Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Olga_Kuts
Advisor

IPS Signature for CVE-2017-3737

Hello!

Is it planned to releaze an IPS signature for CVE-2017-3737?

0 Kudos
6 Replies
G_W_Albrecht
Legend
Legend

I wonder why not just patch the OpenSSL version or the Debian Linux 9.0 ?

CCSE CCTE CCSM SMB Specialist
0 Kudos
Olga_Kuts
Advisor

This is more logical) but the customer does not always understand this.

0 Kudos
G_W_Albrecht
Legend
Legend

Yes, i know of such things .

CCSE CCTE CCSM SMB Specialist
0 Kudos
G_W_Albrecht
Legend
Legend

As i have understood the CVE, some malicios app in the internet:

- starts an SSL handshake with the target OpenSSL

- fatal error will be returned in the initial function call by the target OpenSSL

- SSL_read()/SSL_write() is subsequently called by the malicios application for the same SSL object

- then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer

The possibilty for IPS is to either filter direct calls to SSL_read()/SSL_write() (this might lead to issues with software using them) or suppress the fatal error (also not a behaviour that is wanted).

CCSE CCTE CCSM SMB Specialist
PhoneBoy
Admin
Admin

To the best of my knowledge, there isn't any information about how this particular issue can be exploited.

This makes it tough to develop an IPS signature for it.

G_W_Albrecht
Legend
Legend

CP has its own sk92447 Status of OpenSSL CVEs that does not list this CVE - and the command for checking OpenSSL version by rpm returns nothing on R80.10: # rpm -qa | grep openssl

CCSE CCTE CCSM SMB Specialist
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events