VuXML ID | Description |
a5856eba-a015-11e4-a680-1c6f65c3c4ff | polarssl -- Remote attack using crafted certificates
PolarSSL team reports:
During the parsing of a ASN.1 sequence, a pointer in the linked list of asn1_sequence is not
initialized by asn1_get_sequence_of(). In case an error occurs during parsing of the list, a
situation is created where the uninitialized pointer is passed to polarssl_free().
This sequence can be triggered when a PolarSSL entity is parsing a certificate. So practically this
means clients when receiving a certificate from the server or servers in case they are actively
asking for a client certificate.
Discovery 2015-01-14 Entry 2015-01-19 polarssl
ge 1.2.0 lt 1.2.12_1
polarssl13
ge 1.3.0 lt 1.3.9_1
CVE-2015-1182
https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2014-04
https://www.certifiedsecure.com/polarssl-advisory/
|
07a1a76c-734b-11e5-ae81-14dae9d210b8 | mbedTLS/PolarSSL -- DoS and possible remote code execution
ARM Limited reports:
When the client creates its ClientHello message, due to
insufficient bounds checking it can overflow the heap-based buffer
containing the message while writing some extensions. Two extensions in
particular could be used by a remote attacker to trigger the overflow:
the session ticket extension and the server name indication (SNI)
extension.
Discovery 2015-10-05 Entry 2015-10-15 polarssl
ge 1.2.0 lt 1.2.17
polarssl13
ge 1.3.0 lt 1.3.14
mbedtls
< 2.1.2
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2015-01
CVE-2015-5291
|
5d280761-6bcf-11e5-9909-002590263bf5 | mbedTLS/PolarSSL -- multiple vulnerabilities
ARM Limited reports:
Florian Weimar from Red Hat published on Lenstra's RSA-CRT attach
for PKCS#1 v1.5 signatures. These releases include countermeasures
against that attack.
Fabian Foerg of Gotham Digital Science found a possible client-side
NULL pointer dereference, using the AFL Fuzzer. This dereference can
only occur when misusing the API, although a fix has still been
implemented.
Discovery 2015-09-18 Entry 2015-10-06 polarssl
ge 1.2.0 lt 1.2.16
polarssl13
ge 1.3.0 lt 1.3.13
mbedtls
< 2.1.1
https://tls.mbed.org/tech-updates/releases/mbedtls-2.1.1-and-1.3.13-and-polarssl-1.2.16-released
|
953aaa57-6bce-11e5-9909-002590263bf5 | mbedTLS/PolarSSL -- multiple vulnerabilities
ARM Limited reports:
In order to strengthen the minimum requirements for connections and
to protect against the Logjam attack, the minimum size of
Diffie-Hellman parameters accepted by the client has been increased
to 1024 bits.
In addition the default size for the Diffie-Hellman parameters on
the server are increased to 2048 bits. This can be changed with
ssl_set_dh_params() in case this is necessary.
Discovery 2015-08-11 Entry 2015-10-06 polarssl
ge 1.2.0 lt 1.2.15
polarssl13
ge 1.3.0 lt 1.3.12
https://tls.mbed.org/tech-updates/releases/polarssl-1.2.15-and-mbedtls-1.3.12-released
|
d3216606-2b47-11e5-a668-080027ef73ec | PolarSSL -- Security Fix Backports
Paul Bakker reports:
PolarSSL 1.2.14 fixes one remotely-triggerable issues that was
found by the Codenomicon Defensics tool, one potential remote crash
and countermeasures against the "Lucky 13 strikes back" cache-based
attack.
Discovery 2015-06-26 Entry 2015-07-15 polarssl
< 1.2.14
https://tls.mbed.org/tech-updates/releases/polarssl-1.2.14-released
|
ccefac3e-2aed-11e3-af10-000c29789cb5 | polarssl -- Timing attack against protected RSA-CRT implementation
PolarSSL Project reports:
The researchers Cyril Arnaud and Pierre-Alain Fouque
investigated the PolarSSL RSA implementation and discovered
a bias in the implementation of the Montgomery multiplication
that we used. For which they then show that it can be used to
mount an attack on the RSA key. Although their test attack is
done on a local system, there seems to be enough indication
that this can properly be performed from a remote system as
well.
All versions prior to PolarSSL 1.2.9 and 1.3.0 are affected
if a third party can send arbitrary handshake messages to your
server.
If correctly executed, this attack reveals the entire private
RSA key after a large number of attack messages (> 600.000 on
a local machine) are sent to show the timing differences.
Discovery 2013-10-01 Entry 2013-10-02 polarssl
< 1.2.9
CVE-2013-5915
https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2013-05
https://polarssl.org/tech-updates/releases/polarssl-1.2.9-released
|
72bf9e21-03df-11e3-bd8d-080027ef73ec | polarssl -- denial of service vulnerability
Paul Bakker reports:
A bug in the logic of the parsing of PEM encoded certificates in
x509parse_crt() can result in an infinite loop, thus hogging processing
power.
While parsing a Certificate message during the SSL/TLS handshake,
PolarSSL extracts the presented certificates and sends them on to
be parsed. As the RFC specifies that the certificates in the
Certificate message are always X.509 certificates in DER format,
bugs in the decoding of PEM certificates should normally not be
triggerable via the SSL/TLS handshake.
Versions of PolarSSL prior to 1.1.7 in the 1.1 branch and prior
to 1.2.8 in the 1.2 branch call the generic x509parse_crt()
function for parsing during the handshake. x509parse_crt() is a
generic functions that wraps parsing of both PEM-encoded and
DER-formatted certificates. As a result it is possible to craft
a Certificate message that includes a PEM encoded certificate in
the Certificate message that triggers the infinite loop.
Discovery 2013-06-21 Entry 2013-08-13 Modified 2013-08-15 polarssl
< 1.2.8
CVE-2013-4623
https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2013-03
|