[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Cisco Security Advisory: OpenSSL Alternative Chains Certificate Forgery Vulnerability (July 2015) Affecting Cisco Products
- To: bugtraq@xxxxxxxxxxxxxxxxx
- Subject: Cisco Security Advisory: OpenSSL Alternative Chains Certificate Forgery Vulnerability (July 2015) Affecting Cisco Products
- From: Cisco Systems Product Security Incident Response Team <psirt@xxxxxxxxx>
- Date: Fri, 10 Jul 2015 12:04:00 -0400
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: OpenSSL Alternative Chains Certificate Forgery
Vulnerability (July 2015) Affecting Cisco Products
Advisory ID: cisco-sa-20150710-openssl
Revision 1.0
For Public Release 2015 July 10 16:00 UTC (GMT)
+-----------------------------------------------------------------------
Summary
=======
On July 9, 2015, the OpenSSL Project released a security advisory detailing a
vulnerability affecting applications that verify certificates, including
SSL/Transport Layer Security (TLS)/Datagram Transport Layer Security (DTLS)
clients and SSL/TLS/DTLS servers using client authentication.
Multiple Cisco products incorporate a version of the OpenSSL package affected
by this vulnerability that could allow an unauthenticated, remote attacker to
cause certain checks on untrusted certificates to be bypassed, enabling the
attacker to forge "trusted" certificates that could be used to conduct
man-in-the-middle attacks.
This advisory will be updated as additional information becomes available.
Cisco will release free software updates that address this vulnerability.
Workarounds that mitigate this vulnerability may be available.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150710-openssl
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (SunOS)
iQIVAwUBVZ/llopI1I6i1Mx3AQIjRg//cvAk2pCkYKp0Y7FxagB/w5e8bgUkkWj1
K0m08whJcJE1Q2ovEzzfzi4I2gU1UxyxMAvSmC4LCCxdlf2lP63nbiPPACcPMxx3
lPSgIbyPO/HHuOT9g7TwJkJV3tXhqMOQqP3AGvlhxZA7XnxBWWwG5VZHbxki71U3
hJjbwC5saREV+nqCBUCHCffJKyfn0jTBEP8k0odkbUPwZkUrJMOqMJgcxuRl0luh
7aqsKdtiA/nsT8VXqKQz68huaC/6+LdrJS/O7qbQjCxnB6UqPUR7q1sB3+S6P1W8
SQ2MiR3ZCOyeGpRt3M5HiHPxTZQTlqexxcNumRw/n4LpXVRvChEWc3+oP0zU6ktK
KnhgbVPYVA66MATryoI+iY8kiqNg06ziL49tYv3s3zfyby8QRQkQm2/K2pXLu77x
0xjMPUJ9TJNW7CYUmocJgGMQwUQIix/aTz+XKEKVbBGlQv0MMSuFS55P8nxNjY+F
mORLgsOmhHN8XAu1dmftR0spNbWk8X5y2bZ4IKwM1uaaQ5UwU42Y3429LyM8E0EW
A4cdKRWWOgjLcrCHNH1vEp2VtakqJBYyJhA2aVCJ9tLAsP7w8/nEocn2q1DlmWT2
dEhbm5OOZxaE8j1PlJd/MRS1fs7N04IsBI6LXFxeYVyS5FPgwjfqarFY8P4EWFGC
jFNFYlGfjes=
=WKtv
-----END PGP SIGNATURE-----
- Prev by Date:
[security bulletin] HPSBGN03351 rev.2 - HP IceWall SSO Dfw, SSO Certd, MCRP, and Federation Agent running OpenSSL, Remote Disclosure of Information
- Next by Date:
[security bulletin] HPSBGN03373 rev.1 - HP Release Control running TLS, Remote Disclosure of Information
- Previous by thread:
[security bulletin] HPSBGN03351 rev.2 - HP IceWall SSO Dfw, SSO Certd, MCRP, and Federation Agent running OpenSSL, Remote Disclosure of Information
- Next by thread:
[security bulletin] HPSBGN03373 rev.1 - HP Release Control running TLS, Remote Disclosure of Information
- Index(es):