ID de Prueba:	1.3.6.1.4.1.25623.1.0.105363
Categoría:	F5 Local Security Checks
Título:	F5 BIG-IP - PKCS #7 vulnerability CVE-2015-1790
Resumen:	The remote host is missing a security patch.
Descripción:	Summary: The remote host is missing a security patch. Vulnerability Insight: The PKCS7_dataDecodefunction in crypto/pkcs7/pk7_doit.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a PKCS#7 blob that uses ASN.1 encoding and lacks inner EncryptedContent data. (CVE-2015-1790) Vulnerability Impact: An attacker may be able to craft malformed ASN.1-encoded PKCS#7 blobs with missing content and trigger a NULL pointer dereference on parsing.Note: This vulnerability is exploitable only through the BIG-IP control plane (non-Traffic Management Microkernel (TMM) related tasks). Solution: See the referenced vendor advisory for a solution. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2015-1790 1032564 http://www.securitytracker.com/id/1032564 20150612 Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl 75157 http://www.securityfocus.com/bid/75157 91787 http://www.securityfocus.com/bid/91787 APPLE-SA-2015-08-13-2 http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html DSA-3287 http://www.debian.org/security/2015/dsa-3287 FEDORA-2015-10047 http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160436.html FEDORA-2015-10108 http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160647.html GLSA-201506-02 https://security.gentoo.org/glsa/201506-02 HPSBGN03371 http://marc.info/?l=bugtraq&m=143654156615516&w=2 HPSBMU03409 http://marc.info/?l=bugtraq&m=144050155601375&w=2 HPSBUX03388 http://marc.info/?l=bugtraq&m=143880121627664&w=2 NetBSD-SA2015-008 http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc RHSA-2015:1115 http://rhn.redhat.com/errata/RHSA-2015-1115.html RHSA-2015:1197 http://rhn.redhat.com/errata/RHSA-2015-1197.html SSRT102180 SUSE-SU-2015:1143 http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html SUSE-SU-2015:1150 http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html SUSE-SU-2015:1181 http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00003.html SUSE-SU-2015:1182 http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html SUSE-SU-2015:1183 http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00005.html SUSE-SU-2015:1184 http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html SUSE-SU-2015:1185 http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html USN-2639-1 http://www.ubuntu.com/usn/USN-2639-1 http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10694 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10733 http://www.fortiguard.com/advisory/2015-06-11-fortinet-vulnerability-openssl-vulnerabilities-june-2015 http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015 http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html https://bto.bluecoat.com/security-advisory/sa98 https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf https://github.com/openssl/openssl/commit/59302b600e8d5b77ef144e447bb046fd7ab72686 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131044 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05353965 https://kc.mcafee.com/corporate/index?page=content&id=SB10122 https://openssl.org/news/secadv/20150611.txt https://support.apple.com/kb/HT205031 https://www.arista.com/en/support/advisories-notices/security-advisories/1144-security-advisory-11 https://www.openssl.org/news/secadv_20150611.txt openSUSE-SU-2015:1139 http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html openSUSE-SU-2015:1277 http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html openSUSE-SU-2016:0640 http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
Copyright	Copyright (C) 2015 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.