OpenSSL 1.0.1 < 1.0.1p Multiple Vulnerabilities
Medium Nessus Plugin ID 84636
SynopsisThe remote host is affected by multiple vulnerabilities.
DescriptionAccording to its banner, the remote host is running a version of OpenSSL 1.0.1 prior to 1.0.1p. It is, therefore, affected by the following vulnerabilities :
- A certificate validation bypass vulnerability exists due to a flaw in the X509_verify_cert() function in x509_vfy.c that is triggered when locating alternate certificate chains when the first attempt to build such a chain fails. A remote attacker can exploit this, by using a valid leaf certificate as a certificate authority (CA), to issue invalid certificates that will bypass authentication. Note that this issue affects only versions 1.0.1n and 1.0.1o. (CVE-2015-1793)
- A race condition exists in s3_clnt.c that is triggered when PSK identity hints are incorrectly updated in the parent SSL_CTX structure when they are received by a multi-threaded client. A remote attacker can exploit this, via a crafted ServerKeyExchange message, to cause a double-free memory error, resulting in a denial of service. (CVE-2015-3196)
SolutionUpgrade to OpenSSL version 1.0.1p or later.