Back to search

OS X update for Admin Framework (CVE-2015-0289)

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:N/I:N/A:P)	March 19, 2015	August 28, 2015	January 04, 2017

Description

The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly handle a lack of outer ContentInfo, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an application that processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding, related to crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c.

Scan For This Vulnerability

Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities

Free InsightVM Trial

References

APPLE-APPLE-SA-2015-06-30-2
BID-73231
CVE-2015-0289
DEBIAN-DSA-3197
DISA_SEVERITY-Category I
DISA_VMSKEY-V0060997
IAVM-2015-A-0135
REDHAT-RHSA-2015:0715
REDHAT-RHSA-2015:0716
REDHAT-RHSA-2015:0752
REDHAT-RHSA-2015:0800
URL: http://support.apple.com/kb/HT204942

Solution

apple-osx-security-update-2015-005

Related Vulnerabilities

OS X update for OpenSSL (CVE-2015-0289)
RHSA-2015:0800: openssl security update
Oracle Linux: CVE-2015-0289: ELSA-2016-3558 - openssl security update
SUSE: CVE-2015-0289: SUSE Linux Security Advisory
Amazon Linux AMI: Security patch for openssl (ALAS-2015-498) (multiple CVEs)
Oracle Solaris 11: CVE-2015-0289: Vulnerability in OpenSSL
DSA-3197-1 openssl -- security update
Cisco NX-OS: Multiple Vulnerabilities in OpenSSL (March 2015) Affecting Cisco Products (Multiple CVEs)
RHSA-2015:0715: openssl security update
HP System Management Homepage - (Multiple Advisories) (CVE-2015-0289): Windows 2003, Multiple Vulnerabilities
USN-2537-1: OpenSSL vulnerabilities
IBM AIX: openssl_advisory13 (CVE-2015-0289): Vulnerabilities in OpenSSL affects AIX
Gentoo Linux: CVE-2015-0289: OpenSSL: Multiple vulnerabilities
HP-UX: CVE-2015-0289: Potential security vulnerabilities have been identified with HP-UX running OpenSSL. These vulnerabilities could be exploited remotely to create a remote Denial of Service (DoS) and other vulnerabilites.
ELSA-2015-0715 Moderate: Oracle Linux openssl security update
OpenSSL PKCS7 NULL pointer dereferences (CVE-2015-0289)
FreeBSD: OpenSSL -- multiple vulnerabilities (FreeBSD-SA-15:06.openssl) (Multiple CVEs)
HP Systems Insight Manager - HPSBMU03394 (CVE-2015-0289): Linux and Windows, Multiple Vulnerabilities
ELSA-2015-2617 Moderate: Oracle Linux openssl security update
RHSA-2015:0716: openssl security and bug fix update
ELSA-2015-0800 Moderate: Oracle Linux openssl security update
ELSA-2015-0716 Moderate: Oracle Linux openssl security and bug fix update

Vulnerability & Exploit Database

OS X update for Admin Framework (CVE-2015-0289)

Description

Scan For This Vulnerability

References

Solution

Related Vulnerabilities

Legal

Resources & Help

Connect With Us

Stay in touch:

Quick Cookie Notification

Vulnerability & Exploit Database

OS X update for Admin Framework (CVE-2015-0289)

Description

Scan For This Vulnerability

References

Solution

Related Vulnerabilities

Legal

Resources & Help

Connect With Us

Stay in touch: