CVE-2015-0205

Name of the Vulnerable Software and Affected Versions OpenSSL versions 1.0.0 through 1.0.0p OpenSSL versions 1.0.1 through 1.0.1k openssl-1.0.1e openssl-devel-1.0.1e openssl-static-1.0.1e openssl-libs-1.0.1e openssl-debuginfo-1.0.1e

Description The issue allows remote attackers to obtain access without knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support. This is due to the ssl3 get cert verify function in s3 srvr.c in OpenSSL accepting client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message. The vulnerability can lead to disruption of protected information and can be exploited remotely.

Recommendations For OpenSSL versions 1.0.0 through 1.0.0p, update to version 1.0.0p or later. For OpenSSL versions 1.0.1 through 1.0.1k, update to version 1.0.1k or later. For openssl-1.0.1e, openssl-devel-1.0.1e, openssl-static-1.0.1e, openssl-libs-1.0.1e, and openssl-debuginfo-1.0.1e, update to a version that is not vulnerable. As a temporary workaround, consider disabling the ssl3 get cert verify function until a patch is available. Restrict access to the vulnerable module to minimize the risk of exploitation.