Is Access Manager vulnerable to CVE-2015-3195 (X509_ATTRIBUTE memory leak)

  • 7017047
  • 04-Dec-2015
  • 04-Dec-2015

Environment

NetIQ Access Manager 4.2
NetIQ Access Manager 4.1
NetIQ Access Manager 4.0

Situation

When presented with a malformed X509_ATTRIBUTE structure OpenSSL will leak
memory. This structure is used by the PKCS#7 and CMS routines so any
application which reads PKCS#7 or CMS data from untrusted sources is affected.
SSL/TLS is not affected.

This issue affects OpenSSL versions 1.0.2 and 1.0.1, 1.0.0 and 0.9.8.

Is NAM effected by this?

Resolution

NAM uses PKCS12 content formats and is not effected by this vulnerability.

Feedback service temporarily unavailable. For content questions or problems, please contact Support.