Sid 1-34649

Message

SERVER-OTHER OpenSSL zero-length ClientKeyExchange message denial of service attempt

Summary

The ssl3getclientkeyexchange function in s3_srvr.c in OpenSSL 1.0.2 before 1.0.2a, when client authentication and an ephemeral Diffie-Hellman ciphersuite are enabled, allows remote attackers to cause a denial of service (daemon crash) via a ClientKeyExchange message with a length of zero.

Impact

CVSS base score 2.6 CVSS impact score 2.9 CVSS exploitability score 4.9 confidentialityImpact NONE integrityImpact NONE availabilityImpact NONE

CVE-2015-1787:

CVSS base score 2.6

CVSS impact score 2.9

CVSS exploitability score 4.9

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

Detailed information

CVE-2015-1787: The ssl3getclientkeyexchange function in s3_srvr.c in OpenSSL 1.0.2 before 1.0.2a, when client authentication and an ephemeral Diffie-Hellman ciphersuite are enabled, allows remote attackers to cause a denial of service (daemon crash) via a ClientKeyExchange message with a length of zero.

Affected systems

• openssl openssl 1.0.2

Ease of attack

CVE-2015-1787:

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

False positives

None known

False negatives

None known

Corrective action

Upgrade to the latest non-affected version of the software.

Apply the appropriate vendor supplied patches.

Contributors

• Talos research team.
• This document was generated from data supplied by the national vulnerability database, a product of the national institute of standards and technology.
• For more information see nvd.

Additional References

• www.openssl.org/news/secadv_20150319.txt