SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (VPN)  >   OpenSSL Vendors:   OpenSSL.org
OpenSSL Flaws Let Remote Users Deny Service and Decrypt TLS Sessions in Certain Cases
SecurityTracker Alert ID:  1035133
SecurityTracker URL:  http://securitytracker.com/id/1035133
CVE Reference:   CVE-2016-0702, CVE-2016-0703, CVE-2016-0704, CVE-2016-0705, CVE-2016-0797, CVE-2016-0798, CVE-2016-0799, CVE-2016-0800, CVE-2016-2842   (Links to External Site)
Updated:  Apr 19 2016
Original Entry Date:  Mar 1 2016
Impact:   Denial of service via network, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to versions 1.0.1s, 1.0.2g
Description:   Multiple vulnerabilities were reported in OpenSSL. A remote user can decrypt TLS sessions in certain cases. A remote user can cause denial of service conditions on the target system.

A remote user can decrypt TLS sessions in certain cases by using a server that supports SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA padding oracle [CVE-2016-0800]. This attack is known as a DROWN attack.

Systems with a private key used on another server for any protocol that allows SSLv2 connections are affected.

Systems running versions prior to 1.0.2a, 1.0.1m, 1.0.0r, and 0.9.8zf (released on March 19, 2015) can be exploited more readily.

The original advisory is available at:

https://drownattack.com/drown-attack-paper.pdf

Nimrod Aviram, Sebastian Schinzel, Juraj Somorovsky, Nadia Heninger, Maik Dankel, Jens Steube, Luke Valenta, David Adrian, J. Alex Halderman, Viktor Dukhovni, Emilia Kasper, Shaanan Cohney, Susanne Engels, Christof Paar, and Yuval Shavitt reported this vulnerability.

A remote user can create a specially crafted private DSA key that, when processed by OpenSSL, will trigger a double free memory error and cause denial of service conditions [CVE-2016-0705].

Adam Langley (Google/BoringSSL) reported this vulnerability.

A remote user can supply a specially crafted username value to the target SRP server to trigger a memory leak [CVE-2016-0798].

Emilia Kasper of the OpenSSL development team reported this vulnerability.

A user can create specially crafted data (e.g., configuration file) that, when processed by OpenSSL, will trigger a null pointer dereference in the BN_hex2bn/BN_dec2bn() functions [CVE-2016-0797].

Guido Vranken reported this vulnerability.

A user can create specially crafted data that, when processed by OpenSSL, will trigger a memory error in BIO_*printf() functions [CVE-2016-0799].

Guido Vranken reported this vulnerability.

A local user can conduct a side-channel attack against a system based on the Intel Sandy-Bridge microarchitecture to potentially recover RSA keys [CVE-2016-0702].

Yuval Yarom, the University of Adelaide and NICTA, Daniel Genkin, Technion and Tel Aviv University, and Nadia Heninger, University of Pennsylvania, reported this vulnerability.

The SSLv2 's2_srvr.c' code does not ensure that a clear-key-length value is 0 for non-export ciphers. As a result, clear-key bytes can displace encrypted-key bytes, which can be exploited to conduct a key recovery attack [CVE-2016-0703].

Versions 1.0.2, 1.0.1l, 1.0.0q, and 0.9.8ze and prior versions are affected.

David Adrian and J. Alex Halderman of the University of Michigan reported this vulnerability.

The Bleichenbacher protection for export cipher suites in 's2_srvr.c' overwrites bytes incorrectly in the master-key, which may provide a Bleichenbacher oracle that can be used to decrypt sessions [CVE-2016-0704].

Versions 1.0.2, 1.0.1l, 1.0.0q, and 0.9.8ze and all prior versions are affected.

David Adrian and J. Alex Halderman of the University of Michigan reported this vulnerability.

A remote user can trigger an out-of-bounds memory write error in doapr_outch() in 'crypto/bio/b_print.c' to potentially execute arbitrary code on the target system [CVE-2016-2842].

Guido Vranken reported this vulnerability.

Impact:   A remote user can decrypt TLS sessions in certain cases.

A remote user can cause denial of service conditions.

A remote user can execute arbitrary code on the target system.

Solution:   The vendor has issued a fix (1.0.1s, 1.0.2g).

The vendor's advisory is available at:

http://openssl.org/news/secadv/20160301.txt

Vendor URL:  openssl.org/news/secadv/20160301.txt (Links to External Site)
Cause:   Access control error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Mar 1 2016 (Red Hat Issues Fix) OpenSSL Flaws Let Remote Users Deny Service and Decrypt TLS Sessions in Certain Cases
Red Hat has issued a fix for Red Hat Enterprise Linux 6 and 7.
Mar 1 2016 (Red Hat Issues Fix) OpenSSL Flaws Let Remote Users Deny Service and Decrypt TLS Sessions in Certain Cases
Red Hat has issued a fix for Red Hat Enterprise Linux 5.
Mar 1 2016 (CentOS Issues Fix) OpenSSL Flaws Let Remote Users Deny Service and Decrypt TLS Sessions in Certain Cases
CentOS has issued a fix for CentOS 6 and 7.
Mar 1 2016 (Ubuntu Issues Fix) OpenSSL Flaws Let Remote Users Deny Service and Decrypt TLS Sessions in Certain Cases
Ubuntu has issued a fix for Ubuntu Linux 12.04 LTS, 14.04 LTS, and 15.10.
Mar 1 2016 (Red Hat Issues Fix) OpenSSL Flaws Let Remote Users Deny Service and Decrypt TLS Sessions in Certain Cases
Red Hat has issued a fix for Red Hat Enterprise Linux 6.2, 6.4, and 6.5.
Mar 1 2016 (Red Hat Issues Fix) OpenSSL Flaws Let Remote Users Deny Service and Decrypt TLS Sessions in Certain Cases
Red Hat has issued a fix for Red Hat Enterprise Linux 5.6 and 5.9.
Mar 2 2016 (Red Hat Issues Fix) OpenSSL Flaws Let Remote Users Deny Service and Decrypt TLS Sessions in Certain Cases
Red Hat has issued a fix for Red Hat Enterprise Linux 6.6 and 7.1.
Mar 2 2016 (CentOS Issues Fix) OpenSSL Flaws Let Remote Users Deny Service and Decrypt TLS Sessions in Certain Cases
CentOS has issued a fix for CentOS 5.
Mar 2 2016 (Oracle Issues Fix for Oracle Linux) OpenSSL Flaws Let Remote Users Deny Service and Decrypt TLS Sessions in Certain Cases
Oracle has issued a fix for Oracle Linux 6 and 7.
Mar 9 2016 (Red Hat Issues Fix) OpenSSL Flaws Let Remote Users Deny Service and Decrypt TLS Sessions in Certain Cases
Red Hat has issued a fix for Red Hat Enterprise Linux 6 and 7.
Mar 10 2016 (Red Hat Issues Fix for Red Hat Enterprise Virtualization) OpenSSL Flaws Let Remote Users Deny Service and Decrypt TLS Sessions in Certain Cases
Red Hat has issued a fix for Red Hat Enterprise Virtualization.
Mar 10 2016 (FreeBSD Issues Fix) OpenSSL Flaws Let Remote Users Deny Service and Decrypt TLS Sessions in Certain Cases
FreeBSD has issued a fix for FreeBSD 9.3, 10.1, and 10.2.
Mar 15 2016 (Red Hat Issues Fix for JBoss Web Server) OpenSSL Flaws Let Remote Users Deny Service and Decrypt TLS Sessions in Certain Cases
Red Hat has issued a fix for JBoss Web Server.
Mar 15 2016 (Tenable Issues Fix for Tenable Nessus) OpenSSL Flaws Let Remote Users Deny Service and Decrypt TLS Sessions in Certain Cases
Tenable has issued a fix for Tenable Nessus.
Mar 15 2016 (Juniper Issues Fix for Juniper ScreenOS) OpenSSL Flaws Let Remote Users Deny Service and Decrypt TLS Sessions in Certain Cases
Juniper has issued a configuration solution for Juniper ScreenOS.
Mar 15 2016 (Juniper Issues Fix for Juniper Security Threat Response Manager) OpenSSL Flaws Let Remote Users Deny Service and Decrypt TLS Sessions in Certain Cases
Juniper has issued a fix for Juniper Security Threat Response Manager.
Mar 15 2016 (Juniper Issues Advisory for Juniper WLC) OpenSSL Flaws Let Remote Users Deny Service and Decrypt TLS Sessions in Certain Cases
Juniper has issued an advisory for Juniper WLC.
Mar 22 2016 (Red Hat Issues Fix for JBoss Enterprise Application Platform) OpenSSL Flaws Let Remote Users Deny Service and Decrypt TLS Sessions in Certain Cases
Red Hat has issued a fix for JBoss EAP for Windows and Solaris.
Mar 25 2016 (HP Issues Fix for HPE IceWall) OpenSSL Flaws Let Remote Users Deny Service and Decrypt TLS Sessions in Certain Cases
HP has issued a fix for HPE IceWall.
Apr 5 2016 (HPE Issues Fix for HPE OneView for VMware vCenter) OpenSSL Flaws Let Remote Users Deny Service and Decrypt TLS Sessions in Certain Cases
HPE has issued a fix for HPE OneView for VMware vCenter.
Apr 5 2016 (IBM Issues Fix for IBM AIX) OpenSSL Flaws Let Remote Users Deny Service and Decrypt TLS Sessions in Certain Cases
IBM has issued a fix for IBM AIX 5.3, 6.1, 7.1, and 7.2.
Apr 5 2016 (IBM Issues Fix for IBM Tivoli Composite Application Manager) OpenSSL Flaws Let Remote Users Deny Service and Decrypt TLS Sessions in Certain Cases
IBM has issued a fix for IBM Tivoli Composite Application Manager.
Apr 5 2016 (IBM Issues Fix for IBM Tivoli Workload Scheduler) OpenSSL Flaws Let Remote Users Deny Service and Decrypt TLS Sessions in Certain Cases
IBM has issued a fix for IBM Tivoli Workload Scheduler.
Apr 5 2016 (IBM Issues Fix for IBM Tivoli Provisioning Manager) OpenSSL Flaws Let Remote Users Deny Service and Decrypt TLS Sessions in Certain Cases
IBM has issued a fix for IBM Tivoli Provisioning Manager for OS Deployment and IBM Tivoli Provisioning Manager for Images.
Apr 5 2016 (IBM Issues Fix for IBM Tivoli Composite Application Manager) OpenSSL Flaws Let Remote Users Deny Service and Decrypt TLS Sessions in Certain Cases
IBM has issued a fix for IBM Tivoli Composite Application Manager for Transactions.
Apr 7 2016 (HPE Issues Fix for HPE NonStop Virtual TapeServer) OpenSSL Flaws Let Remote Users Deny Service and Decrypt TLS Sessions in Certain Cases
HPE has issued a fix for HPE NonStop Virtual TapeServer.
Apr 14 2016 (Splunk Issues Fix) OpenSSL Flaws Let Remote Users Deny Service and Decrypt TLS Sessions in Certain Cases
Splunk has issued a fix for Splunk Enterprise and Splunk Light.
Apr 19 2016 (IBM Issues Fix for IBM AIX) OpenSSL Flaws Let Remote Users Deny Service and Decrypt TLS Sessions in Certain Cases
IBM has issued a fix for IBM AIX 5.3, 6.1, 7.1, and 7.2.
Apr 20 2016 (HP Issues Fix for HP Smart Update Manager) OpenSSL Flaws Let Remote Users Deny Service and Decrypt TLS Sessions in Certain Cases
HP has issued a fix for HP Smart Update Manager.
Apr 22 2016 (IBM Issues Fix for IBM Tivoli Netcool System Service Monitor) OpenSSL Flaws Let Remote Users Deny Service and Decrypt TLS Sessions in Certain Cases
IBM has issued a fix for IBM Tivoli Netcool System Service Monitor 4.0.0 and 4.0.1.
Apr 23 2016 (HP Issues Fix for HPE System Management Homepage) OpenSSL Flaws Let Remote Users Deny Service and Decrypt TLS Sessions in Certain Cases
HP has issued a fix for HPE System Management Homepage.
May 5 2016 (Google Issues Fix for Google Android) OpenSSL Flaws Let Remote Users Deny Service and Decrypt TLS Sessions in Certain Cases
Google has issued a fix for Google Android.
May 7 2016 (HP Issues Fix for HPE System Management Homepage) OpenSSL Flaws Let Remote Users Deny Service and Decrypt TLS Sessions in Certain Cases
HP has issued a fix for HPE System Management Homepage.
May 9 2016 (Red Hat Issues Fix) OpenSSL Flaws Let Remote Users Deny Service and Decrypt TLS Sessions in Certain Cases
Red Hat has issued a fix for Red Hat Enterprise Linux 7.
May 9 2016 (CentOS Issues Fix) OpenSSL Flaws Let Remote Users Deny Service and Decrypt TLS Sessions in Certain Cases
CentOS has issued a fix for CentOS 7.
May 9 2016 (Oracle Issues Fix for Oracle Linux) OpenSSL Flaws Let Remote Users Deny Service and Decrypt TLS Sessions in Certain Cases
Oracle has issued a fix for Oracle Linux 7.
May 16 2016 (HP Issues Fix for HPE Systems Insight Manager) OpenSSL Flaws Let Remote Users Deny Service and Decrypt TLS Sessions in Certain Cases
HP has issued a fix for HPE Systems Insight Manager.
May 24 2016 (IBM Issues Fix for IBM InfoSphere Information Server) OpenSSL Flaws Let Remote Users Deny Service and Decrypt TLS Sessions in Certain Cases
IBM has issued a fix for IBM InfoSphere Information Server.
May 25 2016 (HP Issues Fix for HPE Insight Control) OpenSSL Flaws Let Remote Users Deny Service and Decrypt TLS Sessions in Certain Cases
HP has issued a fix for HPE Insight Control.
Jun 3 2016 (HP Issues Fix for HPE BladeSystem) OpenSSL Flaws Let Remote Users Deny Service and Decrypt TLS Sessions in Certain Cases
HP has issued a fix for HPE BladeSystem.
Jun 22 2016 (Oracle Issues Fix for Oracle Linux) OpenSSL Flaws Let Remote Users Deny Service and Decrypt TLS Sessions in Certain Cases
Oracle has issued a fix for Oracle Linux 5.
Jun 23 2016 (IBM Issues Fix for IBM Tivoli Netcool System Service Monitor) OpenSSL Flaws Let Remote Users Deny Service and Decrypt TLS Sessions in Certain Cases
IBM has issued a fix for IBM Tivoli Netcool System Service Monitor.
Jul 8 2016 (IBM Issues Fix for IBM BladeCenter Advanced Management Module) OpenSSL Flaws Let Remote Users Deny Service and Decrypt TLS Sessions in Certain Cases
IBM has issued a fix for IBM BladeCenter Advanced Management Module.
Jul 8 2016 (IBM Issues Fix for IBM Security Identity Manager Virtual Appliance) OpenSSL Flaws Let Remote Users Deny Service and Decrypt TLS Sessions in Certain Cases
IBM has issued a fix for IBM Security Identity Manager Virtual Appliance.
Jul 27 2016 (Red Hat Issues Fix for JBoss) OpenSSL Flaws Let Remote Users Deny Service and Decrypt TLS Sessions in Certain Cases
Red Hat has issued a fix for JBoss for Red Hat Enterprise Linux.
Jul 29 2016 (NetApp Issues Advisory for NetApp Products) OpenSSL Flaws Let Remote Users Deny Service and Decrypt TLS Sessions in Certain Cases
NetApp has issued an advisory for NetApp Products.
Aug 9 2016 (IBM Issues Fix for IBM Cognos TM1) OpenSSL Flaws Let Remote Users Deny Service and Decrypt TLS Sessions in Certain Cases
IBM has issued a fix for IBM Cognos TM1.
Aug 19 2016 (Palo Alto Networks Issues Fix for Palo Alto PAN-OS) OpenSSL Flaws Let Remote Users Deny Service and Decrypt TLS Sessions in Certain Cases
Palo Alto Networks has issued a fix for Palo Alto PAN-OS.
Oct 18 2016 (Red Hat Issues Fix) OpenSSL Flaws Let Remote Users Deny Service and Decrypt TLS Sessions in Certain Cases
Red Hat has issued a fix for Red Hat Enterprise Linux 6.7.
Oct 20 2016 (Palo Alto Networks Issues Fix for Palo Alto PAN-OS) OpenSSL Flaws Let Remote Users Deny Service and Decrypt TLS Sessions in Certain Cases
Palo Alto Networks has issued a fix for Palo Alto PAN-OS.
Oct 24 2016 (HP Issues Fix for HPE NonStop Backbox) OpenSSL Flaws Let Remote Users Deny Service and Decrypt TLS Sessions in Certain Cases
HPE has issued a fix for HPE NonStop Backbox.
Oct 28 2016 (Apple Issues Fix for Apple Xcode) OpenSSL Flaws Let Remote Users Deny Service and Decrypt TLS Sessions in Certain Cases
Apple has issued a fix for Apple Xcode.
Feb 14 2017 (HPE Issues Fix for HPE Discovery & Dependency Mapping Inventory (DDMI)) OpenSSL Flaws Let Remote Users Deny Service and Decrypt TLS Sessions in Certain Cases
HPE has issued a fix for HPE Discovery & Dependency Mapping Inventory (DDMI).



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2017, SecurityGlobal.net LLC