CVE-2015-1793 has been reported against OpenSSL.
As some of ST versions utilize OpenSSL, the purpose of this article is to present the results of vulnerability analysis for currently supported branches of SecureTransport (ST).
The table below shows SecureTransport versions state in regard of CVE-2015-1793 :
|ST version||State of vulnerability||OpenSSL version used|
|5.0||not vulnerable||based on OpenSSL 0.9.8e|
|5.1.x||not vulnerable||based on OpenSSL 0.9.8e|
|5.2.x||not vulnerable||doesn’t use OpenSSL|
|5.3||not vulnerable||doesn’t use OpenSSL|
A bit more detail about CVE-2015-1793:
The reported CVE-2015-1793 is not a protocol vulnerability.
It causes the OpenSSL verification mechanism to fail to detect that an intermediate certificate has a CA=FALSE constraint and validate a certificate issued by it. OpenSSL is only affected in cases where alternate verification chain is being followed. This is OpenSSL specific vulnerability that only concerns specific versions (listed in CVE-2015-1793) and only when a specific path is followed (OpenSSL is only affected in cases where alternate verification chain is being followed).
In short vulnerability consists of X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints CA values during identification of alternative certificate chains, which allows remote attackers to spoof a Certification Authority role and trigger unintended certificate verifications via a valid leaf certificate.
The announcements from OpenSSL
state that the defect fixed in 1.0.1p is not applicable for the 0.9.8 releases, utilized by some of the ST versions in question.
In conclusion none of currently supported branches of ST is affected by CVE-2015-1793