ID CVE-2015-3197
Summary ssl/s2_srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f does not prevent use of disabled ciphers, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by performing computations on SSLv2 traffic, related to the get_client_master_key and get_client_hello functions.
References
Vulnerable Configurations
  • Oracle Tuxedo 12.1.1.0
    cpe:2.3:a:oracle:tuxedo:12.1.1.0
  • Oracle Exalogic Infrastructure 1.0
    cpe:2.3:a:oracle:exalogic_infrastructure:1.0
  • Oracle Exalogic Infrastructure 2.0
    cpe:2.3:a:oracle:exalogic_infrastructure:2.0
  • Oracle PeopleSoft Enterprise PeopleTools 8.53
    cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.53
  • Oracle PeopleSoft Enterprise PeopleTools 8.54
    cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.54
  • Oracle PeopleSoft Enterprise PeopleTools 8.55
    cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55
  • OpenSSL Project OpenSSL 1.0.1
    cpe:2.3:a:openssl:openssl:1.0.1
  • OpenSSL Project OpenSSL 1.0.1 Beta1
    cpe:2.3:a:openssl:openssl:1.0.1:beta1
  • OpenSSL Project OpenSSL 1.0.1 Beta2
    cpe:2.3:a:openssl:openssl:1.0.1:beta2
  • OpenSSL Project OpenSSL 1.0.1 Beta3
    cpe:2.3:a:openssl:openssl:1.0.1:beta3
  • OpenSSL Project OpenSSL 1.0.1a
    cpe:2.3:a:openssl:openssl:1.0.1a
  • OpenSSL Project OpenSSL 1.0.1b
    cpe:2.3:a:openssl:openssl:1.0.1b
  • OpenSSL Project OpenSSL 1.0.1c
    cpe:2.3:a:openssl:openssl:1.0.1c
  • OpenSSL Project OpenSSL 1.0.1d
    cpe:2.3:a:openssl:openssl:1.0.1d
  • OpenSSL Project OpenSSL 1.0.1e
    cpe:2.3:a:openssl:openssl:1.0.1e
  • OpenSSL Project OpenSSL 1.0.1f
    cpe:2.3:a:openssl:openssl:1.0.1f
  • OpenSSL Project OpenSSL 1.0.1g
    cpe:2.3:a:openssl:openssl:1.0.1g
  • OpenSSL Project OpenSSL 1.0.1h
    cpe:2.3:a:openssl:openssl:1.0.1h
  • OpenSSL Project OpenSSL 1.0.1i
    cpe:2.3:a:openssl:openssl:1.0.1i
  • OpenSSL Project OpenSSL 1.0.1j
    cpe:2.3:a:openssl:openssl:1.0.1j
  • OpenSSL Project OpenSSL 1.0.1k
    cpe:2.3:a:openssl:openssl:1.0.1k
  • OpenSSL Project OpenSSL 1.0.1l
    cpe:2.3:a:openssl:openssl:1.0.1l
  • OpenSSL OpenSSL 1.0.1m
    cpe:2.3:a:openssl:openssl:1.0.1m
  • OpenSSL Project OpenSSL 1.0.1n
    cpe:2.3:a:openssl:openssl:1.0.1n
  • OpenSSL Project OpenSSL 1.0.1o
    cpe:2.3:a:openssl:openssl:1.0.1o
  • OpenSSL OpenSSL 1.0.1p
    cpe:2.3:a:openssl:openssl:1.0.1p
  • OpenSSL 1.0.1q
    cpe:2.3:a:openssl:openssl:1.0.1q
  • OpenSSL Project OpenSSL 1.0.2
    cpe:2.3:a:openssl:openssl:1.0.2
  • OpenSSL Project OpenSSL 1.0.2-beta1
    cpe:2.3:a:openssl:openssl:1.0.2:beta1
  • OpenSSL 1.0.2 Beta 2
    cpe:2.3:a:openssl:openssl:1.0.2:beta2
  • OpenSSL 1.0.2 Beta 3
    cpe:2.3:a:openssl:openssl:1.0.2:beta3
  • OpenSSL OpenSSL 1.0.2a
    cpe:2.3:a:openssl:openssl:1.0.2a
  • OpenSSL Project OpenSSL 1.0.2b
    cpe:2.3:a:openssl:openssl:1.0.2b
  • OpenSSL Project OpenSSL 1.0.2c
    cpe:2.3:a:openssl:openssl:1.0.2c
  • OpenSSL OpenSSL 1.0.2d
    cpe:2.3:a:openssl:openssl:1.0.2d
  • OpenSSL 1.0.2e
    cpe:2.3:a:openssl:openssl:1.0.2e
  • Oracle Oss Support Tools 8.11.16.3.8
    cpe:2.3:a:oracle:oss_support_tools:8.11.16.3.8
  • Oracle VM Virtualbox 5.0.16
    cpe:2.3:a:oracle:vm_virtualbox:5.0.16
CVSS
Base: 4.3 (as of 22-04-2016 - 10:09)
Impact:
Exploitability:
CWE CWE-200
CAPEC
  • Subverting Environment Variable Values
    The attacker directly or indirectly modifies environment variables used by or controlling the target software. The attacker's goal is to cause the target software to deviate from its expected operation in a manner that benefits the attacker.
  • Footprinting
    An attacker engages in probing and exploration activity to identify constituents and properties of the target. Footprinting is a general term to describe a variety of information gathering techniques, often used by attackers in preparation for some attack. It consists of using tools to learn as much as possible about the composition, configuration, and security mechanisms of the targeted application, system or network. Information that might be collected during a footprinting effort could include open ports, applications and their versions, network topology, and similar information. While footprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.
  • Exploiting Trust in Client (aka Make the Client Invisible)
    An attack of this type exploits a programs' vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by placing themselves in the communication channel between client and server such that communication directly to the server is possible where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
  • Browser Fingerprinting
    An attacker carefully crafts small snippets of Java Script to efficiently detect the type of browser the potential victim is using. Many web-based attacks need prior knowledge of the web browser including the version of browser to ensure successful exploitation of a vulnerability. Having this knowledge allows an attacker to target the victim with attacks that specifically exploit known or zero day weaknesses in the type and version of the browser used by the victim. Automating this process via Java Script as a part of the same delivery system used to exploit the browser is considered more efficient as the attacker can supply a browser fingerprinting method and integrate it with exploit code, all contained in Java Script and in response to the same web page request by the browser.
  • Session Credential Falsification through Prediction
    This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.
  • Reusing Session IDs (aka Session Replay)
    This attack targets the reuse of valid session ID to spoof the target system in order to gain privileges. The attacker tries to reuse a stolen session ID used previously during a transaction to perform spoofing and session hijacking. Another name for this type of attack is Session Replay.
  • Using Slashes in Alternate Encoding
    This attack targets the encoding of the Slash characters. An attacker would try to exploit common filtering problems related to the use of the slashes characters to gain access to resources on the target host. Directory-driven systems, such as file systems and databases, typically use the slash character to indicate traversal between directories or other container components. For murky historical reasons, PCs (and, as a result, Microsoft OSs) choose to use a backslash, whereas the UNIX world typically makes use of the forward slash. The schizophrenic result is that many MS-based systems are required to understand both forms of the slash. This gives the attacker many opportunities to discover and abuse a number of common filtering problems. The goal of this pattern is to discover server software that only applies filters to one version, but not the other.
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
nessus via4
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2016-034-03.NASL
    description New openssl packages are available for Slackware 14.0, 14.1, and -current to fix a security issue.
    last seen 2018-09-01
    modified 2017-09-21
    plugin id 88566
    published 2016-02-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88566
    title Slackware 14.0 / 14.1 / current : openssl (SSA:2016-034-03)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-563.NASL
    description This update for libopenssl0_9_8 fixes the following issues : - CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614) - CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615) - CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617) - CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942) - CVE-2016-0702: Side channel attack on modular exponentiation 'CacheBleed' (bsc#968050) - bsc#976943: Buffer overrun in ASN1_parse and updates the package to version 0.9.8zh which collects many other fixes, including security ones.
    last seen 2019-02-21
    modified 2016-10-13
    plugin id 91068
    published 2016-05-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91068
    title openSUSE Security Update : libopenssl0_9_8 (openSUSE-2016-563) (DROWN)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-154.NASL
    description This update for openssl fixes the following issues : - CVE-2015-3197: A malicious client can negotiate SSLv2 ciphers that have been disabled on the server and complete SSLv2 handshakes even if all SSLv2 ciphers have been disabled, provided that the SSLv2 protocol was not also disabled via SSL_OP_NO_SSLv2. (boo#963415)
    last seen 2019-02-21
    modified 2016-10-13
    plugin id 88610
    published 2016-02-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88610
    title openSUSE Security Update : openssl (openSUSE-2016-154)
  • NASL family Misc.
    NASL id VIRTUALBOX_5_0_18.NASL
    description The Oracle VM VirtualBox application installed on the remote host is a version prior to 4.3.36 or 5.0.18. It is, therefore, affected by an unspecified flaw in the Core subcomponent that allows a local attacker to gain elevated privileges. Additionally, multiple vulnerabilities exist in the bundled version of OpenSSL : - A flaw exists in the ssl3_get_key_exchange() function in file s3_clnt.c when handling a ServerKeyExchange message for an anonymous DH ciphersuite with the value of 'p' set to 0. A attacker can exploit this, by causing a segmentation fault, to crash an application linked against the library, resulting in a denial of service. (CVE-2015-1794) - A carry propagating flaw exists in the x86_64 Montgomery squaring implementation that may cause the BN_mod_exp() function to produce incorrect results. An attacker can exploit this to obtain sensitive information regarding private keys. (CVE-2015-3193) - A NULL pointer dereference flaw exists in file rsa_ameth.c due to improper handling of ASN.1 signatures that are missing the PSS parameter. A remote attacker can exploit this to cause the signature verification routine to crash, resulting in a denial of service condition. (CVE-2015-3194) - A flaw exists in the ASN1_TFLG_COMBINE implementation in file tasn_dec.c related to handling malformed X509_ATTRIBUTE structures. A remote attacker can exploit this to cause a memory leak by triggering a decoding failure in a PKCS#7 or CMS application, resulting in a denial of service. (CVE-2015-3195) - A race condition exists in s3_clnt.c that is triggered when PSK identity hints are incorrectly updated in the parent SSL_CTX structure when they are received by a multi-threaded client. A remote attacker can exploit this, via a crafted ServerKeyExchange message, to cause a double-free memory error, resulting in a denial of service. (CVE-2015-3196) - A cipher algorithm downgrade vulnerability exists due to a flaw that is triggered when handling cipher negotiation. A remote attacker can exploit this to negotiate SSLv2 ciphers and complete SSLv2 handshakes even if all SSLv2 ciphers have been disabled on the server. Note that this vulnerability only exists if the SSL_OP_NO_SSLv2 option has not been disabled. (CVE-2015-3197)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 90680
    published 2016-04-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90680
    title Oracle VM VirtualBox < 4.3.36 / 5.0.18 Multiple Vulnerabilities (April 2016 CPU)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2016-0049.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - fix CVE-2016-2105 - possible overflow in base64 encoding - fix CVE-2016-2106 - possible overflow in EVP_EncryptUpdate - fix CVE-2016-2107 - padding oracle in stitched AES-NI CBC-MAC - fix CVE-2016-2108 - memory corruption in ASN.1 encoder - fix CVE-2016-2109 - possible DoS when reading ASN.1 data from BIO - fix CVE-2016-0799 - memory issues in BIO_printf - fix CVE-2016-0702 - side channel attack on modular exponentiation - fix CVE-2016-0705 - double-free in DSA private key parsing - fix CVE-2016-0797 - heap corruption in BN_hex2bn and BN_dec2bn - fix CVE-2015-3197 - SSLv2 ciphersuite enforcement - disable SSLv2 in the generic TLS method - fix 1-byte memory leak in pkcs12 parse (#1229871) - document some options of the speed command (#1197095) - fix high-precision timestamps in timestamping authority - fix CVE-2015-7575 - disallow use of MD5 in TLS1.2 - fix CVE-2015-3194 - certificate verify crash with missing PSS parameter - fix CVE-2015-3195 - X509_ATTRIBUTE memory leak - fix CVE-2015-3196 - race condition when handling PSK identity hint
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 91154
    published 2016-05-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91154
    title OracleVM 3.3 / 3.4 : openssl (OVMSA-2016-0049) (SLOTH)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-294.NASL
    description This update for libopenssl0_9_8 fixes the following issues : - CVE-2016-0800 aka the 'DROWN' attack (bsc#968046): OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA padding oracle. This update changes the openssl library to : - Disable SSLv2 protocol support by default. This can be overridden by setting the environment variable 'OPENSSL_ALLOW_SSL2' or by using SSL_CTX_clear_options using the SSL_OP_NO_SSLv2 flag. Note that various services and clients had already disabled SSL protocol 2 by default previously. - Disable all weak EXPORT ciphers by default. These can be reenabled if required by old legacy software using the environment variable 'OPENSSL_ALLOW_EXPORT'. - CVE-2016-0797 (bnc#968048): The BN_hex2bn() and BN_dec2bn() functions had a bug that could result in an attempt to de-reference a NULL pointer leading to crashes. This could have security consequences if these functions were ever called by user applications with large untrusted hex/decimal data. Also, internal usage of these functions in OpenSSL uses data from config files or application command line arguments. If user developed applications generated config file data based on untrusted data, then this could have had security consequences as well. - CVE-2016-0799 (bnc#968374) On many 64 bit systems, the internal fmtstr() and doapr_outch() functions could miscalculate the length of a string and attempt to access out-of-bounds memory locations. These problems could have enabled attacks where large amounts of untrusted data is passed to the BIO_*printf functions. If applications use these functions in this way then they could have been vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could have been vulnerable if the data is from untrusted sources. OpenSSL command line applications could also have been vulnerable when they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable. - The package was updated to 0.9.8zh : - fixes many security vulnerabilities (not separately listed): CVE-2015-3195, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1792, CVE-2015-1791, CVE-2015-0286, CVE-2015-0287, CVE-2015-0289, CVE-2015-0293, CVE-2015-0209, CVE-2015-0288, CVE-2014-3571, CVE-2014-3569, CVE-2014-3572, CVE-2015-0204, CVE-2014-8275, CVE-2014-3570, CVE-2014-3567, CVE-2014-3568, CVE-2014-3566, CVE-2014-3510, CVE-2014-3507, CVE-2014-3506, CVE-2014-3505, CVE-2014-3508, CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-3470, CVE-2014-0076, CVE-2013-0169, CVE-2013-0166 - avoid running OPENSSL_config twice. This avoids breaking engine loading. (boo#952871, boo#967787) - fix CVE-2015-3197 (boo#963415) - SSLv2 doesn't block disabled ciphers
    last seen 2019-02-21
    modified 2016-12-07
    plugin id 89651
    published 2016-03-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89651
    title openSUSE Security Update : libopenssl0_9_8 (openSUSE-2016-294) (DROWN) (FREAK) (POODLE)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_3679FD10C5D111E5B85F0018FE623F2B.NASL
    description OpenSSL project reports : - Historically OpenSSL only ever generated DH parameters based on 'safe' primes. More recently (in version 1.0.2) support was provided for generating X9.42 style parameter files such as those required for RFC 5114 support. The primes used in such files may not be 'safe'. Where an application is using DH configured with parameters based on primes that are not 'safe' then an attacker could use this fact to find a peer's private DH exponent. This attack requires that the attacker complete multiple handshakes in which the peer uses the same private DH exponent. For example this could be used to discover a TLS server's private DH exponent if it's reusing the private DH exponent or it's using a static DH ciphersuite. OpenSSL provides the option SSL_OP_SINGLE_DH_USE for ephemeral DH (DHE) in TLS. It is not on by default. If the option is not set then the server reuses the same private DH exponent for the life of the server process and would be vulnerable to this attack. It is believed that many popular applications do set this option and would therefore not be at risk. (CVE-2016-0701) - A malicious client can negotiate SSLv2 ciphers that have been disabled on the server and complete SSLv2 handshakes even if all SSLv2 ciphers have been disabled, provided that the SSLv2 protocol was not also disabled via SSL_OP_NO_SSLv2. (CVE-2015-3197)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 88465
    published 2016-01-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88465
    title FreeBSD : openssl -- multiple vulnerabilities (3679fd10-c5d1-11e5-b85f-0018fe623f2b)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-421.NASL
    description CVE-2015-3197: A malicious client can negotiate SSLv2 ciphers that have been disabled on the server and complete SSLv2 handshakes even if all SSLv2 ciphers have been disabled, provided that the SSLv2 protocol was not also disabled via SSL_OP_NO_SSLv2. Additionally, when using a DHE cipher suite a new DH key will always be generated for each connection. This will be the last security update for the squeeze version of the package. The 0.9.8 version is no longer supported and the squeeze LTS support will end soon. If you are using openssl you should upgrade to wheezy or preferably jessie. The version in those versions contain many security improvements. Kurt Roeckx NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-06
    plugin id 88863
    published 2016-02-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88863
    title Debian DLA-421-1 : openssl security update
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-527018D2FF.NASL
    description New upstream version fixing one high serverity and one low severity security issue. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-10-18
    plugin id 89543
    published 2016-03-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89543
    title Fedora 23 : openssl-1.0.2f-1.fc23 (2016-527018d2ff)
  • NASL family F5 Networks Local Security Checks
    NASL id F5_BIGIP_SOL33209124.NASL
    description ssl/s2_srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f does not prevent use of disabled ciphers, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by performing computations on SSLv2 traffic, related to the get_client_master_key and get_client_hello functions. This plugin has been deprecated. The advisory was updated to remove all affected versions the plugin covered.
    last seen 2017-10-29
    modified 2016-04-26
    plugin id 88850
    published 2016-02-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88850
    title F5 Networks BIG-IP : OpenSSL vulnerability (SOL33209124) (deprecated)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-203.NASL
    description This update for openssl fixes the following issues : - CVE-2015-3197: A malicious client can negotiate SSLv2 ciphers that have been disabled on the server and complete SSLv2 handshakes even if all SSLv2 ciphers have been disabled, provided that the SSLv2 protocol was not also disabled via SSL_OP_NO_SSLv2. (boo#963415)
    last seen 2019-02-21
    modified 2016-10-13
    plugin id 88736
    published 2016-02-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88736
    title openSUSE Security Update : openssl (openSUSE-2016-203)
  • NASL family Junos Local Security Checks
    NASL id JUNIPER_JSA10759.NASL
    description According to its self-reported version number, the remote Juniper Junos device is affected by the following vulnerabilities related to OpenSSL : - A flaw exists in the ssl3_get_key_exchange() function in file s3_clnt.c when handling a ServerKeyExchange message for an anonymous DH ciphersuite with the value of 'p' set to 0. A attacker can exploit this, by causing a segmentation fault, to crash an application linked against the library, resulting in a denial of service. (CVE-2015-1794) - A carry propagating flaw exists in the x86_64 Montgomery squaring implementation that may cause the BN_mod_exp() function to produce incorrect results. An attacker can exploit this to obtain sensitive information regarding private keys. (CVE-2015-3193) - A NULL pointer dereference flaw exists in file rsa_ameth.c due to improper handling of ASN.1 signatures that are missing the PSS parameter. A remote attacker can exploit this to cause the signature verification routine to crash, resulting in a denial of service condition. (CVE-2015-3194) - A flaw exists in the ASN1_TFLG_COMBINE implementation in file tasn_dec.c related to handling malformed X509_ATTRIBUTE structures. A remote attacker can exploit this to cause a memory leak by triggering a decoding failure in a PKCS#7 or CMS application, resulting in a denial of service. (CVE-2015-3195) - A race condition exists in s3_clnt.c that is triggered when PSK identity hints are incorrectly updated in the parent SSL_CTX structure when they are received by a multi-threaded client. A remote attacker can exploit this, via a crafted ServerKeyExchange message, to cause a double-free memory error, resulting in a denial of service. (CVE-2015-3196) - A cipher algorithm downgrade vulnerability exists due to a flaw that is triggered when handling cipher negotiation. A remote attacker can exploit this to negotiate SSLv2 ciphers and complete SSLv2 handshakes even if all SSLv2 ciphers have been disabled on the server. Note that this vulnerability only exists if the SSL_OP_NO_SSLv2 option has not been disabled. (CVE-2015-3197) - A key disclosure vulnerability exists due to improper handling of cache-bank conflicts on the Intel Sandy-bridge microarchitecture. An attacker can exploit this to gain access to RSA key information. (CVE-2016-0702) - A flaw exists in the SSLv2 implementation, specifically in the get_client_master_key() function within file s2_srvr.c, due to accepting a nonzero CLIENT-MASTER-KEY CLEAR-KEY-LENGTH value for an arbitrary cipher. A man-in-the-middle attacker can exploit this to determine the MASTER-KEY value and decrypt TLS ciphertext by leveraging a Bleichenbacher RSA padding oracle. (CVE-2016-0703) - A flaw exists in the SSLv2 oracle protection mechanism, specifically in the get_client_master_key() function within file s2_srvr.c, due to incorrectly overwriting MASTER-KEY bytes during use of export cipher suites. A remote attackers can exploit this to more easily decrypt TLS ciphertext by leveraging a Bleichenbacher RSA padding oracle. (CVE-2016-0704) - A double-free error exists due to improper validation of user-supplied input when parsing malformed DSA private keys. A remote attacker can exploit this to corrupt memory, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2016-0705) - A NULL pointer dereference flaw exists in the BN_hex2bn() and BN_dec2bn() functions. A remote attacker can exploit this to trigger a heap corruption, resulting in the execution of arbitrary code. (CVE-2016-0797) - A denial of service vulnerability exists due to improper handling of invalid usernames. A remote attacker can exploit this, via a specially crafted username, to leak 300 bytes of memory per connection, exhausting available memory resources. (CVE-2016-0798) - Multiple memory corruption issues exist that allow a remote attacker to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-0799) - A heap buffer overflow condition exists in the EVP_EncodeUpdate() function within file crypto/evp/encode.c that is triggered when handling a large amount of input data. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2016-2105) - A heap buffer overflow condition exists in the EVP_EncryptUpdate() function within file crypto/evp/evp_enc.c that is triggered when handling a large amount of input data after a previous call occurs to the same function with a partial block. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2016-2106) - A remote code execution vulnerability exists in the ASN.1 encoder due to an underflow condition that occurs when attempting to encode the value zero represented as a negative integer. An unauthenticated, remote attacker can exploit this to corrupt memory, resulting in the execution of arbitrary code. (CVE-2016-2108) - Multiple unspecified flaws exist in the d2i BIO functions when reading ASN.1 data from a BIO due to invalid encoding causing a large allocation of memory. An unauthenticated, remote attacker can exploit these to cause a denial of service condition through resource exhaustion. (CVE-2016-2109) - Multiple integer overflow conditions exist in s3_srvr.c, ssl_sess.c, and t1_lib.c due to improper use of pointer arithmetic for heap-buffer boundary checks. An unauthenticated, remote attacker can exploit this to cause a denial of service. (CVE-2016-2177) - An information disclosure vulnerability exists in the dsa_sign_setup() function in dsa_ossl.c due to a failure to properly ensure the use of constant-time operations. An unauthenticated, remote attacker can exploit this, via a timing side-channel attack, to disclose DSA key information. (CVE-2016-2178) - An out-of-bounds read error exists in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation. An unauthenticated, remote attacker can exploit this, via a crafted time-stamp file that is mishandled by the 'openssl ts' command, to cause denial of service or to disclose sensitive information. (CVE-2016-2180) - An overflow condition exists in the BN_bn2dec() function in bn_print.c due to improper validation of user-supplied input when handling BIGNUM values. An unauthenticated, remote attacker can exploit this to crash the process. (CVE-2016-2182) - A vulnerability exists, known as SWEET32, in the 3DES and Blowfish algorithms due to the use of weak 64-bit block ciphers by default. A man-in-the-middle attacker who has sufficient resources can exploit this vulnerability, via a 'birthday' attack, to detect a collision that leaks the XOR between the fixed secret and a known plaintext, allowing the disclosure of the secret text, such as secure HTTPS cookies, and possibly resulting in the hijacking of an authenticated session. (CVE-2016-2183) - A flaw exists in the tls_decrypt_ticket() function in t1_lib.c due to improper handling of ticket HMAC digests. An unauthenticated, remote attacker can exploit this, via a ticket that is too short, to crash the process, resulting in a denial of service. (CVE-2016-6302) - An integer overflow condition exists in the MDC2_Update() function in mdc2dgst.c due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a heap-based buffer overflow, resulting in a denial of service condition or possibly the execution of arbitrary code. (CVE-2016-6303) - A flaw exists in the ssl_parse_clienthello_tlsext() function in t1_lib.c due to improper handling of overly large OCSP Status Request extensions from clients. An unauthenticated, remote attacker can exploit this, via large OCSP Status Request extensions, to exhaust memory resources, resulting in a denial of service condition. (CVE-2016-6304) - A flaw exists in the SSL_peek() function in rec_layer_s3.c due to improper handling of empty records. An unauthenticated, remote attacker can exploit this, by triggering a zero-length record in an SSL_peek call, to cause an infinite loop, resulting in a denial of service condition. (CVE-2016-6305) - An out-of-bounds read error exists in the certificate parser that allows an unauthenticated, remote attacker to cause a denial of service via crafted certificate operations. (CVE-2016-6306) - A denial of service vulnerability exists in the state-machine implementation due to a failure to check for an excessive length before allocating memory. An unauthenticated, remote attacker can exploit this, via a crafted TLS message, to exhaust memory resources. (CVE-2016-6307) Note that these issues only affects devices with J-Web or the SSL service for JUNOScript enabled.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 96316
    published 2017-01-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96316
    title Juniper Junos Multiple OpenSSL Vulnerabilities (JSA10759) (SWEET32)
  • NASL family Databases
    NASL id MYSQL_5_7_12.NASL
    description The version of MySQL running on the remote host is 5.7.x prior to 5.7.12. It is, therefore, affected by multiple vulnerabilities : - A cipher algorithm downgrade vulnerability exists in the bundled version of OpenSSL due to a flaw that is triggered when handling cipher negotiation. A remote attacker can exploit this to negotiate SSLv2 ciphers and complete SSLv2 handshakes even if all SSLv2 ciphers have been disabled on the server. Note that this vulnerability only exists if the SSL_OP_NO_SSLv2 option has not been disabled. (CVE-2015-3197) - An unspecified flaw exists in the Pluggable Authentication subcomponent that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-0639) - An unspecified flaw exists in the Federated subcomponent that allows an authenticated, remote attacker to impact integrity and availability. (CVE-2016-0642) - An unspecified flaw exists in the DML subcomponent that allows an authenticated, remote attacker to disclose sensitive information. (CVE-2016-0643) - An unspecified flaw exists in the FTS subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0647) - An unspecified flaw exists in the PS subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0647) - An unspecified flaw exists in the InnoDB subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0655) - An unspecified flaw exists in the JSON subcomponent that allows an authenticated, remote attacker to disclose sensitive information. (CVE-2016-0657) - An unspecified flaw exists in the Optimizer subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0659) - An unspecified flaw exists in the Partition subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0662) - An unspecified flaw exists in the Security: Privileges subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0666) - An unspecified flaw exists in the Locking subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0667) - A key disclosure vulnerability exists in the bundled version of OpenSSL due to improper handling of cache-bank conflicts on the Intel Sandy-bridge microarchitecture. An attacker can exploit this to gain access to RSA key information. (CVE-2016-0702) - A double-free error exists in the bundled version of OpenSSL due to improper validation of user-supplied input when parsing malformed DSA private keys. A remote attacker can exploit this to corrupt memory, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2016-0705) - A NULL pointer dereference flaw exists in the bundled version of OpenSSL in the BN_hex2bn() and BN_dec2bn() functions. A remote attacker can exploit this to trigger a heap corruption, resulting in the execution of arbitrary code. (CVE-2016-0797) - A denial of service vulnerability exists in the bundled version of OpenSSL due to improper handling of invalid usernames. A remote attacker can exploit this, via a specially crafted username, to leak 300 bytes of memory per connection, exhausting available memory resources. (CVE-2016-0798) - Multiple memory corruption issues exist in the bundled version of OpenSSL that allow a remote attacker to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-0799) - A flaw exists in the bundled version of OpenSSL that allows a cross-protocol Bleichenbacher padding oracle attack known as DROWN (Decrypting RSA with Obsolete and Weakened eNcryption). This vulnerability exists due to a flaw in the Secure Sockets Layer Version 2 (SSLv2) implementation, and it allows captured TLS traffic to be decrypted. A man-in-the-middle attacker can exploit this to decrypt the TLS connection by utilizing previously captured traffic and weak cryptography along with a series of specially crafted connections to an SSLv2 server that uses the same private key. (CVE-2016-0800) - A man-in-the-middle spoofing vulnerability exists due to the server hostname not being verified to match a domain name in the Subject's Common Name (CN) or SubjectAltName field of the X.509 certificate. A man-in-the-middle attacker can exploit this, by spoofing the TLS/SSL server via a certificate that appears valid, to disclose sensitive information or manipulate transmitted data. (CVE-2016-2047) - An unspecified flaw exists in the Optimizer subcomponent that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-10378) - A flaw exists related to certificate validation due to the server hostname not being verified to match a domain name in the X.509 certificate. A man-in-the-middle attacker can exploit this, by spoofing the TLS/SSL server via a certificate that appears valid, to disclose sensitive information or manipulate data. - An integer overflow condition exists that is triggered due to improper validation of user-supplied input when processing client handshakes. An authenticated, remote attacker can exploit this to cause the server to exit, resulting in a denial of service condition. - An information disclosure vulnerability exists due to overly verbose error messages returning part of the SQL statement that produced them. An authenticated, remote attacker can exploit this to disclose sensitive information. - A flaw exists in InnoDB that is triggered during the handling of an ALTER TABLE or ADD COLUMN operation on a table with virtual columns. An authenticated, remote attacker can exploit this to crash the server, resulting in a denial of service condition.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 90684
    published 2016-04-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90684
    title MySQL 5.7.x < 5.7.12 Multiple Vulnerabilities (DROWN)
  • NASL family Web Servers
    NASL id OPENSSL_1_0_2F.NASL
    description According to its banner, the remote host is running a version of OpenSSL 1.0.2 prior to 1.0.2f. It is, therefore, affected by the following vulnerabilities : - A cipher algorithm downgrade vulnerability exists due to a flaw that is triggered when handling cipher negotiation. A remote attacker can exploit this to negotiate SSLv2 ciphers and complete SSLv2 handshakes even if all SSLv2 ciphers have been disabled on the server. Note that this vulnerability only exists if the SSL_OP_NO_SSLv2 option has not been disabled. (CVE-2015-3197) - A man-in-the-middle vulnerability, known as Logjam, exists due to a flaw in the SSL/TLS protocol. A remote attacker can exploit this flaw to downgrade connections using ephemeral Diffie-Hellman key exchange to 512-bit export-grade cryptography. (CVE-2015-4000) - An information disclosure vulnerability exists due to a flaw in the DH_check_pub_key() function that is triggered when generating DH parameters based on unsafe primes. A remote attacker can exploit this, via multiple handshakes, to disclose the private DH exponent. (CVE-2016-0701)
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 88530
    published 2016-02-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88530
    title OpenSSL 1.0.2 < 1.0.2f Multiple Vulnerabilities (Logjam)
  • NASL family Firewalls
    NASL id PFSENSE_SA-16_02.NASL
    description According to its self-reported version number, the remote pfSense install is prior to 2.3. It is, therefore, affected by multiple vulnerabilities.
    last seen 2019-02-21
    modified 2018-09-17
    plugin id 106499
    published 2018-01-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106499
    title pfSense < 2.3 Multiple Vulnerabilities (SA-16_01 - SA-16_02)
  • NASL family AIX Local Security Checks
    NASL id AIX_OPENSSL_ADVISORY17.NASL
    description The version of OpenSSL installed on the remote AIX host is affected by the following vulnerabilities : - A cipher algorithm downgrade vulnerability exists due to a flaw that is triggered when handling cipher negotiation. A remote attacker can exploit this to negotiate SSLv2 ciphers and complete SSLv2 handshakes even if all SSLv2 ciphers have been disabled on the server. Note that this vulnerability only exists if the SSL_OP_NO_SSLv2 option has not been disabled. (CVE-2015-3197) - A man-in-the-middle vulnerability, known as Logjam, exists due to a flaw in the SSL/TLS protocol. A remote attacker can exploit this flaw to downgrade connections using ephemeral Diffie-Hellman key exchange to 512-bit export-grade cryptography. (CVE-2015-4000)
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 89829
    published 2016-03-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89829
    title AIX OpenSSL Advisory : openssl_advisory17.asc (Logjam)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-0631-1.NASL
    description This update for compat-openssl097g fixes the following issues : - CVE-2016-0800 aka the 'DROWN' attack (bsc#968046): OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA padding oracle. This update changes the openssl library to : - Disable SSLv2 protocol support by default. This can be overridden by setting the environment variable 'OPENSSL_ALLOW_SSL2' or by using SSL_CTX_clear_options using the SSL_OP_NO_SSLv2 flag. Note that various services and clients had already disabled SSL protocol 2 by default previously. - Disable all weak EXPORT ciphers by default. These can be reenabled if required by old legacy software using the environment variable 'OPENSSL_ALLOW_EXPORT'. - CVE-2016-0705 (bnc#968047): A double free() bug in the DSA ASN1 parser code was fixed that could be abused to facilitate a denial-of-service attack. - CVE-2016-0797 (bnc#968048): The BN_hex2bn() and BN_dec2bn() functions had a bug that could result in an attempt to de-reference a NULL pointer leading to crashes. This could have security consequences if these functions were ever called by user applications with large untrusted hex/decimal data. Also, internal usage of these functions in OpenSSL uses data from config files or application command line arguments. If user developed applications generated config file data based on untrusted data, then this could have had security consequences as well. - CVE-2016-0799 (bnc#968374) On many 64 bit systems, the internal fmtstr() and doapr_outch() functions could miscalculate the length of a string and attempt to access out-of-bounds memory locations. These problems could have enabled attacks where large amounts of untrusted data is passed to the BIO_*printf functions. If applications use these functions in this way then they could have been vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could have been vulnerable if the data is from untrusted sources. OpenSSL command line applications could also have been vulnerable when they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable. - CVE-2016-0800 aka the 'DROWN' attack (bsc#968046): OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA padding oracle. This update changes the openssl library to : - Disable SSLv2 protocol support by default. This can be overridden by setting the environment variable 'OPENSSL_ALLOW_SSL2' or by using SSL_CTX_clear_options using the SSL_OP_NO_SSLv2 flag. Note that various services and clients had already disabled SSL protocol 2 by default previously. - Disable all weak EXPORT ciphers by default. These can be reenabled if required by old legacy software using the environment variable 'OPENSSL_ALLOW_EXPORT'. - CVE-2016-0705 (bnc#968047): A double free() bug in the DSA ASN1 parser code was fixed that could be abused to facilitate a denial-of-service attack. - CVE-2016-0797 (bnc#968048): The BN_hex2bn() and BN_dec2bn() functions had a bug that could result in an attempt to de-reference a NULL pointer leading to crashes. This could have security consequences if these functions were ever called by user applications with large untrusted hex/decimal data. Also, internal usage of these functions in OpenSSL uses data from config files or application command line arguments. If user developed applications generated config file data based on untrusted data, then this could have had security consequences as well. - CVE-2016-0799 (bnc#968374) On many 64 bit systems, the internal fmtstr() and doapr_outch() functions could miscalculate the length of a string and attempt to access out-of-bounds memory locations. These problems could have enabled attacks where large amounts of untrusted data is passed to the BIO_*printf functions. If applications use these functions in this way then they could have been vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could have been vulnerable if the data is from untrusted sources. OpenSSL command line applications could also have been vulnerable when they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable. - CVE-2015-3197 (bsc#963415): The SSLv2 protocol did not block disabled ciphers. Note that the March 1st 2016 release also references following CVEs that were fixed by us with CVE-2015-0293 in 2015 : - CVE-2016-0703 (bsc#968051): This issue only affected versions of OpenSSL prior to March 19th 2015 at which time the code was refactored to address vulnerability CVE-2015-0293. It would have made the above 'DROWN' attack much easier. - CVE-2016-0704 (bsc#968053): 'Bleichenbacher oracle in SSLv2' This issue only affected versions of OpenSSL prior to March 19th 2015 at which time the code was refactored to address vulnerability CVE-2015-0293. It would have made the above 'DROWN' attack much easier. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 89722
    published 2016-03-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89722
    title SUSE SLED11 Security Update : compat-openssl097g (SUSE-SU-2016:0631-1) (DROWN)
  • NASL family Web Servers
    NASL id OPENSSL_1_0_1R.NASL
    description According to its banner, the remote host is running a version of OpenSSL 1.0.1 prior to 1.0.1r. It is, therefore, affected by the following vulnerabilities : - A cipher algorithm downgrade vulnerability exists due to a flaw that is triggered when handling cipher negotiation. A remote attacker can exploit this to negotiate SSLv2 ciphers and complete SSLv2 handshakes even if all SSLv2 ciphers have been disabled on the server. Note that this vulnerability only exists if the SSL_OP_NO_SSLv2 option has not been disabled. (CVE-2015-3197) - A man-in-the-middle vulnerability, known as Logjam, exists due to a flaw in the SSL/TLS protocol. A remote attacker can exploit this flaw to downgrade connections using ephemeral Diffie-Hellman key exchange to 512-bit export-grade cryptography. (CVE-2015-4000)
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 88529
    published 2016-02-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88529
    title OpenSSL 1.0.1 < 1.0.1r Multiple Vulnerabilities (Logjam)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2016-0071.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - To disable SSLv2 client connections create the file /etc/sysconfig/openssl-ssl-client-kill-sslv2 (John Haxby) [orabug 21673934] - Backport openssl 08-Jan-2015 security fixes (John Haxby) [orabug 20409893] - fix CVE-2014-3570 - Bignum squaring may produce incorrect results - fix CVE-2014-3571 - DTLS segmentation fault in dtls1_get_record - fix CVE-2014-3572 - ECDHE silently downgrades to ECDH [Client] - fix CVE-2016-0797 - heap corruption in BN_hex2bn and BN_dec2bn - fix CVE-2015-3197 - SSLv2 ciphersuite enforcement - disable SSLv2 in the generic TLS method (can be reenabled by setting environment variable OPENSSL_ENABLE_SSL2) - fix CVE-2015-3195 - X509_ATTRIBUTE memory leak
    last seen 2019-02-21
    modified 2018-07-25
    plugin id 91751
    published 2016-06-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91751
    title OracleVM 3.2 : openssl (OVMSA-2016-0071)
  • NASL family Databases
    NASL id MYSQL_5_7_12_RPM.NASL
    description The version of Oracle MySQL installed on the remote host is 5.7.x prior to 5.7.12. It is, therefore, affected by the following vulnerabilities : - A cipher algorithm downgrade vulnerability exists in the bundled version of OpenSSL due to a flaw that is triggered when handling cipher negotiation. A remote attacker can exploit this to negotiate SSLv2 ciphers and complete SSLv2 handshakes even if all SSLv2 ciphers have been disabled on the server. Note that this vulnerability only exists if the SSL_OP_NO_SSLv2 option has not been disabled. (CVE-2015-3197) - An unspecified flaw exists in the Pluggable Authentication subcomponent that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-0639) - An unspecified flaw exists in the Federated subcomponent that allows a local attacker to impact integrity and availability. (CVE-2016-0642) - An unspecified flaw exists in the DML subcomponent that allows a local attacker to disclose potentially sensitive information. (CVE-2016-0643) - An unspecified flaw exists in the FTS subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-0647) - An unspecified flaw exists in the PS subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-0648) - An unspecified flaw exists in the InnoDB subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-0655) - An unspecified flaw exists in the JSON subcomponent that allows a local attacker to disclose potentially sensitive information. (CVE-2016-0657) - An unspecified flaw exists in the Optimizer subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-0659) - An unspecified flaw exists in the Partition subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-0662) - An unspecified flaw exists in the Security: Privileges subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-0666) - An unspecified flaw exists in the Locking subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-0667) - A key disclosure vulnerability exists in the bundled version of OpenSSL due to improper handling of cache-bank conflicts on the Intel Sandy-bridge microarchitecture. An attacker can exploit this to gain access to RSA key information. (CVE-2016-0702) - A double-free error exists in the bundled version of OpenSSL due to improper validation of user-supplied input when parsing malformed DSA private keys. A remote attacker can exploit this to corrupt memory, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2016-0705) - A NULL pointer dereference flaw exists in the bundled version of OpenSSL in the BN_hex2bn() and BN_dec2bn() functions. A remote attacker can exploit this to trigger a heap corruption, resulting in the execution of arbitrary code. (CVE-2016-0797) - A denial of service vulnerability exists in the bundled version of OpenSSL due to improper handling of invalid usernames. A remote attacker can exploit this, via a specially crafted username, to leak 300 bytes of memory per connection, exhausting available memory resources. (CVE-2016-0798) - Multiple memory corruption issues exist in the bundled version of OpenSSL that allow a remote attacker to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-0799) - A flaw exists in the bundled version of OpenSSL that allows a cross-protocol Bleichenbacher padding oracle attack known as DROWN (Decrypting RSA with Obsolete and Weakened eNcryption). This vulnerability exists due to a flaw in the Secure Sockets Layer Version 2 (SSLv2) implementation, and it allows captured TLS traffic to be decrypted. A man-in-the-middle attacker can exploit this to decrypt the TLS connection by utilizing previously captured traffic and weak cryptography along with a series of specially crafted connections to an SSLv2 server that uses the same private key. (CVE-2016-0800) - A man-in-the-middle spoofing vulnerability exists due to the server hostname not being verified to match a domain name in the Subject's Common Name (CN) or SubjectAltName field of the X.509 certificate. A man-in-the-middle attacker can exploit this, by spoofing the TLS/SSL server via a certificate that appears valid, to disclose sensitive information or manipulate transmitted data. (CVE-2016-2047) - An unspecified flaw exists in the Optimizer subcomponent that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3440, CVE-2017-10378) - An unspecified flaw exists in the Connection subcomponent that allows an unauthenticated, remote attacker to disclose potentially sensitive information. (CVE-2016-5444) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 90834
    published 2016-05-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90834
    title Oracle MySQL 5.7.x < 5.7.12 Multiple Vulnerabilities (RPM Check) (April 2016 CPU) (July 2016 CPU) (October 2017 CPU) (DROWN)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2016-0301.NASL
    description From Red Hat Security Advisory 2016:0301 : Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 (SSLv2) protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN. (CVE-2016-0800) Note: This issue was addressed by disabling the SSLv2 protocol by default when using the 'SSLv23' connection methods, and removing support for weak SSLv2 cipher suites. For more information, refer to the knowledge base article linked to in the References section. A flaw was found in the way malicious SSLv2 clients could negotiate SSLv2 ciphers that have been disabled on the server. This could result in weak SSLv2 ciphers being used for SSLv2 connections, making them vulnerable to man-in-the-middle attacks. (CVE-2015-3197) A side-channel attack was found that makes use of cache-bank conflicts on the Intel Sandy-Bridge microarchitecture. An attacker who has the ability to control code in a thread running on the same hyper-threaded core as the victim's thread that is performing decryption, could use this flaw to recover RSA private keys. (CVE-2016-0702) A double-free flaw was found in the way OpenSSL parsed certain malformed DSA (Digital Signature Algorithm) private keys. An attacker could create specially crafted DSA private keys that, when processed by an application compiled against OpenSSL, could cause the application to crash. (CVE-2016-0705) An integer overflow flaw, leading to a NULL pointer dereference or a heap-based memory corruption, was found in the way some BIGNUM functions of OpenSSL were implemented. Applications that use these functions with large untrusted input could crash or, potentially, execute arbitrary code. (CVE-2016-0797) Red Hat would like to thank the OpenSSL project for reporting these issues. Upstream acknowledges Nimrod Aviram and Sebastian Schinzel as the original reporters of CVE-2016-0800 and CVE-2015-3197; Adam Langley (Google/BoringSSL) as the original reporter of CVE-2016-0705; Yuval Yarom (University of Adelaide and NICTA), Daniel Genkin (Technion and Tel Aviv University), Nadia Heninger (University of Pennsylvania) as the original reporters of CVE-2016-0702; and Guido Vranken as the original reporter of CVE-2016-0797. All openssl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 89064
    published 2016-03-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89064
    title Oracle Linux 6 / 7 : openssl (ELSA-2016-0301) (DROWN)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-0641-1.NASL
    description This update for compat-openssl098 fixes various security issues and bugs : Security issues fixed : - CVE-2016-0800 aka the 'DROWN' attack (bsc#968046): OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA padding oracle. This update changes the openssl library to : - Disable SSLv2 protocol support by default. This can be overridden by setting the environment variable 'OPENSSL_ALLOW_SSL2' or by using SSL_CTX_clear_options using the SSL_OP_NO_SSLv2 flag. Note that various services and clients had already disabled SSL protocol 2 by default previously. - Disable all weak EXPORT ciphers by default. These can be reenabled if required by old legacy software using the environment variable 'OPENSSL_ALLOW_EXPORT'. - CVE-2016-0797 (bnc#968048): The BN_hex2bn() and BN_dec2bn() functions had a bug that could result in an attempt to de-reference a NULL pointer leading to crashes. This could have security consequences if these functions were ever called by user applications with large untrusted hex/decimal data. Also, internal usage of these functions in OpenSSL uses data from config files or application command line arguments. If user developed applications generated config file data based on untrusted data, then this could have had security consequences as well. - CVE-2016-0799 (bnc#968374) On many 64 bit systems, the internal fmtstr() and doapr_outch() functions could miscalculate the length of a string and attempt to access out-of-bounds memory locations. These problems could have enabled attacks where large amounts of untrusted data is passed to the BIO_*printf functions. If applications use these functions in this way then they could have been vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could have been vulnerable if the data is from untrusted sources. OpenSSL command line applications could also have been vulnerable when they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable. - CVE-2015-3197 (bsc#963415): The SSLv2 protocol did not block disabled ciphers. Note that the March 1st 2016 release also references following CVEs that were fixed by us with CVE-2015-0293 in 2015 : - CVE-2016-0703 (bsc#968051): This issue only affected versions of OpenSSL prior to March 19th 2015 at which time the code was refactored to address vulnerability CVE-2015-0293. It would have made the above 'DROWN' attack much easier. - CVE-2016-0704 (bsc#968053): 'Bleichenbacher oracle in SSLv2' This issue only affected versions of OpenSSL prior to March 19th 2015 at which time the code was refactored to address vulnerability CVE-2015-0293. It would have made the above 'DROWN' attack much easier. Also fixes the following bug : - Avoid running OPENSSL_config twice. This avoids breaking engine loading and also fixes a memory leak in libssl. (bsc#952871) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 89658
    published 2016-03-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89658
    title SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2016:0641-1) (DROWN)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-E1234B65A2.NASL
    description Update to latest openssl which fixes various CVE's Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-10-18
    plugin id 92185
    published 2016-07-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92185
    title Fedora 23 : mingw-openssl (2016-e1234b65a2)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2016-0302.NASL
    description From Red Hat Security Advisory 2016:0302 : Updated openssl packages that fix three security issues are now available for Red Hat Enterprise Linux 5 Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 (SSLv2) protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN. (CVE-2016-0800) Note: This issue was addressed by disabling the SSLv2 protocol by default when using the 'SSLv23' connection methods, and removing support for weak SSLv2 cipher suites. It is possible to re-enable the SSLv2 protocol in the 'SSLv23' connection methods by default by setting the OPENSSL_ENABLE_SSL2 environment variable before starting an application that needs to have SSLv2 enabled. For more information, refer to the knowledge base article linked to in the References section. A flaw was found in the way malicious SSLv2 clients could negotiate SSLv2 ciphers that have been disabled on the server. This could result in weak SSLv2 ciphers being used for SSLv2 connections, making them vulnerable to man-in-the-middle attacks. (CVE-2015-3197) An integer overflow flaw, leading to a NULL pointer dereference or a heap-based memory corruption, was found in the way some BIGNUM functions of OpenSSL were implemented. Applications that use these functions with large untrusted input could crash or, potentially, execute arbitrary code. (CVE-2016-0797) Red Hat would like to thank the OpenSSL project for reporting these issues. Upstream acknowledges Nimrod Aviram and Sebastian Schinzel as the original reporters of CVE-2016-0800 and CVE-2015-3197; and Guido Vranken as the original reporter of CVE-2016-0797. All openssl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
    last seen 2019-02-21
    modified 2018-07-25
    plugin id 89065
    published 2016-03-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89065
    title Oracle Linux 5 : openssl (ELSA-2016-0302) (DROWN)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-0620-1.NASL
    description This update for openssl fixes various security issues : Security issues fixed : - CVE-2016-0800 aka the 'DROWN' attack (bsc#968046): OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA padding oracle. This update changes the openssl library to : - Disable SSLv2 protocol support by default. This can be overridden by setting the environment variable 'OPENSSL_ALLOW_SSL2' or by using SSL_CTX_clear_options using the SSL_OP_NO_SSLv2 flag. Note that various services and clients had already disabled SSL protocol 2 by default previously. - Disable all weak EXPORT ciphers by default. These can be reenabled if required by old legacy software using the environment variable 'OPENSSL_ALLOW_EXPORT'. - CVE-2016-0702 aka the 'CacheBleed' attack. (bsc#968050) Various changes in the modular exponentation code were added that make sure that it is not possible to recover RSA secret keys by analyzing cache-bank conflicts on the Intel Sandy-Bridge microarchitecture. Note that this was only exploitable if the malicious code was running on the same hyper threaded Intel Sandy Bridge processor as the victim thread performing decryptions. - CVE-2016-0705 (bnc#968047): A double free() bug in the DSA ASN1 parser code was fixed that could be abused to facilitate a denial-of-service attack. - CVE-2016-0797 (bnc#968048): The BN_hex2bn() and BN_dec2bn() functions had a bug that could result in an attempt to de-reference a NULL pointer leading to crashes. This could have security consequences if these functions were ever called by user applications with large untrusted hex/decimal data. Also, internal usage of these functions in OpenSSL uses data from config files or application command line arguments. If user developed applications generated config file data based on untrusted data, then this could have had security consequences as well. - CVE-2016-0798 (bnc#968265) The SRP user database lookup method SRP_VBASE_get_by_user() had a memory leak that attackers could abuse to facility DoS attacks. To mitigate the issue, the seed handling in SRP_VBASE_get_by_user() was disabled even if the user has configured a seed. Applications are advised to migrate to SRP_VBASE_get1_by_user(). - CVE-2016-0799 (bnc#968374) On many 64 bit systems, the internal fmtstr() and doapr_outch() functions could miscalculate the length of a string and attempt to access out-of-bounds memory locations. These problems could have enabled attacks where large amounts of untrusted data is passed to the BIO_*printf functions. If applications use these functions in this way then they could have been vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could have been vulnerable if the data is from untrusted sources. OpenSSL command line applications could also have been vulnerable when they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable. - CVE-2015-3197 (bsc#963415): The SSLv2 protocol did not block disabled ciphers. Note that the March 1st 2016 release also references following CVEs that were fixed by us with CVE-2015-0293 in 2015 : - CVE-2016-0703 (bsc#968051): This issue only affected versions of OpenSSL prior to March 19th 2015 at which time the code was refactored to address vulnerability CVE-2015-0293. It would have made the above 'DROWN' attack much easier. - CVE-2016-0704 (bsc#968053): 'Bleichenbacher oracle in SSLv2' This issue only affected versions of OpenSSL prior to March 19th 2015 at which time the code was refactored to address vulnerability CVE-2015-0293. It would have made the above 'DROWN' attack much easier. Also the following bug was fixed : - Ensure that OpenSSL doesn't fall back to the default digest algorithm (SHA1) in case a non-FIPS algorithm was negotiated while running in FIPS mode. Instead, OpenSSL will refuse the session. (bnc#958501) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 89077
    published 2016-03-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89077
    title SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2016:0620-1) (DROWN)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201601-05.NASL
    description The remote host is affected by the vulnerability described in GLSA-201601-05 (OpenSSL: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in OpenSSL. Please review the upstream advisory and CVE identifiers referenced below for details. Note that the list includes CVE identifiers for an older OpenSSL Security Advisory (3 Dec 2015) for which we have not issued a GLSA before. Impact : A remote attacker could disclose a server’s private DH exponent, or complete SSLv2 handshakes using ciphers that have been disabled on the server. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-12-18
    plugin id 88586
    published 2016-02-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88586
    title GLSA-201601-05 : OpenSSL: Multiple vulnerabilities
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2016-0031.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - fix CVE-2016-0702 - side channel attack on modular exponentiation - fix CVE-2016-0705 - double-free in DSA private key parsing - fix CVE-2016-0797 - heap corruption in BN_hex2bn and BN_dec2bn - fix CVE-2015-3197 - SSLv2 ciphersuite enforcement - disable SSLv2 in the generic TLS method
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 89066
    published 2016-03-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89066
    title OracleVM 3.3 : openssl (OVMSA-2016-0031)
  • NASL family Databases
    NASL id MYSQL_5_6_30.NASL
    description The version of MySQL running on the remote host is 5.6.x prior to 5.6.30. It is, therefore, affected by multiple vulnerabilities : - A cipher algorithm downgrade vulnerability exists in the bundled version of OpenSSL due to a flaw that is triggered when handling cipher negotiation. A remote attacker can exploit this to negotiate SSLv2 ciphers and complete SSLv2 handshakes even if all SSLv2 ciphers have been disabled on the server. Note that this vulnerability only exists if the SSL_OP_NO_SSLv2 option has not been disabled. (CVE-2015-3197) - An unspecified flaw exists in the Pluggable Authentication subcomponent that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-0639) - An unspecified flaw exists in the Federated subcomponent that allows an authenticated, remote attacker to impact integrity and availability. (CVE-2016-0642) - An unspecified flaw exists in the DML subcomponent that allows an authenticated, remote attacker to disclose sensitive information. (CVE-2016-0643) - An unspecified flaw exists in the FTS subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0647) - An unspecified flaw exists in the PS subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0647) - An unspecified flaw exists in the InnoDB subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0655) - An unspecified flaw exists in the Security: Privileges subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0666) - A key disclosure vulnerability exists in the bundled version of OpenSSL due to improper handling of cache-bank conflicts on the Intel Sandy-bridge microarchitecture. An attacker can exploit this to gain access to RSA key information. (CVE-2016-0702) - A double-free error exists in the bundled version of OpenSSL due to improper validation of user-supplied input when parsing malformed DSA private keys. A remote attacker can exploit this to corrupt memory, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2016-0705) - A NULL pointer dereference flaw exists in the bundled version of OpenSSL in the BN_hex2bn() and BN_dec2bn() functions. A remote attacker can exploit this to trigger a heap corruption, resulting in the execution of arbitrary code. (CVE-2016-0797) - A denial of service vulnerability exists in the bundled version of OpenSSL due to improper handling of invalid usernames. A remote attacker can exploit this, via a specially crafted username, to leak 300 bytes of memory per connection, exhausting available memory resources. (CVE-2016-0798) - Multiple memory corruption issues exist in the bundled version of OpenSSL that allow a remote attacker to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-0799) - A flaw exists in the bundled version of OpenSSL that allows a cross-protocol Bleichenbacher padding oracle attack known as DROWN (Decrypting RSA with Obsolete and Weakened eNcryption). This vulnerability exists due to a flaw in the Secure Sockets Layer Version 2 (SSLv2) implementation, and it allows captured TLS traffic to be decrypted. A man-in-the-middle attacker can exploit this to decrypt the TLS connection by utilizing previously captured traffic and weak cryptography along with a series of specially crafted connections to an SSLv2 server that uses the same private key. (CVE-2016-0800) - A man-in-the-middle spoofing vulnerability exists due to the server hostname not being verified to match a domain name in the Subject's Common Name (CN) or SubjectAltName field of the X.509 certificate. A man-in-the-middle attacker can exploit this, by spoofing the TLS/SSL server via a certificate that appears valid, to disclose sensitive information or manipulate transmitted data. (CVE-2016-2047) - A flaw exists related to certificate validation due to the server hostname not being verified to match a domain name in the X.509 certificate. A man-in-the-middle attacker can exploit this, by spoofing the TLS/SSL server via a certificate that appears valid, to disclose sensitive information or manipulate data. - An integer overflow condition exists that is triggered due to improper validation of user-supplied input when processing client handshakes. An authenticated, remote attacker can exploit this to cause the server to exit, resulting in a denial of service condition. - An information disclosure vulnerability exists due to overly verbose error messages returning part of the SQL statement that produced them. An authenticated, remote attacker can exploit this to disclose sensitive information.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 90683
    published 2016-04-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90683
    title MySQL 5.6.x < 5.6.30 Multiple Vulnerabilities (DROWN)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-292.NASL
    description This update for openssl fixes various security issues : Security issues fixed : - CVE-2016-0800 aka the 'DROWN' attack (bsc#968046): OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA padding oracle. This update changes the openssl library to : - Disable SSLv2 protocol support by default. This can be overridden by setting the environment variable 'OPENSSL_ALLOW_SSL2' or by using SSL_CTX_clear_options using the SSL_OP_NO_SSLv2 flag. Note that various services and clients had already disabled SSL protocol 2 by default previously. - Disable all weak EXPORT ciphers by default. These can be reenabled if required by old legacy software using the environment variable 'OPENSSL_ALLOW_EXPORT'. - CVE-2016-0702 aka the 'CacheBleed' attack. (bsc#968050) Various changes in the modular exponentation code were added that make sure that it is not possible to recover RSA secret keys by analyzing cache-bank conflicts on the Intel Sandy-Bridge microarchitecture. Note that this was only exploitable if the malicious code was running on the same hyper threaded Intel Sandy Bridge processor as the victim thread performing decryptions. - CVE-2016-0705 (bnc#968047): A double free() bug in the DSA ASN1 parser code was fixed that could be abused to facilitate a denial-of-service attack. - CVE-2016-0797 (bnc#968048): The BN_hex2bn() and BN_dec2bn() functions had a bug that could result in an attempt to de-reference a NULL pointer leading to crashes. This could have security consequences if these functions were ever called by user applications with large untrusted hex/decimal data. Also, internal usage of these functions in OpenSSL uses data from config files or application command line arguments. If user developed applications generated config file data based on untrusted data, then this could have had security consequences as well. - CVE-2016-0798 (bnc#968265) The SRP user database lookup method SRP_VBASE_get_by_user() had a memory leak that attackers could abuse to facility DoS attacks. To mitigate the issue, the seed handling in SRP_VBASE_get_by_user() was disabled even if the user has configured a seed. Applications are advised to migrate to SRP_VBASE_get1_by_user(). - CVE-2016-0799 (bnc#968374) On many 64 bit systems, the internal fmtstr() and doapr_outch() functions could miscalculate the length of a string and attempt to access out-of-bounds memory locations. These problems could have enabled attacks where large amounts of untrusted data is passed to the BIO_*printf functions. If applications use these functions in this way then they could have been vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could have been vulnerable if the data is from untrusted sources. OpenSSL command line applications could also have been vulnerable when they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable. - CVE-2015-3197 (bsc#963415): The SSLv2 protocol did not block disabled ciphers. Note that the March 1st 2016 release also references following CVEs that were fixed by us with CVE-2015-0293 in 2015 : - CVE-2016-0703 (bsc#968051): This issue only affected versions of OpenSSL prior to March 19th 2015 at which time the code was refactored to address vulnerability CVE-2015-0293. It would have made the above 'DROWN' attack much easier. - CVE-2016-0704 (bsc#968053): 'Bleichenbacher oracle in SSLv2' This issue only affected versions of OpenSSL prior to March 19th 2015 at which time the code was refactored to address vulnerability CVE-2015-0293. It would have made the above 'DROWN' attack much easier.
    last seen 2019-02-21
    modified 2016-10-13
    plugin id 89092
    published 2016-03-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89092
    title openSUSE Security Update : openssl (openSUSE-2016-292) (DROWN)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-0617-1.NASL
    description This update for openssl fixes various security issues and bugs : Security issues fixed : - CVE-2016-0800 aka the 'DROWN' attack (bsc#968046): OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA padding oracle. This update changes the openssl library to : - Disable SSLv2 protocol support by default. This can be overridden by setting the environment variable 'OPENSSL_ALLOW_SSL2' or by using SSL_CTX_clear_options using the SSL_OP_NO_SSLv2 flag. Note that various services and clients had already disabled SSL protocol 2 by default previously. - Disable all weak EXPORT ciphers by default. These can be reenabled if required by old legacy software using the environment variable 'OPENSSL_ALLOW_EXPORT'. - CVE-2016-0702 aka the 'CacheBleed' attack. (bsc#968050) Various changes in the modular exponentation code were added that make sure that it is not possible to recover RSA secret keys by analyzing cache-bank conflicts on the Intel Sandy-Bridge microarchitecture. Note that this was only exploitable if the malicious code was running on the same hyper threaded Intel Sandy Bridge processor as the victim thread performing decryptions. - CVE-2016-0705 (bnc#968047): A double free() bug in the DSA ASN1 parser code was fixed that could be abused to facilitate a denial-of-service attack. - CVE-2016-0797 (bnc#968048): The BN_hex2bn() and BN_dec2bn() functions had a bug that could result in an attempt to de-reference a NULL pointer leading to crashes. This could have security consequences if these functions were ever called by user applications with large untrusted hex/decimal data. Also, internal usage of these functions in OpenSSL uses data from config files or application command line arguments. If user developed applications generated config file data based on untrusted data, then this could have had security consequences as well. - CVE-2016-0798 (bnc#968265) The SRP user database lookup method SRP_VBASE_get_by_user() had a memory leak that attackers could abuse to facility DoS attacks. To mitigate the issue, the seed handling in SRP_VBASE_get_by_user() was disabled even if the user has configured a seed. Applications are advised to migrate to SRP_VBASE_get1_by_user(). - CVE-2016-0799 (bnc#968374) On many 64 bit systems, the internal fmtstr() and doapr_outch() functions could miscalculate the length of a string and attempt to access out-of-bounds memory locations. These problems could have enabled attacks where large amounts of untrusted data is passed to the BIO_*printf functions. If applications use these functions in this way then they could have been vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could have been vulnerable if the data is from untrusted sources. OpenSSL command line applications could also have been vulnerable when they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable. - CVE-2015-3197 (bsc#963415): The SSLv2 protocol did not block disabled ciphers. Note that the March 1st 2016 release also references following CVEs that were fixed by us with CVE-2015-0293 in 2015 : - CVE-2016-0703 (bsc#968051): This issue only affected versions of OpenSSL prior to March 19th 2015 at which time the code was refactored to address vulnerability CVE-2015-0293. It would have made the above 'DROWN' attack much easier. - CVE-2016-0704 (bsc#968053): 'Bleichenbacher oracle in SSLv2' This issue only affected versions of OpenSSL prior to March 19th 2015 at which time the code was refactored to address vulnerability CVE-2015-0293. It would have made the above 'DROWN' attack much easier. Bugs fixed : - Avoid running OPENSSL_config twice. This avoids breaking engine loading. (bsc#952871) - Ensure that OpenSSL doesn't fall back to the default digest algorithm (SHA1) in case a non-FIPS algorithm was negotiated while running in FIPS mode. Instead, OpenSSL will refuse the digest. (bnc#958501) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 89076
    published 2016-03-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89076
    title SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2016:0617-1) (DROWN)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-289.NASL
    description This update for openssl fixes various security issues : Security issues fixed : - CVE-2016-0800 aka the 'DROWN' attack (bsc#968046): OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA padding oracle. This update changes the openssl library to : - Disable SSLv2 protocol support by default. This can be overridden by setting the environment variable 'OPENSSL_ALLOW_SSL2' or by using SSL_CTX_clear_options using the SSL_OP_NO_SSLv2 flag. Note that various services and clients had already disabled SSL protocol 2 by default previously. - Disable all weak EXPORT ciphers by default. These can be reenabled if required by old legacy software using the environment variable 'OPENSSL_ALLOW_EXPORT'. - CVE-2016-0702 aka the 'CacheBleed' attack. (bsc#968050) Various changes in the modular exponentation code were added that make sure that it is not possible to recover RSA secret keys by analyzing cache-bank conflicts on the Intel Sandy-Bridge microarchitecture. Note that this was only exploitable if the malicious code was running on the same hyper threaded Intel Sandy Bridge processor as the victim thread performing decryptions. - CVE-2016-0705 (bnc#968047): A double free() bug in the DSA ASN1 parser code was fixed that could be abused to facilitate a denial-of-service attack. - CVE-2016-0797 (bnc#968048): The BN_hex2bn() and BN_dec2bn() functions had a bug that could result in an attempt to de-reference a NULL pointer leading to crashes. This could have security consequences if these functions were ever called by user applications with large untrusted hex/decimal data. Also, internal usage of these functions in OpenSSL uses data from config files or application command line arguments. If user developed applications generated config file data based on untrusted data, then this could have had security consequences as well. - CVE-2016-0798 (bnc#968265) The SRP user database lookup method SRP_VBASE_get_by_user() had a memory leak that attackers could abuse to facility DoS attacks. To mitigate the issue, the seed handling in SRP_VBASE_get_by_user() was disabled even if the user has configured a seed. Applications are advised to migrate to SRP_VBASE_get1_by_user(). - CVE-2016-0799 (bnc#968374) On many 64 bit systems, the internal fmtstr() and doapr_outch() functions could miscalculate the length of a string and attempt to access out-of-bounds memory locations. These problems could have enabled attacks where large amounts of untrusted data is passed to the BIO_*printf functions. If applications use these functions in this way then they could have been vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could have been vulnerable if the data is from untrusted sources. OpenSSL command line applications could also have been vulnerable when they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable. - CVE-2015-3197 (bsc#963415): The SSLv2 protocol did not block disabled ciphers. Note that the March 1st 2016 release also references following CVEs that were fixed by us with CVE-2015-0293 in 2015 : - CVE-2016-0703 (bsc#968051): This issue only affected versions of OpenSSL prior to March 19th 2015 at which time the code was refactored to address vulnerability CVE-2015-0293. It would have made the above 'DROWN' attack much easier. - CVE-2016-0704 (bsc#968053): 'Bleichenbacher oracle in SSLv2' This issue only affected versions of OpenSSL prior to March 19th 2015 at which time the code was refactored to address vulnerability CVE-2015-0293. It would have made the above 'DROWN' attack much easier. Also the following bug was fixed : - Ensure that OpenSSL doesn't fall back to the default digest algorithm (SHA1) in case a non-FIPS algorithm was negotiated while running in FIPS mode. Instead, OpenSSL will refuse the session. (bnc#958501) This update was imported from the SUSE:SLE-12-SP1:Update update project.
    last seen 2019-02-21
    modified 2016-10-13
    plugin id 89091
    published 2016-03-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89091
    title openSUSE Security Update : openssl (openSUSE-2016-289) (DROWN)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2016-0372.NASL
    description Updated openssl098e packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 (SSLv2) protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN. (CVE-2016-0800) Note: This issue was addressed by disabling the SSLv2 protocol by default when using the 'SSLv23' connection methods, and removing support for weak SSLv2 cipher suites. For more information, refer to the knowledge base article linked to in the References section. It was discovered that the SSLv2 servers using OpenSSL accepted SSLv2 connection handshakes that indicated non-zero clear key length for non-export cipher suites. An attacker could use this flaw to decrypt recorded SSLv2 sessions with the server by using it as a decryption oracle.(CVE-2016-0703) It was discovered that the SSLv2 protocol implementation in OpenSSL did not properly implement the Bleichenbacher protection for export cipher suites. An attacker could use a SSLv2 server using OpenSSL as a Bleichenbacher oracle. (CVE-2016-0704) Note: The CVE-2016-0703 and CVE-2016-0704 issues could allow for more efficient exploitation of the CVE-2016-0800 issue via the DROWN attack. A denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled. (CVE-2015-0293) A flaw was found in the way malicious SSLv2 clients could negotiate SSLv2 ciphers that have been disabled on the server. This could result in weak SSLv2 ciphers being used for SSLv2 connections, making them vulnerable to man-in-the-middle attacks. (CVE-2015-3197) Red Hat would like to thank the OpenSSL project for reporting these issues. Upstream acknowledges Nimrod Aviram and Sebastian Schinzel as the original reporters of CVE-2016-0800 and CVE-2015-3197; David Adrian (University of Michigan) and J. Alex Halderman (University of Michigan) as the original reporters of CVE-2016-0703 and CVE-2016-0704; and Sean Burford (Google) and Emilia Kasper (OpenSSL development team) as the original reporters of CVE-2015-0293. All openssl098e users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the openssl098e library must be restarted, or the system rebooted.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 89773
    published 2016-03-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89773
    title RHEL 6 / 7 : openssl098e (RHSA-2016:0372) (DROWN)
  • NASL family Databases
    NASL id MYSQL_5_6_30_RPM.NASL
    description The version of Oracle MySQL installed on the remote host is 5.6.x prior to 5.6.30. It is, therefore, affected by the following vulnerabilities : - A cipher algorithm downgrade vulnerability exists in the bundled version of OpenSSL due to a flaw that is triggered when handling cipher negotiation. A remote attacker can exploit this to negotiate SSLv2 ciphers and complete SSLv2 handshakes even if all SSLv2 ciphers have been disabled on the server. Note that this vulnerability only exists if the SSL_OP_NO_SSLv2 option has not been disabled. (CVE-2015-3197) - An unspecified flaw exists in the Pluggable Authentication subcomponent that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-0639) - An unspecified flaw exists in the Federated subcomponent that allows a local attacker to impact integrity and availability. (CVE-2016-0642) - An unspecified flaw exists in the DML subcomponent that allows a local attacker to disclose potentially sensitive information. (CVE-2016-0643) - An unspecified flaw exists in the FTS subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-0647) - An unspecified flaw exists in the PS subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-0648) - An unspecified flaw exists in the InnoDB subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-0655) - An unspecified flaw exists in the Security: Privileges subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-0666) - A key disclosure vulnerability exists in the bundled version of OpenSSL due to improper handling of cache-bank conflicts on the Intel Sandy-bridge microarchitecture. An attacker can exploit this to gain access to RSA key information. (CVE-2016-0702) - A double-free error exists in the bundled version of OpenSSL due to improper validation of user-supplied input when parsing malformed DSA private keys. A remote attacker can exploit this to corrupt memory, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2016-0705) - A NULL pointer dereference flaw exists in the bundled version of OpenSSL in the BN_hex2bn() and BN_dec2bn() functions. A remote attacker can exploit this to trigger a heap corruption, resulting in the execution of arbitrary code. (CVE-2016-0797) - A denial of service vulnerability exists in the bundled version of OpenSSL due to improper handling of invalid usernames. A remote attacker can exploit this, via a specially crafted username, to leak 300 bytes of memory per connection, exhausting available memory resources. (CVE-2016-0798) - Multiple memory corruption issues exist in the bundled version of OpenSSL that allow a remote attacker to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-0799) - A flaw exists in the bundled version of OpenSSL that allows a cross-protocol Bleichenbacher padding oracle attack known as DROWN (Decrypting RSA with Obsolete and Weakened eNcryption). This vulnerability exists due to a flaw in the Secure Sockets Layer Version 2 (SSLv2) implementation, and it allows captured TLS traffic to be decrypted. A man-in-the-middle attacker can exploit this to decrypt the TLS connection by utilizing previously captured traffic and weak cryptography along with a series of specially crafted connections to an SSLv2 server that uses the same private key. (CVE-2016-0800) - A man-in-the-middle spoofing vulnerability exists due to the server hostname not being verified to match a domain name in the Subject's Common Name (CN) or SubjectAltName field of the X.509 certificate. A man-in-the-middle attacker can exploit this, by spoofing the TLS/SSL server via a certificate that appears valid, to disclose sensitive information or manipulate transmitted data. (CVE-2016-2047) - An unspecified flaw exists in the Security: Encryption subcomponent that allows an unauthenticated, remote attacker to disclose potentially sensitive information. (CVE-2016-3452) - An unspecified flaw exists in the Connection subcomponent that allows an unauthenticated, remote attacker to disclose potentially sensitive information. (CVE-2016-5444)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 90832
    published 2016-05-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90832
    title Oracle MySQL 5.6.x < 5.6.30 Multiple Vulnerabilities (April 2016 CPU) (July 2016 CPU) (DROWN)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-0624-1.NASL
    description This update for openssl fixes various security issues and bugs : Security issues fixed : - CVE-2016-0800 aka the 'DROWN' attack (bsc#968046): OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA padding oracle. This update changes the openssl library to : - Disable SSLv2 protocol support by default. This can be overridden by setting the environment variable 'OPENSSL_ALLOW_SSL2' or by using SSL_CTX_clear_options using the SSL_OP_NO_SSLv2 flag. Note that various services and clients had already disabled SSL protocol 2 by default previously. - Disable all weak EXPORT ciphers by default. These can be reenabled if required by old legacy software using the environment variable 'OPENSSL_ALLOW_EXPORT'. - CVE-2016-0705 (bnc#968047): A double free() bug in the DSA ASN1 parser code was fixed that could be abused to facilitate a denial-of-service attack. - CVE-2016-0797 (bnc#968048): The BN_hex2bn() and BN_dec2bn() functions had a bug that could result in an attempt to de-reference a NULL pointer leading to crashes. This could have security consequences if these functions were ever called by user applications with large untrusted hex/decimal data. Also, internal usage of these functions in OpenSSL uses data from config files or application command line arguments. If user developed applications generated config file data based on untrusted data, then this could have had security consequences as well. - CVE-2016-0799 (bnc#968374) On many 64 bit systems, the internal fmtstr() and doapr_outch() functions could miscalculate the length of a string and attempt to access out-of-bounds memory locations. These problems could have enabled attacks where large amounts of untrusted data is passed to the BIO_*printf functions. If applications use these functions in this way then they could have been vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could have been vulnerable if the data is from untrusted sources. OpenSSL command line applications could also have been vulnerable when they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable. - CVE-2015-3197 (bsc#963415): The SSLv2 protocol did not block disabled ciphers. Note that the March 1st 2016 release also references following CVEs that were fixed by us with CVE-2015-0293 in 2015 : - CVE-2016-0703 (bsc#968051): This issue only affected versions of OpenSSL prior to March 19th 2015 at which time the code was refactored to address vulnerability CVE-2015-0293. It would have made the above 'DROWN' attack much easier. - CVE-2016-0704 (bsc#968053): 'Bleichenbacher oracle in SSLv2' This issue only affected versions of OpenSSL prior to March 19th 2015 at which time the code was refactored to address vulnerability CVE-2015-0293. It would have made the above 'DROWN' attack much easier. Also fixes the following bug : - Avoid running OPENSSL_config twice. This avoids breaking engine loading and also fixes a memory leak in libssl. (bsc#952871 bsc#967787) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 89655
    published 2016-03-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89655
    title SUSE SLED11 / SLES11 Security Update : openssl (SUSE-SU-2016:0624-1) (DROWN)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20160301_OPENSSL_ON_SL6_X.NASL
    description A padding oracle flaw was found in the Secure Sockets Layer version 2.0 (SSLv2) protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN. (CVE-2016-0800) A flaw was found in the way malicious SSLv2 clients could negotiate SSLv2 ciphers that have been disabled on the server. This could result in weak SSLv2 ciphers being used for SSLv2 connections, making them vulnerable to man-in-the-middle attacks. (CVE-2015-3197) A side-channel attack was found that makes use of cache-bank conflicts on the Intel Sandy-Bridge microarchitecture. An attacker who has the ability to control code in a thread running on the same hyper-threaded core as the victim's thread that is performing decryption, could use this flaw to recover RSA private keys. (CVE-2016-0702) A double-free flaw was found in the way OpenSSL parsed certain malformed DSA (Digital Signature Algorithm) private keys. An attacker could create specially crafted DSA private keys that, when processed by an application compiled against OpenSSL, could cause the application to crash. (CVE-2016-0705) An integer overflow flaw, leading to a NULL pointer dereference or a heap- based memory corruption, was found in the way some BIGNUM functions of OpenSSL were implemented. Applications that use these functions with large untrusted input could crash or, potentially, execute arbitrary code. (CVE-2016-0797) For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
    last seen 2019-02-21
    modified 2018-12-28
    plugin id 89075
    published 2016-03-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89075
    title Scientific Linux Security Update : openssl on SL6.x, SL7.x i386/x86_64 (DROWN)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2016-0301.NASL
    description Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 (SSLv2) protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN. (CVE-2016-0800) Note: This issue was addressed by disabling the SSLv2 protocol by default when using the 'SSLv23' connection methods, and removing support for weak SSLv2 cipher suites. For more information, refer to the knowledge base article linked to in the References section. A flaw was found in the way malicious SSLv2 clients could negotiate SSLv2 ciphers that have been disabled on the server. This could result in weak SSLv2 ciphers being used for SSLv2 connections, making them vulnerable to man-in-the-middle attacks. (CVE-2015-3197) A side-channel attack was found that makes use of cache-bank conflicts on the Intel Sandy-Bridge microarchitecture. An attacker who has the ability to control code in a thread running on the same hyper-threaded core as the victim's thread that is performing decryption, could use this flaw to recover RSA private keys. (CVE-2016-0702) A double-free flaw was found in the way OpenSSL parsed certain malformed DSA (Digital Signature Algorithm) private keys. An attacker could create specially crafted DSA private keys that, when processed by an application compiled against OpenSSL, could cause the application to crash. (CVE-2016-0705) An integer overflow flaw, leading to a NULL pointer dereference or a heap-based memory corruption, was found in the way some BIGNUM functions of OpenSSL were implemented. Applications that use these functions with large untrusted input could crash or, potentially, execute arbitrary code. (CVE-2016-0797) Red Hat would like to thank the OpenSSL project for reporting these issues. Upstream acknowledges Nimrod Aviram and Sebastian Schinzel as the original reporters of CVE-2016-0800 and CVE-2015-3197; Adam Langley (Google/BoringSSL) as the original reporter of CVE-2016-0705; Yuval Yarom (University of Adelaide and NICTA), Daniel Genkin (Technion and Tel Aviv University), Nadia Heninger (University of Pennsylvania) as the original reporters of CVE-2016-0702; and Guido Vranken as the original reporter of CVE-2016-0797. All openssl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 89059
    published 2016-03-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89059
    title CentOS 6 / 7 : openssl (CESA-2016:0301) (DROWN)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2016-0372.NASL
    description Updated openssl098e packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 (SSLv2) protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN. (CVE-2016-0800) Note: This issue was addressed by disabling the SSLv2 protocol by default when using the 'SSLv23' connection methods, and removing support for weak SSLv2 cipher suites. For more information, refer to the knowledge base article linked to in the References section. It was discovered that the SSLv2 servers using OpenSSL accepted SSLv2 connection handshakes that indicated non-zero clear key length for non-export cipher suites. An attacker could use this flaw to decrypt recorded SSLv2 sessions with the server by using it as a decryption oracle.(CVE-2016-0703) It was discovered that the SSLv2 protocol implementation in OpenSSL did not properly implement the Bleichenbacher protection for export cipher suites. An attacker could use a SSLv2 server using OpenSSL as a Bleichenbacher oracle. (CVE-2016-0704) Note: The CVE-2016-0703 and CVE-2016-0704 issues could allow for more efficient exploitation of the CVE-2016-0800 issue via the DROWN attack. A denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled. (CVE-2015-0293) A flaw was found in the way malicious SSLv2 clients could negotiate SSLv2 ciphers that have been disabled on the server. This could result in weak SSLv2 ciphers being used for SSLv2 connections, making them vulnerable to man-in-the-middle attacks. (CVE-2015-3197) Red Hat would like to thank the OpenSSL project for reporting these issues. Upstream acknowledges Nimrod Aviram and Sebastian Schinzel as the original reporters of CVE-2016-0800 and CVE-2015-3197; David Adrian (University of Michigan) and J. Alex Halderman (University of Michigan) as the original reporters of CVE-2016-0703 and CVE-2016-0704; and Sean Burford (Google) and Emilia Kasper (OpenSSL development team) as the original reporters of CVE-2015-0293. All openssl098e users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the openssl098e library must be restarted, or the system rebooted.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 89762
    published 2016-03-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89762
    title CentOS 6 / 7 : openssl098e (CESA-2016:0372) (DROWN)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2016-0304.NASL
    description Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5.6 and 5.9 Long Life. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 (SSLv2) protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN. (CVE-2016-0800) Note: This issue was addressed by disabling the SSLv2 protocol by default when using the 'SSLv23' connection methods, and removing support for weak SSLv2 cipher suites. It is possible to re-enable the SSLv2 protocol in the 'SSLv23' connection methods by default by setting the OPENSSL_ENABLE_SSL2 environment variable before starting an application that needs to have SSLv2 enabled. For more information, refer to the knowledge base article linked to in the References section. It was discovered that the SSLv2 servers using OpenSSL accepted SSLv2 connection handshakes that indicated non-zero clear key length for non-export cipher suites. An attacker could use this flaw to decrypt recorded SSLv2 sessions with the server by using it as a decryption oracle.(CVE-2016-0703) It was discovered that the SSLv2 protocol implementation in OpenSSL did not properly implement the Bleichenbacher protection for export cipher suites. An attacker could use a SSLv2 server using OpenSSL as a Bleichenbacher oracle. (CVE-2016-0704) Note: The CVE-2016-0703 and CVE-2016-0704 issues could allow for more efficient exploitation of the CVE-2016-0800 issue via the DROWN attack. A denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled. (CVE-2015-0293) A flaw was found in the way malicious SSLv2 clients could negotiate SSLv2 ciphers that have been disabled on the server. This could result in weak SSLv2 ciphers being used for SSLv2 connections, making them vulnerable to man-in-the-middle attacks. (CVE-2015-3197) Red Hat would like to thank the OpenSSL project for reporting these issues. Upstream acknowledges Nimrod Aviram and Sebastian Schinzel as the original reporters of CVE-2016-0800 and CVE-2015-3197; David Adrian (University of Michigan) and J. Alex Halderman (University of Michigan) as the original reporters of CVE-2016-0703 and CVE-2016-0704; and Sean Burford (Google) and Emilia Kasper (OpenSSL development team) as the original reporters of CVE-2015-0293. All openssl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 89070
    published 2016-03-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89070
    title RHEL 5 : openssl (RHSA-2016:0304) (DROWN)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2016-0305.NASL
    description Updated openssl packages that fix two security issues are now available for Red Hat Enterprise Linux 6.6 and 7.1 Extended Update Support. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 (SSLv2) protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN. (CVE-2016-0800) Note: This issue was addressed by disabling the SSLv2 protocol by default when using the 'SSLv23' connection methods, and removing support for weak SSLv2 cipher suites. For more information, refer to the knowledge base article linked to in the References section. A flaw was found in the way malicious SSLv2 clients could negotiate SSLv2 ciphers that have been disabled on the server. This could result in weak SSLv2 ciphers being used for SSLv2 connections, making them vulnerable to man-in-the-middle attacks. (CVE-2015-3197) Red Hat would like to thank the OpenSSL project for reporting these issues. Upstream acknowledges Nimrod Aviram and Sebastian Schinzel as the original reporters. All openssl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 89071
    published 2016-03-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89071
    title RHEL 6 / 7 : openssl (RHSA-2016:0305) (DROWN)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2017-1039.NASL
    description According to the versions of the openssl098e package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.(CVE-2016-2182) - A denial of service flaw was found in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections form other clients.(CVE-2016-8610) - A flaw was found in the way malicious SSLv2 clients could negotiate SSLv2 ciphers that were disabled on the server. This could result in weak SSLv2 ciphers being used for SSLv2 connections, making them vulnerable to man-in-the-middle attacks.(CVE-2015-3197) - A padding oracle flaw was found in the Secure Sockets Layer version 2.0 (SSLv2) protocol. An attacker could potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN.(CVE-2016-0800) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-14
    plugin id 99884
    published 2017-05-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=99884
    title EulerOS 2.0 SP2 : openssl098e (EulerOS-SA-2017-1039)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-327.NASL
    description This update for compat-openssl098 fixes various security issues and bugs : Security issues fixed : - CVE-2016-0800 aka the 'DROWN' attack (bsc#968046): OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA padding oracle. This update changes the openssl library to : - Disable SSLv2 protocol support by default. This can be overridden by setting the environment variable 'OPENSSL_ALLOW_SSL2' or by using SSL_CTX_clear_options using the SSL_OP_NO_SSLv2 flag. Note that various services and clients had already disabled SSL protocol 2 by default previously. - Disable all weak EXPORT ciphers by default. These can be reenabled if required by old legacy software using the environment variable 'OPENSSL_ALLOW_EXPORT'. - CVE-2016-0797 (bnc#968048): The BN_hex2bn() and BN_dec2bn() functions had a bug that could result in an attempt to de-reference a NULL pointer leading to crashes. This could have security consequences if these functions were ever called by user applications with large untrusted hex/decimal data. Also, internal usage of these functions in OpenSSL uses data from config files or application command line arguments. If user developed applications generated config file data based on untrusted data, then this could have had security consequences as well. - CVE-2016-0799 (bnc#968374) On many 64 bit systems, the internal fmtstr() and doapr_outch() functions could miscalculate the length of a string and attempt to access out-of-bounds memory locations. These problems could have enabled attacks where large amounts of untrusted data is passed to the BIO_*printf functions. If applications use these functions in this way then they could have been vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could have been vulnerable if the data is from untrusted sources. OpenSSL command line applications could also have been vulnerable when they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable. - CVE-2015-3197 (bsc#963415): The SSLv2 protocol did not block disabled ciphers. Note that the March 1st 2016 release also references following CVEs that were fixed by us with CVE-2015-0293 in 2015 : - CVE-2016-0703 (bsc#968051): This issue only affected versions of OpenSSL prior to March 19th 2015 at which time the code was refactored to address vulnerability CVE-2015-0293. It would have made the above 'DROWN' attack much easier. - CVE-2016-0704 (bsc#968053): 'Bleichenbacher oracle in SSLv2' This issue only affected versions of OpenSSL prior to March 19th 2015 at which time the code was refactored to address vulnerability CVE-2015-0293. It would have made the above 'DROWN' attack much easier. Also fixes the following bug : - Avoid running OPENSSL_config twice. This avoids breaking engine loading and also fixes a memory leak in libssl. (bsc#952871) This update was imported from the SUSE:SLE-12:Update update project.
    last seen 2019-02-21
    modified 2016-10-13
    plugin id 89910
    published 2016-03-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89910
    title openSUSE Security Update : openssl (openSUSE-2016-327) (DROWN)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20160309_OPENSSL098E_ON_SL6_X.NASL
    description A padding oracle flaw was found in the Secure Sockets Layer version 2.0 (SSLv2) protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN. (CVE-2016-0800) It was discovered that the SSLv2 servers using OpenSSL accepted SSLv2 connection handshakes that indicated non-zero clear key length for non- export cipher suites. An attacker could use this flaw to decrypt recorded SSLv2 sessions with the server by using it as a decryption oracle.(CVE-2016-0703) It was discovered that the SSLv2 protocol implementation in OpenSSL did not properly implement the Bleichenbacher protection for export cipher suites. An attacker could use a SSLv2 server using OpenSSL as a Bleichenbacher oracle. (CVE-2016-0704) Note: The CVE-2016-0703 and CVE-2016-0704 issues could allow for more efficient exploitation of the CVE-2016-0800 issue via the DROWN attack. A denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled. (CVE-2015-0293) A flaw was found in the way malicious SSLv2 clients could negotiate SSLv2 ciphers that have been disabled on the server. This could result in weak SSLv2 ciphers being used for SSLv2 connections, making them vulnerable to man-in-the-middle attacks. (CVE-2015-3197) For the update to take effect, all services linked to the openssl098e library must be restarted, or the system rebooted.
    last seen 2019-02-21
    modified 2018-12-28
    plugin id 89825
    published 2016-03-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89825
    title Scientific Linux Security Update : openssl098e on SL6.x, SL7.x i386/x86_64 (DROWN)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2016-682.NASL
    description A denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled. (CVE-2015-0293) It was discovered that the SSLv2 servers using OpenSSL accepted SSLv2 connection handshakes that indicated non-zero clear key length for non-export cipher suites. An attacker could use this flaw to decrypt recorded SSLv2 sessions with the server by using it as a decryption oracle. (CVE-2016-0703) It was discovered that the SSLv2 protocol implementation in OpenSSL did not properly implement the Bleichenbacher protection for export cipher suites. An attacker could use a SSLv2 server using OpenSSL as a Bleichenbacher oracle. (CVE-2016-0704) A padding oracle flaw was found in the Secure Sockets Layer version 2.0 (SSLv2) protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN. (CVE-2016-0800) A flaw was found in the way malicious SSLv2 clients could negotiate SSLv2 ciphers that have been disabled on the server. This could result in weak SSLv2 ciphers being used for SSLv2 connections, making them vulnerable to man-in-the-middle attacks. (CVE-2015-3197)
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 90364
    published 2016-04-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90364
    title Amazon Linux AMI : openssl098e (ALAS-2016-682) (DROWN)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2016-0372.NASL
    description From Red Hat Security Advisory 2016:0372 : Updated openssl098e packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 (SSLv2) protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN. (CVE-2016-0800) Note: This issue was addressed by disabling the SSLv2 protocol by default when using the 'SSLv23' connection methods, and removing support for weak SSLv2 cipher suites. For more information, refer to the knowledge base article linked to in the References section. It was discovered that the SSLv2 servers using OpenSSL accepted SSLv2 connection handshakes that indicated non-zero clear key length for non-export cipher suites. An attacker could use this flaw to decrypt recorded SSLv2 sessions with the server by using it as a decryption oracle.(CVE-2016-0703) It was discovered that the SSLv2 protocol implementation in OpenSSL did not properly implement the Bleichenbacher protection for export cipher suites. An attacker could use a SSLv2 server using OpenSSL as a Bleichenbacher oracle. (CVE-2016-0704) Note: The CVE-2016-0703 and CVE-2016-0704 issues could allow for more efficient exploitation of the CVE-2016-0800 issue via the DROWN attack. A denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled. (CVE-2015-0293) A flaw was found in the way malicious SSLv2 clients could negotiate SSLv2 ciphers that have been disabled on the server. This could result in weak SSLv2 ciphers being used for SSLv2 connections, making them vulnerable to man-in-the-middle attacks. (CVE-2015-3197) Red Hat would like to thank the OpenSSL project for reporting these issues. Upstream acknowledges Nimrod Aviram and Sebastian Schinzel as the original reporters of CVE-2016-0800 and CVE-2015-3197; David Adrian (University of Michigan) and J. Alex Halderman (University of Michigan) as the original reporters of CVE-2016-0703 and CVE-2016-0704; and Sean Burford (Google) and Emilia Kasper (OpenSSL development team) as the original reporters of CVE-2015-0293. All openssl098e users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the openssl098e library must be restarted, or the system rebooted.
    last seen 2019-02-21
    modified 2018-07-25
    plugin id 89770
    published 2016-03-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89770
    title Oracle Linux 6 / 7 : openssl098e (ELSA-2016-0372) (DROWN)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2017-1040.NASL
    description According to the versions of the openssl098e package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.(CVE-2016-2182) - A denial of service flaw was found in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections form other clients.(CVE-2016-8610) - A flaw was found in the way malicious SSLv2 clients could negotiate SSLv2 ciphers that were disabled on the server. This could result in weak SSLv2 ciphers being used for SSLv2 connections, making them vulnerable to man-in-the-middle attacks.(CVE-2015-3197) - A padding oracle flaw was found in the Secure Sockets Layer version 2.0 (SSLv2) protocol. An attacker could potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN.(CVE-2016-0800) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-14
    plugin id 99885
    published 2017-05-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=99885
    title EulerOS 2.0 SP1 : openssl098e (EulerOS-SA-2017-1040)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2016-0302.NASL
    description Updated openssl packages that fix three security issues are now available for Red Hat Enterprise Linux 5 Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 (SSLv2) protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN. (CVE-2016-0800) Note: This issue was addressed by disabling the SSLv2 protocol by default when using the 'SSLv23' connection methods, and removing support for weak SSLv2 cipher suites. It is possible to re-enable the SSLv2 protocol in the 'SSLv23' connection methods by default by setting the OPENSSL_ENABLE_SSL2 environment variable before starting an application that needs to have SSLv2 enabled. For more information, refer to the knowledge base article linked to in the References section. A flaw was found in the way malicious SSLv2 clients could negotiate SSLv2 ciphers that have been disabled on the server. This could result in weak SSLv2 ciphers being used for SSLv2 connections, making them vulnerable to man-in-the-middle attacks. (CVE-2015-3197) An integer overflow flaw, leading to a NULL pointer dereference or a heap-based memory corruption, was found in the way some BIGNUM functions of OpenSSL were implemented. Applications that use these functions with large untrusted input could crash or, potentially, execute arbitrary code. (CVE-2016-0797) Red Hat would like to thank the OpenSSL project for reporting these issues. Upstream acknowledges Nimrod Aviram and Sebastian Schinzel as the original reporters of CVE-2016-0800 and CVE-2015-3197; and Guido Vranken as the original reporter of CVE-2016-0797. All openssl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 89068
    published 2016-03-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89068
    title RHEL 5 : openssl (RHSA-2016:0302) (DROWN)
  • NASL family Misc.
    NASL id ARISTA_EOS_SA0018.NASL
    description The version of Arista Networks EOS running on the remote device is affected by multiple vulnerabilities in the included OpenSSL library : - A cipher algorithm downgrade vulnerability exists due to a flaw that is triggered when handling cipher negotiation. A remote attacker can exploit this to negotiate SSLv2 ciphers and complete SSLv2 handshakes even if all SSLv2 ciphers have been disabled on the server. Note that this vulnerability only exists if the SSL_OP_NO_SSLv2 option has not been disabled. (CVE-2015-3197) - A flaw exists in the SSLv2 implementation, specifically in the get_client_master_key() function within file s2_srvr.c, due to accepting a nonzero CLIENT-MASTER-KEY CLEAR-KEY-LENGTH value for an arbitrary cipher. A man-in-the-middle attacker can exploit this to determine the MASTER-KEY value and decrypt TLS ciphertext by leveraging a Bleichenbacher RSA padding oracle. (CVE-2016-0703) - A flaw exists that allows a cross-protocol Bleichenbacher padding oracle attack known as DROWN (Decrypting RSA with Obsolete and Weakened eNcryption). This vulnerability exists due to a flaw in the Secure Sockets Layer Version 2 (SSLv2) implementation, and it allows captured TLS traffic to be decrypted. A man-in-the-middle attacker can exploit this to decrypt the TSL connection by utilizing previously captured traffic and weak cryptography along with a series of specially crafted connections to an SSLv2 server that uses the same private key. (CVE-2016-0800) Note that these issues occur only when CloudVision eXchange (CVX) is deployed as a virtual appliance and runs an EOS image. Therefore, only CVX features leveraging SSLv2 in the EOS releases are vulnerable.
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 107060
    published 2018-02-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107060
    title Arista Networks EOS Multiple Vulnerabilities (SA0018) (DROWN)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20160301_OPENSSL_ON_SL5_X.NASL
    description A padding oracle flaw was found in the Secure Sockets Layer version 2.0 (SSLv2) protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN. (CVE-2016-0800) A flaw was found in the way malicious SSLv2 clients could negotiate SSLv2 ciphers that have been disabled on the server. This could result in weak SSLv2 ciphers being used for SSLv2 connections, making them vulnerable to man-in-the-middle attacks. (CVE-2015-3197) An integer overflow flaw, leading to a NULL pointer dereference or a heap- based memory corruption, was found in the way some BIGNUM functions of OpenSSL were implemented. Applications that use these functions with large untrusted input could crash or, potentially, execute arbitrary code. (CVE-2016-0797) For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
    last seen 2019-02-21
    modified 2018-12-28
    plugin id 89074
    published 2016-03-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89074
    title Scientific Linux Security Update : openssl on SL5.x i386/x86_64 (DROWN)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2016-0379.NASL
    description An updated rhev-hypervisor package that fixes several security issues, bugs, and enhancements is now available. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The rhev-hypervisor package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 (SSLv2) protocol. An attacker could potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN. (CVE-2016-0800) Note: This issue was addressed by disabling the SSLv2 protocol by default when using the 'SSLv23' connection methods, and removing support for weak SSLv2 cipher suites. For more information, refer to the knowledge base article linked in the References section. A flaw was found in the way malicious SSLv2 clients could negotiate SSLv2 ciphers that have been disabled on the server. This could result in weak SSLv2 ciphers being used for SSLv2 connections, making them vulnerable to man-in-the-middle attacks. (CVE-2015-3197) A side-channel attack was found that makes use of cache-bank conflicts on the Intel Sandy-Bridge microarchitecture. An attacker who has the ability to control code in a thread running on the same hyper-threaded core as the victim's thread that is performing decryption, could use this flaw to recover RSA private keys. (CVE-2016-0702) A double-free flaw was found in the way OpenSSL parsed certain malformed DSA (Digital Signature Algorithm) private keys. An attacker could create specially crafted DSA private keys that, when processed by an application compiled against OpenSSL, could cause the application to crash. (CVE-2016-0705) An integer overflow flaw, leading to a NULL pointer dereference or a heap-based memory corruption, was found in the way some BIGNUM functions of OpenSSL were implemented. Applications that use these functions with large untrusted input could crash or, potentially, execute arbitrary code. (CVE-2016-0797) Red Hat would like to thank the OpenSSL project for reporting these issues. Upstream acknowledges Nimrod Aviram and Sebastian Schinzel as the original reporters of CVE-2016-0800 and CVE-2015-3197; Yuval Yarom (University of Adelaide and NICTA), Daniel Genkin (Technion and Tel Aviv University), Nadia Heninger (University of Pennsylvania) as the original reporters of CVE-2016-0702; Adam Langley (Google/ BoringSSL) as the original reporter of CVE-2016-0705; and Guido Vranken as the original reporter of CVE-2016-0797. All openssl users are advised to upgrade to this updated package, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. Changes to the rhev-hypervisor component : * Previously, a race between services during boot prevented network configuration from upgrading correctly. The risk for the race has now been reduced significantly to allow the upgrade of the network configuration to complete correctly. (BZ#1194068) * Previously, using the text user interface (TUI) to log in to the administrator account of Red Hat Enterprise Virtualization Hypervisor failed with a Python backtrace. This update makes the 'six' module correctly importable under all circumstances, which ensures that logging in to Red Hat Enterprise Virtualization Hypervisor using TUI proceeds as expected. (BZ#1246836)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 89819
    published 2016-03-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89819
    title RHEL 6 : rhev-hypervisor (RHSA-2016:0379) (DROWN)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2016-0301.NASL
    description Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 (SSLv2) protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN. (CVE-2016-0800) Note: This issue was addressed by disabling the SSLv2 protocol by default when using the 'SSLv23' connection methods, and removing support for weak SSLv2 cipher suites. For more information, refer to the knowledge base article linked to in the References section. A flaw was found in the way malicious SSLv2 clients could negotiate SSLv2 ciphers that have been disabled on the server. This could result in weak SSLv2 ciphers being used for SSLv2 connections, making them vulnerable to man-in-the-middle attacks. (CVE-2015-3197) A side-channel attack was found that makes use of cache-bank conflicts on the Intel Sandy-Bridge microarchitecture. An attacker who has the ability to control code in a thread running on the same hyper-threaded core as the victim's thread that is performing decryption, could use this flaw to recover RSA private keys. (CVE-2016-0702) A double-free flaw was found in the way OpenSSL parsed certain malformed DSA (Digital Signature Algorithm) private keys. An attacker could create specially crafted DSA private keys that, when processed by an application compiled against OpenSSL, could cause the application to crash. (CVE-2016-0705) An integer overflow flaw, leading to a NULL pointer dereference or a heap-based memory corruption, was found in the way some BIGNUM functions of OpenSSL were implemented. Applications that use these functions with large untrusted input could crash or, potentially, execute arbitrary code. (CVE-2016-0797) Red Hat would like to thank the OpenSSL project for reporting these issues. Upstream acknowledges Nimrod Aviram and Sebastian Schinzel as the original reporters of CVE-2016-0800 and CVE-2015-3197; Adam Langley (Google/BoringSSL) as the original reporter of CVE-2016-0705; Yuval Yarom (University of Adelaide and NICTA), Daniel Genkin (Technion and Tel Aviv University), Nadia Heninger (University of Pennsylvania) as the original reporters of CVE-2016-0702; and Guido Vranken as the original reporter of CVE-2016-0797. All openssl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 89067
    published 2016-03-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89067
    title RHEL 6 / 7 : openssl (RHSA-2016:0301) (DROWN)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2016-661.NASL
    description A padding oracle flaw was found in the Secure Sockets Layer version 2.0 (SSLv2) protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN (CVE-2016-0800). Prior to this advisory, SSLv2 has been disabled by default in OpenSSL on the Amazon Linux AMI. However, application configurations may still re-enable SSLv2. A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. (CVE-2015-7575 , Medium) A flaw was found in the way malicious SSLv2 clients could negotiate SSLv2 ciphers that have been disabled on the server. This could result in weak SSLv2 ciphers being used for SSLv2 connections, making them vulnerable to man-in-the-middle attacks. (CVE-2015-3197 , Low) A side-channel attack was found that makes use of cache-bank conflicts on the Intel Sandy-Bridge microarchitecture. An attacker who has the ability to control code in a thread running on the same hyper-threaded core as the victim's thread that is performing decryption, could use this flaw to recover RSA private keys. (CVE-2016-0702 , Low) A double-free flaw was found in the way OpenSSL parsed certain malformed DSA (Digital Signature Algorithm) private keys. An attacker could create specially crafted DSA private keys that, when processed by an application compiled against OpenSSL, could cause the application to crash. (CVE-2016-0705 , Low) An integer overflow flaw, leading to a NULL pointer dereference or a heap-based memory corruption, was found in the way some BIGNUM functions of OpenSSL were implemented. Applications that use these functions with large untrusted input could crash or, potentially, execute arbitrary code. (CVE-2016-0797 , Low) The fmtstr function in crypto/bio/b_print.c in OpenSSL improperly calculated string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data. (CVE-2016-0799 , Low) The doapr_outch function in crypto/bio/b_print.c in OpenSSL did not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data. (CVE-2016-2842 , Low) '(Updated on 2016-04-28: CVE-2016-2842 was fixed as part of this update but was previously not listed in this advisory.)'
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 89842
    published 2016-03-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89842
    title Amazon Linux AMI : openssl (ALAS-2016-661) (DROWN) (SLOTH)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-C558E58B21.NASL
    description Update to latest openssl which fixes various CVE's Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-10-18
    plugin id 92158
    published 2016-07-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92158
    title Fedora 24 : mingw-openssl (2016-c558e58b21)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-0678-1.NASL
    description OpenSSL was update to fix security issues and bugs : CVE-2016-0800 aka the 'DROWN' attack (bsc#968046): OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA padding oracle. This update changes the OpenSSL library to : Disable SSLv2 protocol support by default. This can be overridden by setting the environment variable 'OPENSSL_ALLOW_SSL2' or by using SSL_CTX_clear_options using the SSL_OP_NO_SSLv2 flag. Note that various services and clients had already disabled SSL protocol 2 by default previously. Disable all weak EXPORT ciphers by default. These can be re-enabled if required by old legacy software using the environment variable 'OPENSSL_ALLOW_EXPORT'. CVE-2016-0797 (bsc#968048): The BN_hex2bn() and BN_dec2bn() functions had a bug that could result in an attempt to de-reference a NULL pointer leading to crashes. This could have security consequences if these functions were ever called by user applications with large untrusted hex/decimal data. Also, internal usage of these functions in OpenSSL uses data from config files or application command line arguments. If user developed applications generated config file data based on untrusted data, then this could have had security consequences as well. CVE-2016-0799 (bsc#968374): On many 64 bit systems, the internal fmtstr() and doapr_outch() functions could miscalculate the length of a string and attempt to access out-of-bounds memory locations. These problems could have enabled attacks where large amounts of untrusted data is passed to the BIO_*printf functions. If applications use these functions in this way then they could have been vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could have been vulnerable if the data is from untrusted sources. OpenSSL command line applications could also have been vulnerable when they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable. CVE-2015-3197 (bsc#963415): The SSLv2 protocol did not block disabled ciphers. CVE-2015-3195 (bsc#957812): An X509_ATTRIBUTE memory leak was fixed. Fixed a regression caused by the openssl-CVE-2015-0287.patch (bsc#937492) Note that the March 1st 2016 release also references following CVEs that were fixed by us with CVE-2015-0293 in 2015 : CVE-2016-0703 (bsc#968051): This issue only affected versions of OpenSSL prior to March 19th 2015 at which time the code was refactored to address vulnerability CVE-2015-0293. It would have made the above 'DROWN' attack much easier. CVE-2016-0704 (bsc#968053): 'Bleichenbacher oracle in SSLv2' This issue only affected versions of OpenSSL prior to March 19th 2015 at which time the code was refactored to address vulnerability CVE-2015-0293. It would have made the above 'DROWN' attack much easier. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 89731
    published 2016-03-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89731
    title SUSE SLES10 Security Update : OpenSSL (SUSE-SU-2016:0678-1) (DROWN)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2016-0302.NASL
    description Updated openssl packages that fix three security issues are now available for Red Hat Enterprise Linux 5 Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 (SSLv2) protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN. (CVE-2016-0800) Note: This issue was addressed by disabling the SSLv2 protocol by default when using the 'SSLv23' connection methods, and removing support for weak SSLv2 cipher suites. It is possible to re-enable the SSLv2 protocol in the 'SSLv23' connection methods by default by setting the OPENSSL_ENABLE_SSL2 environment variable before starting an application that needs to have SSLv2 enabled. For more information, refer to the knowledge base article linked to in the References section. A flaw was found in the way malicious SSLv2 clients could negotiate SSLv2 ciphers that have been disabled on the server. This could result in weak SSLv2 ciphers being used for SSLv2 connections, making them vulnerable to man-in-the-middle attacks. (CVE-2015-3197) An integer overflow flaw, leading to a NULL pointer dereference or a heap-based memory corruption, was found in the way some BIGNUM functions of OpenSSL were implemented. Applications that use these functions with large untrusted input could crash or, potentially, execute arbitrary code. (CVE-2016-0797) Red Hat would like to thank the OpenSSL project for reporting these issues. Upstream acknowledges Nimrod Aviram and Sebastian Schinzel as the original reporters of CVE-2016-0800 and CVE-2015-3197; and Guido Vranken as the original reporter of CVE-2016-0797. All openssl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 89060
    published 2016-03-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89060
    title CentOS 5 : openssl (CESA-2016:0302) (DROWN)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2016-0303.NASL
    description Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6.2, 6.4, and 6.5 Advanced Update Support. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 (SSLv2) protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN. (CVE-2016-0800) Note: This issue was addressed by disabling the SSLv2 protocol by default when using the 'SSLv23' connection methods, and removing support for weak SSLv2 cipher suites. For more information, refer to the knowledge base article linked to in the References section. It was discovered that the SSLv2 servers using OpenSSL accepted SSLv2 connection handshakes that indicated non-zero clear key length for non-export cipher suites. An attacker could use this flaw to decrypt recorded SSLv2 sessions with the server by using it as a decryption oracle.(CVE-2016-0703) It was discovered that the SSLv2 protocol implementation in OpenSSL did not properly implement the Bleichenbacher protection for export cipher suites. An attacker could use a SSLv2 server using OpenSSL as a Bleichenbacher oracle. (CVE-2016-0704) Note: The CVE-2016-0703 and CVE-2016-0704 issues could allow for more efficient exploitation of the CVE-2016-0800 issue via the DROWN attack. A denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled. (CVE-2015-0293) A flaw was found in the way malicious SSLv2 clients could negotiate SSLv2 ciphers that have been disabled on the server. This could result in weak SSLv2 ciphers being used for SSLv2 connections, making them vulnerable to man-in-the-middle attacks. (CVE-2015-3197) Red Hat would like to thank the OpenSSL project for reporting these issues. Upstream acknowledges Nimrod Aviram and Sebastian Schinzel as the original reporters of CVE-2016-0800 and CVE-2015-3197; David Adrian (University of Michigan) and J. Alex Halderman (University of Michigan) as the original reporters of CVE-2016-0703 and CVE-2016-0704; and Sean Burford (Google) and Emilia Kasper (OpenSSL development team) as the original reporters of CVE-2015-0293. All openssl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 89069
    published 2016-03-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89069
    title RHEL 6 : openssl (RHSA-2016:0303) (DROWN)
packetstorm via4
data source https://packetstormsecurity.com/files/download/143369/orionbrowser79-mitm.txt
id PACKETSTORM:143369
last seen 2017-07-15
published 2017-07-14
reporter MaXe
source https://packetstormsecurity.com/files/143369/Orion-Elite-Hidden-IP-Browser-Pro-7.9-OpenSSL-Tor-Man-In-The-Middle.html
title Orion Elite Hidden IP Browser Pro 7.9 OpenSSL / Tor / Man-In-The-Middle
redhat via4
rpms
  • openssl-0:1.0.1e-42.el6_7.4
  • openssl-devel-0:1.0.1e-42.el6_7.4
  • openssl-perl-0:1.0.1e-42.el6_7.4
  • openssl-static-0:1.0.1e-42.el6_7.4
  • openssl-1:1.0.1e-51.el7_2.4
  • openssl-devel-1:1.0.1e-51.el7_2.4
  • openssl-libs-1:1.0.1e-51.el7_2.4
  • openssl-perl-1:1.0.1e-51.el7_2.4
  • openssl-static-1:1.0.1e-51.el7_2.4
  • openssl-0:0.9.8e-39.el5_11
  • openssl-devel-0:0.9.8e-39.el5_11
  • openssl-perl-0:0.9.8e-39.el5_11
  • openssl098e-0:0.9.8e-20.el6_7.1
  • openssl098e-0:0.9.8e-29.el7_2.3
refmap via4
bid
  • 82237
  • 91787
cert-vn VU#257823
confirm
fedora FEDORA-2016-527018d2ff
freebsd FreeBSD-SA-16:11
gentoo GLSA-201601-05
sectrack 1034849
suse
  • SUSE-SU-2016:0617
  • SUSE-SU-2016:0620
  • SUSE-SU-2016:0621
  • SUSE-SU-2016:0624
  • SUSE-SU-2016:0631
  • SUSE-SU-2016:0641
  • SUSE-SU-2016:0678
  • SUSE-SU-2016:1057
  • openSUSE-SU-2016:0628
  • openSUSE-SU-2016:0637
  • openSUSE-SU-2016:0638
  • openSUSE-SU-2016:0640
  • openSUSE-SU-2016:0720
  • openSUSE-SU-2016:1239
  • openSUSE-SU-2016:1241
the hacker news via4
id THN:B18DB0BB2ACAF13D6FBF3445755365E3
last seen 2018-01-27
modified 2016-01-29
published 2016-01-28
reporter Mohit Kumar
source https://thehackernews.com/2016/01/openssl-https-encryption.html
title Critical OpenSSL Flaw Allows Hackers to Decrypt HTTPS Traffic
Last major update 09-05-2017 - 21:29
Published 14-02-2016 - 21:59
Last modified 20-11-2017 - 21:29
Back to Top