Advisory ID

12048

Release date

2015-12-07

Last Updated

2015-12-07

Issue Severity

Low

Source

Source

OpenSSL

Release date

2015-12-03

CVSS v2 Base Score

MEDIUM

Problem Description

When presented with a malformed X509_ATTRIBUTE structure OpenSSL will leak memory. This structure is used by the PKCS#7 and CMS routines so any application which reads PKCS#7 or CMS data from untrusted sources is affected. SSL/TLS is not affected.

Find out more about CVE-2015-3195 from the OpenSSL project.

Impact

OpenSSL PKCS#7 is used in the BoKS Manager boks_pkcs7 program used internally for encryption/decryption of keystroke log data. The boks_pkcs7 program is only used with internally-generated encryption keys and thus not exposed to any data from untrusted external sources.

Affected Products

Product name

Version

BoKS Server Control

6.5.4-6.7.1,7.0

Workaround

There is no known workaround for this vulnerability.

Obtaining Fixed Software

No hotfix is required due to the low vulnerability risk for FoxT products.


Still have questions? We can help. Submit a case to Technical Support.

Last Modified On: May 25, 2018