NVD - Detail

National Cyber Awareness System

Vulnerability Summary for CVE-2015-0204

Original release date: 01/08/2015

Last revised: 09/27/2016

Source: US-CERT/NIST

Overview

The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the "FREAK" issue. NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations.

Impact

CVSS Severity (version 2.0):

CVSS v2 Base Score: 4.3 MEDIUM

Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)

Impact Subscore: 2.9

Exploitability Subscore: 8.6

CVSS Version 2 Metrics:

Access Vector: Network exploitable

Access Complexity: Medium

Authentication: Not required to exploit

Impact Type: Allows unauthorized modification

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: HP

Name: HPSBMU03396

Hyperlink: http://marc.info/?l=bugtraq&m=144050205101530&w=2

External Source: HP

Name: HPSBMU03397

Hyperlink: http://marc.info/?l=bugtraq&m=144050297101809&w=2

External Source: CONFIRM

Name: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html

Hyperlink: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html

External Source: CONFIRM

Name: https://www.openssl.org/news/secadv_20150319.txt

Hyperlink: https://www.openssl.org/news/secadv_20150319.txt

External Source: SUSE

Name: SUSE-SU-2015:0946

Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html

External Source: DEBIAN

Name: DSA-3125

Hyperlink: http://www.debian.org/security/2015/dsa-3125

External Source: CONFIRM

Name: http://support.novell.com/security/cve/CVE-2015-0204.html

Hyperlink: http://support.novell.com/security/cve/CVE-2015-0204.html

External Source: CONFIRM

Name: http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html

Hyperlink: http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html

External Source: CONFIRM

Name: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

Hyperlink: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

External Source: HP

Name: HPSBMU03409

Hyperlink: http://marc.info/?l=bugtraq&m=144050155601375&w=2

External Source: REDHAT

Name: RHSA-2015:0066

Hyperlink: http://rhn.redhat.com/errata/RHSA-2015-0066.html

External Source: MISC

Name: https://freakattack.com/

Type: Vendor Advisory

Hyperlink: https://freakattack.com/

External Source: SUSE

Name: openSUSE-SU-2015:0130

Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html

External Source: HP

Name: HPSBOV03318

Hyperlink: http://marc.info/?l=bugtraq&m=142895206924048&w=2

External Source: CONFIRM

Name: http://www-01.ibm.com/support/docview.wss?uid=swg21883640

Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg21883640

External Source: REDHAT

Name: RHSA-2015:0800

Hyperlink: http://rhn.redhat.com/errata/RHSA-2015-0800.html

External Source: REDHAT

Name: RHSA-2016:1650

Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-1650.html

External Source: HP

Name: HPSBMU03380

Hyperlink: http://marc.info/?l=bugtraq&m=143748090628601&w=2

External Source: CONFIRM

Name: http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html

Hyperlink: http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html

External Source: MANDRIVA

Name: MDVSA-2015:019

Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2015:019

External Source: HP

Name: HPSBMU03345

Hyperlink: http://marc.info/?l=bugtraq&m=144043644216842&w=2

External Source: REDHAT

Name: RHSA-2015:0849

Hyperlink: http://rhn.redhat.com/errata/RHSA-2015-0849.html

External Source: SUSE

Name: SUSE-SU-2015:0578

Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html

External Source: HP

Name: HPSBUX03162

Hyperlink: http://marc.info/?l=bugtraq&m=142496179803395&w=2

External Source: CISCO

Name: 20150310 Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products

Hyperlink: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl

External Source: CONFIRM

Name: https://www.openssl.org/news/secadv_20150108.txt

Type: Vendor Advisory

Hyperlink: https://www.openssl.org/news/secadv_20150108.txt

External Source: HP

Name: HPSBHF03289

Hyperlink: http://marc.info/?l=bugtraq&m=142721102728110&w=2

External Source: HP

Name: SSRT101885

Hyperlink: http://marc.info/?l=bugtraq&m=142496289803847&w=2

External Source: MANDRIVA

Name: MDVSA-2015:062

Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2015:062

External Source: CONFIRM

Name: http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

External Source: HP

Name: SSRT101987

Hyperlink: http://marc.info/?l=bugtraq&m=142720981827617&w=2

External Source: MANDRIVA

Name: MDVSA-2015:063

Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2015:063

External Source: CONFIRM

Name: https://github.com/openssl/openssl/commit/ce325c60c74b0fa784f5872404b722e120e5cab0

Hyperlink: https://github.com/openssl/openssl/commit/ce325c60c74b0fa784f5872404b722e120e5cab0

External Source: CONFIRM

Name: https://support.apple.com/HT204659

Hyperlink: https://support.apple.com/HT204659

External Source: APPLE

Name: APPLE-SA-2015-04-08-2

Hyperlink: http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html

External Source: HP

Name: SSRT102000

Hyperlink: http://marc.info/?l=bugtraq&m=143213830203296&w=2

External Source: HP

Name: HPSBMU03413

Hyperlink: http://marc.info/?l=bugtraq&m=144050254401665&w=2

External Source: BID

Name: 91787

Hyperlink: http://www.securityfocus.com/bid/91787

Vulnerable software and versions

* Denotes Vulnerable Software
Changes related to vulnerability configurations

Technical Details

Vulnerability Type (View All)

Cryptographic Issues (CWE-310)

CVE Standard Vulnerability Entry http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204

Change History 24 change records found - show changes

CVE Dictionary change - 8/22/2016 10:08:56 PM
Action	Type	Old Value	New Value
Added	Reference		http://marc.info/?l=bugtraq&m=144050205101530&w=2
Added	Reference		http://marc.info/?l=bugtraq&m=144043644216842&w=2
Added	Reference		http://marc.info/?l=bugtraq&m=143213830203296&w=2
Added	Reference		http://marc.info/?l=bugtraq&m=144050155601375&w=2
Added	Reference		http://marc.info/?l=bugtraq&m=142496179803395&w=2
Added	Reference		http://marc.info/?l=bugtraq&m=143748090628601&w=2
Added	Reference		http://marc.info/?l=bugtraq&m=142895206924048&w=2
Added	Reference		http://marc.info/?l=bugtraq&m=144050297101809&w=2
Added	Reference		http://marc.info/?l=bugtraq&m=144050254401665&w=2

CVE Dictionary change - 3/4/2015 9:59:01 PM
Action	Type	Old Value	New Value
Added	Reference		http://support.novell.com/security/cve/CVE-2015-0204.html

CVE Dictionary change - 3/31/2015 10:00:00 PM
Action	Type	Old Value	New Value
Added	Reference		http://www.mandriva.com/security/advisories?name=MDVSA-2015:062
Added	Reference		http://www.mandriva.com/security/advisories?name=MDVSA-2015:063

CVE Dictionary change - 3/23/2015 10:01:43 PM
Action	Type	Old Value	New Value
Added	Reference		https://www.openssl.org/news/secadv_20150319.txt

CVE Dictionary change - 4/16/2015 9:59:20 PM
Action	Type	Old Value	New Value
Added	Reference		http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html

CVE Dictionary change - 3/11/2015 10:01:38 PM
Action	Type	Old Value	New Value
Added	Reference		http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html
Added	Reference		http://www.debian.org/security/2015/dsa-3125
Added	Reference		http://marc.info/?l=bugtraq&m=142496289803847&w=2

CVE Dictionary change - 6/3/2015 10:01:35 PM
Action	Type	Old Value	New Value
Added	Reference		http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html

CVE Dictionary change - 2/20/2015 10:01:44 PM
Action	Type	Old Value	New Value
Added	Reference		http://www.mandriva.com/security/advisories?name=MDVSA-2015:019

CVE Dictionary change - 4/13/2015 10:00:05 PM
Action	Type	Old Value	New Value
Added	Reference		https://support.apple.com/HT204659
Added	Reference		http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html

CVE Dictionary change - 8/8/2016 9:59:01 PM
Action	Type	Old Value	New Value
Added	Reference		http://www.securityfocus.com/bid/91787

Quality Assurance - 3/26/2015 1:36:51 PM
Action	Type	Old Value	New Value
Changed	CVSS V2	(AV:N/AC:L/Au:N/C:N/I:P/A:N)	(AV:N/AC:M/Au:N/C:N/I:P/A:N)
Changed	Reference Type	https://freakattack.com/ No Types Assigned	https://freakattack.com/ Advisory

CVE Dictionary change - 3/26/2015 9:59:45 PM
Action	Type	Old Value	New Value
Added	Reference		http://marc.info/?l=bugtraq&m=142720981827617&w=2
Added	Reference		http://marc.info/?l=bugtraq&m=142721102728110&w=2
Added	Reference		http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html

CVE Dictionary change - 9/27/2016 9:59:10 PM
Action	Type	Old Value	New Value
Added	Reference		http://rhn.redhat.com/errata/RHSA-2016-1650.html

CVE Dictionary change - 7/16/2015 10:01:20 PM
Action	Type	Old Value	New Value
Added	Reference		http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

Translation provided - 2/17/2016 4:45:08 PM

Action

Type

Old Value

New Value

Removed

Translation

La función ssl3_get_key_exchange en s3_clnt.c en OpenSSL anterior a 0.9.8zd, 1.0.0 anterior a 1.0.0p, y 1.0.1 anterior a 1.0.1k permite a servidores SSL remotos realizar ataques de degradación de RSA a EXPORT_RSA y facilitar el descifrado a fuerza bruta mediante la oferta de una clave RSA efímera débil en un rol no conforme.

Added

Translation

Record truncated, showing 500 of 559 characters. View Entire Change Record

La función ssl3_get_key_exchange en s3_clnt.c en OpenSSL en versiones anteriores a 0.9.8zd, 1.0.0 en versiones anteriores a 1.0.0p y 1.0.1 en versiones anteriores a 1.0.1k permite a servidores SSL remotos llevar a cabo ataques de degradación de versión RSA-a-EXPORT_RSA y facilitar el descifrado de fuerza bruta ofreciendo una clave RSA efímera débil en un rol no sumiso, relacionado con el caso "FREAK" . NOTA: el alcance de esta CVE es solo código cliente basado en OpenSSL, no un problema de EXPOR

View Entire Change Record

CVE Dictionary change - 3/9/2015 9:59:48 PM

Action

Type

Old Value

New Value

Changed

Description

The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role.

The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the "FREAK" issue.  NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations.

Added

Reference

https://freakattack.com/

CVE Dictionary change - 7/21/2016 9:59:17 PM
Action	Type	Old Value	New Value
Added	Reference		http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

CVE Dictionary change - 3/16/2015 10:01:26 PM
Action	Type	Old Value	New Value
Added	Reference		http://rhn.redhat.com/errata/RHSA-2015-0066.html

CVE Dictionary change - 4/22/2015 9:59:46 PM
Action	Type	Old Value	New Value
Added	Reference		http://rhn.redhat.com/errata/RHSA-2015-0800.html
Added	Reference		http://rhn.redhat.com/errata/RHSA-2015-0849.html

CVE Dictionary change - 10/22/2015 10:00:05 PM
Action	Type	Old Value	New Value
Added	Reference		http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html

Quality Assurance - 1/9/2015 10:55:29 AM
Action	Type	Old Value	New Value
Added	CVSS V2		(AV:N/AC:L/Au:N/C:N/I:P/A:N)
Added	CPE Configuration		Record truncated, showing 500 of 1547 characters. View Entire Change Record Configuration 1 OR cpe:2.3:a:openssl:openssl:0.9.8zc::::::: (and previous) cpe:2.3:a:openssl:openssl:1.0.0a::::::: cpe:2.3:a:openssl:openssl:1.0.0b::::::: cpe:2.3:a:openssl:openssl:1.0.0c::::::: cpe:2.3:a:openssl:openssl:1.0.0d::::::: cpe:2.3:a:openssl:openssl:1.0.0e::::::: cpe:2.3:a:openssl:openssl:1.0.0f::::::: cpe:2.3:a:openssl:openssl:1.0.0g::::::
Changed	Reference Type	https://www.openssl.org/news/secadv_20150108.txt No Types Assigned	https://www.openssl.org/news/secadv_20150108.txt Advisory
Added	CWE		CWE-310

View Entire Change Record

CVE Dictionary change - 3/12/2015 9:59:29 PM
Action	Type	Old Value	New Value
Added	Reference		http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl

CVE Dictionary change - 1/21/2016 9:59:20 PM
Action	Type	Old Value	New Value
Added	Reference		http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html

CVE Dictionary change - 7/5/2015 9:59:34 PM
Action	Type	Old Value	New Value
Added	Reference		http://www-01.ibm.com/support/docview.wss?uid=swg21883640

You are viewing this page in an unauthorized frame window.

National Cyber Awareness System

Vulnerability Summary for CVE-2015-0204

Overview

Impact

CVSS Severity (version 2.0):

CVSS Version 2 Metrics:

References to Advisories, Solutions, and Tools

Vulnerable software and versions

Technical Details

Change History 24 change records found - show changes