ID CVE-2016-2105
Summary Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data.
References
Vulnerable Configurations
  • Red Hat Enterprise Linux Desktop 6.0
    cpe:2.3:o:redhat:enterprise_linux_desktop:6.0
  • cpe:2.3:o:redhat:enterprise_linux_hpc_node:6
    cpe:2.3:o:redhat:enterprise_linux_hpc_node:6
  • Red Hat Enterprise Linux Server 6.0
    cpe:2.3:o:redhat:enterprise_linux_server:6.0
  • Red Hat Enterprise Linux Workstation 6.0
    cpe:2.3:o:redhat:enterprise_linux_workstation:6.0
  • openSUSE Leap 42.1
    cpe:2.3:o:opensuse:leap:42.1
  • OpenSUSE 13.2
    cpe:2.3:o:opensuse:opensuse:13.2
  • RedHat Enterprise Linux Desktop 7.0
    cpe:2.3:o:redhat:enterprise_linux_desktop:7.0
  • RedHat Enterprise Linux HPC Node 7.0
    cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0
  • Red Hat Enterprise Linux HPC Node EUS 7.2
    cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.2
  • RedHat Enterprise Linux Server 7.0
    cpe:2.3:o:redhat:enterprise_linux_server:7.0
  • Red Hat Enterprise Linux Server AUS 7.2
    cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2
  • Red Hat Enterprise Linux Server EUS 7.2
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2
  • RedHat Enterprise Linux Workstation 7.0
    cpe:2.3:o:redhat:enterprise_linux_workstation:7.0
  • Apple Mac OS X 10.11.5
    cpe:2.3:o:apple:mac_os_x:10.11.5
  • OpenSSL Project OpenSSL 1.0.1
    cpe:2.3:a:openssl:openssl:1.0.1
  • OpenSSL Project OpenSSL 1.0.1 Beta1
    cpe:2.3:a:openssl:openssl:1.0.1:beta1
  • OpenSSL Project OpenSSL 1.0.1 Beta2
    cpe:2.3:a:openssl:openssl:1.0.1:beta2
  • OpenSSL Project OpenSSL 1.0.1 Beta3
    cpe:2.3:a:openssl:openssl:1.0.1:beta3
  • OpenSSL Project OpenSSL 1.0.1a
    cpe:2.3:a:openssl:openssl:1.0.1a
  • OpenSSL Project OpenSSL 1.0.1b
    cpe:2.3:a:openssl:openssl:1.0.1b
  • OpenSSL Project OpenSSL 1.0.1c
    cpe:2.3:a:openssl:openssl:1.0.1c
  • OpenSSL Project OpenSSL 1.0.1d
    cpe:2.3:a:openssl:openssl:1.0.1d
  • OpenSSL Project OpenSSL 1.0.1e
    cpe:2.3:a:openssl:openssl:1.0.1e
  • OpenSSL Project OpenSSL 1.0.1f
    cpe:2.3:a:openssl:openssl:1.0.1f
  • OpenSSL Project OpenSSL 1.0.1g
    cpe:2.3:a:openssl:openssl:1.0.1g
  • OpenSSL Project OpenSSL 1.0.1h
    cpe:2.3:a:openssl:openssl:1.0.1h
  • OpenSSL Project OpenSSL 1.0.1i
    cpe:2.3:a:openssl:openssl:1.0.1i
  • OpenSSL Project OpenSSL 1.0.1j
    cpe:2.3:a:openssl:openssl:1.0.1j
  • OpenSSL Project OpenSSL 1.0.1k
    cpe:2.3:a:openssl:openssl:1.0.1k
  • OpenSSL Project OpenSSL 1.0.1l
    cpe:2.3:a:openssl:openssl:1.0.1l
  • OpenSSL OpenSSL 1.0.1m
    cpe:2.3:a:openssl:openssl:1.0.1m
  • OpenSSL Project OpenSSL 1.0.1n
    cpe:2.3:a:openssl:openssl:1.0.1n
  • OpenSSL Project OpenSSL 1.0.1o
    cpe:2.3:a:openssl:openssl:1.0.1o
  • OpenSSL OpenSSL 1.0.1p
    cpe:2.3:a:openssl:openssl:1.0.1p
  • OpenSSL 1.0.1q
    cpe:2.3:a:openssl:openssl:1.0.1q
  • OpenSSL 1.0.1r
    cpe:2.3:a:openssl:openssl:1.0.1r
  • OpenSSL Project 1.0.1s
    cpe:2.3:a:openssl:openssl:1.0.1s
  • OpenSSL Project OpenSSL 1.0.2
    cpe:2.3:a:openssl:openssl:1.0.2
  • OpenSSL Project OpenSSL 1.0.2-beta1
    cpe:2.3:a:openssl:openssl:1.0.2:beta1
  • OpenSSL 1.0.2 Beta 2
    cpe:2.3:a:openssl:openssl:1.0.2:beta2
  • OpenSSL 1.0.2 Beta 3
    cpe:2.3:a:openssl:openssl:1.0.2:beta3
  • OpenSSL OpenSSL 1.0.2a
    cpe:2.3:a:openssl:openssl:1.0.2a
  • OpenSSL Project OpenSSL 1.0.2b
    cpe:2.3:a:openssl:openssl:1.0.2b
  • OpenSSL Project OpenSSL 1.0.2c
    cpe:2.3:a:openssl:openssl:1.0.2c
  • OpenSSL OpenSSL 1.0.2d
    cpe:2.3:a:openssl:openssl:1.0.2d
  • OpenSSL 1.0.2e
    cpe:2.3:a:openssl:openssl:1.0.2e
  • OpenSSL 1.0.2f
    cpe:2.3:a:openssl:openssl:1.0.2f
  • OpenSSL Project 1.0.2g
    cpe:2.3:a:openssl:openssl:1.0.2g
  • Debian Linux 8.0 (Jessie)
    cpe:2.3:o:debian:debian_linux:8.0
  • Canonical Ubuntu Linux 12.04 LTS
    cpe:2.3:o:canonical:ubuntu_linux:12.04:-:-:-:lts
  • Canonical Ubuntu Linux 14.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:14.04:-:-:-:lts
  • Canonical Ubuntu Linux 15.10
    cpe:2.3:o:canonical:ubuntu_linux:15.10
  • Canonical Ubuntu Linux 16.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:16.04:-:-:-:lts
CVSS
Base: 5.0 (as of 28-12-2016 - 09:37)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-563.NASL
    description This update for libopenssl0_9_8 fixes the following issues : - CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614) - CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615) - CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617) - CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942) - CVE-2016-0702: Side channel attack on modular exponentiation 'CacheBleed' (bsc#968050) - bsc#976943: Buffer overrun in ASN1_parse and updates the package to version 0.9.8zh which collects many other fixes, including security ones.
    last seen 2019-01-16
    modified 2016-10-13
    plugin id 91068
    published 2016-05-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91068
    title openSUSE Security Update : libopenssl0_9_8 (openSUSE-2016-563) (DROWN)
  • NASL family Misc.
    NASL id ORACLE_E-BUSINESS_CPU_OCT_2016.NASL
    description The version of Oracle E-Business installed on the remote host is missing the October 2016 Oracle Critical Patch Update (CPU). It is, therefore, affected by multiple vulnerabilities : - A heap buffer overflow condition exists in the OpenSSL subcomponent in the EVP_EncodeUpdate() function within file crypto/evp/encode.c that is triggered when handling a large amount of input data. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2016-2105) - A heap buffer overflow condition exists in the OpenSSL subcomponent in the EVP_EncryptUpdate() function within file crypto/evp/evp_enc.c that is triggered when handling a large amount of input data after a previous call occurs to the same function with a partial block. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2016-2106) - Multiple flaws exist in the OpenSSL subcomponent in the aesni_cbc_hmac_sha1_cipher() function in file crypto/evp/e_aes_cbc_hmac_sha1.c and the aesni_cbc_hmac_sha256_cipher() function in file crypto/evp/e_aes_cbc_hmac_sha256.c that are triggered when the connection uses an AES-CBC cipher and AES-NI is supported by the server. A man-in-the-middle attacker can exploit these to conduct a padding oracle attack, resulting in the ability to decrypt the network traffic. (CVE-2016-2107) - Multiple unspecified flaws exist in the OpenSSL subcomponent in the d2i BIO functions when reading ASN.1 data from a BIO due to invalid encoding causing a large allocation of memory. An unauthenticated, remote attacker can exploit these to cause a denial of service condition through resource exhaustion. (CVE-2016-2109) - An out-of-bounds read error exists in the OpenSSL subcomponent in the X509_NAME_oneline() function within file crypto/x509/x509_obj.c when handling very long ASN1 strings. An unauthenticated, remote attacker can exploit this to disclose the contents of stack memory. (CVE-2016-2176) - An unspecified flaw exists in the Runtime Catalog subcomponent in the iStore component that allows an unauthenticated, remote attacker to impact confidentiality and integrity. (CVE-2016-5489) - An unspecified flaw exists in the AD Utilities subcomponent in the Applications DBA component that allows a local attacker to disclose sensitive information. (CVE-2016-5517) - An unspecified flaw exists in the Workflow Events subcomponent in the Shipping Execution component that allows an unauthenticated, remote attacker to disclose sensitive information. (CVE-2016-5532) - An unspecified flaw exists in the Price Book subcomponent in the Advanced Pricing component that allows an unauthenticated, remote attacker to impact confidentiality and integrity. (CVE-2016-5557) - An unspecified flaw exists in the Requisition Management subcomponent in the iProcurement component that allows an unauthenticated, remote attacker to impact confidentiality and integrity. (CVE-2016-5562) - Multiple unspecified flaws exist in the AD Utilities subcomponent in the DBA component that allow an authenticated, remote attacker to impact confidentiality and integrity. (CVE- 2016-5567, CVE-2016-5570, CVE-2016-5571) - An unspecified flaw exists in the Resources Module subcomponent in the Common Applications Calendar component that allows an unauthenticated, remote attacker to disclose sensitive information. (CVE-2016-5575) - An unspecified flaw exists in the Candidate Self Service subcomponent in the iRecruitment component that allows a local attacker to gain elevated privileges. (CVE-2016-5581) - An unspecified flaw exists in the File Upload subcomponent in the One-to-One Fulfillment component that allows an unauthenticated, remote attacker to impact integrity. (CVE-2016-5583) - An unspecified flaw exists in the Select Application Dependencies subcomponent in the Interaction Center Intelligence component that allow an unauthenticated, remote attacker to impact confidentiality and integrity. (CVE-2016-5585) - An unspecified flaw exists in the Dispatch/Service Call Requests subcomponent in the Email Center component that allow an unauthenticated, remote attacker to impact confidentiality and integrity. (CVE-2016-5586) - Multiple unspecified flaws exist in the Outcome-Result subcomponent in the Customer Interaction History component that allow an unauthenticated, remote attacker to impact confidentiality and integrity. (CVE-2016-5587, CVE-2016-5591, CVE-2016-5593) - An unspecified flaw exists in the Responsibility Management subcomponent in the CRM Technical Foundation component that allows an unauthenticated, remote attacker to impact confidentiality and integrity. (CVE-2016-5589) - Multiple unspecified flaws exist in the Result-Reason subcomponent in the Customer Interaction History component that allow an unauthenticated, remote attacker to impact confidentiality and integrity. (CVE-2016-5592, CVE-2016-5595) - An unspecified flaw exists in the Default Responsibility subcomponent in the CRM Technical Foundation component that allows an unauthenticated, remote attacker to disclose sensitive information. (CVE-2016-5596)
    last seen 2019-01-16
    modified 2018-07-17
    plugin id 94164
    published 2016-10-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94164
    title Oracle E-Business Multiple Vulnerabilities (October 2016 CPU)
  • NASL family Junos Local Security Checks
    NASL id JUNIPER_JSA10759.NASL
    description According to its self-reported version number, the remote Juniper Junos device is affected by the following vulnerabilities related to OpenSSL : - A flaw exists in the ssl3_get_key_exchange() function in file s3_clnt.c when handling a ServerKeyExchange message for an anonymous DH ciphersuite with the value of 'p' set to 0. A attacker can exploit this, by causing a segmentation fault, to crash an application linked against the library, resulting in a denial of service. (CVE-2015-1794) - A carry propagating flaw exists in the x86_64 Montgomery squaring implementation that may cause the BN_mod_exp() function to produce incorrect results. An attacker can exploit this to obtain sensitive information regarding private keys. (CVE-2015-3193) - A NULL pointer dereference flaw exists in file rsa_ameth.c due to improper handling of ASN.1 signatures that are missing the PSS parameter. A remote attacker can exploit this to cause the signature verification routine to crash, resulting in a denial of service condition. (CVE-2015-3194) - A flaw exists in the ASN1_TFLG_COMBINE implementation in file tasn_dec.c related to handling malformed X509_ATTRIBUTE structures. A remote attacker can exploit this to cause a memory leak by triggering a decoding failure in a PKCS#7 or CMS application, resulting in a denial of service. (CVE-2015-3195) - A race condition exists in s3_clnt.c that is triggered when PSK identity hints are incorrectly updated in the parent SSL_CTX structure when they are received by a multi-threaded client. A remote attacker can exploit this, via a crafted ServerKeyExchange message, to cause a double-free memory error, resulting in a denial of service. (CVE-2015-3196) - A cipher algorithm downgrade vulnerability exists due to a flaw that is triggered when handling cipher negotiation. A remote attacker can exploit this to negotiate SSLv2 ciphers and complete SSLv2 handshakes even if all SSLv2 ciphers have been disabled on the server. Note that this vulnerability only exists if the SSL_OP_NO_SSLv2 option has not been disabled. (CVE-2015-3197) - A key disclosure vulnerability exists due to improper handling of cache-bank conflicts on the Intel Sandy-bridge microarchitecture. An attacker can exploit this to gain access to RSA key information. (CVE-2016-0702) - A flaw exists in the SSLv2 implementation, specifically in the get_client_master_key() function within file s2_srvr.c, due to accepting a nonzero CLIENT-MASTER-KEY CLEAR-KEY-LENGTH value for an arbitrary cipher. A man-in-the-middle attacker can exploit this to determine the MASTER-KEY value and decrypt TLS ciphertext by leveraging a Bleichenbacher RSA padding oracle. (CVE-2016-0703) - A flaw exists in the SSLv2 oracle protection mechanism, specifically in the get_client_master_key() function within file s2_srvr.c, due to incorrectly overwriting MASTER-KEY bytes during use of export cipher suites. A remote attackers can exploit this to more easily decrypt TLS ciphertext by leveraging a Bleichenbacher RSA padding oracle. (CVE-2016-0704) - A double-free error exists due to improper validation of user-supplied input when parsing malformed DSA private keys. A remote attacker can exploit this to corrupt memory, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2016-0705) - A NULL pointer dereference flaw exists in the BN_hex2bn() and BN_dec2bn() functions. A remote attacker can exploit this to trigger a heap corruption, resulting in the execution of arbitrary code. (CVE-2016-0797) - A denial of service vulnerability exists due to improper handling of invalid usernames. A remote attacker can exploit this, via a specially crafted username, to leak 300 bytes of memory per connection, exhausting available memory resources. (CVE-2016-0798) - Multiple memory corruption issues exist that allow a remote attacker to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-0799) - A heap buffer overflow condition exists in the EVP_EncodeUpdate() function within file crypto/evp/encode.c that is triggered when handling a large amount of input data. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2016-2105) - A heap buffer overflow condition exists in the EVP_EncryptUpdate() function within file crypto/evp/evp_enc.c that is triggered when handling a large amount of input data after a previous call occurs to the same function with a partial block. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2016-2106) - A remote code execution vulnerability exists in the ASN.1 encoder due to an underflow condition that occurs when attempting to encode the value zero represented as a negative integer. An unauthenticated, remote attacker can exploit this to corrupt memory, resulting in the execution of arbitrary code. (CVE-2016-2108) - Multiple unspecified flaws exist in the d2i BIO functions when reading ASN.1 data from a BIO due to invalid encoding causing a large allocation of memory. An unauthenticated, remote attacker can exploit these to cause a denial of service condition through resource exhaustion. (CVE-2016-2109) - Multiple integer overflow conditions exist in s3_srvr.c, ssl_sess.c, and t1_lib.c due to improper use of pointer arithmetic for heap-buffer boundary checks. An unauthenticated, remote attacker can exploit this to cause a denial of service. (CVE-2016-2177) - An information disclosure vulnerability exists in the dsa_sign_setup() function in dsa_ossl.c due to a failure to properly ensure the use of constant-time operations. An unauthenticated, remote attacker can exploit this, via a timing side-channel attack, to disclose DSA key information. (CVE-2016-2178) - An out-of-bounds read error exists in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation. An unauthenticated, remote attacker can exploit this, via a crafted time-stamp file that is mishandled by the 'openssl ts' command, to cause denial of service or to disclose sensitive information. (CVE-2016-2180) - An overflow condition exists in the BN_bn2dec() function in bn_print.c due to improper validation of user-supplied input when handling BIGNUM values. An unauthenticated, remote attacker can exploit this to crash the process. (CVE-2016-2182) - A vulnerability exists, known as SWEET32, in the 3DES and Blowfish algorithms due to the use of weak 64-bit block ciphers by default. A man-in-the-middle attacker who has sufficient resources can exploit this vulnerability, via a 'birthday' attack, to detect a collision that leaks the XOR between the fixed secret and a known plaintext, allowing the disclosure of the secret text, such as secure HTTPS cookies, and possibly resulting in the hijacking of an authenticated session. (CVE-2016-2183) - A flaw exists in the tls_decrypt_ticket() function in t1_lib.c due to improper handling of ticket HMAC digests. An unauthenticated, remote attacker can exploit this, via a ticket that is too short, to crash the process, resulting in a denial of service. (CVE-2016-6302) - An integer overflow condition exists in the MDC2_Update() function in mdc2dgst.c due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a heap-based buffer overflow, resulting in a denial of service condition or possibly the execution of arbitrary code. (CVE-2016-6303) - A flaw exists in the ssl_parse_clienthello_tlsext() function in t1_lib.c due to improper handling of overly large OCSP Status Request extensions from clients. An unauthenticated, remote attacker can exploit this, via large OCSP Status Request extensions, to exhaust memory resources, resulting in a denial of service condition. (CVE-2016-6304) - A flaw exists in the SSL_peek() function in rec_layer_s3.c due to improper handling of empty records. An unauthenticated, remote attacker can exploit this, by triggering a zero-length record in an SSL_peek call, to cause an infinite loop, resulting in a denial of service condition. (CVE-2016-6305) - An out-of-bounds read error exists in the certificate parser that allows an unauthenticated, remote attacker to cause a denial of service via crafted certificate operations. (CVE-2016-6306) - A denial of service vulnerability exists in the state-machine implementation due to a failure to check for an excessive length before allocating memory. An unauthenticated, remote attacker can exploit this, via a crafted TLS message, to exhaust memory resources. (CVE-2016-6307) Note that these issues only affects devices with J-Web or the SSL service for JUNOScript enabled.
    last seen 2019-01-16
    modified 2018-08-10
    plugin id 96316
    published 2017-01-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96316
    title Juniper Junos Multiple OpenSSL Vulnerabilities (JSA10759) (SWEET32)
  • NASL family CISCO
    NASL id CISCO_TELEPRESENCE_VCS_MULTIPLE_880.NASL
    description According to its self-reported version, the Cisco TelePresence Video Communication Server (VCS) / Expressway running on the remote host is 8.x prior to 8.8. It is, therefore, affected by multiple vulnerabilities : - A security feature bypass vulnerability exists, known as Bar Mitzvah, due to improper combination of state data with key data by the RC4 cipher algorithm during the initialization phase. A man-in-the-middle attacker can exploit this, via a brute-force attack using LSB values, to decrypt the traffic. (CVE-2015-2808) - A flaw exists in the web framework of TelePresence Video Communication Server (VCS) Expressway due to missing authorization checks on certain administrative pages. An authenticated, remote attacker can exploit this to bypass read-only restrictions and install Tandberg Linux Packages (TLPs) without proper authorization. (CVE-2015-6413) - A flaw exists in certificate management and validation for the Mobile and Remote Access (MRA) component due to improper input validation of a trusted certificate. An unauthenticated, remote attacker can exploit this, using a trusted certificate, to bypass authentication and gain access to internal HTTP system resources. (CVE-2016-1444) - A heap buffer overflow condition exists in the EVP_EncodeUpdate() function within file crypto/evp/encode.c that is triggered when handling a large amount of input data. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2016-2105) - A heap buffer overflow condition exists in the EVP_EncryptUpdate() function within file crypto/evp/evp_enc.c that is triggered when handling a large amount of input data after a previous call occurs to the same function with a partial block. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2016-2106) - Multiple flaws exist in the aesni_cbc_hmac_sha1_cipher() function in file crypto/evp/e_aes_cbc_hmac_sha1.c and the aesni_cbc_hmac_sha256_cipher() function in file crypto/evp/e_aes_cbc_hmac_sha256.c that are triggered when the connection uses an AES-CBC cipher and AES-NI is supported by the server. A man-in-the-middle attacker can exploit these to conduct a padding oracle attack, resulting in the ability to decrypt the network traffic. (CVE-2016-2107) - A remote code execution vulnerability exists in the ASN.1 encoder due to an underflow condition that occurs when attempting to encode the value zero represented as a negative integer. An unauthenticated, remote attacker can exploit this to corrupt memory, resulting in the execution of arbitrary code. (CVE-2016-2108) - Multiple unspecified flaws exist in the d2i BIO functions when reading ASN.1 data from a BIO due to invalid encoding causing a large allocation of memory. An unauthenticated, remote attacker can exploit these to cause a denial of service condition through resource exhaustion. (CVE-2016-2109) - An out-of-bounds read error exists in the X509_NAME_oneline() function within file crypto/x509/x509_obj.c when handling very long ASN.1 strings. An unauthenticated, remote attacker can exploit this to disclose the contents of stack memory. (CVE-2016-2176) - An information disclosure vulnerability exists in the file system permissions due to certain files having overly permissive permissions. An unauthenticated, local attacker can exploit this to disclose sensitive information. (Cisco bug ID CSCuw55636) Note that Cisco bug ID CSCuw55636 and CVE-2015-6413 only affect versions 8.6.x prior to 8.8.
    last seen 2019-01-16
    modified 2018-11-15
    plugin id 92045
    published 2016-07-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92045
    title Cisco TelePresence VCS / Expressway 8.x < 8.8 Multiple Vulnerabilities (Bar Mitzvah)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2016-1649.NASL
    description An update is now available for Red Hat JBoss Enterprise Web Server 2.1 for RHEL 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library. This release serves as a replacement for Red Hat JBoss Web Server 2.1.0, and includes several bug fixes. Refer to the Red Hat JBoss Web Server 2.1.1 Release Notes, linked to in the References section, for information on the most significant of these changes. All users of Red Hat JBoss Web Server 2.1.0 on Red Hat Enterprise Linux 6 are advised to upgrade to Red Hat JBoss Web Server 2.1.1. The JBoss server process must be restarted for this update to take effect. Security Fix(es) : * It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request. (CVE-2016-5387) * An integer overflow flaw, leading to a buffer overflow, was found in the way the EVP_EncodeUpdate() function of OpenSSL parsed very large amounts of input data. A remote attacker could use this flaw to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application. (CVE-2016-2105) * An integer overflow flaw, leading to a buffer overflow, was found in the way the EVP_EncryptUpdate() function of OpenSSL parsed very large amounts of input data. A remote attacker could use this flaw to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application. (CVE-2016-2106) * It was discovered that it is possible to remotely Segfault Apache http server with a specially crafted string sent to the mod_cluster via service messages (MCMP). (CVE-2016-3110) Red Hat would like to thank Scott Geary (VendHQ) for reporting CVE-2016-5387; the OpenSSL project for reporting CVE-2016-2105 and CVE-2016-2106; and Michal Karm Babacek for reporting CVE-2016-3110. Upstream acknowledges Guido Vranken as the original reporter of CVE-2016-2105 and CVE-2016-2106.
    last seen 2019-01-16
    modified 2018-12-20
    plugin id 93119
    published 2016-08-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=93119
    title RHEL 6 : JBoss Web Server (RHSA-2016:1649) (httpoxy)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_10_11_6.NASL
    description The remote host is running a version of Mac OS X that is 10.11.x prior to 10.11.6. It is, therefore, affected by multiple vulnerabilities in the following components : - apache_mod_php - Audio - bsdiff - CFNetwork - CoreGraphics - FaceTime - Graphics Drivers - ImageIO - Intel Graphics Driver - IOHIDFamily - IOKit - IOSurface - Kernel - libc++abi - libexpat - LibreSSL - libxml2 - libxslt - Login Window - OpenSSL - QuickTime - Safari Login AutoFill - Sandbox Profiles Note that successful exploitation of the most serious issues can result in arbitrary code execution.
    last seen 2019-01-16
    modified 2018-07-14
    plugin id 92496
    published 2016-07-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92496
    title Mac OS X 10.11.x < 10.11.6 Multiple Vulnerabilities
  • NASL family Firewalls
    NASL id PFSENSE_SA-16_04.NASL
    description According to its self-reported version number, the remote pfSense install is prior to 2.3.1. It is, therefore, affected by multiple vulnerabilities.
    last seen 2019-01-16
    modified 2018-09-17
    plugin id 106500
    published 2018-01-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106500
    title pfSense < 2.3.1 Multiple Vulnerabilities (SA-16_03 / SA-16-04)
  • NASL family Misc.
    NASL id ORACLE_SECURE_GLOBAL_DESKTOP_JUL_2016_CPU.NASL
    description The version of Oracle Secure Global Desktop installed on the remote host is 4.63, 4.71, or 5.2 and is missing a security patch from the July 2016 Critical Patch Update (CPU). It is, therefore, affected by the following vulnerabilities : - An integer overflow condition exists in the X Server subcomponent in the read_packet() function due to improper validation of user-supplied input when calculating the amount of memory required to handle returned data. A remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. Note that this vulnerability only affects versions 4.71 and 5.2. (CVE-2013-2064) - A carry propagating flaw exists in the OpenSSL subcomponent in the x86_64 Montgomery squaring implementation that may cause the BN_mod_exp() function to produce incorrect results. An attacker can exploit this to obtain sensitive information regarding private keys. (CVE-2015-3193) - A NULL pointer dereference flaw exists in the OpenSSL subcomponent in file rsa_ameth.c when handling ASN.1 signatures that use the RSA PSS algorithm but are missing a mask generation function parameter. A remote attacker can exploit this to cause the signature verification routine to crash, leading to a denial of service. (CVE-2015-3194) - A key disclosure vulnerability exists in the OpenSSL subcomponent due to improper handling of cache-bank conflicts on the Intel Sandy-bridge microarchitecture. An attacker can exploit this to gain access to RSA key information. (CVE-2016-0702) - A NULL pointer dereference flaw exists in the OpenSSL subcomponent in the BN_hex2bn() and BN_dec2bn() functions. A remote attacker can exploit this to trigger a heap corruption, resulting in the execution of arbitrary code. (CVE-2016-0797) - Multiple memory corruption issues exist in the OpenSSL subcomponent that allow a remote attacker to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-0799) - A heap buffer overflow condition exists in the OpenSSL subcomponent in the EVP_EncodeUpdate() function within file crypto/evp/encode.c that is triggered when handling a large amount of input data. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2016-2105) - Multiple flaws exist in the OpenSSL subcomponent in the aesni_cbc_hmac_sha1_cipher() function in file crypto/evp/e_aes_cbc_hmac_sha1.c and the aesni_cbc_hmac_sha256_cipher() function in file crypto/evp/e_aes_cbc_hmac_sha256.c that are triggered when the connection uses an AES-CBC cipher and AES-NI is supported by the server. A man-in-the-middle attacker can exploit these to conduct a padding oracle attack, resulting in the ability to decrypt the network traffic. (CVE-2016-2107) - An unspecified flaw exists in the OpenSSL subcomponent that allows a remote attacker to execute arbitrary code. (CVE-2016-3613)
    last seen 2019-01-16
    modified 2018-07-18
    plugin id 92543
    published 2016-07-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92543
    title Oracle Secure Global Desktop Multiple Vulnerabilities (July 2016 CPU)
  • NASL family Misc.
    NASL id VIRTUALBOX_5_0_22.NASL
    description The Oracle VM VirtualBox application installed on the remote host is a version prior to 5.0.22. It is, therefore, affected by multiple vulnerabilities in the bundled OpenSSL component : - A heap buffer overflow condition exists in the EVP_EncodeUpdate() function within file crypto/evp/encode.c that is triggered when handling a large amount of input data. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2016-2105) - A heap buffer overflow condition exists in the EVP_EncryptUpdate() function within file crypto/evp/evp_enc.c that is triggered when handling a large amount of input data after a previous call occurs to the same function with a partial block. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2016-2106) - Flaws exist in the aesni_cbc_hmac_sha1_cipher() function in file crypto/evp/e_aes_cbc_hmac_sha1.c and the aesni_cbc_hmac_sha256_cipher() function in file crypto/evp/e_aes_cbc_hmac_sha256.c that are triggered when the connection uses an AES-CBC cipher and AES-NI is supported by the server. A man-in-the-middle attacker can exploit these to conduct a padding oracle attack, resulting in the ability to decrypt the network traffic. (CVE-2016-2107) - Multiple unspecified flaws exist in the d2i BIO functions when reading ASN.1 data from a BIO due to invalid encoding causing a large allocation of memory. An unauthenticated, remote attacker can exploit these to cause a denial of service condition through resource exhaustion. (CVE-2016-2109) - An out-of-bounds read error exists in the X509_NAME_oneline() function within file crypto/x509/x509_obj.c when handling very long ASN1 strings. An unauthenticated, remote attacker can exploit this to disclose the contents of stack memory. (CVE-2016-2176)
    last seen 2019-01-16
    modified 2018-11-07
    plugin id 92458
    published 2016-07-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92458
    title Oracle VM VirtualBox < 5.0.22 Multiple Vulnerabilities (July 2016 CPU)
  • NASL family Misc.
    NASL id LCE_4_8_1.NASL
    description The version of Tenable Log Correlation Engine (LCE) installed on the remote host is prior to 4.8.1. It is, therefore, affected by the following vulnerabilities : - Multiple cross-site scripting (XSS) vulnerabilities exist in the Handlebars library in the lib/handlebars/utils.js script due to a failure to properly escape input passed as unquoted attributes to templates. An unauthenticated, remote attacker can exploit these vulnerabilities, via a specially crafted request, to execute arbitrary script code in a user's browser session. (CVE-2015-8861, CVE-2015-8862) - A heap-based buffer overflow condition exists in the Perl-Compatible Regular Expressions (PCRE) component that is triggered when processing nested back references in a duplicate named group. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-1283) - An out-of-bounds read error exists in the libxml2 component in parserInternals.c due to improper parsing of characters in an XML file. An unauthenticated, remote attacker can exploit this to disclose sensitive information or cause a denial of service condition. (CVE-2016-1833) - An overflow condition exists in the libxml2 component in xmlstring.c due to improper validation of user-supplied input when handling a string with NULL. An unauthenticated, remote attacker can exploit this, via a specially crafted file, to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-1834) - Multiple use-after-free errors exist in the libxml2 component in parser.c that is triggered when parsing complex names. An unauthenticated, remote attacker can exploit these issues, via a specially crafted file, to dereference already freed memory and potentially execute arbitrary code. (CVE-2016-1835, CVE-2016-1836) - Multiple heap-based buffer overflow conditions exist in the libxml2 component in HTMLparser.c and xmlregexp.c due to improper validation of user-supplied input when parsing characters in a range. An unauthenticated, remote attacker can exploit these issues, via a specially crafted file, to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-1837, CVE-2016-1839, CVE-2016-1840) - Multiple out-of-bounds read errors exist in the libxml2 component in parser.c. An unauthenticated, remote attacker can exploit these issues to disclose sensitive information or cause a denial of service condition. (CVE-2016-1838, CVE-2016-4447) - A heap buffer overflow condition exists in the OpenSSL component in the EVP_EncodeUpdate() function within file crypto/evp/encode.c that is triggered when handling a large amount of input data. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2016-2105) - A heap buffer overflow condition exists in the OpenSSL component in the EVP_EncryptUpdate() function within file crypto/evp/evp_enc.c that is triggered when handling a large amount of input data after a previous call occurs to the same function with a partial block. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2016-2106) - Flaws exist in the aesni_cbc_hmac_sha1_cipher() function in file crypto/evp/e_aes_cbc_hmac_sha1.c and the aesni_cbc_hmac_sha256_cipher() function in file crypto/evp/e_aes_cbc_hmac_sha256.c that are triggered when the connection uses an AES-CBC cipher and AES-NI is supported by the server. A man-in-the-middle attacker can exploit these to conduct a padding oracle attack, resulting in the ability to decrypt the network traffic. (CVE-2016-2107) - A remote code execution vulnerability exists in the OpenSSL component in the ASN.1 encoder due to an underflow condition that occurs when attempting to encode the value zero represented as a negative integer. An unauthenticated, remote attacker can exploit this to corrupt memory, resulting in the execution of arbitrary code. (CVE-2016-2108) - Multiple unspecified flaws exist in the d2i BIO functions when reading ASN.1 data from a BIO due to invalid encoding causing a large allocation of memory. An unauthenticated, remote attacker can exploit these to cause a denial of service condition through resource exhaustion. (CVE-2016-2109) - An out-of-bounds read error exists in the X509_NAME_oneline() function within file crypto/x509/x509_obj.c when handling very long ASN1 strings. An unauthenticated, remote attacker can exploit this to disclose the contents of stack memory. (CVE-2016-2176) - An overflow condition exists in the Perl-Compatible Regular Expressions (PCRE) component due to improper validation of user-supplied input when handling the (*ACCEPT) verb. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-3191) - A flaw exists in the libxml2 component in parser.c that occurs when handling XML content in recovery mode. An unauthenticated, remote attacker can exploit this to cause a stack exhaustion, resulting in a denial of service condition. (CVE-2016-3627) - A flaw exists in the libxml2 component in parser.c due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a stack exhaustion, resulting in a denial of service condition. (CVE-2016-3705) - A format string flaw exists in the libxml2 component due to improper use of string format specifiers (e.g. %s and %x). An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-4448) - An XML external entity injection vulnerability exists in parser.c due to improper parsing of XML data. An unauthenticated, remote attacker can exploit this, via specially crafted XML data, to disclose arbitrary files or cause a denial of service condition. (CVE-2016-4449) - An out-of-bounds read error exists in the libxml2 component in xmlsave.c that occurs when handling XML content in recovery mode. An unauthenticated, remote attacker can exploit this to disclose sensitive information or cause a denial of service condition. (CVE-2016-4483) - A security bypass vulnerability exists in the libcurl component due to the program attempting to resume TLS sessions even if the client certificate fails. An unauthenticated, remote attacker can exploit this to bypass validation mechanisms. (CVE-2016-5419) - An information disclosure vulnerability exists in the libcurl component due to the program reusing TLS connections with different client certificates. An unauthenticated, remote attacker can exploit this to disclose sensitive cross-realm information. (CVE-2016-5420) - A use-after-free error exists in the libcurl component that is triggered as connection pointers are not properly cleared for easy handles. An unauthenticated, remote attacker can exploit this to dereference already freed memory, potentially resulting in the execution of arbitrary code. (CVE-2016-5421) - Multiple stored cross-site scripting (XSS) vulnerabilities exist due to improper validation of user-supplied input. An authenticated, remote attacker can exploit these, via a specially crafted request, to execute arbitrary script code in a user's browsers session. (CVE-2016-9261)
    last seen 2019-01-16
    modified 2019-01-02
    plugin id 97893
    published 2017-03-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=97893
    title Tenable Log Correlation Engine (LCE) < 4.8.1 Multiple Vulnerabilities
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2016-0049.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - fix CVE-2016-2105 - possible overflow in base64 encoding - fix CVE-2016-2106 - possible overflow in EVP_EncryptUpdate - fix CVE-2016-2107 - padding oracle in stitched AES-NI CBC-MAC - fix CVE-2016-2108 - memory corruption in ASN.1 encoder - fix CVE-2016-2109 - possible DoS when reading ASN.1 data from BIO - fix CVE-2016-0799 - memory issues in BIO_printf - fix CVE-2016-0702 - side channel attack on modular exponentiation - fix CVE-2016-0705 - double-free in DSA private key parsing - fix CVE-2016-0797 - heap corruption in BN_hex2bn and BN_dec2bn - fix CVE-2015-3197 - SSLv2 ciphersuite enforcement - disable SSLv2 in the generic TLS method - fix 1-byte memory leak in pkcs12 parse (#1229871) - document some options of the speed command (#1197095) - fix high-precision timestamps in timestamping authority - fix CVE-2015-7575 - disallow use of MD5 in TLS1.2 - fix CVE-2015-3194 - certificate verify crash with missing PSS parameter - fix CVE-2015-3195 - X509_ATTRIBUTE memory leak - fix CVE-2015-3196 - race condition when handling PSK identity hint
    last seen 2019-01-16
    modified 2018-07-24
    plugin id 91154
    published 2016-05-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91154
    title OracleVM 3.3 / 3.4 : openssl (OVMSA-2016-0049) (SLOTH)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2016-124-01.NASL
    description New openssl packages are available for Slackware 14.0, 14.1, and -current to fix security issues.
    last seen 2018-09-01
    modified 2016-10-19
    plugin id 90863
    published 2016-05-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90863
    title Slackware 14.0 / 14.1 / current : openssl (SSA:2016-124-01)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-456.NASL
    description Several vulnerabilities were discovered in OpenSSL, a Secure Socket Layer toolkit. CVE-2016-2105 Guido Vranken discovered that an overflow can occur in the function EVP_EncodeUpdate(), used for Base64 encoding, if an attacker can supply a large amount of data. This could lead to a heap corruption. CVE-2016-2106 Guido Vranken discovered that an overflow can occur in the function EVP_EncryptUpdate() if an attacker can supply a large amount of data. This could lead to a heap corruption. CVE-2016-2107 Juraj Somorovsky discovered a padding oracle in the AES CBC cipher implementation based on the AES-NI instruction set. This could allow an attacker to decrypt TLS traffic encrypted with one of the cipher suites based on AES CBC. CVE-2016-2108 David Benjamin from Google discovered that two separate bugs in the ASN.1 encoder, related to handling of negative zero integer values and large universal tags, could lead to an out-of-bounds write. CVE-2016-2109 Brian Carpenter discovered that when ASN.1 data is read from a BIO using functions such as d2i_CMS_bio(), a short invalid encoding can casuse allocation of large amounts of memory potentially consuming excessive resources or exhausting memory. CVE-2016-2176 Guido Vranken discovered that ASN.1 Strings that are over 1024 bytes can cause an overread in applications using the X509_NAME_oneline() function on EBCDIC systems. This could result in arbitrary stack data being returned in the buffer. Additional information about these issues can be found in the OpenSSL security advisory at https://www.openssl.org/news/secadv/20160503.txt NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2018-07-06
    plugin id 90874
    published 2016-05-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90874
    title Debian DLA-456-1 : openssl security update
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_CA5CB2024F5111E6B2ECB499BAEBFEAF.NASL
    description Oracle reports : The quarterly Critical Patch Update contains 22 new security fixes for Oracle MySQL 5.5.49, 5.6.30, 5.7.13 and earlier
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 92505
    published 2016-07-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92505
    title FreeBSD : MySQL -- Multiple vulnerabilities (ca5cb202-4f51-11e6-b2ec-b499baebfeaf)
  • NASL family Web Servers
    NASL id HPSMH_7_6.NASL
    description According to its banner, the version of HP System Management Homepage (SMH) hosted on the remote web server is prior to 7.6. It is, therefore, affected by the following vulnerabilities : - A heap buffer overflow condition exists in OpenSSL in the EVP_EncodeUpdate() function within file crypto/evp/encode.c that is triggered when handling a large amount of input data. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2016-2105) - A heap buffer overflow condition exists in OpenSSL in the EVP_EncryptUpdate() function within file crypto/evp/evp_enc.c that is triggered when handling a large amount of input data after a previous call occurs to the same function with a partial block. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2016-2106) - Multiple flaws exist OpenSSL in the aesni_cbc_hmac_sha1_cipher() function in file crypto/evp/e_aes_cbc_hmac_sha1.c and the aesni_cbc_hmac_sha256_cipher() function in file crypto/evp/e_aes_cbc_hmac_sha256.c that are triggered when the connection uses an AES-CBC cipher and AES-NI is supported by the server. A man-in-the-middle attacker can exploit these to conduct a padding oracle attack, resulting in the ability to decrypt the network traffic. (CVE-2016-2107) - Multiple unspecified flaws exist in OpenSSL in the d2i BIO functions when reading ASN.1 data from a BIO due to invalid encoding causing a large allocation of memory. An unauthenticated, remote attacker can exploit these to cause a denial of service condition through resource exhaustion. (CVE-2016-2109) - A certificate validation bypass vulnerability exists in cURL and libcurl due to improper validation of TLS certificates. A man-in-the-middle attacker can exploit this, via a spoofed certificate that appears valid, to disclose or manipulate transmitted data. (CVE-2016-3739) - An integer overflow condition exists in PHP in the php_raw_url_encode() function within file ext/standard/url.c due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to have an unspecified impact. (CVE-2016-4070) - A flaw exists in PHP in the php_snmp_error() function within file ext/snmp/snmp.c that is triggered when handling format string specifiers. An unauthenticated, remote attacker can exploit this, via a crafted SNMP object, to cause a denial of service or to execute arbitrary code. (CVE-2016-4071) - An invalid memory write error exists in PHP when handling the path of phar file names that allows an attacker to have an unspecified impact. (CVE-2016-4072) - A remote code execution vulnerability exists in PHP in phar_object.c due to improper handling of zero-length uncompressed data. An unauthenticated, remote attacker can exploit this, via a specially crafted TAR, ZIP, or PHAR file, to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-4342) - A remote code execution vulnerability exists in PHP in the phar_make_dirstream() function within file ext/phar/dirstream.c due to improper handling of ././@LongLink files. An unauthenticated, remote attacker can exploit this, via a specially crafted TAR file, to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-4343) - A cross-site scripting (XSS) vulnerability exists due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session. (CVE-2016-4393) - An unspecified HTTP Strict Transport Security (HSTS) bypass vulnerability exists that allows authenticated, remote attackers to disclose sensitive information. (CVE-2016-4394) - A remote code execution vulnerability exists due to an overflow condition in the mod_smh_config.so library caused by improper validation of user-supplied input when parsing the admin-group parameter supplied to the /proxy/SetSMHData endpoint. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-4395) - A remote code execution vulnerability exists due to an overflow condition in the mod_smh_config.so library caused by improper validation of user-supplied input when parsing the TKN parameter supplied to the /Proxy/SSO endpoint. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-4396) - An out-of-bounds read error exists in PHP in the php_str2num() function in bcmath.c when handling negative scales. An unauthenticated, remote attacker can exploit this, via a crafted call, to cause a denial of service condition or the disclosure of memory contents. (CVE-2016-4537) - A flaw exists in PHP the bcpowmod() function in bcmath.c due to modifying certain data structures without considering whether they are copies of the _zero_, _one_, or _two_ global variables. An unauthenticated, remote attacker can exploit this, via a crafted call, to cause a denial of service condition. (CVE-2016-4538) - A flaw exists in PHP in the xml_parse_into_struct() function in xml.c when handling specially crafted XML contents. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2016-4539) - Multiple out-of-bounds read errors exist in PHP within file ext/intl/grapheme/grapheme_string.c when handling negative offsets in the zif_grapheme_stripos() and zif_grapheme_strpos() functions. An unauthenticated, remote attacker can exploit these issues to cause a denial of service condition or disclose memory contents. (CVE-2016-4540, CVE-2016-4541) - A flaw exists in PHP in the exif_process_IFD_TAG() function in exif.c due to improper construction of spprintf arguments. An unauthenticated, remote attacker can exploit this, via crafted header data, to cause an out-of-bounds read error, resulting in a denial of service condition or the disclosure of memory contents. (CVE-2016-4542) - A flaw exists in PHP in the exif_process_IFD_in_JPEG() function in exif.c due to improper validation of IFD sizes. An unauthenticated, remote attacker can exploit this, via crafted header data, to cause an out-of-bounds read error, resulting in a denial of service condition or the disclosure of memory contents. (CVE-2016-4543) - A man-in-the-middle vulnerability exists, known as 'httpoxy', in the Apache Tomcat, Apache HTTP Server, and PHP components due to a failure to properly resolve namespace conflicts in accordance with RFC 3875 section 4.1.18. The HTTP_PROXY environment variable is set based on untrusted user data in the 'Proxy' header of HTTP requests. The HTTP_PROXY environment variable is used by some web client libraries to specify a remote proxy server. A remote attacker can exploit this, via a crafted 'Proxy' header in an HTTP request, to redirect an application's internal HTTP traffic to an arbitrary proxy server where it may be observed or manipulated. (CVE-2016-5385, CVE-2016-5387, CVE-2016-5388) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-01-16
    modified 2018-11-15
    plugin id 94654
    published 2016-11-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94654
    title HP System Management Homepage < 7.6 Multiple Vulnerabilities (HPSBMU03653) (httpoxy)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-715.NASL
    description This update for nodejs to version 4.4.5 fixes the several issues. These security issues introduced by the bundled openssl were fixed by going to version 1.0.2h : - CVE-2016-2107: The AES-NI implementation in OpenSSL did not consider memory allocation during a certain padding check, which allowed remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session (bsc#977616). - CVE-2016-2105: Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL allowed remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data (bsc#977614). - CVE-2016-0705: Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL allowed remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key (bsc#968047). - CVE-2016-0797: Multiple integer overflows in OpenSSL allowed remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c (bsc#968048). - CVE-2016-0702: The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL did not properly consider cache-bank access times during modular exponentiation, which made it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a 'CacheBleed' attack (bsc#968050). These non-security issues were fixed : - Fix faulty 'if' condition (string cannot equal a boolean). - buffer: Buffer no longer errors if you call lastIndexOf with a search term longer than the buffer. - contextify: Context objects are now properly garbage collected, this solves a problem some individuals were experiencing with extreme memory growth. - Update npm to 2.15.5. - http: Invalid status codes can no longer be sent. Limited to 3 digit numbers between 100 - 999. - deps: Fix --gdbjit for embedders. Backported from v8 upstream. - querystring: Restore throw when attempting to stringify bad surrogate pair. - https: Under certain conditions SSL sockets may have been causing a memory leak when keepalive is enabled. This is no longer the case. - lib: The way that we were internally passing arguments was causing a potential leak. By copying the arguments into an array we can avoid this. - repl: Previously if you were using the repl in strict mode the column number would be wrong in a stack trace. This is no longer an issue. - deps: An update to v8 that introduces a new flag --perf_basic_prof_only_functions. - http: A new feature in http(s) agent that catches errors on keep alived connections. - src: Better support for big-endian systems. - tls: A new feature that allows you to pass common SSL options to tls.createSecurePair. - build: Support python path that includes spaces. - https: A potential fix for #3692 (HTTP/HTTPS client requests throwing EPROTO). - installer: More readable profiling information from isolate tick logs. - process: Add support for symbols in event emitters (symbols didn't exist when it was written). - querystring: querystring.parse() is now 13-22% faster! - streams: Performance improvements for moving small buffers that shows a 5% throughput gain. IoT projects have been seen to be as much as 10% faster with this change!
    last seen 2019-01-16
    modified 2016-10-13
    plugin id 91618
    published 2016-06-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91618
    title openSUSE Security Update : nodejs (openSUSE-2016-715)
  • NASL family Databases
    NASL id MYSQL_5_7_13.NASL
    description The version of MySQL running on the remote host is 5.7.x prior to 5.7.13. It is, therefore, affected by multiple vulnerabilities : - A heap buffer overflow condition exists in the EVP_EncodeUpdate() function within file crypto/evp/encode.c that is triggered when handling a large amount of input data. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2016-2105) - Multiple unspecified flaws exist in the Optimizer subcomponent that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3424, CVE-2016-3440, CVE-2016-3501, CVE-2016-3518) - An unspecified flaw exists in the Security: Encryption subcomponent that allows an unauthenticated, remote attacker to disclose sensitive information. (CVE-2016-3452) - Multiple unspecified flaws exist in the InnoDB subcomponent that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3459, CVE-2016-5436) - An unspecified flaw exists in the Parser subcomponent that allows a local attacker to gain elevated privileges. (CVE-2016-3477) - An unspecified flaw exists in the FTS subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3486) - An unspecified flaw exists in the Types subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3521) - An unspecified flaw exists in the InnoDB subcomponent that allows an authenticated, remote attacker to impact integrity and confidentiality. (CVE-2016-3588) - Multiple unspecified flaws exist in the Security: Encryption subcomponent that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3614, CVE-2016-5442) - An unspecified flaw exists in the DML subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3615) - An unspecified flaw exists in the Log subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5437) - An unspecified flaw exists in the Privileges subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5439) - An unspecified flaw exists in the RBR subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5440) - An unspecified flaw exists in the Replication subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5441) - An unspecified flaw exists in the Connection subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-5443) - An unspecified flaw exists in the Connection subcomponent that allows an unauthenticated, remote attacker to disclose sensitive information. (CVE-2016-5444) - An unspecified flaw exists in the InnoDB Plugin subcomponent that allows an authenticated, remote attacker to impact integrity. (CVE-2016-8288) - Multiple flaws exist in InnoDB that are triggered when handling specially crafted 'ALTER TABLE' operations. An authenticated, remote attacker can exploit these issues to crash the database, resulting in a denial of service condition. - Multiple overflow conditions exist due to improper validation of user-supplied input. An authenticated, remote attacker can exploit these issues to cause a denial of service condition or the execution of arbitrary code. - A NULL pointer dereference flaw exists in a parser structure that is triggered during the validation of stored procedure names. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition. - Multiple overflow conditions exist in the InnoDB memcached plugin due to improper validation of user-supplied input. An authenticated, remote attacker can exploit these issues to cause a denial of service condition or the execution of arbitrary code. - An unspecified flaw exists that is triggered when invoking Enterprise Encryption functions in multiple threads simultaneously or after creating and dropping them. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition. - An unspecified flaw exists that is triggered when handling a 'SELECT ... GROUP BY ... FOR UPDATE' query executed with a loose index scan. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition. - An unspecified flaw exists that is triggered when performing a 'FLUSH TABLES' operation on a table with a discarded tablespace. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition. - A flaw exists in InnoDB that is triggered when performing an 'OPTIMIZE TABLE' operation on a table with a full-text index. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition. - An unspecified flaw exists that is triggered when performing an UPDATE operation on a generated virtual BLOB column. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition. - An unspecified flaw exists that is triggered when performing a 'SHOW CREATE TABLE' operation on a table with a generated column. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-01-16
    modified 2019-01-02
    plugin id 91997
    published 2016-07-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91997
    title MySQL 5.7.x < 5.7.13 Multiple Vulnerabilities
  • NASL family Databases
    NASL id MYSQL_5_6_31.NASL
    description The version of MySQL running on the remote host is 5.6.x prior to 5.6.31. It is, therefore, affected by multiple vulnerabilities : - A heap buffer overflow condition exists in the EVP_EncodeUpdate() function within file crypto/evp/encode.c that is triggered when handling a large amount of input data. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2016-2105) - An unspecified flaw exists in the Security: Encryption subcomponent that allows an unauthenticated, remote attacker to disclose sensitive information. (CVE-2016-3452) - An unspecified flaw exists in the InnoDB subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3459) - An unspecified flaw exists in the Options subcomponent that allows a local attacker to gain elevated privileges. (CVE-2016-3471) - An unspecified flaw exists in the Parser subcomponent that allows a local attacker to gain elevated privileges. (CVE-2016-3477) - An unspecified flaw exists in the FTS subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3486) - An unspecified flaw exists in the Optimizer subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3501) - An unspecified flaw exists in the Types subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3521) - An unspecified flaw exists in the Security: Encryption subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3614) - An unspecified flaw exists in the DML subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3615) - An unspecified flaw exists in the Privileges subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5439) - An unspecified flaw exists in the RBR subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5440) - An unspecified flaw exists in the Connection subcomponent that allows an unauthenticated, remote attacker to disclose sensitive information. (CVE-2016-5444) - An unspecified flaw exists in the InnoDB Plugin subcomponent that allows an authenticated, remote attacker to impact integrity. (CVE-2016-8288) - Multiple overflow conditions exist due to improper validation of user-supplied input. An authenticated, remote attacker can exploit these issues to cause a denial of service condition or the execution of arbitrary code. - A NULL pointer dereference flaw exists in a parser structure that is triggered during the validation of stored procedure names. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition. - Multiple overflow conditions exist in the InnoDB memcached plugin due to improper validation of user-supplied input. An authenticated, remote attacker can exploit these issues to cause a denial of service condition or the execution of arbitrary code. - An unspecified flaw exists that is triggered when invoking Enterprise Encryption functions in multiple threads simultaneously or after creating and dropping them. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition. - An unspecified flaw exists that is triggered when handling a 'SELECT ... GROUP BY ... FOR UPDATE' query executed with a loose index scan. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-01-16
    modified 2019-01-02
    plugin id 91995
    published 2016-07-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91995
    title MySQL 5.6.x < 5.6.31 Multiple Vulnerabilities
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2016-0135.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - fix CVE-2016-2177 - possible integer overflow - fix CVE-2016-2178 - non-constant time DSA operations - fix CVE-2016-2179 - further DoS issues in DTLS - fix CVE-2016-2180 - OOB read in TS_OBJ_print_bio - fix CVE-2016-2181 - DTLS1 replay protection and unprocessed records issue - fix CVE-2016-2182 - possible buffer overflow in BN_bn2dec - fix CVE-2016-6302 - insufficient TLS session ticket HMAC length check - fix CVE-2016-6304 - unbound memory growth with OCSP status request - fix CVE-2016-6306 - certificate message OOB reads - mitigate CVE-2016-2183 - degrade all 64bit block ciphers and RC4 to 112 bit effective strength - replace expired testing certificates - fix CVE-2016-2105 - possible overflow in base64 encoding - fix CVE-2016-2106 - possible overflow in EVP_EncryptUpdate - fix CVE-2016-2107 - padding oracle in stitched AES-NI CBC-MAC - fix CVE-2016-2108 - memory corruption in ASN.1 encoder - fix CVE-2016-2109 - possible DoS when reading ASN.1 data from BIO - fix CVE-2016-0799 - memory issues in BIO_printf
    last seen 2019-01-16
    modified 2018-07-24
    plugin id 93761
    published 2016-09-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=93761
    title OracleVM 3.3 / 3.4 : openssl (OVMSA-2016-0135)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2016-0722.NASL
    description From Red Hat Security Advisory 2016:0722 : An update for openssl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es) : * A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an application compiled against the OpenSSL library. (CVE-2016-2108) * Two integer overflow flaws, leading to buffer overflows, were found in the way the EVP_EncodeUpdate() and EVP_EncryptUpdate() functions of OpenSSL parsed very large amounts of input data. A remote attacker could use these flaws to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application. (CVE-2016-2105, CVE-2016-2106) * It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when the connection used the AES CBC cipher suite and the server supported AES-NI. A remote attacker could possibly use this flaw to retrieve plain text from encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2016-2107) * Several flaws were found in the way BIO_*printf functions were implemented in OpenSSL. Applications which passed large amounts of untrusted data through these functions could crash or potentially execute code with the permissions of the user running such an application. (CVE-2016-0799, CVE-2016-2842) * A denial of service flaw was found in the way OpenSSL parsed certain ASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An application using OpenSSL that accepts untrusted ASN.1 BIO input could be forced to allocate an excessive amount of data. (CVE-2016-2109) Red Hat would like to thank the OpenSSL project for reporting CVE-2016-2108, CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, and CVE-2016-0799. Upstream acknowledges Huzaifa Sidhpurwala (Red Hat), Hanno Bock, and David Benjamin (Google) as the original reporters of CVE-2016-2108; Guido Vranken as the original reporter of CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, and CVE-2016-0799; and Juraj Somorovsky as the original reporter of CVE-2016-2107.
    last seen 2019-01-16
    modified 2018-07-24
    plugin id 91029
    published 2016-05-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91029
    title Oracle Linux 7 : openssl (ELSA-2016-0722)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20160509_OPENSSL_ON_SL7_X.NASL
    description Security Fix(es) : - A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an application compiled against the OpenSSL library. (CVE-2016-2108) - Two integer overflow flaws, leading to buffer overflows, were found in the way the EVP_EncodeUpdate() and EVP_EncryptUpdate() functions of OpenSSL parsed very large amounts of input data. A remote attacker could use these flaws to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application. (CVE-2016-2105, CVE-2016-2106) - It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when the connection used the AES CBC cipher suite and the server supported AES-NI. A remote attacker could possibly use this flaw to retrieve plain text from encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2016-2107) - Several flaws were found in the way BIO_*printf functions were implemented in OpenSSL. Applications which passed large amounts of untrusted data through these functions could crash or potentially execute code with the permissions of the user running such an application. (CVE-2016-0799, CVE-2016-2842) - A denial of service flaw was found in the way OpenSSL parsed certain ASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An application using OpenSSL that accepts untrusted ASN.1 BIO input could be forced to allocate an excessive amount of data. (CVE-2016-2109)
    last seen 2019-01-16
    modified 2018-12-28
    plugin id 91041
    published 2016-05-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91041
    title Scientific Linux Security Update : openssl on SL7.x x86_64
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2016-0996.NASL
    description An update for openssl is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es) : * A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an application compiled against the OpenSSL library. (CVE-2016-2108) * Two integer overflow flaws, leading to buffer overflows, were found in the way the EVP_EncodeUpdate() and EVP_EncryptUpdate() functions of OpenSSL parsed very large amounts of input data. A remote attacker could use these flaws to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application. (CVE-2016-2105, CVE-2016-2106) * It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when the connection used the AES CBC cipher suite and the server supported AES-NI. A remote attacker could possibly use this flaw to retrieve plain text from encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2016-2107) * Several flaws were found in the way BIO_*printf functions were implemented in OpenSSL. Applications which passed large amounts of untrusted data through these functions could crash or potentially execute code with the permissions of the user running such an application. (CVE-2016-0799, CVE-2016-2842) * A denial of service flaw was found in the way OpenSSL parsed certain ASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An application using OpenSSL that accepts untrusted ASN.1 BIO input could be forced to allocate an excessive amount of data. (CVE-2016-2109) Red Hat would like to thank the OpenSSL project for reporting CVE-2016-2108, CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, and CVE-2016-0799. Upstream acknowledges Huzaifa Sidhpurwala (Red Hat), Hanno Bock, and David Benjamin (Google) as the original reporters of CVE-2016-2108; Guido Vranken as the original reporter of CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, and CVE-2016-0799; and Juraj Somorovsky as the original reporter of CVE-2016-2107.
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 91037
    published 2016-05-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91037
    title RHEL 6 : openssl (RHSA-2016:0996)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201612-16.NASL
    description The remote host is affected by the vulnerability described in GLSA-201612-16 (OpenSSL: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers and the International Association for Cryptologic Research’s (IACR) paper, “Make Sure DSA Signing Exponentiations Really are Constant-Time” for further details. Impact : Remote attackers could cause a Denial of Service condition or have other unspecified impacts. Additionally, a time based side-channel attack may allow a local attacker to recover a private DSA key. Workaround : There is no known workaround at this time.
    last seen 2019-01-16
    modified 2017-10-02
    plugin id 95602
    published 2016-12-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=95602
    title GLSA-201612-16 : OpenSSL: Multiple vulnerabilities
  • NASL family F5 Networks Local Security Checks
    NASL id F5_BIGIP_SOL51920288.NASL
    description Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data. (CVE-2016-2105)
    last seen 2019-01-16
    modified 2019-01-04
    plugin id 94766
    published 2016-11-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94766
    title F5 Networks BIG-IP : OpenSSL vulnerability (K51920288)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-1360-1.NASL
    description This update for OpenSSL fixes the following security issues : CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614) CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615) CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617) CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942) CVE-2016-0702: Side channel attack on modular exponentiation 'CacheBleed' (bsc#968050) The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2018-11-29
    plugin id 91282
    published 2016-05-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91282
    title SUSE SLES10 Security Update : openssl (SUSE-SU-2016:1360-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-1233-1.NASL
    description This update for openssl fixes the following issues : - CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617) - CVE-2016-2107: Padding oracle in AES-NI CBC MAC check (bsc#977616) - CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614) - CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615) - CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942) - bsc#976943: Buffer overrun in ASN1_parse - bsc#977621: Preserve negotiated digests for SNI (bsc#977621) - bsc#958501: Fix openssl enc -non-fips-allow option in FIPS mode (bsc#958501) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2018-11-29
    plugin id 90914
    published 2016-05-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90914
    title SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2016:1233-1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-C558E58B21.NASL
    description Update to latest openssl which fixes various CVE's Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2016-10-18
    plugin id 92158
    published 2016-07-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92158
    title Fedora 24 : mingw-openssl (2016-c558e58b21)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-1290-1.NASL
    description This update for openssl fixes the following issues : Security issues fixed : - CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617) - CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614) - CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615) - CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942) - CVE-2016-0702: Side channel attack on modular exponentiation 'CacheBleed' (bsc#968050) Bugs fixed : - fate#320304: build 32bit devel package - bsc#976943: Fix buffer overrun in ASN1_parse - bsc#973223: allow weak DH groups, vulnerable to the logjam attack, when environment variable OPENSSL_ALLOW_LOGJAM_ATTACK is set - bsc#889013: Rename README.SuSE to the new spelling Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2018-11-29
    plugin id 91158
    published 2016-05-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91158
    title SUSE SLES11 Security Update : openssl (SUSE-SU-2016:1290-1)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2016-0722.NASL
    description An update for openssl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es) : * A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an application compiled against the OpenSSL library. (CVE-2016-2108) * Two integer overflow flaws, leading to buffer overflows, were found in the way the EVP_EncodeUpdate() and EVP_EncryptUpdate() functions of OpenSSL parsed very large amounts of input data. A remote attacker could use these flaws to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application. (CVE-2016-2105, CVE-2016-2106) * It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when the connection used the AES CBC cipher suite and the server supported AES-NI. A remote attacker could possibly use this flaw to retrieve plain text from encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2016-2107) * Several flaws were found in the way BIO_*printf functions were implemented in OpenSSL. Applications which passed large amounts of untrusted data through these functions could crash or potentially execute code with the permissions of the user running such an application. (CVE-2016-0799, CVE-2016-2842) * A denial of service flaw was found in the way OpenSSL parsed certain ASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An application using OpenSSL that accepts untrusted ASN.1 BIO input could be forced to allocate an excessive amount of data. (CVE-2016-2109) Red Hat would like to thank the OpenSSL project for reporting CVE-2016-2108, CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, and CVE-2016-0799. Upstream acknowledges Huzaifa Sidhpurwala (Red Hat), Hanno Bock, and David Benjamin (Google) as the original reporters of CVE-2016-2108; Guido Vranken as the original reporter of CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, and CVE-2016-0799; and Juraj Somorovsky as the original reporter of CVE-2016-2107.
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 91017
    published 2016-05-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91017
    title CentOS 7 : openssl (CESA-2016:0722)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2016-0996.NASL
    description An update for openssl is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es) : * A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an application compiled against the OpenSSL library. (CVE-2016-2108) * Two integer overflow flaws, leading to buffer overflows, were found in the way the EVP_EncodeUpdate() and EVP_EncryptUpdate() functions of OpenSSL parsed very large amounts of input data. A remote attacker could use these flaws to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application. (CVE-2016-2105, CVE-2016-2106) * It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when the connection used the AES CBC cipher suite and the server supported AES-NI. A remote attacker could possibly use this flaw to retrieve plain text from encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2016-2107) * Several flaws were found in the way BIO_*printf functions were implemented in OpenSSL. Applications which passed large amounts of untrusted data through these functions could crash or potentially execute code with the permissions of the user running such an application. (CVE-2016-0799, CVE-2016-2842) * A denial of service flaw was found in the way OpenSSL parsed certain ASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An application using OpenSSL that accepts untrusted ASN.1 BIO input could be forced to allocate an excessive amount of data. (CVE-2016-2109) Red Hat would like to thank the OpenSSL project for reporting CVE-2016-2108, CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, and CVE-2016-0799. Upstream acknowledges Huzaifa Sidhpurwala (Red Hat), Hanno Böck, and David Benjamin (Google) as the original reporters of CVE-2016-2108; Guido Vranken as the original reporter of CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, and CVE-2016-0799; and Juraj Somorovsky as the original reporter of CVE-2016-2107.
    last seen 2019-01-16
    modified 2018-07-02
    plugin id 91171
    published 2016-05-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91171
    title CentOS 6 : openssl (CESA-2016:0996)
  • NASL family Web Servers
    NASL id OPENSSL_1_0_1T.NASL
    description According to its banner, the remote host is running a version of OpenSSL 1.0.1 prior to 1.0.1t. It is, therefore, affected by the following vulnerabilities : - A heap buffer overflow condition exists in the EVP_EncodeUpdate() function within file crypto/evp/encode.c that is triggered when handling a large amount of input data. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2016-2105) - A heap buffer overflow condition exists in the EVP_EncryptUpdate() function within file crypto/evp/evp_enc.c that is triggered when handling a large amount of input data after a previous call occurs to the same function with a partial block. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2016-2106) - Flaws exist in the aesni_cbc_hmac_sha1_cipher() function in file crypto/evp/e_aes_cbc_hmac_sha1.c and the aesni_cbc_hmac_sha256_cipher() function in file crypto/evp/e_aes_cbc_hmac_sha256.c that are triggered when the connection uses an AES-CBC cipher and AES-NI is supported by the server. A man-in-the-middle attacker can exploit these to conduct a padding oracle attack, resulting in the ability to decrypt the network traffic. (CVE-2016-2107) - Multiple unspecified flaws exist in the d2i BIO functions when reading ASN.1 data from a BIO due to invalid encoding causing a large allocation of memory. An unauthenticated, remote attacker can exploit these to cause a denial of service condition through resource exhaustion. (CVE-2016-2109) - An out-of-bounds read error exists in the X509_NAME_oneline() function within file crypto/x509/x509_obj.c when handling very long ASN1 strings. An unauthenticated, remote attacker can exploit this to disclose the contents of stack memory. (CVE-2016-2176)
    last seen 2019-01-16
    modified 2018-07-16
    plugin id 90890
    published 2016-05-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90890
    title OpenSSL 1.0.1 < 1.0.1t Multiple Vulnerabilities
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20160510_OPENSSL_ON_SL6_X.NASL
    description Security Fix(es) : - A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an application compiled against the OpenSSL library. (CVE-2016-2108) - Two integer overflow flaws, leading to buffer overflows, were found in the way the EVP_EncodeUpdate() and EVP_EncryptUpdate() functions of OpenSSL parsed very large amounts of input data. A remote attacker could use these flaws to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application. (CVE-2016-2105, CVE-2016-2106) - It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when the connection used the AES CBC cipher suite and the server supported AES-NI. A remote attacker could possibly use this flaw to retrieve plain text from encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2016-2107) - Several flaws were found in the way BIO_*printf functions were implemented in OpenSSL. Applications which passed large amounts of untrusted data through these functions could crash or potentially execute code with the permissions of the user running such an application. (CVE-2016-0799, CVE-2016-2842) - A denial of service flaw was found in the way OpenSSL parsed certain ASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An application using OpenSSL that accepts untrusted ASN.1 BIO input could be forced to allocate an excessive amount of data. (CVE-2016-2109)
    last seen 2019-01-16
    modified 2018-12-28
    plugin id 91541
    published 2016-06-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91541
    title Scientific Linux Security Update : openssl on SL6.x i386/x86_64
  • NASL family Firewalls
    NASL id SCREENOS_JSA10759.NASL
    description The version of Juniper ScreenOS running on the remote host is 6.3.x prior to 6.3.0r23. It is, therefore, affected by multiple vulnerabilities in its bundled version of OpenSSL : - A flaw exists in the SSLv2 implementation, specifically in the get_client_master_key() function within file s2_srvr.c, due to accepting a nonzero CLIENT-MASTER-KEY CLEAR-KEY-LENGTH value for an arbitrary cipher. A man-in-the-middle attacker can exploit this to determine the MASTER-KEY value and decrypt TLS ciphertext by leveraging a Bleichenbacher RSA padding oracle. (CVE-2016-0703) - A flaw exists in the SSLv2 oracle protection mechanism, specifically in the get_client_master_key() function within file s2_srvr.c, due to incorrectly overwriting MASTER-KEY bytes during use of export cipher suites. A remote attackers can exploit this to more easily decrypt TLS ciphertext by leveraging a Bleichenbacher RSA padding oracle. (CVE-2016-0704) - A NULL pointer dereference flaw exists in the BN_hex2bn() and BN_dec2bn() functions. A remote attacker can exploit this to trigger a heap corruption, resulting in the execution of arbitrary code. (CVE-2016-0797) - A flaw exists that allows a cross-protocol Bleichenbacher padding oracle attack known as DROWN (Decrypting RSA with Obsolete and Weakened eNcryption). This vulnerability exists due to a flaw in the Secure Sockets Layer Version 2 (SSLv2) implementation, and it allows captured TLS traffic to be decrypted. A man-in-the-middle attacker can exploit this to decrypt the TSL connection by utilizing previously captured traffic and weak cryptography along with a series of specially crafted connections to an SSLv2 server that uses the same private key. (CVE-2016-0800) - A heap buffer overflow condition exists in the EVP_EncodeUpdate() function within file crypto/evp/encode.c that is triggered when handling a large amount of input data. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2016-2105) - A heap buffer overflow condition exists in the EVP_EncryptUpdate() function within file crypto/evp/evp_enc.c that is triggered when handling a large amount of input data after a previous call occurs to the same function with a partial block. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2016-2106) - A remote code execution vulnerability exists in the ASN.1 encoder due to an underflow condition that occurs when attempting to encode the value zero represented as a negative integer. An unauthenticated, remote attacker can exploit this to corrupt memory, resulting in the execution of arbitrary code. (CVE-2016-2108) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-01-16
    modified 2018-07-27
    plugin id 94679
    published 2016-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94679
    title Juniper ScreenOS 6.3.x < 6.3.0r23 Multiple Vulnerabilities in OpenSSL (JSA10759) (DROWN)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2959-1.NASL
    description Huzaifa Sidhpurwala, Hanno Bock, and David Benjamin discovered that OpenSSL incorrectly handled memory when decoding ASN.1 structures. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-2108) Juraj Somorovsky discovered that OpenSSL incorrectly performed padding when the connection uses the AES CBC cipher and the server supports AES-NI. A remote attacker could possibly use this issue to perform a padding oracle attack and decrypt traffic. (CVE-2016-2107) Guido Vranken discovered that OpenSSL incorrectly handled large amounts of input data to the EVP_EncodeUpdate() function. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-2105) Guido Vranken discovered that OpenSSL incorrectly handled large amounts of input data to the EVP_EncryptUpdate() function. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-2106) Brian Carpenter discovered that OpenSSL incorrectly handled memory when ASN.1 data is read from a BIO. A remote attacker could possibly use this issue to cause memory consumption, resulting in a denial of service. (CVE-2016-2109) As a security improvement, this update also modifies OpenSSL behaviour to reject DH key sizes below 1024 bits, preventing a possible downgrade attack. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2018-12-01
    plugin id 90887
    published 2016-05-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90887
    title Ubuntu 12.04 LTS / 14.04 LTS / 15.10 / 16.04 LTS : openssl vulnerabilities (USN-2959-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-1228-1.NASL
    description This update for openssl fixes the following issues : - CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617) - CVE-2016-2107: Padding oracle in AES-NI CBC MAC check (bsc#977616) - CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614) - CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615) - CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942) - bsc#976943: Buffer overrun in ASN1_parse - bsc#977621: Preserve negotiated digests for SNI (bsc#977621) - bsc#958501: Fix openssl enc -non-fips-allow option in FIPS mode (bsc#958501) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2018-11-29
    plugin id 90913
    published 2016-05-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90913
    title SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2016:1228-1)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-565.NASL
    description This update for libopenssl0_9_8 fixes the following issues : - CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614) - CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615) - CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617) - CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942) - CVE-2016-0702: Side channel attack on modular exponentiation 'CacheBleed' (bsc#968050) - bsc#976943: Buffer overrun in ASN1_parse
    last seen 2019-01-16
    modified 2016-10-13
    plugin id 90935
    published 2016-05-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90935
    title openSUSE Security Update : libopenssl0_9_8 (openSUSE-2016-565)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2016-3576.NASL
    description Description of changes: [0.9.8e-40.0.2] - CVE-2016-0799 - Fix memory issues in BIO_*printf functions - CVE-2016-2105 - Avoid overflow in EVP_EncodeUpdate - CVE-2016-2106 - Fix encrypt overflow - CVE-2016-2109 - Harden ASN.1 BIO handling of large amounts of data.
    last seen 2018-09-01
    modified 2016-10-19
    plugin id 91738
    published 2016-06-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91738
    title Oracle Linux 5 : openssl (ELSA-2016-3576)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2016-0722.NASL
    description An update for openssl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es) : * A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an application compiled against the OpenSSL library. (CVE-2016-2108) * Two integer overflow flaws, leading to buffer overflows, were found in the way the EVP_EncodeUpdate() and EVP_EncryptUpdate() functions of OpenSSL parsed very large amounts of input data. A remote attacker could use these flaws to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application. (CVE-2016-2105, CVE-2016-2106) * It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when the connection used the AES CBC cipher suite and the server supported AES-NI. A remote attacker could possibly use this flaw to retrieve plain text from encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2016-2107) * Several flaws were found in the way BIO_*printf functions were implemented in OpenSSL. Applications which passed large amounts of untrusted data through these functions could crash or potentially execute code with the permissions of the user running such an application. (CVE-2016-0799, CVE-2016-2842) * A denial of service flaw was found in the way OpenSSL parsed certain ASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An application using OpenSSL that accepts untrusted ASN.1 BIO input could be forced to allocate an excessive amount of data. (CVE-2016-2109) Red Hat would like to thank the OpenSSL project for reporting CVE-2016-2108, CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, and CVE-2016-0799. Upstream acknowledges Huzaifa Sidhpurwala (Red Hat), Hanno Bock, and David Benjamin (Google) as the original reporters of CVE-2016-2108; Guido Vranken as the original reporter of CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, and CVE-2016-0799; and Juraj Somorovsky as the original reporter of CVE-2016-2107.
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 91033
    published 2016-05-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91033
    title RHEL 7 : openssl (RHSA-2016:0722)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2016-2073.NASL
    description An update for openssl is now available for Red Hat Enterprise Linux 6.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es) : * A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an application compiled against the OpenSSL library. (CVE-2016-2108) * Two integer overflow flaws, leading to buffer overflows, were found in the way the EVP_EncodeUpdate() and EVP_EncryptUpdate() functions of OpenSSL parsed very large amounts of input data. A remote attacker could use these flaws to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application. (CVE-2016-2105, CVE-2016-2106) * It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when the connection used the AES CBC cipher suite and the server supported AES-NI. A remote attacker could possibly use this flaw to retrieve plain text from encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2016-2107) * Several flaws were found in the way BIO_*printf functions were implemented in OpenSSL. Applications which passed large amounts of untrusted data through these functions could crash or potentially execute code with the permissions of the user running such an application. (CVE-2016-0799, CVE-2016-2842) * A denial of service flaw was found in the way OpenSSL parsed certain ASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An application using OpenSSL that accepts untrusted ASN.1 BIO input could be forced to allocate an excessive amount of data. (CVE-2016-2109) Red Hat would like to thank the OpenSSL project for reporting CVE-2016-2108, CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, and CVE-2016-0799. Upstream acknowledges Huzaifa Sidhpurwala (Red Hat), Hanno Bock, and David Benjamin (Google) as the original reporters of CVE-2016-2108; Guido Vranken as the original reporter of CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, and CVE-2016-0799; and Juraj Somorovsky as the original reporter of CVE-2016-2107.
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 94105
    published 2016-10-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94105
    title RHEL 6 : openssl (RHSA-2016:2073)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-561.NASL
    description This update for openssl fixes the following issues : - CVE-2016-2108: Memory corruption in the ASN.1 encoder (boo#977617) - CVE-2016-2107: Padding oracle in AES-NI CBC MAC check (boo#977616) - CVE-2016-2105: EVP_EncodeUpdate overflow (boo#977614) - CVE-2016-2106: EVP_EncryptUpdate overflow (boo#977615) - CVE-2016-2109: ASN.1 BIO excessive memory allocation (boo#976942) - boo#976943: Buffer overrun in ASN1_parse - boo#977621: Preserve digests for SNI - boo#958501: Fix openssl enc -non-fips-allow option in FIPS mode
    last seen 2019-01-16
    modified 2016-10-13
    plugin id 90933
    published 2016-05-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90933
    title openSUSE Security Update : openssl (openSUSE-2016-561)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-1E39D934ED.NASL
    description Security fix for CVE-2016-2108, CVE-2016-2107, CVE-2016-2105, CVE-2016-2106 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2016-10-18
    plugin id 91058
    published 2016-05-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91058
    title Fedora 22 : openssl-1.0.1k-15.fc22 (2016-1e39d934ed)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_01D729CA114311E6B55EB499BAEBFEAF.NASL
    description OpenSSL reports : Memory corruption in the ASN.1 encoder Padding oracle in AES-NI CBC MAC check EVP_EncodeUpdate overflow EVP_EncryptUpdate overflow ASN.1 BIO excessive memory allocation EBCDIC overread (OpenSSL only)
    last seen 2018-11-13
    modified 2018-11-10
    plugin id 90876
    published 2016-05-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90876
    title FreeBSD : OpenSSL -- multiple vulnerabilities (01d729ca-1143-11e6-b55e-b499baebfeaf)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2016-1648.NASL
    description An update is now available for Red Hat JBoss Enterprise Web Server 2.1 for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library. This release serves as a replacement for Red Hat JBoss Web Server 2.1.0, and includes several bug fixes. Refer to the Red Hat JBoss Web Server 2.1.1 Release Notes for information on the most significant of these changes, available shortly from https://access.redhat.com/site/documentation/ All users of Red Hat JBoss Web Server 2.1.0 on Red Hat Enterprise Linux 7 are advised to upgrade to Red Hat JBoss Web Server 2.1.1. The JBoss server process must be restarted for this update to take effect. Security Fix(es) : * It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request. (CVE-2016-5387) * An integer overflow flaw, leading to a buffer overflow, was found in the way the EVP_EncodeUpdate() function of OpenSSL parsed very large amounts of input data. A remote attacker could use this flaw to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application. (CVE-2016-2105) * An integer overflow flaw, leading to a buffer overflow, was found in the way the EVP_EncryptUpdate() function of OpenSSL parsed very large amounts of input data. A remote attacker could use this flaw to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application. (CVE-2016-2106) * It was discovered that it is possible to remotely Segfault Apache http server with a specially crafted string sent to the mod_cluster via service messages (MCMP). (CVE-2016-3110) Red Hat would like to thank Scott Geary (VendHQ) for reporting CVE-2016-5387; the OpenSSL project for reporting CVE-2016-2105 and CVE-2016-2106; and Michal Karm Babacek for reporting CVE-2016-3110. Upstream acknowledges Guido Vranken as the original reporter of CVE-2016-2105 and CVE-2016-2106.
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 93118
    published 2016-08-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=93118
    title RHEL 7 : JBoss Web Server (RHSA-2016:1648) (httpoxy)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-564.NASL
    description This update for openssl fixes the following issues : - CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617) - CVE-2016-2107: Padding oracle in AES-NI CBC MAC check (bsc#977616) - CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614) - CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615) - CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942) - bsc#976943: Buffer overrun in ASN1_parse - bsc#977621: Preserve negotiated digests for SNI (bsc#977621) - bsc#958501: Fix openssl enc -non-fips-allow option in FIPS mode (bsc#958501) This update was imported from the SUSE:SLE-12-SP1:Update update project.
    last seen 2019-01-16
    modified 2016-10-13
    plugin id 90934
    published 2016-05-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90934
    title openSUSE Security Update : openssl (openSUSE-2016-564)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-562.NASL
    description This update for openssl fixes the following issues : - CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614) - CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615) - CVE-2016-2107: Padding oracle in AES-NI CBC MAC check (bsc#977616) - CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617) - CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942) - bsc#976943: Buffer overrun in ASN1_parse
    last seen 2019-01-16
    modified 2016-10-13
    plugin id 91067
    published 2016-05-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91067
    title openSUSE Security Update : openssl (openSUSE-2016-562)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-1411324654.NASL
    description Security fix for CVE-2016-2108, CVE-2016-2107, CVE-2016-2105, CVE-2016-2106 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2016-10-18
    plugin id 90949
    published 2016-05-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90949
    title Fedora 24 : openssl-1.0.2h-1.fc24 (2016-1411324654)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-1283.NASL
    description mysql-community-server was updated to 5.6.34 to fix the following issues : - Changes http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6- 34.html http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6- 33.html http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6- 32.html http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6- 31.html - fixed CVEs: CVE-2016-6304, CVE-2016-6662, CVE-2016-7440, CVE-2016-5584, CVE-2016-5617, CVE-2016-5616, CVE-2016-5626, CVE-2016-3492, CVE-2016-5629, CVE-2016-5507, CVE-2016-8283, CVE-2016-5609, CVE-2016-5612, CVE-2016-5627, CVE-2016-5630, CVE-2016-8284, CVE-2016-8288, CVE-2016-3477, CVE-2016-2105, CVE-2016-3486, CVE-2016-3501, CVE-2016-3521, CVE-2016-3615, CVE-2016-3614, CVE-2016-3459, CVE-2016-5439, CVE-2016-5440 - fixes SUSE Bugs: [boo#999666], [boo#998309], [boo#1005581], [boo#1005558], [boo#1005563], [boo#1005562], [boo#1005566], [boo#1005555], [boo#1005569], [boo#1005557], [boo#1005582], [boo#1005560], [boo#1005561], [boo#1005567], [boo#1005570], [boo#1005583], [boo#1005586], [boo#989913], [boo#977614], [boo#989914], [boo#989915], [boo#989919], [boo#989922], [boo#989921], [boo#989911], [boo#989925], [boo#989926] - append '--ignore-db-dir=lost+found' to the mysqld options in 'mysql-systemd-helper' script if 'lost+found' directory is found in $datadir [boo#986251] - remove syslog.target from *.service files [boo#983938] - add systemd to deps to build on leap and friends - replace '%{_libexecdir}/systemd/system' with %{_unitdir} macro - remove useless mysql@default.service [boo#971456] - replace all occurrences of the string '@sysconfdir@' with '/etc' in mysql-community-server-5.6.3-logrotate.patch as it wasn't expanded properly [boo#990890] - remove '%define _rundir' as 13.1 is out of support scope - run 'usermod -g mysql mysql' only if mysql user is not in mysql group. Run 'usermod -s /bin/false/ mysql' only if mysql user doesn't have '/bin/false' shell set. - re-enable mysql profiling
    last seen 2019-01-16
    modified 2018-11-19
    plugin id 94694
    published 2016-11-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94694
    title openSUSE Security Update : mysql-community-server (openSUSE-2016-1283)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2016-0996.NASL
    description From Red Hat Security Advisory 2016:0996 : An update for openssl is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es) : * A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an application compiled against the OpenSSL library. (CVE-2016-2108) * Two integer overflow flaws, leading to buffer overflows, were found in the way the EVP_EncodeUpdate() and EVP_EncryptUpdate() functions of OpenSSL parsed very large amounts of input data. A remote attacker could use these flaws to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application. (CVE-2016-2105, CVE-2016-2106) * It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when the connection used the AES CBC cipher suite and the server supported AES-NI. A remote attacker could possibly use this flaw to retrieve plain text from encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2016-2107) * Several flaws were found in the way BIO_*printf functions were implemented in OpenSSL. Applications which passed large amounts of untrusted data through these functions could crash or potentially execute code with the permissions of the user running such an application. (CVE-2016-0799, CVE-2016-2842) * A denial of service flaw was found in the way OpenSSL parsed certain ASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An application using OpenSSL that accepts untrusted ASN.1 BIO input could be forced to allocate an excessive amount of data. (CVE-2016-2109) Red Hat would like to thank the OpenSSL project for reporting CVE-2016-2108, CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, and CVE-2016-0799. Upstream acknowledges Huzaifa Sidhpurwala (Red Hat), Hanno Bock, and David Benjamin (Google) as the original reporters of CVE-2016-2108; Guido Vranken as the original reporter of CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, and CVE-2016-0799; and Juraj Somorovsky as the original reporter of CVE-2016-2107.
    last seen 2019-01-16
    modified 2018-07-24
    plugin id 91152
    published 2016-05-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91152
    title Oracle Linux 6 : openssl (ELSA-2016-0996)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2016-0086.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - CVE-2016-0799 - Fix memory issues in BIO_*printf functions - CVE-2016-2105 - Avoid overflow in EVP_EncodeUpdate - CVE-2016-2106 - Fix encrypt overflow - CVE-2016-2109 - Harden ASN.1 BIO handling of large amounts of data. - To disable SSLv2 client connections create the file /etc/sysconfig/openssl-ssl-client-kill-sslv2 (John Haxby) [orabug 21673934] - Backport openssl 08-Jan-2015 security fixes (John Haxby) [orabug 20409893] - fix CVE-2014-3570 - Bignum squaring may produce incorrect results - fix CVE-2014-3571 - DTLS segmentation fault in dtls1_get_record - fix CVE-2014-3572 - ECDHE silently downgrades to ECDH [Client] - fix CVE-2016-2108 - memory corruption in ASN.1 encoder
    last seen 2019-01-16
    modified 2018-07-24
    plugin id 91777
    published 2016-06-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91777
    title OracleVM 3.2 : openssl (OVMSA-2016-0086)
  • NASL family Web Servers
    NASL id OPENSSL_1_0_2H.NASL
    description According to its banner, the remote host is running a version of OpenSSL 1.0.2 prior to 1.0.2h. It is, therefore, affected by the following vulnerabilities : - A heap buffer overflow condition exists in the EVP_EncodeUpdate() function within file crypto/evp/encode.c that is triggered when handling a large amount of input data. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2016-2105) - A heap buffer overflow condition exists in the EVP_EncryptUpdate() function within file crypto/evp/evp_enc.c that is triggered when handling a large amount of input data after a previous call occurs to the same function with a partial block. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2016-2106) - Flaws exist in the aesni_cbc_hmac_sha1_cipher() function in file crypto/evp/e_aes_cbc_hmac_sha1.c and the aesni_cbc_hmac_sha256_cipher() function in file crypto/evp/e_aes_cbc_hmac_sha256.c that are triggered when the connection uses an AES-CBC cipher and AES-NI is supported by the server. A man-in-the-middle attacker can exploit these to conduct a padding oracle attack, resulting in the ability to decrypt the network traffic. (CVE-2016-2107) - Multiple unspecified flaws exist in the d2i BIO functions when reading ASN.1 data from a BIO due to invalid encoding causing a large allocation of memory. An unauthenticated, remote attacker can exploit these to cause a denial of service condition through resource exhaustion. (CVE-2016-2109) - An out-of-bounds read error exists in the X509_NAME_oneline() function within file crypto/x509/x509_obj.c when handling very long ASN1 strings. An unauthenticated, remote attacker can exploit this to disclose the contents of stack memory. (CVE-2016-2176)
    last seen 2019-01-16
    modified 2018-07-16
    plugin id 90891
    published 2016-05-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90891
    title OpenSSL 1.0.2 < 1.0.2h Multiple Vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-575.NASL
    description This update for compat-openssl098 fixes the following issues : - CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617) - CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614) - CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615) - CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942) - CVE-2016-0702: Side channel attack on modular exponentiation 'CacheBleed' (bsc#968050) - bsc#976943: Buffer overrun in ASN1_parse The following non-security bugs were fixed : - bsc#889013: Rename README.SuSE to the new spelling (bsc#889013) This update was imported from the SUSE:SLE-12:Update update project.
    last seen 2019-01-16
    modified 2016-10-13
    plugin id 91070
    published 2016-05-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91070
    title openSUSE Security Update : compat-openssl098 (openSUSE-2016-575)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-1289.NASL
    description mysql-community-server was updated to 5.6.34 to fix the following issues : - Changes http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6- 34.html http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6- 33.html http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6- 32.html http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6- 31.html - fixed CVEs: CVE-2016-6304, CVE-2016-6662, CVE-2016-7440, CVE-2016-5584, CVE-2016-5617, CVE-2016-5616, CVE-2016-5626, CVE-2016-3492, CVE-2016-5629, CVE-2016-5507, CVE-2016-8283, CVE-2016-5609, CVE-2016-5612, CVE-2016-5627, CVE-2016-5630, CVE-2016-8284, CVE-2016-8288, CVE-2016-3477, CVE-2016-2105, CVE-2016-3486, CVE-2016-3501, CVE-2016-3521, CVE-2016-3615, CVE-2016-3614, CVE-2016-3459, CVE-2016-5439, CVE-2016-5440 - fixes SUSE Bugs: [boo#999666], [boo#998309], [boo#1005581], [boo#1005558], [boo#1005563], [boo#1005562], [boo#1005566], [boo#1005555], [boo#1005569], [boo#1005557], [boo#1005582], [boo#1005560], [boo#1005561], [boo#1005567], [boo#1005570], [boo#1005583], [boo#1005586], [boo#989913], [boo#977614], [boo#989914], [boo#989915], [boo#989919], [boo#989922], [boo#989921], [boo#989911], [boo#989925], [boo#989926] - append '--ignore-db-dir=lost+found' to the mysqld options in 'mysql-systemd-helper' script if 'lost+found' directory is found in $datadir [boo#986251] - remove syslog.target from *.service files [boo#983938] - add systemd to deps to build on leap and friends - replace '%{_libexecdir}/systemd/system' with %{_unitdir} macro - remove useless mysql@default.service [boo#971456] - replace all occurrences of the string '@sysconfdir@' with '/etc' in mysql-community-server-5.6.3-logrotate.patch as it wasn't expanded properly [boo#990890] - remove '%define _rundir' as 13.1 is out of support scope - run 'usermod -g mysql mysql' only if mysql user is not in mysql group. Run 'usermod -s /bin/false/ mysql' only if mysql user doesn't have '/bin/false' shell set. - re-enable mysql profiling
    last seen 2019-01-16
    modified 2018-11-19
    plugin id 94756
    published 2016-11-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94756
    title openSUSE Security Update : mysql-community-server (openSUSE-2016-1289)
  • NASL family Databases
    NASL id MYSQL_5_7_13_RPM.NASL
    description The version of MySQL running on the remote host is 5.7.x prior to 5.7.13. It is, therefore, affected by multiple vulnerabilities : - A heap buffer overflow condition exists in the EVP_EncodeUpdate() function within file crypto/evp/encode.c that is triggered when handling a large amount of input data. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2016-2105) - Multiple unspecified flaws exist in the Optimizer subcomponent that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3424, CVE-2016-3440, CVE-2016-3501, CVE-2016-3518) - An unspecified flaw exists in the Security: Encryption subcomponent that allows an unauthenticated, remote attacker to disclose sensitive information. (CVE-2016-3452) - Multiple unspecified flaws exist in the InnoDB subcomponent that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3459, CVE-2016-5436) - An unspecified flaw exists in the Parser subcomponent that allows a local attacker to gain elevated privileges. (CVE-2016-3477) - An unspecified flaw exists in the FTS subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3486) - An unspecified flaw exists in the Types subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3521) - An unspecified flaw exists in the InnoDB subcomponent that allows an authenticated, remote attacker to impact integrity and confidentiality. (CVE-2016-3588) - Multiple unspecified flaws exist in the Security: Encryption subcomponent that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3614, CVE-2016-5442) - An unspecified flaw exists in the DML subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3615) - An unspecified flaw exists in the Log subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5437) - An unspecified flaw exists in the Privileges subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5439) - An unspecified flaw exists in the RBR subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5440) - An unspecified flaw exists in the Replication subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5441) - An unspecified flaw exists in the Connection subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-5443) - An unspecified flaw exists in the Connection subcomponent that allows an unauthenticated, remote attacker to disclose sensitive information. (CVE-2016-5444) - An unspecified flaw exists in the InnoDB Plugin subcomponent that allows an authenticated, remote attacker to impact integrity. (CVE-2016-8288) - Multiple flaws exist in InnoDB that are triggered when handling specially crafted 'ALTER TABLE' operations. An authenticated, remote attacker can exploit these issues to crash the database, resulting in a denial of service condition. - Multiple overflow conditions exist due to improper validation of user-supplied input. An authenticated, remote attacker can exploit these issues to cause a denial of service condition or the execution of arbitrary code. - A NULL pointer dereference flaw exists in a parser structure that is triggered during the validation of stored procedure names. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition. - Multiple overflow conditions exist in the InnoDB memcached plugin due to improper validation of user-supplied input. An authenticated, remote attacker can exploit these issues to cause a denial of service condition or the execution of arbitrary code. - An unspecified flaw exists that is triggered when invoking Enterprise Encryption functions in multiple threads simultaneously or after creating and dropping them. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition. - An unspecified flaw exists that is triggered when handling a 'SELECT ... GROUP BY ... FOR UPDATE' query executed with a loose index scan. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition. - An unspecified flaw exists that is triggered when performing a 'FLUSH TABLES' operation on a table with a discarded tablespace. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition. - A flaw exists in InnoDB that is triggered when performing an 'OPTIMIZE TABLE' operation on a table with a full-text index. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition. - An unspecified flaw exists that is triggered when performing an UPDATE operation on a generated virtual BLOB column. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition. - An unspecified flaw exists that is triggered when performing a 'SHOW CREATE TABLE' operation on a table with a generated column. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-01-16
    modified 2019-01-02
    plugin id 91998
    published 2016-07-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91998
    title Oracle MySQL 5.7.x < 5.7.13 Multiple Vulnerabilities
  • NASL family Databases
    NASL id MYSQL_5_6_31_RPM.NASL
    description The version of MySQL running on the remote host is 5.6.x prior to 5.6.31. It is, therefore, affected by multiple vulnerabilities : - A heap buffer overflow condition exists in the EVP_EncodeUpdate() function within file crypto/evp/encode.c that is triggered when handling a large amount of input data. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2016-2105) - An unspecified flaw exists in the Security: Encryption subcomponent that allows an unauthenticated, remote attacker to disclose sensitive information. (CVE-2016-3452) - An unspecified flaw exists in the InnoDB subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3459) - An unspecified flaw exists in the Options subcomponent that allows a local attacker to gain elevated privileges. (CVE-2016-3471) - An unspecified flaw exists in the Parser subcomponent that allows a local attacker to gain elevated privileges. (CVE-2016-3477) - An unspecified flaw exists in the FTS subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3486) - An unspecified flaw exists in the Optimizer subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3501) - An unspecified flaw exists in the Types subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3521) - An unspecified flaw exists in the Security: Encryption subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3614) - An unspecified flaw exists in the DML subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3615) - An unspecified flaw exists in the Privileges subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5439) - An unspecified flaw exists in the RBR subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5440) - An unspecified flaw exists in the Connection subcomponent that allows an unauthenticated, remote attacker to disclose sensitive information. (CVE-2016-5444) - An unspecified flaw exists in the InnoDB Plugin subcomponent that allows an authenticated, remote attacker to impact integrity. (CVE-2016-8288) - Multiple overflow conditions exist due to improper validation of user-supplied input. An authenticated, remote attacker can exploit these issues to cause a denial of service condition or the execution of arbitrary code. - A NULL pointer dereference flaw exists in a parser structure that is triggered during the validation of stored procedure names. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition. - Multiple overflow conditions exist in the InnoDB memcached plugin due to improper validation of user-supplied input. An authenticated, remote attacker can exploit these issues to cause a denial of service condition or the execution of arbitrary code. - An unspecified flaw exists that is triggered when invoking Enterprise Encryption functions in multiple threads simultaneously or after creating and dropping them. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition. - An unspecified flaw exists that is triggered when handling a 'SELECT ... GROUP BY ... FOR UPDATE' query executed with a loose index scan. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-01-16
    modified 2019-01-02
    plugin id 91996
    published 2016-07-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91996
    title Oracle MySQL 5.6.x < 5.6.31 Multiple Vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-1267-1.NASL
    description This update for compat-openssl098 fixes the following issues : - CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617) - CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614) - CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615) - CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942) - CVE-2016-0702: Side channel attack on modular exponentiation 'CacheBleed' (bsc#968050) - bsc#976943: Buffer overrun in ASN1_parse The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2019-01-02
    plugin id 91043
    published 2016-05-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91043
    title SUSE SLED12 / SLES12 Security Update : compat-openssl098 (SUSE-SU-2016:1267-1)
  • NASL family AIX Local Security Checks
    NASL id AIX_OPENSSL_ADVISORY20.NASL
    description The version of OpenSSL installed on the remote AIX host is affected by the following vulnerabilities : - A heap buffer overflow condition exists in the EVP_EncodeUpdate() function within file crypto/evp/encode.c that is triggered when handling a large amount of input data. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2016-2105) - A heap buffer overflow condition exists in the EVP_EncryptUpdate() function within file crypto/evp/evp_enc.c that is triggered when handling a large amount of input data after a previous call occurs to the same function with a partial block. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2016-2106) - A remote code execution vulnerability exists in the ASN.1 encoder due to an underflow condition that occurs when attempting to encode the value zero represented as a negative integer. An unauthenticated, remote attacker can exploit this to corrupt memory, resulting in the execution of arbitrary code. (CVE-2016-2108) - Multiple unspecified flaws exist in the d2i BIO functions when reading ASN.1 data from a BIO due to invalid encoding causing a large allocation of memory. An unauthenticated, remote attacker can exploit these to cause a denial of service condition through resource exhaustion. (CVE-2016-2109) - An out-of-bounds read error exists in the X509_NAME_oneline() function within file crypto/x509/x509_obj.c when handling very long ASN1 strings. An unauthenticated, remote attacker can exploit this to disclose the contents of stack memory. (CVE-2016-2176)
    last seen 2019-01-16
    modified 2018-07-17
    plugin id 92323
    published 2016-07-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92323
    title AIX OpenSSL Advisory : openssl_advisory20.asc
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-05C567DF1A.NASL
    description Security fix for CVE-2016-2108, CVE-2016-2107, CVE-2016-2105, CVE-2016-2106 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2016-10-18
    plugin id 90898
    published 2016-05-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90898
    title Fedora 23 : openssl-1.0.2h-1.fc23 (2016-05c567df1a)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3566.NASL
    description Several vulnerabilities were discovered in OpenSSL, a Secure Socket Layer toolkit. - CVE-2016-2105 Guido Vranken discovered that an overflow can occur in the function EVP_EncodeUpdate(), used for Base64 encoding, if an attacker can supply a large amount of data. This could lead to a heap corruption. - CVE-2016-2106 Guido Vranken discovered that an overflow can occur in the function EVP_EncryptUpdate() if an attacker can supply a large amount of data. This could lead to a heap corruption. - CVE-2016-2107 Juraj Somorovsky discovered a padding oracle in the AES CBC cipher implementation based on the AES-NI instruction set. This could allow an attacker to decrypt TLS traffic encrypted with one of the cipher suites based on AES CBC. - CVE-2016-2108 David Benjamin from Google discovered that two separate bugs in the ASN.1 encoder, related to handling of negative zero integer values and large universal tags, could lead to an out-of-bounds write. - CVE-2016-2109 Brian Carpenter discovered that when ASN.1 data is read from a BIO using functions such as d2i_CMS_bio(), a short invalid encoding can cause allocation of large amounts of memory potentially consuming excessive resources or exhausting memory. Additional information about these issues can be found in the OpenSSL security advisory at https://www.openssl.org/news/secadv/20160503.txt
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 90896
    published 2016-05-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90896
    title Debian DSA-3566-1 : openssl - security update
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2016-695.NASL
    description A vulnerability was discovered that allows a man-in-the-middle attacker to use a padding oracle attack to decrypt traffic on a connection using an AES CBC cipher with a server supporting AES-NI. (CVE-2016-2107 , Important) It was discovered that the ASN.1 parser can misinterpret a large universal tag as a negative value. If an application deserializes and later reserializes untrusted ASN.1 structures containing an ANY field, an attacker may be able to trigger an out-of-bounds write, which can cause potentially exploitable memory corruption. (CVE-2016-2108 , Important) An overflow bug was discovered in the EVP_EncodeUpdate() function. An attacker could supply very large amounts of input data to overflow a length check, resulting in heap corruption. (CVE-2016-2105 , Low) An overflow bug was discovered in the EVP_EncryptUpdate() function. An attacker could supply very large amounts of input data to overflow a length check, resulting in heap corruption. (CVE-2016-2106 , Low) An issue was discovered in the BIO functions, such as d2i_CMS_bio(), where a short invalid encoding in ASN.1 data can cause allocation of large amounts of memory, potentially resulting in a denial of service. (CVE-2016-2109 , Low)
    last seen 2019-01-16
    modified 2018-04-18
    plugin id 90864
    published 2016-05-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90864
    title Amazon Linux AMI : openssl (ALAS-2016-695)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-E1234B65A2.NASL
    description Update to latest openssl which fixes various CVE's Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2016-10-18
    plugin id 92185
    published 2016-07-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92185
    title Fedora 23 : mingw-openssl (2016-e1234b65a2)
packetstorm via4
data source https://packetstormsecurity.com/files/download/143369/orionbrowser79-mitm.txt
id PACKETSTORM:143369
last seen 2017-07-15
published 2017-07-14
reporter MaXe
source https://packetstormsecurity.com/files/143369/Orion-Elite-Hidden-IP-Browser-Pro-7.9-OpenSSL-Tor-Man-In-The-Middle.html
title Orion Elite Hidden IP Browser Pro 7.9 OpenSSL / Tor / Man-In-The-Middle
redhat via4
advisories
  • rhsa
    id RHSA-2016:0722
  • rhsa
    id RHSA-2016:0996
  • rhsa
    id RHSA-2016:1648
  • rhsa
    id RHSA-2016:1649
  • rhsa
    id RHSA-2016:1650
  • rhsa
    id RHSA-2016:2056
  • rhsa
    id RHSA-2016:2073
  • rhsa
    id RHSA-2016:2957
rpms
  • openssl-1:1.0.1e-51.el7_2.5
  • openssl-devel-1:1.0.1e-51.el7_2.5
  • openssl-libs-1:1.0.1e-51.el7_2.5
  • openssl-perl-1:1.0.1e-51.el7_2.5
  • openssl-static-1:1.0.1e-51.el7_2.5
  • openssl-0:1.0.1e-48.el6_8.1
  • openssl-devel-0:1.0.1e-48.el6_8.1
  • openssl-perl-0:1.0.1e-48.el6_8.1
  • openssl-static-0:1.0.1e-48.el6_8.1
refmap via4
apple APPLE-SA-2016-07-18-1
bid
  • 89757
  • 91787
cisco 20160504 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016
confirm
debian DSA-3566
fedora
  • FEDORA-2016-05c567df1a
  • FEDORA-2016-1411324654
  • FEDORA-2016-1e39d934ed
freebsd FreeBSD-SA-16:17
gentoo GLSA-201612-16
misc http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html
sectrack 1035721
slackware SSA:2016-124-01
suse
  • SUSE-SU-2016:1206
  • SUSE-SU-2016:1228
  • SUSE-SU-2016:1231
  • SUSE-SU-2016:1233
  • SUSE-SU-2016:1267
  • SUSE-SU-2016:1290
  • SUSE-SU-2016:1360
  • openSUSE-SU-2016:1237
  • openSUSE-SU-2016:1238
  • openSUSE-SU-2016:1239
  • openSUSE-SU-2016:1240
  • openSUSE-SU-2016:1241
  • openSUSE-SU-2016:1242
  • openSUSE-SU-2016:1243
  • openSUSE-SU-2016:1273
  • openSUSE-SU-2016:1566
ubuntu USN-2959-1
Last major update 28-02-2017 - 21:59
Published 04-05-2016 - 21:59
Last modified 21-02-2019 - 10:09
Back to Top