[<prev] [next>] [day] [month] [year] [list]
Message-id: <201507101204.6.openssl@psirt.cisco.com>
Date: Fri, 10 Jul 2015 12:04:00 -0400
From: Cisco Systems Product Security Incident Response Team <psirt@...co.com>
To: bugtraq@...urityfocus.com
Cc: psirt@...co.com
Subject: Cisco Security Advisory: OpenSSL Alternative Chains Certificate Forgery Vulnerability (July 2015) Affecting Cisco Products
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: OpenSSL Alternative Chains Certificate Forgery Vulnerability (July 2015) Affecting Cisco Products
Advisory ID: cisco-sa-20150710-openssl
Revision 1.0
For Public Release 2015 July 10 16:00 UTC (GMT)
+-----------------------------------------------------------------------
Summary
=======
On July 9, 2015, the OpenSSL Project released a security advisory detailing a vulnerability affecting applications that verify certificates, including SSL/Transport Layer Security (TLS)/Datagram Transport Layer Security (DTLS) clients and SSL/TLS/DTLS servers using client authentication.
Multiple Cisco products incorporate a version of the OpenSSL package affected by this vulnerability that could allow an unauthenticated, remote attacker to cause certain checks on untrusted certificates to be bypassed, enabling the attacker to forge "trusted" certificates that could be used to conduct man-in-the-middle attacks.
This advisory will be updated as additional information becomes available.
Cisco will release free software updates that address this vulnerability.
Workarounds that mitigate this vulnerability may be available.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150710-openssl
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (SunOS)
iQIVAwUBVZ/llopI1I6i1Mx3AQIjRg//cvAk2pCkYKp0Y7FxagB/w5e8bgUkkWj1
K0m08whJcJE1Q2ovEzzfzi4I2gU1UxyxMAvSmC4LCCxdlf2lP63nbiPPACcPMxx3
lPSgIbyPO/HHuOT9g7TwJkJV3tXhqMOQqP3AGvlhxZA7XnxBWWwG5VZHbxki71U3
hJjbwC5saREV+nqCBUCHCffJKyfn0jTBEP8k0odkbUPwZkUrJMOqMJgcxuRl0luh
7aqsKdtiA/nsT8VXqKQz68huaC/6+LdrJS/O7qbQjCxnB6UqPUR7q1sB3+S6P1W8
SQ2MiR3ZCOyeGpRt3M5HiHPxTZQTlqexxcNumRw/n4LpXVRvChEWc3+oP0zU6ktK
KnhgbVPYVA66MATryoI+iY8kiqNg06ziL49tYv3s3zfyby8QRQkQm2/K2pXLu77x
0xjMPUJ9TJNW7CYUmocJgGMQwUQIix/aTz+XKEKVbBGlQv0MMSuFS55P8nxNjY+F
mORLgsOmhHN8XAu1dmftR0spNbWk8X5y2bZ4IKwM1uaaQ5UwU42Y3429LyM8E0EW
A4cdKRWWOgjLcrCHNH1vEp2VtakqJBYyJhA2aVCJ9tLAsP7w8/nEocn2q1DlmWT2
dEhbm5OOZxaE8j1PlJd/MRS1fs7N04IsBI6LXFxeYVyS5FPgwjfqarFY8P4EWFGC
jFNFYlGfjes=
=WKtv
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists