CVE-2015-0205
Published: 8 January 2015
The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support.
Notes
Author | Note |
---|---|
mdeslaur | precise isn't actually affected, as the code used to be wrong, resulting in a no-op, and having the same result as this security fix. See the following commit: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=c2770c0e0e0da5f447227553c248f9a94504ee4e |
Priority
Status
Package | Release | Status |
---|---|---|
openssl Launchpad, Ubuntu, Debian |
lucid |
Not vulnerable
|
precise |
Not vulnerable
|
|
trusty |
Released
(1.0.1f-1ubuntu2.8)
|
|
upstream |
Released
(1.0.1k)
|
|
utopic |
Released
(1.0.1f-1ubuntu9.1)
|
|
Patches: upstream: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=98a0f9660d374f58f79ee0efcc8c1672a805e8e8 |
||
openssl098 Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
precise |
Not vulnerable
|
|
trusty |
Does not exist
(trusty was not-affected)
|
|
upstream |
Not vulnerable
|
|
utopic |
Not vulnerable
|