OS X update for Admin Framework (CVE-2015-0289)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:N/I:N/A:P) | March 19, 2015 | August 28, 2015 | January 04, 2017 |
Description
The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly handle a lack of outer ContentInfo, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an application that processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding, related to crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c.
Scan For This Vulnerability
Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities
References
Solution
apple-osx-security-update-2015-005Related Vulnerabilities
- OS X update for OpenSSL (CVE-2015-0289)
- RHSA-2015:0800: openssl security update
- SUSE: CVE-2015-0289: SUSE Linux Security Advisory
- Amazon Linux AMI: Security patch for openssl (ALAS-2015-498) (multiple CVEs)
- Oracle Solaris 11: CVE-2015-0289: Vulnerability in OpenSSL
- DSA-3197-1 openssl -- security update
- Cisco NX-OS: Multiple Vulnerabilities in OpenSSL (March 2015) Affecting Cisco Products (Multiple CVEs)
- RHSA-2015:0715: openssl security update
- HP System Management Homepage - (Multiple Advisories) (CVE-2015-0289): Windows 2003, Multiple Vulnerabilities
- USN-2537-1: OpenSSL vulnerabilities
- IBM AIX: openssl_advisory13 (CVE-2015-0289): Vulnerabilities in OpenSSL affects AIX
- Gentoo Linux: CVE-2015-0289: OpenSSL: Multiple vulnerabilities
- HP-UX: CVE-2015-0289: Potential security vulnerabilities have been identified with HP-UX running OpenSSL. These vulnerabilities could be exploited remotely to create a remote Denial of Service (DoS) and other vulnerabilites.
- ELSA-2015-0715 Moderate: Oracle Linux openssl security update
- OpenSSL PKCS7 NULL pointer dereferences (CVE-2015-0289)
- FreeBSD: OpenSSL -- multiple vulnerabilities (FreeBSD-SA-15:06.openssl) (Multiple CVEs)
- HP Systems Insight Manager - HPSBMU03394 (CVE-2015-0289): Linux and Windows, Multiple Vulnerabilities
- ELSA-2015-2617 Moderate: Oracle Linux openssl security update
- RHSA-2015:0716: openssl security and bug fix update
- ELSA-2015-0800 Moderate: Oracle Linux openssl security update
- ELSA-2015-0716 Moderate: Oracle Linux openssl security and bug fix update