cnvd - cnvd-2015-01700

CNVD-2015-01700

Vulnerability from cnvd - Published: 2015-03-17

Title

Microsoft Secure Channel中间人安全绕过漏洞

Description

Microsoft Windows是一款流行的操作系统。 Windows中的Microsoft Secure Channel未能正确限制tls状态转换，允许攻击者利用漏洞提交特殊的tls通信，进行freak攻击，可把加密级别下降为export_rsa加密，可获取敏感信息等。

Severity

中

Patch Name

Microsoft Secure Channel中间人安全绕过漏洞的补丁

Patch Description

Microsoft Windows是一款流行的操作系统。Windows中的Microsoft Secure Channel未能正确限制tls状态转换，允许攻击者利用漏洞提交特殊的tls通信，进行freak攻击，可把加密级别下降为export_rsa加密，可获取敏感信息等。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可参考如下厂商提供的安全公告获取补丁以修复该漏洞： https://technet.microsoft.com/library/security/3046015

Reference

https://technet.microsoft.com/library/security/3046015

Impacted products

Name
['Microsoft Windows Server 2008 R2 SP1', 'Microsoft Windows Server 2008 SP2', 'Microsoft Windows 7 SP1', 'Microsoft Windows Server 2003 SP2', 'Microsoft Windows Vista sp2', 'Microsoft Windows 8.1', 'Microsoft Windows 8', 'Microsoft Windows Server 2012 R2', 'Microsoft Windows RT 8.1', 'Microsoft Windows server 2012 Gold', 'Microsoft Windows RT Gold']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "72965"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-1637"
    }
  },
  "description": "Microsoft Windows\u662f\u4e00\u6b3e\u6d41\u884c\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nWindows\u4e2d\u7684Microsoft Secure Channel\u672a\u80fd\u6b63\u786e\u9650\u5236tls\u72b6\u6001\u8f6c\u6362\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u63d0\u4ea4\u7279\u6b8a\u7684tls\u901a\u4fe1\uff0c\u8fdb\u884cfreak\u653b\u51fb\uff0c\u53ef\u628a\u52a0\u5bc6\u7ea7\u522b\u4e0b\u964d\u4e3aexport_rsa\u52a0\u5bc6\uff0c\u53ef\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u7b49\u3002",
  "discovererName": "Microsoft",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u53d6\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttps://technet.microsoft.com/library/security/3046015",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-01700",
  "openTime": "2015-03-17",
  "patchDescription": "Microsoft Windows\u662f\u4e00\u6b3e\u6d41\u884c\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002Windows\u4e2d\u7684Microsoft Secure Channel\u672a\u80fd\u6b63\u786e\u9650\u5236tls\u72b6\u6001\u8f6c\u6362\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u63d0\u4ea4\u7279\u6b8a\u7684tls\u901a\u4fe1\uff0c\u8fdb\u884cfreak\u653b\u51fb\uff0c\u53ef\u628a\u52a0\u5bc6\u7ea7\u522b\u4e0b\u964d\u4e3aexport_rsa\u52a0\u5bc6\uff0c\u53ef\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u7b49\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Microsoft Secure Channel\u4e2d\u95f4\u4eba\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Microsoft Windows Server 2008 R2 SP1",
      "Microsoft Windows Server 2008 SP2",
      "Microsoft Windows 7 SP1",
      "Microsoft Windows Server 2003   SP2",
      "Microsoft Windows Vista sp2",
      "Microsoft Windows 8.1",
      "Microsoft Windows 8",
      "Microsoft Windows Server 2012 R2",
      "Microsoft Windows RT 8.1",
      "Microsoft Windows server 2012 Gold",
      "Microsoft Windows RT Gold"
    ]
  },
  "referenceLink": "https://technet.microsoft.com/library/security/3046015",
  "serverity": "\u4e2d",
  "submitTime": "2015-03-12",
  "title": "Microsoft Secure Channel\u4e2d\u95f4\u4eba\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e"
}

CVE-2015-1637 (GCVE-0-2015-1637)

Vulnerability from cvelistv5 – Published: 2015-03-06 17:00 – Updated: 2024-08-06 04:47

Summary

Schannel (aka Secure Channel) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204 and CVE-2015-1067.

Severity ?

No CVSS data available.

CWE

Assigner

microsoft

References

URL

Tags

	https://technet.microsoft.com/library/security/3046015	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1031833	vdb-entryx_refsource_SECTRACK
	http://www.securityfocus.com/bid/72965	vdb-entryx_refsource_BID
	https://freakattack.com/	x_refsource_MISC
	https://docs.microsoft.com/en-us/security-updates…	vendor-advisoryx_refsource_MS
	http://web.archive.org/web/20150321220028/https:/…	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T04:47:17.473Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://technet.microsoft.com/library/security/3046015"
          },
          {
            "name": "1031833",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1031833"
          },
          {
            "name": "72965",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/72965"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://freakattack.com/"
          },
          {
            "name": "MS15-031",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-031"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://web.archive.org/web/20150321220028/https://freakattack.com/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-03-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Schannel (aka Secure Channel) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the \"FREAK\" issue, a different vulnerability than CVE-2015-0204 and CVE-2015-1067."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-04-07T16:25:32",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://technet.microsoft.com/library/security/3046015"
        },
        {
          "name": "1031833",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1031833"
        },
        {
          "name": "72965",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/72965"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://freakattack.com/"
        },
        {
          "name": "MS15-031",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-031"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://web.archive.org/web/20150321220028/https://freakattack.com/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2015-1637",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Schannel (aka Secure Channel) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the \"FREAK\" issue, a different vulnerability than CVE-2015-0204 and CVE-2015-1067."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://technet.microsoft.com/library/security/3046015",
              "refsource": "CONFIRM",
              "url": "https://technet.microsoft.com/library/security/3046015"
            },
            {
              "name": "1031833",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1031833"
            },
            {
              "name": "72965",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/72965"
            },
            {
              "name": "https://freakattack.com/",
              "refsource": "MISC",
              "url": "https://freakattack.com/"
            },
            {
              "name": "MS15-031",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-031"
            },
            {
              "name": "http://web.archive.org/web/20150321220028/https://freakattack.com/",
              "refsource": "MISC",
              "url": "http://web.archive.org/web/20150321220028/https://freakattack.com/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2015-1637",
    "datePublished": "2015-03-06T17:00:00",
    "dateReserved": "2015-02-17T00:00:00",
    "dateUpdated": "2024-08-06T04:47:17.473Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2015-01700

CVE-2015-1637 (GCVE-0-2015-1637)

Tags

Sightings

Nomenclature