Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2015-0205

The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support.

Related bugs and status

CVE-2015-0205 (Candidate) is related to these bugs:

Bug #1811531: remote execution vulnerability

		In	Importance	Status
1811531	remote execution vulnerability	zeromq3 (Ubuntu)	Undecided	Fix Released
1811531	remote execution vulnerability	zeromq3 (Debian)	Unknown	Fix Released
1811531	remote execution vulnerability	zeromq (Suse)	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://github.com/ope...
CONFIRM: https://www.openssl.or...
FEDORA: FEDORA-2015-0512
FEDORA: FEDORA-2015-0601
MANDRIVA: MDVSA-2015:019
DEBIAN: DSA-3125
SUSE: openSUSE-SU-2015:0130
CISCO: 20150310 Multiple Vuln...
REDHAT: RHSA-2015:0066
SUSE: SUSE-SU-2015:0578
MANDRIVA: MDVSA-2015:062
CONFIRM: http://www.oracle.com/...
SUSE: SUSE-SU-2015:0946
CONFIRM: http://www.oracle.com/...
CONFIRM: http://www.oracle.com/...
CONFIRM: http://www.oracle.com/...
BID: 91787
CONFIRM: https://h20566.www2.hp...
CONFIRM: https://h20566.www2.hp...
CONFIRM: http://www.oracle.com/...
CONFIRM: https://bto.bluecoat.c...
SECTRACK: 1033378
SUSE: openSUSE-SU-2015:1277
BID: 71941
CONFIRM: http://kb.juniper.net/...
CONFIRM: https://kc.mcafee.com/...
CONFIRM: https://kc.mcafee.com/...
HP: HPSBHF03289
HP: HPSBMU03380
HP: HPSBMU03396
HP: HPSBMU03397
HP: HPSBMU03409
HP: HPSBMU03413
XF: openssl-cve20150205-se...
CONFIRM: http://www.oracle.com/...
CONFIRM: https://support.citrix...