Vulnerabilities > CVE-2016-0703 - Information Exposure vulnerability in Openssl

047910
CVSS 5.9 - MEDIUM
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
high complexity
openssl
CWE-200
nessus

Summary

The get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a accepts a nonzero CLIENT-MASTER-KEY CLEAR-KEY-LENGTH value for an arbitrary cipher, which allows man-in-the-middle attackers to determine the MASTER-KEY value and decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a related issue to CVE-2016-0800.

Vulnerable Configurations

Part Description Count
Application
Openssl
148

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Subverting Environment Variable Values
    The attacker directly or indirectly modifies environment variables used by or controlling the target software. The attacker's goal is to cause the target software to deviate from its expected operation in a manner that benefits the attacker.
  • Footprinting
    An attacker engages in probing and exploration activity to identify constituents and properties of the target. Footprinting is a general term to describe a variety of information gathering techniques, often used by attackers in preparation for some attack. It consists of using tools to learn as much as possible about the composition, configuration, and security mechanisms of the targeted application, system or network. Information that might be collected during a footprinting effort could include open ports, applications and their versions, network topology, and similar information. While footprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.
  • Exploiting Trust in Client (aka Make the Client Invisible)
    An attack of this type exploits a programs' vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by placing themselves in the communication channel between client and server such that communication directly to the server is possible where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
  • Browser Fingerprinting
    An attacker carefully crafts small snippets of Java Script to efficiently detect the type of browser the potential victim is using. Many web-based attacks need prior knowledge of the web browser including the version of browser to ensure successful exploitation of a vulnerability. Having this knowledge allows an attacker to target the victim with attacks that specifically exploit known or zero day weaknesses in the type and version of the browser used by the victim. Automating this process via Java Script as a part of the same delivery system used to exploit the browser is considered more efficient as the attacker can supply a browser fingerprinting method and integrate it with exploit code, all contained in Java Script and in response to the same web page request by the browser.
  • Session Credential Falsification through Prediction
    This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.

Nessus

  • NASL familyWeb Servers
    NASL idOPENSSL_1_0_2A.NASL
    descriptionAccording to its banner, the remote web server uses a version of OpenSSL 1.0.2 prior to 1.0.2a. The OpenSSL library is, therefore, affected by the following vulnerabilities : - A flaw exists in the DTLSv1_listen() function due to state being preserved in the SSL object from one invocation to the next. A remote attacker can exploit this, via crafted DTLS traffic, to cause a segmentation fault, resulting in a denial of service. (CVE-2015-0207) - A flaw exists in the rsa_item_verify() function due to improper implementation of ASN.1 signature verification. A remote attacker can exploit this, via an ASN.1 signature using the RSA PSS algorithm and invalid parameters, to cause a NULL pointer dereference, resulting in a denial of service. (CVE-2015-0208) - A use-after-free condition exists in the d2i_ECPrivateKey() function due to improper processing of malformed EC private key files during import. A remote attacker can exploit this to dereference or free already freed memory, resulting in a denial of service or other unspecified impact. (CVE-2015-0209) - A flaw exists in the ssl3_client_hello() function due to improper validation of a PRNG seed before proceeding with a handshake, resulting in insufficient entropy and predictable output. This allows a man-in-the-middle attacker to defeat cryptographic protection mechanisms via a brute-force attack, resulting in the disclosure of sensitive information. (CVE-2015-0285) - An invalid read flaw exists in the ASN1_TYPE_cmp() function due to improperly performed boolean-type comparisons. A remote attacker can exploit this, via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature, to cause an invalid read operation, resulting in a denial of service. (CVE-2015-0286) - A flaw exists in the ASN1_item_ex_d2i() function due to a failure to reinitialize
    last seen2020-06-01
    modified2020-06-02
    plugin id82033
    published2015-03-24
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/82033
    titleOpenSSL 1.0.2 < 1.0.2a Multiple Vulnerabilities
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2016-682.NASL
    descriptionA denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled. (CVE-2015-0293) It was discovered that the SSLv2 servers using OpenSSL accepted SSLv2 connection handshakes that indicated non-zero clear key length for non-export cipher suites. An attacker could use this flaw to decrypt recorded SSLv2 sessions with the server by using it as a decryption oracle. (CVE-2016-0703) It was discovered that the SSLv2 protocol implementation in OpenSSL did not properly implement the Bleichenbacher protection for export cipher suites. An attacker could use a SSLv2 server using OpenSSL as a Bleichenbacher oracle. (CVE-2016-0704) A padding oracle flaw was found in the Secure Sockets Layer version 2.0 (SSLv2) protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN. (CVE-2016-0800) A flaw was found in the way malicious SSLv2 clients could negotiate SSLv2 ciphers that have been disabled on the server. This could result in weak SSLv2 ciphers being used for SSLv2 connections, making them vulnerable to man-in-the-middle attacks. (CVE-2015-3197)
    last seen2020-06-01
    modified2020-06-02
    plugin id90364
    published2016-04-07
    reporterThis script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/90364
    titleAmazon Linux AMI : openssl098e (ALAS-2016-682) (DROWN)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-0678-1.NASL
    descriptionOpenSSL was update to fix security issues and bugs : CVE-2016-0800 aka the
    last seen2020-06-01
    modified2020-06-02
    plugin id89731
    published2016-03-08
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/89731
    titleSUSE SLES10 Security Update : OpenSSL (SUSE-SU-2016:0678-1) (DROWN)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-0641-1.NASL
    descriptionThis update for compat-openssl098 fixes various security issues and bugs : Security issues fixed : - CVE-2016-0800 aka the
    last seen2020-06-01
    modified2020-06-02
    plugin id89658
    published2016-03-04
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/89658
    titleSUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2016:0641-1) (DROWN)
  • NASL familyWeb Servers
    NASL idOPENSSL_0_9_8ZF.NASL
    descriptionAccording to its banner, the remote web server uses a version of OpenSSL 0.9.8 prior to 0.9.8zf. The OpenSSL library is, therefore, affected by the following vulnerabilities : - A use-after-free condition exists in the d2i_ECPrivateKey() function due to improper processing of malformed EC private key files during import. A remote attacker can exploit this to dereference or free already freed memory, resulting in a denial of service or other unspecified impact. (CVE-2015-0209) - An invalid read flaw exists in the ASN1_TYPE_cmp() function due to improperly performed boolean-type comparisons. A remote attacker can exploit this, via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature, to cause an invalid read operation, resulting in a denial of service. (CVE-2015-0286) - A flaw exists in the ASN1_item_ex_d2i() function due to a failure to reinitialize
    last seen2020-06-01
    modified2020-06-02
    plugin id82030
    published2015-03-24
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/82030
    titleOpenSSL 0.9.8 < 0.9.8zf Multiple Vulnerabilities
  • NASL familyFirewalls
    NASL idSCREENOS_JSA10759.NASL
    descriptionThe version of Juniper ScreenOS running on the remote host is 6.3.x prior to 6.3.0r23. It is, therefore, affected by multiple vulnerabilities in its bundled version of OpenSSL : - A flaw exists in the SSLv2 implementation, specifically in the get_client_master_key() function within file s2_srvr.c, due to accepting a nonzero CLIENT-MASTER-KEY CLEAR-KEY-LENGTH value for an arbitrary cipher. A man-in-the-middle attacker can exploit this to determine the MASTER-KEY value and decrypt TLS ciphertext by leveraging a Bleichenbacher RSA padding oracle. (CVE-2016-0703) - A flaw exists in the SSLv2 oracle protection mechanism, specifically in the get_client_master_key() function within file s2_srvr.c, due to incorrectly overwriting MASTER-KEY bytes during use of export cipher suites. A remote attackers can exploit this to more easily decrypt TLS ciphertext by leveraging a Bleichenbacher RSA padding oracle. (CVE-2016-0704) - A NULL pointer dereference flaw exists in the BN_hex2bn() and BN_dec2bn() functions. A remote attacker can exploit this to trigger a heap corruption, resulting in the execution of arbitrary code. (CVE-2016-0797) - A flaw exists that allows a cross-protocol Bleichenbacher padding oracle attack known as DROWN (Decrypting RSA with Obsolete and Weakened eNcryption). This vulnerability exists due to a flaw in the Secure Sockets Layer Version 2 (SSLv2) implementation, and it allows captured TLS traffic to be decrypted. A man-in-the-middle attacker can exploit this to decrypt the TSL connection by utilizing previously captured traffic and weak cryptography along with a series of specially crafted connections to an SSLv2 server that uses the same private key. (CVE-2016-0800) - A heap buffer overflow condition exists in the EVP_EncodeUpdate() function within file crypto/evp/encode.c that is triggered when handling a large amount of input data. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2016-2105) - A heap buffer overflow condition exists in the EVP_EncryptUpdate() function within file crypto/evp/evp_enc.c that is triggered when handling a large amount of input data after a previous call occurs to the same function with a partial block. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2016-2106) - A remote code execution vulnerability exists in the ASN.1 encoder due to an underflow condition that occurs when attempting to encode the value zero represented as a negative integer. An unauthenticated, remote attacker can exploit this to corrupt memory, resulting in the execution of arbitrary code. (CVE-2016-2108) Note that Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id94679
    published2016-11-10
    reporterThis script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/94679
    titleJuniper ScreenOS 6.3.x < 6.3.0r23 Multiple Vulnerabilities in OpenSSL (JSA10759) (DROWN)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20160309_OPENSSL098E_ON_SL6_X.NASL
    descriptionA padding oracle flaw was found in the Secure Sockets Layer version 2.0 (SSLv2) protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN. (CVE-2016-0800) It was discovered that the SSLv2 servers using OpenSSL accepted SSLv2 connection handshakes that indicated non-zero clear key length for non- export cipher suites. An attacker could use this flaw to decrypt recorded SSLv2 sessions with the server by using it as a decryption oracle.(CVE-2016-0703) It was discovered that the SSLv2 protocol implementation in OpenSSL did not properly implement the Bleichenbacher protection for export cipher suites. An attacker could use a SSLv2 server using OpenSSL as a Bleichenbacher oracle. (CVE-2016-0704) Note: The CVE-2016-0703 and CVE-2016-0704 issues could allow for more efficient exploitation of the CVE-2016-0800 issue via the DROWN attack. A denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled. (CVE-2015-0293) A flaw was found in the way malicious SSLv2 clients could negotiate SSLv2 ciphers that have been disabled on the server. This could result in weak SSLv2 ciphers being used for SSLv2 connections, making them vulnerable to man-in-the-middle attacks. (CVE-2015-3197) For the update to take effect, all services linked to the openssl098e library must be restarted, or the system rebooted.
    last seen2020-03-18
    modified2016-03-10
    plugin id89825
    published2016-03-10
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/89825
    titleScientific Linux Security Update : openssl098e on SL6.x, SL7.x i386/x86_64 (20160309) (DROWN)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1548.NASL
    descriptionAccording to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A race condition was found in the session handling code of OpenSSL. This issue could possibly cause a multi-threaded TLS/SSL client using OpenSSL to double free session ticket data and crash.(CVE-2015-1791) - An out-of-bounds read flaw was found in the X509_cmp_time() function of OpenSSL, which is used to test the expiry dates of SSL/TLS certificates. An attacker could possibly use a specially crafted SSL/TLS certificate or CRL (Certificate Revocation List), which when parsed by an application would cause that application to crash.(CVE-2015-1789) - The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length.(CVE-2009-0590) - An invalid-free flaw was found in the way OpenSSL handled certain DTLS handshake messages. A malicious DTLS client or server could send a specially crafted message to the peer, which could cause the application to crash or potentially result in arbitrary code execution.(CVE-2014-8176) - The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack.(CVE-2011-4108) - Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result of a fix for CVE-2006-3738. As of 20071012, it is unknown whether code execution is possible.(CVE-2007-5135) - A NULL pointer dereference flaw was found in the DTLS implementation of OpenSSL. A remote attacker could send a specially crafted DTLS message, which would cause an OpenSSL server to crash.(CVE-2014-3571) - The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key.(CVE-2012-2110) - It was discovered that the SSLv2 servers using OpenSSL accepted SSLv2 connection handshakes that indicated non-zero clear key length for non-export cipher suites. An attacker could use this flaw to decrypt recorded SSLv2 sessions with the server by using it as a decryption oracle.(CVE-2016-0703) - ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello.(CVE-2009-1386) - Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.(CVE-2009-4355) - A flaw was discovered in the way OpenSSL handled DTLS packets. A remote attacker could use this flaw to cause a DTLS server or client using OpenSSL to crash or use excessive amounts of memory.(CVE-2014-3507) - The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service (memory consumption) via a large series of
    last seen2020-06-01
    modified2020-06-02
    plugin id125001
    published2019-05-14
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125001
    titleEulerOS Virtualization 3.0.1.0 : openssl (EulerOS-SA-2019-1548)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2015-0716.NASL
    descriptionUpdated openssl packages that fix several security issues and one bug are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. An invalid pointer use flaw was found in OpenSSL
    last seen2020-06-01
    modified2020-06-02
    plugin id82018
    published2015-03-24
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/82018
    titleRHEL 7 : openssl (RHSA-2015:0716)
  • NASL familyFirewalls
    NASL idPFSENSE_SA-16_02.NASL
    descriptionAccording to its self-reported version number, the remote pfSense install is prior to 2.3. It is, therefore, affected by multiple vulnerabilities.
    last seen2020-06-01
    modified2020-06-02
    plugin id106499
    published2018-01-31
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/106499
    titlepfSense < 2.3 Multiple Vulnerabilities (SA-16_01 - SA-16_02)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-0620-1.NASL
    descriptionThis update for openssl fixes various security issues : Security issues fixed : - CVE-2016-0800 aka the
    last seen2020-06-01
    modified2020-06-02
    plugin id89077
    published2016-03-02
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/89077
    titleSUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2016:0620-1) (DROWN)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2015-0716.NASL
    descriptionFrom Red Hat Security Advisory 2015:0716 : Updated openssl packages that fix several security issues and one bug are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. An invalid pointer use flaw was found in OpenSSL
    last seen2020-06-01
    modified2020-06-02
    plugin id82016
    published2015-03-24
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/82016
    titleOracle Linux 7 : openssl (ELSA-2015-0716)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2016-0372.NASL
    descriptionFrom Red Hat Security Advisory 2016:0372 : Updated openssl098e packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 (SSLv2) protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN. (CVE-2016-0800) Note: This issue was addressed by disabling the SSLv2 protocol by default when using the
    last seen2020-06-01
    modified2020-06-02
    plugin id89770
    published2016-03-09
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/89770
    titleOracle Linux 6 / 7 : openssl098e (ELSA-2016-0372) (DROWN)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2015-0800.NASL
    descriptionUpdated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was discovered that OpenSSL would accept ephemeral RSA keys when using non-export RSA cipher suites. A malicious server could make a TLS/SSL client using OpenSSL use a weaker key exchange method. (CVE-2015-0204) An integer underflow flaw, leading to a buffer overflow, was found in the way OpenSSL decoded malformed Base64-encoded inputs. An attacker able to make an application using OpenSSL decode a specially crafted Base64-encoded input (such as a PEM file) could use this flaw to cause the application to crash. Note: this flaw is not exploitable via the TLS/SSL protocol because the data being transferred is not Base64-encoded. (CVE-2015-0292) A denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled. (CVE-2015-0293) Multiple flaws were found in the way OpenSSL parsed X.509 certificates. An attacker could use these flaws to modify an X.509 certificate to produce a certificate with a different fingerprint without invalidating its signature, and possibly bypass fingerprint-based blacklisting in applications. (CVE-2014-8275) An out-of-bounds write flaw was found in the way OpenSSL reused certain ASN.1 structures. A remote attacker could possibly use a specially crafted ASN.1 structure that, when parsed by an application, would cause that application to crash. (CVE-2015-0287) A NULL pointer dereference flaw was found in OpenSSL
    last seen2020-06-01
    modified2020-06-02
    plugin id82758
    published2015-04-14
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/82758
    titleRHEL 5 : openssl (RHSA-2015:0800) (FREAK)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2015-0800.NASL
    descriptionUpdated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was discovered that OpenSSL would accept ephemeral RSA keys when using non-export RSA cipher suites. A malicious server could make a TLS/SSL client using OpenSSL use a weaker key exchange method. (CVE-2015-0204) An integer underflow flaw, leading to a buffer overflow, was found in the way OpenSSL decoded malformed Base64-encoded inputs. An attacker able to make an application using OpenSSL decode a specially crafted Base64-encoded input (such as a PEM file) could use this flaw to cause the application to crash. Note: this flaw is not exploitable via the TLS/SSL protocol because the data being transferred is not Base64-encoded. (CVE-2015-0292) A denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled. (CVE-2015-0293) Multiple flaws were found in the way OpenSSL parsed X.509 certificates. An attacker could use these flaws to modify an X.509 certificate to produce a certificate with a different fingerprint without invalidating its signature, and possibly bypass fingerprint-based blacklisting in applications. (CVE-2014-8275) An out-of-bounds write flaw was found in the way OpenSSL reused certain ASN.1 structures. A remote attacker could possibly use a specially crafted ASN.1 structure that, when parsed by an application, would cause that application to crash. (CVE-2015-0287) A NULL pointer dereference flaw was found in OpenSSL
    last seen2020-06-01
    modified2020-06-02
    plugin id82783
    published2015-04-15
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/82783
    titleCentOS 5 : openssl (CESA-2015:0800) (FREAK)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-0631-1.NASL
    descriptionThis update for compat-openssl097g fixes the following issues : - CVE-2016-0800 aka the
    last seen2020-06-01
    modified2020-06-02
    plugin id89722
    published2016-03-07
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/89722
    titleSUSE SLED11 Security Update : compat-openssl097g (SUSE-SU-2016:0631-1) (DROWN)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2016-0303.NASL
    descriptionUpdated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6.2, 6.4, and 6.5 Advanced Update Support. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 (SSLv2) protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN. (CVE-2016-0800) Note: This issue was addressed by disabling the SSLv2 protocol by default when using the
    last seen2020-06-01
    modified2020-06-02
    plugin id89069
    published2016-03-02
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/89069
    titleRHEL 6 : openssl (RHSA-2016:0303) (DROWN)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-0617-1.NASL
    descriptionThis update for openssl fixes various security issues and bugs : Security issues fixed : - CVE-2016-0800 aka the
    last seen2020-06-01
    modified2020-06-02
    plugin id89076
    published2016-03-02
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/89076
    titleSUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2016:0617-1) (DROWN)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-327.NASL
    descriptionThis update for compat-openssl098 fixes various security issues and bugs : Security issues fixed : - CVE-2016-0800 aka the
    last seen2020-06-05
    modified2016-03-14
    plugin id89910
    published2016-03-14
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/89910
    titleopenSUSE Security Update : openssl (openSUSE-2016-327) (DROWN)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2016-0372.NASL
    descriptionUpdated openssl098e packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 (SSLv2) protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN. (CVE-2016-0800) Note: This issue was addressed by disabling the SSLv2 protocol by default when using the
    last seen2020-06-01
    modified2020-06-02
    plugin id89762
    published2016-03-09
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/89762
    titleCentOS 6 / 7 : openssl098e (CESA-2016:0372) (DROWN)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_7B1A4A27600A11E6A6C314DAE9D210B8.NASL
    descriptionA cross-protocol attack was discovered that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA padding oracle. Note that traffic between clients and non-vulnerable servers can be decrypted provided another server supporting SSLv2 and EXPORT ciphers (even with a different protocol such as SMTP, IMAP or POP3) shares the RSA keys of the non-vulnerable server. This vulnerability is known as DROWN. [CVE-2016-0800] A double free bug was discovered when OpenSSL parses malformed DSA private keys and could lead to a DoS attack or memory corruption for applications that receive DSA private keys from untrusted sources. This scenario is considered rare. [CVE-2016-0705] The SRP user database lookup method SRP_VBASE_get_by_user had confusing memory management semantics; the returned pointer was sometimes newly allocated, and sometimes owned by the callee. The calling code has no way of distinguishing these two cases. [CVE-2016-0798] In the BN_hex2bn function, the number of hex digits is calculated using an int value |i|. Later |bn_expand| is called with a value of |i * 4|. For large values of |i| this can result in |bn_expand| not allocating any memory because |i * 4| is negative. This can leave the internal BIGNUM data field as NULL leading to a subsequent NULL pointer dereference. For very large values of |i|, the calculation |i * 4| could be a positive value smaller than |i|. In this case memory is allocated to the internal BIGNUM data field, but it is insufficiently sized leading to heap corruption. A similar issue exists in BN_dec2bn. This could have security consequences if BN_hex2bn/BN_dec2bn is ever called by user applications with very large untrusted hex/dec data. This is anticipated to be a rare occurrence. [CVE-2016-0797] The internal |fmtstr| function used in processing a
    last seen2020-06-01
    modified2020-06-02
    plugin id92921
    published2016-08-12
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92921
    titleFreeBSD : FreeBSD -- Multiple OpenSSL vulnerabilities (7b1a4a27-600a-11e6-a6c3-14dae9d210b8) (DROWN)
  • NASL familyJunos Local Security Checks
    NASL idJUNIPER_JSA10759.NASL
    descriptionAccording to its self-reported version number, the remote Juniper Junos device is affected by the following vulnerabilities related to OpenSSL : - A flaw exists in the ssl3_get_key_exchange() function in file s3_clnt.c when handling a ServerKeyExchange message for an anonymous DH ciphersuite with the value of
    last seen2020-03-18
    modified2017-01-05
    plugin id96316
    published2017-01-05
    reporterThis script is Copyright (C) 2017-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/96316
    titleJuniper Junos Multiple OpenSSL Vulnerabilities (JSA10759) (SWEET32)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2016-0372.NASL
    descriptionUpdated openssl098e packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 (SSLv2) protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN. (CVE-2016-0800) Note: This issue was addressed by disabling the SSLv2 protocol by default when using the
    last seen2020-06-01
    modified2020-06-02
    plugin id89773
    published2016-03-09
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/89773
    titleRHEL 6 / 7 : openssl098e (RHSA-2016:0372) (DROWN)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-289.NASL
    descriptionThis update for openssl fixes various security issues : Security issues fixed : - CVE-2016-0800 aka the
    last seen2020-06-05
    modified2016-03-03
    plugin id89091
    published2016-03-03
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/89091
    titleopenSUSE Security Update : openssl (openSUSE-2016-289) (DROWN)
  • NASL familyWeb Servers
    NASL idOPENSSL_1_0_1M.NASL
    descriptionAccording to its banner, the remote web server uses a version of OpenSSL 1.0.1 prior to 1.0.1m. The OpenSSL library is, therefore, affected by the following vulnerabilities : - A use-after-free condition exists in the d2i_ECPrivateKey() function due to improper processing of malformed EC private key files during import. A remote attacker can exploit this to dereference or free already freed memory, resulting in a denial of service or other unspecified impact. (CVE-2015-0209) - An invalid read flaw exists in the ASN1_TYPE_cmp() function due to improperly performed boolean-type comparisons. A remote attacker can exploit this, via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature, to cause an invalid read operation, resulting in a denial of service. (CVE-2015-0286) - A flaw exists in the ASN1_item_ex_d2i() function due to a failure to reinitialize
    last seen2020-06-01
    modified2020-06-02
    plugin id82032
    published2015-03-24
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/82032
    titleOpenSSL 1.0.1 < 1.0.1m Multiple Vulnerabilities
  • NASL familyMisc.
    NASL idARISTA_EOS_SA0018.NASL
    descriptionThe version of Arista Networks EOS running on the remote device is affected by multiple vulnerabilities in the included OpenSSL library : - A cipher algorithm downgrade vulnerability exists due to a flaw that is triggered when handling cipher negotiation. A remote attacker can exploit this to negotiate SSLv2 ciphers and complete SSLv2 handshakes even if all SSLv2 ciphers have been disabled on the server. Note that this vulnerability only exists if the SSL_OP_NO_SSLv2 option has not been disabled. (CVE-2015-3197) - A flaw exists in the SSLv2 implementation, specifically in the get_client_master_key() function within file s2_srvr.c, due to accepting a nonzero CLIENT-MASTER-KEY CLEAR-KEY-LENGTH value for an arbitrary cipher. A man-in-the-middle attacker can exploit this to determine the MASTER-KEY value and decrypt TLS ciphertext by leveraging a Bleichenbacher RSA padding oracle. (CVE-2016-0703) - A flaw exists that allows a cross-protocol Bleichenbacher padding oracle attack known as DROWN (Decrypting RSA with Obsolete and Weakened eNcryption). This vulnerability exists due to a flaw in the Secure Sockets Layer Version 2 (SSLv2) implementation, and it allows captured TLS traffic to be decrypted. A man-in-the-middle attacker can exploit this to decrypt the TSL connection by utilizing previously captured traffic and weak cryptography along with a series of specially crafted connections to an SSLv2 server that uses the same private key. (CVE-2016-0800) Note that these issues occur only when CloudVision eXchange (CVX) is deployed as a virtual appliance and runs an EOS image. Therefore, only CVX features leveraging SSLv2 in the EOS releases are vulnerable.
    last seen2020-03-17
    modified2018-02-28
    plugin id107060
    published2018-02-28
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107060
    titleArista Networks EOS Multiple Vulnerabilities (SA0018) (DROWN)
  • NASL familyF5 Networks Local Security Checks
    NASL idF5_BIGIP_SOL95463126.NASL
    descriptionThe get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a accepts a nonzero CLIENT-MASTER-KEY CLEAR-KEY-LENGTH value for an arbitrary cipher, which allows man-in-the-middle attackers to determine the MASTER-KEY value and decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a related issue to CVE-2016-0800.
    last seen2020-06-01
    modified2020-06-02
    plugin id89945
    published2016-03-16
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/89945
    titleF5 Networks BIG-IP : OpenSSL vulnerabilities (SOL95463126) (DROWN)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201603-15.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201603-15 (OpenSSL: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in OpenSSL, the worst being a cross-protocol attack called DROWN that could lead to the decryption of TLS sessions. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could decrypt TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA padding oracle, cause a Denial of Service condition, obtain sensitive information from memory and (in rare circumstances) recover RSA keys. Workaround : A workaround for DROWN is disabling the SSLv2 protocol on all SSL/TLS servers.
    last seen2020-06-01
    modified2020-06-02
    plugin id90053
    published2016-03-21
    reporterThis script is Copyright (C) 2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/90053
    titleGLSA-201603-15 : OpenSSL: Multiple vulnerabilities (DROWN)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2016-0304.NASL
    descriptionUpdated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5.6 and 5.9 Long Life. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 (SSLv2) protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN. (CVE-2016-0800) Note: This issue was addressed by disabling the SSLv2 protocol by default when using the
    last seen2020-06-01
    modified2020-06-02
    plugin id89070
    published2016-03-02
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/89070
    titleRHEL 5 : openssl (RHSA-2016:0304) (DROWN)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-292.NASL
    descriptionThis update for openssl fixes various security issues : Security issues fixed : - CVE-2016-0800 aka the
    last seen2020-06-05
    modified2016-03-03
    plugin id89092
    published2016-03-03
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/89092
    titleopenSUSE Security Update : openssl (openSUSE-2016-292) (DROWN)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-0624-1.NASL
    descriptionThis update for openssl fixes various security issues and bugs : Security issues fixed : - CVE-2016-0800 aka the
    last seen2020-06-01
    modified2020-06-02
    plugin id89655
    published2016-03-04
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/89655
    titleSUSE SLED11 / SLES11 Security Update : openssl (SUSE-SU-2016:0624-1) (DROWN)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2015-0800.NASL
    descriptionFrom Red Hat Security Advisory 2015:0800 : Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was discovered that OpenSSL would accept ephemeral RSA keys when using non-export RSA cipher suites. A malicious server could make a TLS/SSL client using OpenSSL use a weaker key exchange method. (CVE-2015-0204) An integer underflow flaw, leading to a buffer overflow, was found in the way OpenSSL decoded malformed Base64-encoded inputs. An attacker able to make an application using OpenSSL decode a specially crafted Base64-encoded input (such as a PEM file) could use this flaw to cause the application to crash. Note: this flaw is not exploitable via the TLS/SSL protocol because the data being transferred is not Base64-encoded. (CVE-2015-0292) A denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled. (CVE-2015-0293) Multiple flaws were found in the way OpenSSL parsed X.509 certificates. An attacker could use these flaws to modify an X.509 certificate to produce a certificate with a different fingerprint without invalidating its signature, and possibly bypass fingerprint-based blacklisting in applications. (CVE-2014-8275) An out-of-bounds write flaw was found in the way OpenSSL reused certain ASN.1 structures. A remote attacker could possibly use a specially crafted ASN.1 structure that, when parsed by an application, would cause that application to crash. (CVE-2015-0287) A NULL pointer dereference flaw was found in OpenSSL
    last seen2020-06-01
    modified2020-06-02
    plugin id82757
    published2015-04-14
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/82757
    titleOracle Linux 5 : openssl (ELSA-2015-0800) (FREAK)
  • NASL familyWeb Servers
    NASL idOPENSSL_1_0_0R.NASL
    descriptionAccording to its banner, the remote web server uses a version of OpenSSL 1.0.0 prior to 1.0.0r. The OpenSSL library is, therefore, affected by the following vulnerabilities : - A use-after-free condition exists in the d2i_ECPrivateKey() function due to improper processing of malformed EC private key files during import. A remote attacker can exploit this to dereference or free already freed memory, resulting in a denial of service or other unspecified impact. (CVE-2015-0209) - An invalid read flaw exists in the ASN1_TYPE_cmp() function due to improperly performed boolean-type comparisons. A remote attacker can exploit this, via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature, to cause an invalid read operation, resulting in a denial of service. (CVE-2015-0286) - A flaw exists in the ASN1_item_ex_d2i() function due to a failure to reinitialize
    last seen2020-06-01
    modified2020-06-02
    plugin id82031
    published2015-03-24
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/82031
    titleOpenSSL 1.0.0 < 1.0.0r Multiple Vulnerabilities

Redhat

rpms
  • openssl-0:1.0.1e-30.el6_6.7
  • openssl-debuginfo-0:1.0.1e-30.el6_6.7
  • openssl-devel-0:1.0.1e-30.el6_6.7
  • openssl-perl-0:1.0.1e-30.el6_6.7
  • openssl-static-0:1.0.1e-30.el6_6.7
  • openssl-1:1.0.1e-42.ael7b_1.4
  • openssl-1:1.0.1e-42.el7_1.4
  • openssl-debuginfo-1:1.0.1e-42.ael7b_1.4
  • openssl-debuginfo-1:1.0.1e-42.el7_1.4
  • openssl-devel-1:1.0.1e-42.ael7b_1.4
  • openssl-devel-1:1.0.1e-42.el7_1.4
  • openssl-libs-1:1.0.1e-42.ael7b_1.4
  • openssl-libs-1:1.0.1e-42.el7_1.4
  • openssl-perl-1:1.0.1e-42.ael7b_1.4
  • openssl-perl-1:1.0.1e-42.el7_1.4
  • openssl-static-1:1.0.1e-42.ael7b_1.4
  • openssl-static-1:1.0.1e-42.el7_1.4
  • openssl-0:1.0.1e-30.el6_6.7
  • openssl-debuginfo-0:1.0.1e-30.el6_6.7
  • openssl-devel-0:1.0.1e-30.el6_6.7
  • openssl-perl-0:1.0.1e-30.el6_6.7
  • openssl-static-0:1.0.1e-30.el6_6.7
  • openssl-0:0.9.8e-33.el5_11
  • openssl-debuginfo-0:0.9.8e-33.el5_11
  • openssl-devel-0:0.9.8e-33.el5_11
  • openssl-perl-0:0.9.8e-33.el5_11
  • openssl-0:1.0.0-20.el6_2.8
  • openssl-0:1.0.0-27.el6_4.5
  • openssl-0:1.0.1e-16.el6_5.16
  • openssl-debuginfo-0:1.0.0-20.el6_2.8
  • openssl-debuginfo-0:1.0.0-27.el6_4.5
  • openssl-debuginfo-0:1.0.1e-16.el6_5.16
  • openssl-devel-0:1.0.0-20.el6_2.8
  • openssl-devel-0:1.0.0-27.el6_4.5
  • openssl-devel-0:1.0.1e-16.el6_5.16
  • openssl-perl-0:1.0.0-20.el6_2.8
  • openssl-perl-0:1.0.0-27.el6_4.5
  • openssl-perl-0:1.0.1e-16.el6_5.16
  • openssl-static-0:1.0.0-20.el6_2.8
  • openssl-static-0:1.0.0-27.el6_4.5
  • openssl-static-0:1.0.1e-16.el6_5.16
  • openssl-0:0.9.8e-12.el5_6.13
  • openssl-0:0.9.8e-26.el5_9.5
  • openssl-debuginfo-0:0.9.8e-12.el5_6.13
  • openssl-debuginfo-0:0.9.8e-26.el5_9.5
  • openssl-devel-0:0.9.8e-12.el5_6.13
  • openssl-devel-0:0.9.8e-26.el5_9.5
  • openssl-perl-0:0.9.8e-12.el5_6.13
  • openssl-perl-0:0.9.8e-26.el5_9.5
  • openssl-0:0.9.7a-43.23.el4
  • openssl-debuginfo-0:0.9.7a-43.23.el4
  • openssl-devel-0:0.9.7a-43.23.el4
  • openssl-perl-0:0.9.7a-43.23.el4
  • openssl098e-0:0.9.8e-20.el6_7.1
  • openssl098e-0:0.9.8e-29.el7_2.3
  • openssl098e-debuginfo-0:0.9.8e-20.el6_7.1
  • openssl098e-debuginfo-0:0.9.8e-29.el7_2.3

Seebug

bulletinFamilyexploit
description现在流行的服务器和客户端使用TLS加密, 然而由于错误配置, 许多服务器仍然支持SSLv2, 这是一种古老的协议, 许多客户端已经不支持 SSLv2。 DROWN攻击可以威胁到还在支持 SSLv2 的服务端和客户端,允许攻击者通过发送 probe 到支持 SSLv2 的使用相同密钥的服务端和客户端解密 TLS 通信。 ### 官方关于漏洞的公告: A cross-protocol attack was discovered that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA padding oracle. Note that traffic between clients and non-vulnerable servers can be decrypted provided another server supporting SSLv2 and EXPORT ciphers (even with a different protocol such as SMTP, IMAP or POP) shares the RSA keys of the non-vulnerable server. This vulnerability is known as DROWN (CVE-2016-0800). Recovering one session key requires the attacker to perform approximately 2^50 computation, as well as thousands of connections to the affected server. A more efficient variant of the DROWN attack exists against unpatched OpenSSL servers using versions that predate 1.0.2a, 1.0.1m, 1.0.0r and 0.9.8zf released on 19/Mar/2015 (see CVE-2016-0703 below). Users can avoid this issue by disabling the SSLv2 protocol in all their SSL/TLS servers, if they've not done so already. Disabling all SSLv2 ciphers is also sufficient, provided the patches for CVE-2015-3197 (fixed in OpenSSL 1.0.1r and 1.0.2f) have been deployed. Servers that have not disabled the SSLv2 protocol, and are not patched for CVE-2015-3197 are vulnerable to DROWN even if all SSLv2 ciphers are nominally disabled, because malicious clients can force the use of SSLv2 with EXPORT ciphers. OpenSSL 1.0.2g and 1.0.1s deploy the following mitigation against DROWN: SSLv2 is now by default disabled at build-time. Builds that are not configured with "enable-ssl2" will not support SSLv2. Even if "enable-ssl2" is used, users who want to negotiate SSLv2 via the version-flexible SSLv23_method() will need to explicitly call either of: ``` SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv2); or SSL_clear_options(ssl, SSL_OP_NO_SSLv2); ``` as appropriate. Even if either of those is used, or the application explicitly uses the version-specific SSLv2_method() or its client or server variants, SSLv2 ciphers vulnerable to exhaustive search key recovery have been removed. Specifically, the SSLv2 40-bit EXPORT ciphers, and SSLv2 56-bit DES are no longer available. In addition, weak ciphers in SSLv3 and up are now disabled in default builds of OpenSSL. Builds that are not configured with "enable-weak-ssl-ciphers" will not provide any "EXPORT" or "LOW" strength ciphers. OpenSSL 1.0.2 users should upgrade to 1.0.2g OpenSSL 1.0.1 users should upgrade to 1.0.1s This issue was reported to OpenSSL on December 29th 2015 by Nimrod Aviram and Sebastian Schinzel. The fix was developed by Viktor Dukhovni and Matt Caswell of OpenSSL. 可以通过 https://test.drownattack.com/?site= 来检查站点是否受影 ![](https://images.seebug.org/1456892961288) ### DROWN Scanner https://github.com/nimia/public_drown_scanner ### 参考链接: https://mta.openssl.org/pipermail/openssl-announce/2016-March/000066.html http://m.bobao.360.cn/news/appdetail/2787.html?from=timeline&isappinstalled=0
idSSV:90853
last seen2017-11-19
modified2016-03-02
published2016-03-02
reporterRoot
sourcehttps://www.seebug.org/vuldb/ssvid-90853
titleCross-protocol attack on TLS using SSLv2 (DROWN) (CVE-2016-0800)

The Hacker News

idTHN:14FEFACD6D6241B6574057C2175775D1
last seen2018-01-27
modified2016-03-01
published2016-03-01
reporterSwati Khandelwal
sourcehttps://thehackernews.com/2016/03/drown-attack-openssl-vulnerability.html
titleDROWN Attack — More than 11 Million OpenSSL HTTPS Websites at Risk

References