912293 – (CVE-2015-0205) VUL-0: CVE-2015-0205: openssl: Unauthenticated DH client certificate fix.

Bug 912293 (CVE-2015-0205) - VUL-0: CVE-2015-0205: openssl: Unauthenticated DH client certificate fix.

Summary: VUL-0: CVE-2015-0205: openssl: Unauthenticated DH client certificate fix.

Status:	RESOLVED FIXED

Alias:	CVE-2015-0205

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:
Whiteboard:	maint:running:60183:moderate maint:...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2015-01-08 15:45 UTC by Marcus Meissner
Modified:	2022-02-16 21:17 UTC (History)
CC List:	1 user (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marcus Meissner 2015-01-08 15:45:55 UTC

via openssl git

commit 98a0f9660d374f58f79ee0efcc8c1672a805e8e8
Author: Dr. Stephen Henson <steve@openssl.org>
Date:   Thu Oct 23 20:36:17 2014 +0100

    Unauthenticated DH client certificate fix.
    
    Fix to prevent use of DH client certificates without sending
    certificate verify message.
    
    If we've used a client certificate to generate the premaster secret
    ssl3_get_client_key_exchange returns 2 and ssl3_get_cert_verify is
    never called.
    
    We can only skip the certificate verify message in
    ssl3_get_cert_verify if the client didn't send a certificate.
    
    Thanks to Karthikeyan Bhargavan for reporting this issue.
    CVE-2015-0205
    Reviewed-by: Matt Caswell <matt@openssl.org>

Comment 1 Marcus Meissner 2015-01-08 15:52:19 UTC

0.9.8 branch has:

commit a4aa18879917d9bd45f52ac110c69303a852b7db
Author: Dr. Stephen Henson <steve@openssl.org>
Date:   Tue Jan 6 14:28:34 2015 +0000

    Fix typo.
    
    Fix typo in ssl3_get_cert_verify: we can only skip certificate verify
    message if certificate is absent.
    
    NB: OpenSSL 0.9.8 is NOT vulnerable to CVE-2015-0205 as it doesn't
    support DH certificates and this typo prohibits skipping of
    certificate verify message for sign only certificates anyway.
    
    Reviewed-by: Matt Caswell <matt@openssl.org>

Comment 2 Marcus Meissner 2015-01-08 16:05:58 UTC

http://openssl.org/news/secadv_20150108.txt


DH client certificates accepted without verification [Server] (CVE-2015-0205)
=============================================================================

Severity: Low

An OpenSSL server will accept a DH certificate for client authentication
without the certificate verify message. This effectively allows a client
to authenticate without the use of a private key. This only affects servers
which trust a client certificate authority which issues certificates
containing DH keys: these are extremely rare and hardly ever encountered.

This issue affects OpenSSL versions: 1.0.1 and 1.0.0.

OpenSSL 1.0.1 users should upgrade to 1.0.1k.
OpenSSL 1.0.0 users should upgrade to 1.0.0p.

This issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan
Bhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen
Henson of the OpenSSL core team.

Comment 3 Swamp Workflow Management 2015-01-08 23:00:53 UTC

bugbot adjusting priority

Comment 4 Bernhard Wiedemann 2015-01-09 12:00:25 UTC

This is an autogenerated message for OBS integration:
This bug (912293) was mentioned in
https://build.opensuse.org/request/show/280570 Factory / openssl

Comment 13 Swamp Workflow Management 2015-01-23 19:06:05 UTC

openSUSE-SU-2015:0130-1: An update that fixes 8 vulnerabilities is now available.

Category: security (important)
Bug References: 911399,912014,912015,912018,912292,912293,912294,912296
CVE References: CVE-2014-3569,CVE-2014-3570,CVE-2014-3571,CVE-2014-3572,CVE-2014-8275,CVE-2015-0204,CVE-2015-0205,CVE-2015-0206
Sources used:
openSUSE 13.2 (src):    openssl-1.0.1k-2.16.2
openSUSE 13.1 (src):    openssl-1.0.1k-11.64.2

Comment 15 Swamp Workflow Management 2015-01-29 00:07:02 UTC

SUSE-SU-2015:0166-1: An update that solves 6 vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 912014,912015,912018,912292,912293,912294,912296
CVE References: CVE-2014-3570,CVE-2014-3571,CVE-2014-3572,CVE-2014-8275,CVE-2015-0204,CVE-2015-0205
Sources used:
SLE CLIENT TOOLS 10 for x86_64 (src):    openssl-0.9.8a-18.88.1
SLE CLIENT TOOLS 10 for s390x (src):    openssl-0.9.8a-18.88.1
SLE CLIENT TOOLS 10 (src):    openssl-0.9.8a-18.88.1

Comment 16 Swamp Workflow Management 2015-01-29 06:06:10 UTC

SUSE-SU-2015:0172-1: An update that fixes 6 vulnerabilities is now available.

Category: security (moderate)
Bug References: 912014,912015,912018,912293,912294,912296
CVE References: CVE-2014-3570,CVE-2014-3571,CVE-2014-3572,CVE-2014-8275,CVE-2015-0204,CVE-2015-0205
Sources used:
SUSE Studio Onsite 1.3 (src):    openssl-0.9.8j-0.68.1
SUSE Manager 1.7 for SLE 11 SP2 (src):    openssl-0.9.8j-0.68.1
SUSE Linux Enterprise Server 10 SP4 LTSS (src):    openssl-0.9.8a-18.88.1

Comment 17 Swamp Workflow Management 2015-01-31 02:06:30 UTC

SUSE-SU-2015:0172-2: An update that fixes 6 vulnerabilities is now available.

Category: security (moderate)
Bug References: 912014,912015,912018,912293,912294,912296
CVE References: CVE-2014-3570,CVE-2014-3571,CVE-2014-3572,CVE-2014-8275,CVE-2015-0204,CVE-2015-0205
Sources used:
SUSE Linux Enterprise Software Development Kit 11 SP3 (src):    openssl-0.9.8j-0.68.1
SUSE Linux Enterprise Server 11 SP3 for VMware (src):    openssl-0.9.8j-0.68.1
SUSE Linux Enterprise Server 11 SP3 (src):    openssl-0.9.8j-0.68.1
SUSE Linux Enterprise Server 11 SP2 LTSS (src):    openssl-0.9.8j-0.68.1
SUSE Linux Enterprise Server 11 SP1 LTSS (src):    openssl-0.9.8j-0.68.1
SUSE Linux Enterprise Desktop 11 SP3 (src):    openssl-0.9.8j-0.68.1

Comment 18 Swamp Workflow Management 2015-01-31 05:06:56 UTC

SUSE-SU-2015:0181-1: An update that solves 7 vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 906878,912014,912015,912018,912292,912293,912294,912296
CVE References: CVE-2014-3570,CVE-2014-3571,CVE-2014-3572,CVE-2014-8275,CVE-2015-0204,CVE-2015-0205,CVE-2015-0206
Sources used:
SUSE Linux Enterprise Security Module 11 SP3 (src):    openssl1-1.0.1g-0.24.1

Comment 19 Swamp Workflow Management 2015-01-31 06:06:30 UTC

SUSE-SU-2015:0182-1: An update that fixes 5 vulnerabilities is now available.

Category: security (moderate)
Bug References: 912014,912015,912018,912293,912296
CVE References: CVE-2014-3570,CVE-2014-3572,CVE-2014-8275,CVE-2015-0204,CVE-2015-0205
Sources used:
SUSE Linux Enterprise Server 10 SP4 LTSS (src):    compat-openssl097g-0.9.7g-13.27.1
SUSE Linux Enterprise Desktop 11 SP3 (src):    compat-openssl097g-0.9.7g-146.22.27.1
SLES for SAP Applications (src):    compat-openssl097g-0.9.7g-146.22.27.1

Comment 20 Marcus Meissner 2015-02-03 16:37:54 UTC

released

Comment 21 Swamp Workflow Management 2015-02-03 17:11:36 UTC

SUSE-SU-2015:0205-1: An update that solves 7 vulnerabilities and has 6 fixes is now available.

Category: security (moderate)
Bug References: 855676,895129,901902,906878,908362,908372,912014,912015,912018,912292,912293,912294,912296
CVE References: CVE-2014-3570,CVE-2014-3571,CVE-2014-3572,CVE-2014-8275,CVE-2015-0204,CVE-2015-0205,CVE-2015-0206
Sources used:
SUSE Linux Enterprise Software Development Kit 12 (src):    openssl-1.0.1i-17.1
SUSE Linux Enterprise Server 12 (src):    openssl-1.0.1i-17.1
SUSE Linux Enterprise Desktop 12 (src):    openssl-1.0.1i-17.1

Comment 22 Swamp Workflow Management 2015-02-17 15:06:19 UTC

SUSE-SU-2015:0305-1: An update that fixes 7 vulnerabilities is now available.

Category: security (moderate)
Bug References: 892403,912014,912015,912018,912293,912294,912296
CVE References: CVE-2014-0224,CVE-2014-3570,CVE-2014-3571,CVE-2014-3572,CVE-2014-8275,CVE-2015-0204,CVE-2015-0205
Sources used:
SUSE Linux Enterprise Module for Legacy Software 12 (src):    compat-openssl098-0.9.8j-70.2
SUSE Linux Enterprise Desktop 12 (src):    compat-openssl098-0.9.8j-70.2

Comment 23 Swamp Workflow Management 2015-02-23 18:05:57 UTC

SUSE-SU-2015:0182-2: An update that fixes 5 vulnerabilities is now available.

Category: security (moderate)
Bug References: 912014,912015,912018,912293,912296
CVE References: CVE-2014-3570,CVE-2014-3572,CVE-2014-8275,CVE-2015-0204,CVE-2015-0205
Sources used:
SUSE Linux Enterprise for SAP Applications 11 SP1 (src):    compat-openssl097g-0.9.7g-146.22.27.1

Comment 24 Swamp Workflow Management 2015-03-23 23:07:09 UTC

SUSE-SU-2015:0578-1: An update that contains security fixes can now be installed.

Category: security (important)
Bug References: 802184,880891,890764,901223,901277,905106,912014,912015,912018,912293,912296,920236,922488,922496,922499,922500,922501
CVE References: 
Sources used:
SUSE Linux Enterprise for SAP Applications 11 SP2 (src):    compat-openssl097g-0.9.7g-146.22.29.1

Comment 25 Swamp Workflow Management 2015-07-22 13:08:25 UTC

openSUSE-SU-2015:1277-1: An update that solves 16 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 912015,912018,912292,912293,912296,919648,920236,922496,922499,922500,931600,934487,934489,934491,934493,934494,937891
CVE References: CVE-2014-3570,CVE-2014-3572,CVE-2014-8176,CVE-2014-8275,CVE-2015-0205,CVE-2015-0206,CVE-2015-0209,CVE-2015-0286,CVE-2015-0287,CVE-2015-0288,CVE-2015-0289,CVE-2015-1788,CVE-2015-1789,CVE-2015-1790,CVE-2015-1792,CVE-2015-4000
Sources used:
openSUSE 13.2 (src):    libressl-2.2.1-2.3.1

Comment 26 Swamp Workflow Management 2022-02-16 21:17:01 UTC

SUSE-FU-2022:0445-1: An update that solves 183 vulnerabilities, contains 21 features and has 299 fixes is now available.

Category: feature (moderate)
Bug References: 1000080,1000117,1000194,1000677,1000742,1001148,1001912,1002585,1002895,1003091,1005246,1009528,1010874,1010966,1011936,1015549,1019637,1021641,1022085,1022086,1022271,1027079,1027610,1027688,1027705,1027908,1028281,1028723,1029523,1029902,1030038,1032118,1032119,1035604,1039469,1040164,1040256,1041090,1042392,1042670,1044095,1044107,1044175,1049186,1049304,1050653,1050665,1055478,1055542,1055825,1056058,1056951,1057496,1062237,1065363,1066242,1066873,1068790,1070737,1070738,1070853,1071905,1071906,1071941,1073310,1073845,1073879,1074247,1076519,1077096,1077230,1078329,1079761,1080301,1081005,1081750,1081751,1082155,1082163,1082318,1083826,1084117,1084157,1085276,1085529,1085661,1087102,1087104,1088573,1089039,1090427,1090765,1090953,1093518,1093917,1094788,1094814,1094883,1095267,1096738,1096937,1097158,1097531,1097624,1098535,1098592,1099308,1099569,1100078,1101246,1101470,1102868,1104789,1106197,1108508,1109882,1109998,1110435,1110869,1110871,1111493,1111622,1111657,1112209,1112357,1113534,1113652,1113742,1113975,1115769,1117951,1118611,1119376,1119416,1119792,1121717,1121852,1122191,1123064,1123185,1123186,1123558,1124885,1125815,1126283,1126318,1127080,1127173,1128146,1128323,1128355,1129071,1129566,1130840,1131291,1132174,1132323,1132455,1132663,1132900,1135009,1136444,1138666,1138715,1138746,1139915,1140255,1141168,1142899,1143033,1143454,1143893,1144506,1149686,1149792,1150003,1150190,1150250,1150895,1153830,1155815,1156677,1156694,1156908,1157104,1157354,1158809,1159235,1159538,1160163,1161557,1161770,1162224,1162367,1162743,1163978,1164310,1165439,1165578,1165730,1165823,1165960,1166139,1166758,1167008,1167501,1167732,1167746,1168480,1168973,1169489,1170175,1170863,1171368,1171561,1172226,1172908,1172928,1173226,1173356,1174009,1174091,1174514,1175729,1176116,1176129,1176134,1176232,1176256,1176257,1176258,1176259,1176262,1176389,1176785,1176977,1177120,1177127,1177559,1178168,1178341,1178670,1179491,1179562,1179630,1179805,1180125,1180781,1181126,1181324,1181944,1182066,1182211,1182244,1182264,1182331,1182333,1182379,1182963,1183059,1183374,1183858,1184505,1185588,1185706,1185748,1186738,1187045,1189521,1190781,1193357,356549,381844,394317,408865,428177,430141,431945,437293,442740,459468,489641,504687,509031,526319,590833,610223,610642,629905,637176,651003,657698,658604,670526,673071,693027,715423,720601,743787,747125,748738,749210,749213,749735,750618,751718,751946,751977,754447,754677,761500,774710,784670,784994,787526,793420,799119,802184,803004,809831,811890,822642,825221,828513,831629,832833,834601,835687,839107,84331,849377,855666,855676,856687,857203,857850,858239,867887,869945,871152,872299,873351,876282,876710,876712,876748,880891,885662,885882,889013,889363,892477,892480,895129,898917,901223,901277,901902,902364,906878,907584,908362,908372,912014,912015,912018,912292,912293,912294,912296,912460,913229,915479,917607,917759,917815,919648,920236,922448,922488,922496,922499,922500,926597,929678,929736,930189,931698,931978,933898,933911,934487,934489,934491,934493,935856,937085,937212,937492,937634,937912,939456,940608,942385,942751,943421,944204,945455,946648,947104,947357,947679,948198,952871,954256,954486,954690,957812,957813,957815,958501,961334,962291,963415,963974,964204,964472,964474,965830,967128,968046,968047,968048,968050,968265,968270,968374,968601,975875,976942,977584,977614,977615,977616,977663,978224,981848,982268,982575,983249,984323,985054,988086,990207,990392,990419,990428,991193,991877,992120,992988,992989,992992,993130,993819,993825,993968,994749,994844,994910,995075,995324,995359,995377,995959,996255,997043,997614,998190,999665,999666,999668
CVE References: CVE-2006-2937,CVE-2006-2940,CVE-2006-3738,CVE-2006-4339,CVE-2006-4343,CVE-2006-7250,CVE-2007-3108,CVE-2007-4995,CVE-2007-5135,CVE-2008-0891,CVE-2008-1672,CVE-2008-5077,CVE-2009-0590,CVE-2009-0591,CVE-2009-0789,CVE-2009-1377,CVE-2009-1378,CVE-2009-1379,CVE-2009-1386,CVE-2009-1387,CVE-2010-0740,CVE-2010-0742,CVE-2010-1633,CVE-2010-2939,CVE-2010-3864,CVE-2010-5298,CVE-2011-0014,CVE-2011-3207,CVE-2011-3210,CVE-2011-3389,CVE-2011-4108,CVE-2011-4576,CVE-2011-4577,CVE-2011-4619,CVE-2011-4944,CVE-2012-0027,CVE-2012-0050,CVE-2012-0845,CVE-2012-0884,CVE-2012-1150,CVE-2012-1165,CVE-2012-2110,CVE-2012-2686,CVE-2012-4929,CVE-2013-0166,CVE-2013-0169,CVE-2013-1752,CVE-2013-4238,CVE-2013-4314,CVE-2013-4353,CVE-2013-6449,CVE-2013-6450,CVE-2014-0012,CVE-2014-0076,CVE-2014-0160,CVE-2014-0195,CVE-2014-0198,CVE-2014-0221,CVE-2014-0224,CVE-2014-1829,CVE-2014-1830,CVE-2014-2667,CVE-2014-3470,CVE-2014-3505,CVE-2014-3506,CVE-2014-3507,CVE-2014-3508,CVE-2014-3509,CVE-2014-3510,CVE-2014-3511,CVE-2014-3512,CVE-2014-3513,CVE-2014-3566,CVE-2014-3567,CVE-2014-3568,CVE-2014-3570,CVE-2014-3571,CVE-2014-3572,CVE-2014-4650,CVE-2014-5139,CVE-2014-7202,CVE-2014-7203,CVE-2014-8275,CVE-2014-9721,CVE-2015-0204,CVE-2015-0205,CVE-2015-0206,CVE-2015-0209,CVE-2015-0286,CVE-2015-0287,CVE-2015-0288,CVE-2015-0289,CVE-2015-0293,CVE-2015-1788,CVE-2015-1789,CVE-2015-1790,CVE-2015-1791,CVE-2015-1792,CVE-2015-2296,CVE-2015-3194,CVE-2015-3195,CVE-2015-3196,CVE-2015-3197,CVE-2015-3216,CVE-2015-4000,CVE-2016-0702,CVE-2016-0705,CVE-2016-0797,CVE-2016-0798,CVE-2016-0799,CVE-2016-0800,CVE-2016-10745,CVE-2016-2105,CVE-2016-2106,CVE-2016-2107,CVE-2016-2109,CVE-2016-2176,CVE-2016-2177,CVE-2016-2178,CVE-2016-2179,CVE-2016-2180,CVE-2016-2181,CVE-2016-2182,CVE-2016-2183,CVE-2016-6302,CVE-2016-6303,CVE-2016-6304,CVE-2016-6306,CVE-2016-7052,CVE-2016-7055,CVE-2016-9015,CVE-2017-18342,CVE-2017-3731,CVE-2017-3732,CVE-2017-3735,CVE-2017-3736,CVE-2017-3737,CVE-2017-3738,CVE-2018-0732,CVE-2018-0734,CVE-2018-0737,CVE-2018-0739,CVE-2018-18074,CVE-2018-20060,CVE-2018-5407,CVE-2018-7750,CVE-2019-10906,CVE-2019-11236,CVE-2019-11324,CVE-2019-13132,CVE-2019-1547,CVE-2019-1551,CVE-2019-1559,CVE-2019-1563,CVE-2019-20907,CVE-2019-20916,CVE-2019-5010,CVE-2019-6250,CVE-2019-8341,CVE-2019-9740,CVE-2019-9947,CVE-2020-14343,CVE-2020-15166,CVE-2020-15523,CVE-2020-15801,CVE-2020-1747,CVE-2020-1971,CVE-2020-25659,CVE-2020-26137,CVE-2020-27783,CVE-2020-28493,CVE-2020-29651,CVE-2020-36242,CVE-2020-8492,CVE-2021-23336,CVE-2021-23840,CVE-2021-23841,CVE-2021-28957,CVE-2021-29921,CVE-2021-3177,CVE-2021-33503,CVE-2021-3426,CVE-2021-3712
JIRA References: ECO-3105,SLE-11435,SLE-12684,SLE-12986,SLE-13688,SLE-14253,SLE-15159,SLE-15860,SLE-15861,SLE-16754,SLE-17532,SLE-17957,SLE-18260,SLE-18354,SLE-18446,SLE-19264,SLE-3887,SLE-4480,SLE-4577,SLE-7686,SLE-9135
Sources used:
SUSE Manager Tools 12-BETA (src):    venv-salt-minion-3002.2-3.3.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.