Certificate verify crash with missing PSS parameter [CVE-2015-3194]
| Advisory ID | CVE Number | Date discovered | Severity | Advisory revision |
|---|---|---|---|---|
| STORM-2015-017 | CVE-2015-3194 | 12/04/2015 | low | v1 |
Vulnerability details
The signature verification routines of OpenSSL will crash with a NULL pointer dereference if presented with an ASN.1 signature using the RSA PSS algorithm and absent mask generation function parameter. This vulnerability could be exploited to conduct denial of service attacks.
Impacted products
| Products | Severity | Detail |
|---|---|---|
| Stormshield Network Security | low | The product embeds a vulnerable version of OpenSSL. |
| Stormshield Endpoint Security | low | The product embeds a vulnerable version of OpenSSL. |
| Netasq | low | The product embeds a vulnerable version of OpenSSL. |
Revisions
| Version | Date | Description |
|---|---|---|
| v1 | 12/07/2015 | Initial release |
Stormshield Network Security |
CVSS v2 Overall Score: 3.7
|
Analysis |
Impacted version |
|
Stormshield Network Security (SNS) products embed a vulnerable version of the OpenSSL library. This vulnerability can be exploited on the SSL proxy, administration and authentication portal components. The CVE-2015-3194 vulnerability could allow a denial of service attack on these services, that crash and restart (services automatically restart on abnormal termination). The attack can be performed when these services are available on the attacker’s network. |
|
Workaround solution |
Solution |
|
Limit access to administration portal to trusted IP only. |
The 2.3.1, 2.2.4, and 1.4.3 updates will fix this vulnerability. |
| Access vector | Access complexity | Authentication | Confidentiality impact | Integrity impact | Availability impact |
|---|---|---|---|---|---|
| Network | Low | None | None | None | Partial |
| CVSS Base score: 5 | CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) |
| Exploitability | Remediation Level | Report Confidence |
|---|---|---|
| Unproven that exploit exists | Official fix | Confirmed |
| CVSS Temporal score: 3.7 | CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C) |
| Collateral Damage Potential | Target Distribution |
|---|---|
| None | High [76-100%] |
| CVSS Environmental score: 3.7 | CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C/CDP:N/TD:H/CR:ND/IR:ND/AR:ND) |
Stormshield Endpoint Security |
CVSS v2 Overall Score: 3.7
|
Analysis |
Impacted version |
|
Stormshield Endpoint Security (SES) product embeds a vulnerable version of the OpenSSL library. The successful exploitation of this vulnerability could allow an attacker to cause a denial of service on the framework.exe process (either on an agent or a server). Stormshield Endpoint Security is configured to automatically restart those processes in case of unexpected failure; the interruption of service is limited. The temporary unavailability of the framework.exe process running on a server may delay the processing of new logs and the application of a new security policy on agents. The temporary unavailability of the framework.exe process running on an agent has no security impact: the security policy is still applied even if the framework.exe process is unavailable. |
|
Workaround solution |
Solution |
|
There is no workaround solution. |
The 6.0.21, 7.1.08 and 7.2.05 updates fix this vulnerability. |
| Access vector | Access complexity | Authentication | Confidentiality impact | Integrity impact | Availability impact |
|---|---|---|---|---|---|
| Network | Low | None | None | None | Partial |
| CVSS Base score: 5 | CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) |
| Exploitability | Remediation Level | Report Confidence |
|---|---|---|
| Unproven that exploit exists | Official fix | Confirmed |
| CVSS Temporal score: 3.7 | CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C) |
| Collateral Damage Potential | Target Distribution |
|---|---|
| None | High [76-100%] |
| CVSS Environmental score: 3.7 | CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C/CDP:N/TD:H/CR:ND/IR:ND/AR:ND) |
Netasq |
CVSS v2 Overall Score: 3.7
|
Analysis |
Impacted version |
|
Netasq products embed a vulnerable version of the OpenSSL library. This vulnerability can be exploited on the SSL proxy, administration and authentication portal components. The CVE-2015-3194 vulnerability could allow a denial of service attack on these services, that crash and restart (services automatically restart on abnormal termination). The attack can be performed when these services are available on the attacker’s network. |
|
Workaround solution |
Solution |
|
Limit access to administration portal to trusted IP only. |
The 9.1.7 update will fix this vulnerability. |
| Access vector | Access complexity | Authentication | Confidentiality impact | Integrity impact | Availability impact |
|---|---|---|---|---|---|
| Network | Low | None | None | None | Partial |
| CVSS Base score: 5 | CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) |
| Exploitability | Remediation Level | Report Confidence |
|---|---|---|
| Unproven that exploit exists | Official fix | Confirmed |
| CVSS Temporal score: 3.7 | CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C) |
| Collateral Damage Potential | Target Distribution |
|---|---|
| None | High [76-100%] |
| CVSS Environmental score: 3.7 | CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C/CDP:N/TD:H/CR:ND/IR:ND/AR:ND) |