ID CVE-2015-3216
Summary Race condition in a certain Red Hat patch to the PRNG lock implementation in the ssleay_rand_bytes function in OpenSSL, as distributed in openssl-1.0.1e-25.el7 in Red Hat Enterprise Linux (RHEL) 7 and other products, allows remote attackers to cause a denial of service (application crash) by establishing many TLS sessions to a multithreaded server, leading to use of a negative value for a certain length field.
References
Vulnerable Configurations
  • cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.1e-25.el7:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.1e-25.el7:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 05-01-2018 - 02:30)
Impact:
Exploitability:
CWE CWE-362
CAPEC
  • Leveraging Race Conditions
    This attack targets a race condition occurring when multiple processes access and manipulate the same resource concurrently and the outcome of the execution depends on the particular order in which the access takes place. The attacker can leverage a race condition by "running the race", modifying the resource and modifying the normal execution flow. For instance a race condition can occur while accessing a file, the attacker can trick the system by replacing the original file with his version and cause the system to read the malicious file.
  • Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
    This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. The typical example is the file access. The attacker can leverage a file access race condition by "running the race", meaning that he would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the attacker could do something such as replace the file and cause an escalation of privilege.
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:P
redhat via4
advisories
  • bugzilla
    id 1228611
    title CVE-2014-8176 OpenSSL: Invalid free in DTLS
    oval
    OR
    • AND
      • OR
        • comment Red Hat Enterprise Linux 6 Client is installed
          oval oval:com.redhat.rhba:tst:20111656001
        • comment Red Hat Enterprise Linux 6 Server is installed
          oval oval:com.redhat.rhba:tst:20111656002
        • comment Red Hat Enterprise Linux 6 Workstation is installed
          oval oval:com.redhat.rhba:tst:20111656003
        • comment Red Hat Enterprise Linux 6 ComputeNode is installed
          oval oval:com.redhat.rhba:tst:20111656004
      • OR
        • AND
          • comment openssl is earlier than 0:1.0.1e-30.el6_6.11
            oval oval:com.redhat.rhsa:tst:20151115011
          • comment openssl is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100888006
        • AND
          • comment openssl-devel is earlier than 0:1.0.1e-30.el6_6.11
            oval oval:com.redhat.rhsa:tst:20151115009
          • comment openssl-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100888012
        • AND
          • comment openssl-perl is earlier than 0:1.0.1e-30.el6_6.11
            oval oval:com.redhat.rhsa:tst:20151115005
          • comment openssl-perl is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100888008
        • AND
          • comment openssl-static is earlier than 0:1.0.1e-30.el6_6.11
            oval oval:com.redhat.rhsa:tst:20151115007
          • comment openssl-static is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100888010
    • AND
      • OR
        • comment Red Hat Enterprise Linux 7 Client is installed
          oval oval:com.redhat.rhba:tst:20150364001
        • comment Red Hat Enterprise Linux 7 Server is installed
          oval oval:com.redhat.rhba:tst:20150364002
        • comment Red Hat Enterprise Linux 7 Workstation is installed
          oval oval:com.redhat.rhba:tst:20150364003
        • comment Red Hat Enterprise Linux 7 ComputeNode is installed
          oval oval:com.redhat.rhba:tst:20150364004
      • OR
        • AND
          • comment openssl is earlier than 1:1.0.1e-42.el7_1.8
            oval oval:com.redhat.rhsa:tst:20151115018
          • comment openssl is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100888006
        • AND
          • comment openssl-devel is earlier than 1:1.0.1e-42.el7_1.8
            oval oval:com.redhat.rhsa:tst:20151115017
          • comment openssl-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100888012
        • AND
          • comment openssl-libs is earlier than 1:1.0.1e-42.el7_1.8
            oval oval:com.redhat.rhsa:tst:20151115019
          • comment openssl-libs is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140679014
        • AND
          • comment openssl-perl is earlier than 1:1.0.1e-42.el7_1.8
            oval oval:com.redhat.rhsa:tst:20151115021
          • comment openssl-perl is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100888008
        • AND
          • comment openssl-static is earlier than 1:1.0.1e-42.el7_1.8
            oval oval:com.redhat.rhsa:tst:20151115022
          • comment openssl-static is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100888010
    rhsa
    id RHSA-2015:1115
    released 2015-06-15
    severity Moderate
    title RHSA-2015:1115: openssl security update (Moderate)
  • rhsa
    id RHSA-2016:2957
rpms
  • openssl-0:1.0.1e-30.el6_6.11
  • openssl-devel-0:1.0.1e-30.el6_6.11
  • openssl-perl-0:1.0.1e-30.el6_6.11
  • openssl-static-0:1.0.1e-30.el6_6.11
  • openssl-1:1.0.1e-42.el7_1.8
  • openssl-devel-1:1.0.1e-42.el7_1.8
  • openssl-libs-1:1.0.1e-42.el7_1.8
  • openssl-perl-1:1.0.1e-42.el7_1.8
  • openssl-static-1:1.0.1e-42.el7_1.8
refmap via4
bid 75219
confirm https://bugzilla.redhat.com/show_bug.cgi?id=1225994
sectrack 1032587
suse
  • SUSE-SU-2015:1143
  • SUSE-SU-2015:1150
  • SUSE-SU-2015:1182
  • SUSE-SU-2015:1184
  • openSUSE-SU-2015:1139
Last major update 05-01-2018 - 02:30
Published 07-07-2015 - 10:59
Back to Top