cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question
Olga_Kuts
Silver

IPS Signature for CVE-2017-3737

Hello!

Is it planned to releaze an IPS signature for CVE-2017-3737?

0 Kudos
6 Replies

Re: IPS Signature for CVE-2017-3737

I wonder why not just patch the OpenSSL version or the Debian Linux 9.0 ?

0 Kudos
Olga_Kuts
Silver

Re: IPS Signature for CVE-2017-3737

This is more logical) but the customer does not always understand this.

0 Kudos

Re: IPS Signature for CVE-2017-3737

Yes, i know of such things .

0 Kudos

Re: IPS Signature for CVE-2017-3737

As i have understood the CVE, some malicios app in the internet:

- starts an SSL handshake with the target OpenSSL

- fatal error will be returned in the initial function call by the target OpenSSL

- SSL_read()/SSL_write() is subsequently called by the malicios application for the same SSL object

- then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer

The possibilty for IPS is to either filter direct calls to SSL_read()/SSL_write() (this might lead to issues with software using them) or suppress the fatal error (also not a behaviour that is wanted).

Admin
Admin

Re: IPS Signature for CVE-2017-3737

To the best of my knowledge, there isn't any information about how this particular issue can be exploited.

This makes it tough to develop an IPS signature for it.

Re: IPS Signature for CVE-2017-3737

CP has its own sk92447 Status of OpenSSL CVEs that does not list this CVE - and the command for checking OpenSSL version by rpm returns nothing on R80.10: # rpm -qa | grep openssl

0 Kudos