FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

openssl -- alternate chains certificate forgery vulnerability

Affected packages
1.0.2_2 <= openssl < 1.0.2_4
1.0.2b <= mingw32-openssl < 1.0.2d

Details

VuXML ID 075952fe-267e-11e5-9d03-3c970e169bc2
Discovery 2015-07-09
Entry 2015-07-09

OpenSSL reports:

During certificate verification, OpenSSL (starting from version 1.0.1n and 1.0.2b) will attempt to find an alternative certificate chain if the first attempt to build such a chain fails. An error in the implementation of this logic can mean that an attacker could cause certain checks on untrusted certificates to be bypassed, such as the CA flag, enabling them to use a valid leaf certificate to act as a CA and "issue" an invalid certificate.

References

CVE Name CVE-2015-1793
URL https://www.openssl.org/news/secadv_20150709.txt