FreeBSD update for OpenSSL



Published: 2017-11-29
Risk Low
Patch available YES
Number of vulnerabilities 2
CVE-ID CVE-2017-3735
CVE-2017-3736
CWE-ID CWE-125
CWE-310
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe 		FreeBSD
Operating systems & Components / Operating system

Vendor FreeBSD Foundation

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Out-of-bounds read

EUVDB-ID: #VU8487

Risk: Low

CVSSv3.1: 3.3 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:W/RC:C]

CVE-ID: CVE-2017-3735

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to one-byte out-of-bounds read when parsing an IPAddressFamily extension in an X.509 certificate. A remote attacker can disguise text display of the certificate.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

FreeBSD: 10.0 - 11.1

External links

http://www.freebsd.org/security/advisories/FreeBSD-SA-17:11.openssl.asc


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Carry propagation issue

EUVDB-ID: #VU9109

Risk: Low

CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-3736

CWE-ID: CWE-310 - Cryptographic Issues

Exploit availability: No

Description

The vulnerability allows a remote attacker to decrypt data.

The vulnerability exists due to carry propagating bug in the x86_64 Montgomery squaring procedure (bn_sqrx8x_internal). A remote attacker can decrypt encrypted data. The vulnerability affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

FreeBSD: 10.0 - 11.1

External links

http://www.freebsd.org/security/advisories/FreeBSD-SA-17:11.openssl.asc


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###