Is it planned to releaze an IPS signature for CVE-2017-3737?
I wonder why not just patch the OpenSSL version or the Debian Linux 9.0 ?
This is more logical) but the customer does not always understand this.
Yes, i know of such things .
As i have understood the CVE, some malicios app in the internet:
- starts an SSL handshake with the target OpenSSL
- fatal error will be returned in the initial function call by the target OpenSSL
- SSL_read()/SSL_write() is subsequently called by the malicios application for the same SSL object
- then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer
The possibilty for IPS is to either filter direct calls to SSL_read()/SSL_write() (this might lead to issues with software using them) or suppress the fatal error (also not a behaviour that is wanted).
To the best of my knowledge, there isn't any information about how this particular issue can be exploited.
This makes it tough to develop an IPS signature for it.
CP has its own sk92447 Status of OpenSSL CVEs that does not list this CVE - and the command for checking OpenSSL version by rpm returns nothing on R80.10: # rpm -qa | grep openssl
Retrieving data ...