlgorithmIdentifier inside TBS matches the one in the certificate signature. NB: this will result i
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10679http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-January/148363.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.htmlhttp://marc.info/?l=bugtraq&m=142496179803395&w=2http://marc.info/?l=bugtraq&m=142496289803847&w=2http://marc.info/?l=bugtraq&m=142720981827617&w=2http://marc.info/?l=bugtraq&m=142721102728110&w=2http://marc.info/?l=bugtraq&m=142895206924048&w=2http://marc.info/?l=bugtraq&m=143748090628601&w=2http://marc.info/?l=bugtraq&m=144050155601375&w=2http://marc.info/?l=bugtraq&m=144050205101530&w=2http://marc.info/?l=bugtraq&m=144050254401665&w=2http://marc.info/?l=bugtraq&m=144050297101809&w=2http://rhn.redhat.com/errata/RHSA-2015-0066.htmlhttp://rhn.redhat.com/errata/RHSA-2015-0800.htmlhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-sslhttp://www.debian.org/security/2015/dsa-3125http://www.mandriva.com/security/advisories?name=MDVSA-2015:019http://www.mandriva.com/security/advisories?name=MDVSA-2015:062http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlhttp://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.htmlhttp://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.htmlhttp://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.htmlhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.htmlhttp://www.securityfocus.com/bid/71935http://www.securitytracker.com/id/1033378https://bto.bluecoat.com/security-advisory/sa88https://github.com/openssl/openssl/commit/684400ce192dac51df3d3e92b61830a6ef90be3ehttps://github.com/openssl/openssl/commit/cb62ab4b17818fe66d2fed0a7fe71969131c811bhttps://kc.mcafee.com/corporate/index?page=content&id=SB10102https://kc.mcafee.com/corporate/index?page=content&id=SB10108https://support.apple.com/HT204659https://support.citrix.com/article/CTX216642https://www.openssl.org/news/secadv_20150108.txthttp://kb.juniper.net/InfoCenter/index?page=content&id=JSA10679http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-January/148363.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.htmlhttp://marc.info/?l=bugtraq&m=142496179803395&w=2http://marc.info/?l=bugtraq&m=142496289803847&w=2http://marc.info/?l=bugtraq&m=142720981827617&w=2http://marc.info/?l=bugtraq&m=142721102728110&w=2http://marc.info/?l=bugtraq&m=142895206924048&w=2http://marc.info/?l=bugtraq&m=143748090628601&w=2http://marc.info/?l=bugtraq&m=144050155601375&w=2http://marc.info/?l=bugtraq&m=144050205101530&w=2http://marc.info/?l=bugtraq&m=144050254401665&w=2http://marc.info/?l=bugtraq&m=144050297101809&w=2http://rhn.redhat.com/errata/RHSA-2015-0066.htmlhttp://rhn.redhat.com/errata/RHSA-2015-0800.htmlhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-sslhttp://www.debian.org/security/2015/dsa-3125http://www.mandriva.com/security/advisories?name=MDVSA-2015:019http://www.mandriva.com/security/advisories?name=MDVSA-2015:062http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlhttp://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.htmlhttp://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.htmlhttp://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.htmlhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.htmlhttp://www.securityfocus.com/bid/71935http://www.securitytracker.com/id/1033378https://bto.bluecoat.com/security-advisory/sa88https://github.com/openssl/openssl/commit/684400ce192dac51df3d3e92b61830a6ef90be3ehttps://github.com/openssl/openssl/commit/cb62ab4b17818fe66d2fed0a7fe71969131c811bhttps://kc.mcafee.com/corporate/index?page=content&id=SB10102https://kc.mcafee.com/corporate/index?page=content&id=SB10108https://support.apple.com/HT204659https://support.citrix.com/article/CTX216642https://www.openssl.org/news/secadv_20150108.txt
2015-01-09
Published