Vulnerabilities > CVE-2016-0798 - Resource Management Errors vulnerability in Openssl
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory consumption) by providing an invalid username in a connection attempt, related to apps/s_server.c and crypto/srp/srp_vfy.c.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Databases NASL id MYSQL_5_7_12.NASL description The version of MySQL running on the remote host is 5.7.x prior to 5.7.12. It is, therefore, affected by multiple vulnerabilities : - A cipher algorithm downgrade vulnerability exists in the bundled version of OpenSSL due to a flaw that is triggered when handling cipher negotiation. A remote attacker can exploit this to negotiate SSLv2 ciphers and complete SSLv2 handshakes even if all SSLv2 ciphers have been disabled on the server. Note that this vulnerability only exists if the SSL_OP_NO_SSLv2 option has not been disabled. (CVE-2015-3197) - An unspecified flaw exists in the Pluggable Authentication subcomponent that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-0639) - An unspecified flaw exists in the Federated subcomponent that allows an authenticated, remote attacker to impact integrity and availability. (CVE-2016-0642) - An unspecified flaw exists in the DML subcomponent that allows an authenticated, remote attacker to disclose sensitive information. (CVE-2016-0643) - An unspecified flaw exists in the FTS subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0647) - An unspecified flaw exists in the PS subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0647) - An unspecified flaw exists in the InnoDB subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0655) - An unspecified flaw exists in the JSON subcomponent that allows an authenticated, remote attacker to disclose sensitive information. (CVE-2016-0657) - An unspecified flaw exists in the Optimizer subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0659) - An unspecified flaw exists in the Partition subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0662) - An unspecified flaw exists in the Security: Privileges subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0666) - An unspecified flaw exists in the Locking subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0667) - A key disclosure vulnerability exists in the bundled version of OpenSSL due to improper handling of cache-bank conflicts on the Intel Sandy-bridge microarchitecture. An attacker can exploit this to gain access to RSA key information. (CVE-2016-0702) - A double-free error exists in the bundled version of OpenSSL due to improper validation of user-supplied input when parsing malformed DSA private keys. A remote attacker can exploit this to corrupt memory, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2016-0705) - A NULL pointer dereference flaw exists in the bundled version of OpenSSL in the BN_hex2bn() and BN_dec2bn() functions. A remote attacker can exploit this to trigger a heap corruption, resulting in the execution of arbitrary code. (CVE-2016-0797) - A denial of service vulnerability exists in the bundled version of OpenSSL due to improper handling of invalid usernames. A remote attacker can exploit this, via a specially crafted username, to leak 300 bytes of memory per connection, exhausting available memory resources. (CVE-2016-0798) - Multiple memory corruption issues exist in the bundled version of OpenSSL that allow a remote attacker to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-0799) - A flaw exists in the bundled version of OpenSSL that allows a cross-protocol Bleichenbacher padding oracle attack known as DROWN (Decrypting RSA with Obsolete and Weakened eNcryption). This vulnerability exists due to a flaw in the Secure Sockets Layer Version 2 (SSLv2) implementation, and it allows captured TLS traffic to be decrypted. A man-in-the-middle attacker can exploit this to decrypt the TLS connection by utilizing previously captured traffic and weak cryptography along with a series of specially crafted connections to an SSLv2 server that uses the same private key. (CVE-2016-0800) - A man-in-the-middle spoofing vulnerability exists due to the server hostname not being verified to match a domain name in the Subject last seen 2020-06-01 modified 2020-06-02 plugin id 90684 published 2016-04-22 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/90684 title MySQL 5.7.x < 5.7.12 Multiple Vulnerabilities (DROWN) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(90684); script_version("1.18"); script_cvs_date("Date: 2019/11/19"); script_cve_id( "CVE-2015-3197", "CVE-2016-0639", "CVE-2016-0642", "CVE-2016-0643", "CVE-2016-0647", "CVE-2016-0648", "CVE-2016-0655", "CVE-2016-0657", "CVE-2016-0659", "CVE-2016-0662", "CVE-2016-0666", "CVE-2016-0667", "CVE-2016-0702", "CVE-2016-0705", "CVE-2016-0797", "CVE-2016-0798", "CVE-2016-0799", "CVE-2016-0800", "CVE-2016-2047", "CVE-2017-10378" ); script_bugtraq_id( 81810, 82237, 83705, 83733, 83754, 83755, 83763, 86418, 86424, 86433, 86445, 86457, 86484, 86486, 86493, 86495, 86506, 86509, 101375 ); script_xref(name:"CERT", value:"257823"); script_xref(name:"CERT", value:"583776"); script_name(english:"MySQL 5.7.x < 5.7.12 Multiple Vulnerabilities (DROWN)"); script_summary(english:"Checks the version of MySQL server."); script_set_attribute(attribute:"synopsis", value: "The remote database server is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of MySQL running on the remote host is 5.7.x prior to 5.7.12. It is, therefore, affected by multiple vulnerabilities : - A cipher algorithm downgrade vulnerability exists in the bundled version of OpenSSL due to a flaw that is triggered when handling cipher negotiation. A remote attacker can exploit this to negotiate SSLv2 ciphers and complete SSLv2 handshakes even if all SSLv2 ciphers have been disabled on the server. Note that this vulnerability only exists if the SSL_OP_NO_SSLv2 option has not been disabled. (CVE-2015-3197) - An unspecified flaw exists in the Pluggable Authentication subcomponent that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-0639) - An unspecified flaw exists in the Federated subcomponent that allows an authenticated, remote attacker to impact integrity and availability. (CVE-2016-0642) - An unspecified flaw exists in the DML subcomponent that allows an authenticated, remote attacker to disclose sensitive information. (CVE-2016-0643) - An unspecified flaw exists in the FTS subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0647) - An unspecified flaw exists in the PS subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0647) - An unspecified flaw exists in the InnoDB subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0655) - An unspecified flaw exists in the JSON subcomponent that allows an authenticated, remote attacker to disclose sensitive information. (CVE-2016-0657) - An unspecified flaw exists in the Optimizer subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0659) - An unspecified flaw exists in the Partition subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0662) - An unspecified flaw exists in the Security: Privileges subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0666) - An unspecified flaw exists in the Locking subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0667) - A key disclosure vulnerability exists in the bundled version of OpenSSL due to improper handling of cache-bank conflicts on the Intel Sandy-bridge microarchitecture. An attacker can exploit this to gain access to RSA key information. (CVE-2016-0702) - A double-free error exists in the bundled version of OpenSSL due to improper validation of user-supplied input when parsing malformed DSA private keys. A remote attacker can exploit this to corrupt memory, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2016-0705) - A NULL pointer dereference flaw exists in the bundled version of OpenSSL in the BN_hex2bn() and BN_dec2bn() functions. A remote attacker can exploit this to trigger a heap corruption, resulting in the execution of arbitrary code. (CVE-2016-0797) - A denial of service vulnerability exists in the bundled version of OpenSSL due to improper handling of invalid usernames. A remote attacker can exploit this, via a specially crafted username, to leak 300 bytes of memory per connection, exhausting available memory resources. (CVE-2016-0798) - Multiple memory corruption issues exist in the bundled version of OpenSSL that allow a remote attacker to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-0799) - A flaw exists in the bundled version of OpenSSL that allows a cross-protocol Bleichenbacher padding oracle attack known as DROWN (Decrypting RSA with Obsolete and Weakened eNcryption). This vulnerability exists due to a flaw in the Secure Sockets Layer Version 2 (SSLv2) implementation, and it allows captured TLS traffic to be decrypted. A man-in-the-middle attacker can exploit this to decrypt the TLS connection by utilizing previously captured traffic and weak cryptography along with a series of specially crafted connections to an SSLv2 server that uses the same private key. (CVE-2016-0800) - A man-in-the-middle spoofing vulnerability exists due to the server hostname not being verified to match a domain name in the Subject's Common Name (CN) or SubjectAltName field of the X.509 certificate. A man-in-the-middle attacker can exploit this, by spoofing the TLS/SSL server via a certificate that appears valid, to disclose sensitive information or manipulate transmitted data. (CVE-2016-2047) - An unspecified flaw exists in the Optimizer subcomponent that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-10378) - A flaw exists related to certificate validation due to the server hostname not being verified to match a domain name in the X.509 certificate. A man-in-the-middle attacker can exploit this, by spoofing the TLS/SSL server via a certificate that appears valid, to disclose sensitive information or manipulate data. - An integer overflow condition exists that is triggered due to improper validation of user-supplied input when processing client handshakes. An authenticated, remote attacker can exploit this to cause the server to exit, resulting in a denial of service condition. - An information disclosure vulnerability exists due to overly verbose error messages returning part of the SQL statement that produced them. An authenticated, remote attacker can exploit this to disclose sensitive information. - A flaw exists in InnoDB that is triggered during the handling of an ALTER TABLE or ADD COLUMN operation on a table with virtual columns. An authenticated, remote attacker can exploit this to crash the server, resulting in a denial of service condition."); # https://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ffb7b96f"); # http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?1e07fa0e"); script_set_attribute(attribute:"see_also", value:"https://support.oracle.com/rs?type=doc&id=2307762.1"); # https://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/3937099.xml script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?8e9f2a38"); script_set_attribute(attribute:"see_also", value:"https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-12.html"); script_set_attribute(attribute:"see_also", value:"https://drownattack.com/"); script_set_attribute(attribute:"see_also", value:"https://www.drownattack.com/drown-attack-paper.pdf"); script_set_attribute(attribute:"solution", value: "Upgrade to MySQL version 5.7.12 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-0799"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2015/11/30"); script_set_attribute(attribute:"patch_publication_date", value:"2016/04/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/04/22"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:mysql"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Databases"); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("mysql_version.nasl", "mysql_login.nasl"); script_require_keys("Settings/ParanoidReport"); script_require_ports("Services/mysql", 3306); exit(0); } include("mysql_version.inc"); mysql_check_version(fixed:'5.7.12', min:'5.7', severity:SECURITY_HOLE);
NASL family Web Servers NASL id OPENSSL_1_0_2G.NASL description According to its banner, the remote host is running a version of OpenSSL 1.0.2 prior to 1.0.2g. It is, therefore, affected by the following vulnerabilities : - A key disclosure vulnerability exists due to improper handling of cache-bank conflicts on the Intel Sandy-bridge microarchitecture. An attacker can exploit this to gain access to RSA key information. (CVE-2016-0702) - A double-free error exists due to improper validation of user-supplied input when parsing malformed DSA private keys. A remote attacker can exploit this to corrupt memory, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2016-0705) - A NULL pointer dereference flaw exists in the BN_hex2bn() and BN_dec2bn() functions. A remote attacker can exploit this to trigger a heap corruption, resulting in the execution of arbitrary code. (CVE-2016-0797) - A denial of service vulnerability exists due to improper handling of invalid usernames. A remote attacker can exploit this, via a specially crafted username, to leak 300 bytes of memory per connection, exhausting available memory resources. (CVE-2016-0798) - Multiple memory corruption issues exist that allow a remote attacker to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-0799) - A flaw exists that allows a cross-protocol Bleichenbacher padding oracle attack known as DROWN (Decrypting RSA with Obsolete and Weakened eNcryption). This vulnerability exists due to a flaw in the Secure Sockets Layer Version 2 (SSLv2) implementation, and it allows captured TLS traffic to be decrypted. A man-in-the-middle attacker can exploit this to decrypt the TLS connection by utilizing previously captured traffic and weak cryptography along with a series of specially crafted connections to an SSLv2 server that uses the same private key. (CVE-2016-0800) last seen 2020-06-01 modified 2020-06-02 plugin id 89082 published 2016-03-02 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/89082 title OpenSSL 1.0.2 < 1.0.2g Multiple Vulnerabilities (DROWN) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2016-062-02.NASL description New openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 89085 published 2016-03-03 reporter This script is Copyright (C) 2016-2017 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/89085 title Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : openssl (SSA:2016-062-02) (DROWN) NASL family Firewalls NASL id PFSENSE_SA-16_02.NASL description According to its self-reported version number, the remote pfSense install is prior to 2.3. It is, therefore, affected by multiple vulnerabilities. last seen 2020-06-01 modified 2020-06-02 plugin id 106499 published 2018-01-31 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/106499 title pfSense < 2.3 Multiple Vulnerabilities (SA-16_01 - SA-16_02) NASL family SuSE Local Security Checks NASL id SUSE_SU-2016-0620-1.NASL description This update for openssl fixes various security issues : Security issues fixed : - CVE-2016-0800 aka the last seen 2020-06-01 modified 2020-06-02 plugin id 89077 published 2016-03-02 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/89077 title SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2016:0620-1) (DROWN) NASL family Databases NASL id MYSQL_5_7_12_RPM.NASL description The version of Oracle MySQL installed on the remote host is 5.7.x prior to 5.7.12. It is, therefore, affected by the following vulnerabilities : - A cipher algorithm downgrade vulnerability exists in the bundled version of OpenSSL due to a flaw that is triggered when handling cipher negotiation. A remote attacker can exploit this to negotiate SSLv2 ciphers and complete SSLv2 handshakes even if all SSLv2 ciphers have been disabled on the server. Note that this vulnerability only exists if the SSL_OP_NO_SSLv2 option has not been disabled. (CVE-2015-3197) - An unspecified flaw exists in the Pluggable Authentication subcomponent that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-0639) - An unspecified flaw exists in the Federated subcomponent that allows a local attacker to impact integrity and availability. (CVE-2016-0642) - An unspecified flaw exists in the DML subcomponent that allows a local attacker to disclose potentially sensitive information. (CVE-2016-0643) - An unspecified flaw exists in the FTS subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-0647) - An unspecified flaw exists in the PS subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-0648) - An unspecified flaw exists in the InnoDB subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-0655) - An unspecified flaw exists in the JSON subcomponent that allows a local attacker to disclose potentially sensitive information. (CVE-2016-0657) - An unspecified flaw exists in the Optimizer subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-0659) - An unspecified flaw exists in the Partition subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-0662) - An unspecified flaw exists in the Security: Privileges subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-0666) - An unspecified flaw exists in the Locking subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-0667) - A key disclosure vulnerability exists in the bundled version of OpenSSL due to improper handling of cache-bank conflicts on the Intel Sandy-bridge microarchitecture. An attacker can exploit this to gain access to RSA key information. (CVE-2016-0702) - A double-free error exists in the bundled version of OpenSSL due to improper validation of user-supplied input when parsing malformed DSA private keys. A remote attacker can exploit this to corrupt memory, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2016-0705) - A NULL pointer dereference flaw exists in the bundled version of OpenSSL in the BN_hex2bn() and BN_dec2bn() functions. A remote attacker can exploit this to trigger a heap corruption, resulting in the execution of arbitrary code. (CVE-2016-0797) - A denial of service vulnerability exists in the bundled version of OpenSSL due to improper handling of invalid usernames. A remote attacker can exploit this, via a specially crafted username, to leak 300 bytes of memory per connection, exhausting available memory resources. (CVE-2016-0798) - Multiple memory corruption issues exist in the bundled version of OpenSSL that allow a remote attacker to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-0799) - A flaw exists in the bundled version of OpenSSL that allows a cross-protocol Bleichenbacher padding oracle attack known as DROWN (Decrypting RSA with Obsolete and Weakened eNcryption). This vulnerability exists due to a flaw in the Secure Sockets Layer Version 2 (SSLv2) implementation, and it allows captured TLS traffic to be decrypted. A man-in-the-middle attacker can exploit this to decrypt the TLS connection by utilizing previously captured traffic and weak cryptography along with a series of specially crafted connections to an SSLv2 server that uses the same private key. (CVE-2016-0800) - A man-in-the-middle spoofing vulnerability exists due to the server hostname not being verified to match a domain name in the Subject last seen 2020-06-04 modified 2016-05-02 plugin id 90834 published 2016-05-02 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/90834 title Oracle MySQL 5.7.x < 5.7.12 Multiple Vulnerabilities (RPM Check) (April 2016 CPU) (July 2016 CPU) (October 2017 CPU) (DROWN) NASL family SuSE Local Security Checks NASL id SUSE_SU-2016-0617-1.NASL description This update for openssl fixes various security issues and bugs : Security issues fixed : - CVE-2016-0800 aka the last seen 2020-06-01 modified 2020-06-02 plugin id 89076 published 2016-03-02 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/89076 title SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2016:0617-1) (DROWN) NASL family Databases NASL id MYSQL_5_6_30_RPM.NASL description The version of Oracle MySQL installed on the remote host is 5.6.x prior to 5.6.30. It is, therefore, affected by the following vulnerabilities : - A cipher algorithm downgrade vulnerability exists in the bundled version of OpenSSL due to a flaw that is triggered when handling cipher negotiation. A remote attacker can exploit this to negotiate SSLv2 ciphers and complete SSLv2 handshakes even if all SSLv2 ciphers have been disabled on the server. Note that this vulnerability only exists if the SSL_OP_NO_SSLv2 option has not been disabled. (CVE-2015-3197) - An unspecified flaw exists in the Pluggable Authentication subcomponent that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-0639) - An unspecified flaw exists in the Federated subcomponent that allows a local attacker to impact integrity and availability. (CVE-2016-0642) - An unspecified flaw exists in the DML subcomponent that allows a local attacker to disclose potentially sensitive information. (CVE-2016-0643) - An unspecified flaw exists in the FTS subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-0647) - An unspecified flaw exists in the PS subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-0648) - An unspecified flaw exists in the InnoDB subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-0655) - An unspecified flaw exists in the Security: Privileges subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-0666) - A key disclosure vulnerability exists in the bundled version of OpenSSL due to improper handling of cache-bank conflicts on the Intel Sandy-bridge microarchitecture. An attacker can exploit this to gain access to RSA key information. (CVE-2016-0702) - A double-free error exists in the bundled version of OpenSSL due to improper validation of user-supplied input when parsing malformed DSA private keys. A remote attacker can exploit this to corrupt memory, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2016-0705) - A NULL pointer dereference flaw exists in the bundled version of OpenSSL in the BN_hex2bn() and BN_dec2bn() functions. A remote attacker can exploit this to trigger a heap corruption, resulting in the execution of arbitrary code. (CVE-2016-0797) - A denial of service vulnerability exists in the bundled version of OpenSSL due to improper handling of invalid usernames. A remote attacker can exploit this, via a specially crafted username, to leak 300 bytes of memory per connection, exhausting available memory resources. (CVE-2016-0798) - Multiple memory corruption issues exist in the bundled version of OpenSSL that allow a remote attacker to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-0799) - A flaw exists in the bundled version of OpenSSL that allows a cross-protocol Bleichenbacher padding oracle attack known as DROWN (Decrypting RSA with Obsolete and Weakened eNcryption). This vulnerability exists due to a flaw in the Secure Sockets Layer Version 2 (SSLv2) implementation, and it allows captured TLS traffic to be decrypted. A man-in-the-middle attacker can exploit this to decrypt the TLS connection by utilizing previously captured traffic and weak cryptography along with a series of specially crafted connections to an SSLv2 server that uses the same private key. (CVE-2016-0800) - A man-in-the-middle spoofing vulnerability exists due to the server hostname not being verified to match a domain name in the Subject last seen 2020-06-04 modified 2016-05-02 plugin id 90832 published 2016-05-02 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/90832 title Oracle MySQL 5.6.x < 5.6.30 Multiple Vulnerabilities (April 2016 CPU) (July 2016 CPU) (DROWN) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_7B1A4A27600A11E6A6C314DAE9D210B8.NASL description A cross-protocol attack was discovered that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA padding oracle. Note that traffic between clients and non-vulnerable servers can be decrypted provided another server supporting SSLv2 and EXPORT ciphers (even with a different protocol such as SMTP, IMAP or POP3) shares the RSA keys of the non-vulnerable server. This vulnerability is known as DROWN. [CVE-2016-0800] A double free bug was discovered when OpenSSL parses malformed DSA private keys and could lead to a DoS attack or memory corruption for applications that receive DSA private keys from untrusted sources. This scenario is considered rare. [CVE-2016-0705] The SRP user database lookup method SRP_VBASE_get_by_user had confusing memory management semantics; the returned pointer was sometimes newly allocated, and sometimes owned by the callee. The calling code has no way of distinguishing these two cases. [CVE-2016-0798] In the BN_hex2bn function, the number of hex digits is calculated using an int value |i|. Later |bn_expand| is called with a value of |i * 4|. For large values of |i| this can result in |bn_expand| not allocating any memory because |i * 4| is negative. This can leave the internal BIGNUM data field as NULL leading to a subsequent NULL pointer dereference. For very large values of |i|, the calculation |i * 4| could be a positive value smaller than |i|. In this case memory is allocated to the internal BIGNUM data field, but it is insufficiently sized leading to heap corruption. A similar issue exists in BN_dec2bn. This could have security consequences if BN_hex2bn/BN_dec2bn is ever called by user applications with very large untrusted hex/dec data. This is anticipated to be a rare occurrence. [CVE-2016-0797] The internal |fmtstr| function used in processing a last seen 2020-06-01 modified 2020-06-02 plugin id 92921 published 2016-08-12 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/92921 title FreeBSD : FreeBSD -- Multiple OpenSSL vulnerabilities (7b1a4a27-600a-11e6-a6c3-14dae9d210b8) (DROWN) NASL family Junos Local Security Checks NASL id JUNIPER_JSA10759.NASL description According to its self-reported version number, the remote Juniper Junos device is affected by the following vulnerabilities related to OpenSSL : - A flaw exists in the ssl3_get_key_exchange() function in file s3_clnt.c when handling a ServerKeyExchange message for an anonymous DH ciphersuite with the value of last seen 2020-03-18 modified 2017-01-05 plugin id 96316 published 2017-01-05 reporter This script is Copyright (C) 2017-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/96316 title Juniper Junos Multiple OpenSSL Vulnerabilities (JSA10759) (SWEET32) NASL family CGI abuses NASL id SPLUNK_6334.NASL description According to its version number, the instance of Splunk hosted on the remote web server is Enterprise 5.0.x prior to 5.0.15, 6.0.x prior to 6.0.11, 6.1.x prior to 6.1.10, 6.2.x prior to 6.2.9, 6.3.x prior to 6.3.3.4, Light 6.2.x prior to 6.2.9, or Light 6.3.x prior to 6.3.3.4. It is, therefore, affected by the following vulnerabilities : - A type confusion error exists in the bundled version of libxslt in the xsltStylePreCompute() function due to improper handling of invalid values. A context-dependent attacker can exploit this, via crafted XML files, to cause a denial of service condition. (CVE-2015-7995) - A key disclosure vulnerability exists in the bundled version of OpenSSL due to improper handling of cache-bank conflicts on the Intel Sandy-bridge microarchitecture. An attacker can exploit this to gain access to RSA key information. (CVE-2016-0702) - A double-free error exists in the bundled version of OpenSSL due to improper validation of user-supplied input when parsing malformed DSA private keys. A remote attacker can exploit this to corrupt memory, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2016-0705) - A NULL pointer dereference flaw exists in the bundled version of OpenSSL in the BN_hex2bn() and BN_dec2bn() functions. A remote attacker can exploit this to trigger a heap corruption, resulting in the execution of arbitrary code. (CVE-2016-0797) - A denial of service vulnerability exists in the bundled version of OpenSSL due to improper handling of invalid usernames. A remote attacker can exploit this, via a specially crafted username, to leak 300 bytes of memory per connection, exhausting available memory resources. (CVE-2016-0798) - Multiple memory corruption issues exist in the bundled version of OpenSSL that allow a remote attacker to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-0799) - A flaw exists in the bundled version of OpenSSL that allows a cross-protocol Bleichenbacher padding oracle attack known as DROWN (Decrypting RSA with Obsolete and Weakened eNcryption). This vulnerability exists due to a flaw in the Secure Sockets Layer Version 2 (SSLv2) implementation, and it allows captured TLS traffic to be decrypted. A man-in-the-middle attacker can exploit this to decrypt the TLS connection by utilizing previously captured traffic and weak cryptography along with a series of specially crafted connections to an SSLv2 server that uses the same private key. (CVE-2016-0800) - A flaw exists due to improper handling of specially crafted HTTP requests that contain specific headers. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. - A flaw exists due to improper handling of malformed HTTP requests. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. - A flaw exists that is triggered when directly accessing objects. An authenticated, remote attacker can exploit this to disclose search logs. - A flaw exists due to the failure to honor the sslVersions keyword for TLS protocol versions, preventing users from enforcing TLS policies. - A path traversal vulnerability exists in the last seen 2020-06-01 modified 2020-06-02 plugin id 90705 published 2016-04-25 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/90705 title Splunk Enterprise < 5.0.15 / 6.0.11 / 6.1.10 / 6.2.9 / 6.3.3.4 or Splunk Light < 6.2.9 / 6.3.3.4 Multiple Vulnerabilities (DROWN) NASL family SuSE Local Security Checks NASL id OPENSUSE-2016-289.NASL description This update for openssl fixes various security issues : Security issues fixed : - CVE-2016-0800 aka the last seen 2020-06-05 modified 2016-03-03 plugin id 89091 published 2016-03-03 reporter This script is Copyright (C) 2016-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/89091 title openSUSE Security Update : openssl (openSUSE-2016-289) (DROWN) NASL family SuSE Local Security Checks NASL id OPENSUSE-2016-288.NASL description This update for openssl fixes the following issues : Security issues fixed : - CVE-2016-0800 aka the last seen 2020-06-05 modified 2016-03-03 plugin id 89090 published 2016-03-03 reporter This script is Copyright (C) 2016-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/89090 title openSUSE Security Update : openssl (openSUSE-2016-288) (DROWN) NASL family Web Servers NASL id OPENSSL_1_0_1S.NASL description According to its banner, the remote host is running a version of OpenSSL 1.0.1 prior to 1.0.1s. It is, therefore, affected by the following vulnerabilities : - A key disclosure vulnerability exists due to improper handling of cache-bank conflicts on the Intel Sandy-bridge microarchitecture. An attacker can exploit this to gain access to RSA key information. (CVE-2016-0702) - A double-free error exists due to improper validation of user-supplied input when parsing malformed DSA private keys. A remote attacker can exploit this to corrupt memory, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2016-0705) - A NULL pointer dereference flaw exists in the BN_hex2bn() and BN_dec2bn() functions. A remote attacker can exploit this to trigger a heap corruption, resulting in the execution of arbitrary code. (CVE-2016-0797) - A denial of service vulnerability exists due to improper handling of invalid usernames. A remote attacker can exploit this, via a specially crafted username, to leak 300 bytes of memory per connection, exhausting available memory resources. (CVE-2016-0798) - Multiple memory corruption issues exist that allow a remote attacker to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-0799) - A flaw exists that allows a cross-protocol Bleichenbacher padding oracle attack known as DROWN (Decrypting RSA with Obsolete and Weakened eNcryption). This vulnerability exists due to a flaw in the Secure Sockets Layer Version 2 (SSLv2) implementation, and it allows captured TLS traffic to be decrypted. A man-in-the-middle attacker can exploit this to decrypt the TLS connection by utilizing previously captured traffic and weak cryptography along with a series of specially crafted connections to an SSLv2 server that uses the same private key. (CVE-2016-0800) last seen 2020-06-01 modified 2020-06-02 plugin id 89081 published 2016-03-02 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/89081 title OpenSSL 1.0.1 < 1.0.1s Multiple Vulnerabilities (DROWN) NASL family Databases NASL id MYSQL_5_6_30.NASL description The version of MySQL running on the remote host is 5.6.x prior to 5.6.30. It is, therefore, affected by multiple vulnerabilities : - A cipher algorithm downgrade vulnerability exists in the bundled version of OpenSSL due to a flaw that is triggered when handling cipher negotiation. A remote attacker can exploit this to negotiate SSLv2 ciphers and complete SSLv2 handshakes even if all SSLv2 ciphers have been disabled on the server. Note that this vulnerability only exists if the SSL_OP_NO_SSLv2 option has not been disabled. (CVE-2015-3197) - An unspecified flaw exists in the Pluggable Authentication subcomponent that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-0639) - An unspecified flaw exists in the Federated subcomponent that allows an authenticated, remote attacker to impact integrity and availability. (CVE-2016-0642) - An unspecified flaw exists in the DML subcomponent that allows an authenticated, remote attacker to disclose sensitive information. (CVE-2016-0643) - An unspecified flaw exists in the FTS subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0647) - An unspecified flaw exists in the PS subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0647) - An unspecified flaw exists in the InnoDB subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0655) - An unspecified flaw exists in the Security: Privileges subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0666) - A key disclosure vulnerability exists in the bundled version of OpenSSL due to improper handling of cache-bank conflicts on the Intel Sandy-bridge microarchitecture. An attacker can exploit this to gain access to RSA key information. (CVE-2016-0702) - A double-free error exists in the bundled version of OpenSSL due to improper validation of user-supplied input when parsing malformed DSA private keys. A remote attacker can exploit this to corrupt memory, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2016-0705) - A NULL pointer dereference flaw exists in the bundled version of OpenSSL in the BN_hex2bn() and BN_dec2bn() functions. A remote attacker can exploit this to trigger a heap corruption, resulting in the execution of arbitrary code. (CVE-2016-0797) - A denial of service vulnerability exists in the bundled version of OpenSSL due to improper handling of invalid usernames. A remote attacker can exploit this, via a specially crafted username, to leak 300 bytes of memory per connection, exhausting available memory resources. (CVE-2016-0798) - Multiple memory corruption issues exist in the bundled version of OpenSSL that allow a remote attacker to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-0799) - A flaw exists in the bundled version of OpenSSL that allows a cross-protocol Bleichenbacher padding oracle attack known as DROWN (Decrypting RSA with Obsolete and Weakened eNcryption). This vulnerability exists due to a flaw in the Secure Sockets Layer Version 2 (SSLv2) implementation, and it allows captured TLS traffic to be decrypted. A man-in-the-middle attacker can exploit this to decrypt the TLS connection by utilizing previously captured traffic and weak cryptography along with a series of specially crafted connections to an SSLv2 server that uses the same private key. (CVE-2016-0800) - A man-in-the-middle spoofing vulnerability exists due to the server hostname not being verified to match a domain name in the Subject last seen 2020-06-01 modified 2020-06-02 plugin id 90683 published 2016-04-22 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/90683 title MySQL 5.6.x < 5.6.30 Multiple Vulnerabilities (DROWN) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201603-15.NASL description The remote host is affected by the vulnerability described in GLSA-201603-15 (OpenSSL: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in OpenSSL, the worst being a cross-protocol attack called DROWN that could lead to the decryption of TLS sessions. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could decrypt TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA padding oracle, cause a Denial of Service condition, obtain sensitive information from memory and (in rare circumstances) recover RSA keys. Workaround : A workaround for DROWN is disabling the SSLv2 protocol on all SSL/TLS servers. last seen 2020-06-01 modified 2020-06-02 plugin id 90053 published 2016-03-21 reporter This script is Copyright (C) 2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/90053 title GLSA-201603-15 : OpenSSL: Multiple vulnerabilities (DROWN) NASL family SuSE Local Security Checks NASL id OPENSUSE-2016-292.NASL description This update for openssl fixes various security issues : Security issues fixed : - CVE-2016-0800 aka the last seen 2020-06-05 modified 2016-03-03 plugin id 89092 published 2016-03-03 reporter This script is Copyright (C) 2016-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/89092 title openSUSE Security Update : openssl (openSUSE-2016-292) (DROWN) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3500.NASL description Several vulnerabilities were discovered in OpenSSL, a Secure Socket Layer toolkit. - CVE-2016-0702 Yuval Yarom from the University of Adelaide and NICTA, Daniel Genkin from Technion and Tel Aviv University, and Nadia Heninger from the University of Pennsylvania discovered a side-channel attack which makes use of cache-bank conflicts on the Intel Sandy-Bridge microarchitecture. This could allow local attackers to recover RSA private keys. - CVE-2016-0705 Adam Langley from Google discovered a double free bug when parsing malformed DSA private keys. This could allow remote attackers to cause a denial of service or memory corruption in applications parsing DSA private keys received from untrusted sources. - CVE-2016-0797 Guido Vranken discovered an integer overflow in the BN_hex2bn and BN_dec2bn functions that can lead to a NULL pointer dereference and heap corruption. This could allow remote attackers to cause a denial of service or memory corruption in applications processing hex or dec data received from untrusted sources. - CVE-2016-0798 Emilia Kasper of the OpenSSL development team discovered a memory leak in the SRP database lookup code. To mitigate the memory leak, the seed handling in SRP_VBASE_get_by_user is now disabled even if the user has configured a seed. Applications are advised to migrate to the SRP_VBASE_get1_by_user function. - CVE-2016-0799, CVE-2016-2842 Guido Vranken discovered an integer overflow in the BIO_*printf functions that could lead to an OOB read when printing very long strings. Additionally the internal doapr_outch function can attempt to write to an arbitrary memory location in the event of a memory allocation failure. These issues will only occur on platforms where sizeof(size_t) > sizeof(int) like many 64 bit systems. This could allow remote attackers to cause a denial of service or memory corruption in applications that pass large amounts of untrusted data to the BIO_*printf functions. Additionally the EXPORT and LOW ciphers were disabled since thay could be used as part of the DROWN (CVE-2016-0800 ) and SLOTH (CVE-2015-7575 ) attacks, but note that the oldstable (wheezy) and stable (jessie) distributions are not affected by those attacks since the SSLv2 protocol has already been dropped in the openssl package version 1.0.0c-2. last seen 2020-06-01 modified 2020-06-02 plugin id 89061 published 2016-03-02 reporter This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/89061 title Debian DSA-3500-1 : openssl - security update NASL family AIX Local Security Checks NASL id AIX_OPENSSL_ADVISORY18.NASL description The version of OpenSSL installed on the remote AIX host is affected by the following vulnerabilities : - A key disclosure vulnerability exists due to improper handling of cache-bank conflicts on the Intel Sandy-bridge microarchitecture. An attacker can exploit this to gain access to RSA key information. (CVE-2016-0702) - A double-free error exists due to improper validation of user-supplied input when parsing malformed DSA private keys. A remote attacker can exploit this to corrupt memory, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2016-0705) - A NULL pointer dereference flaw exists in the BN_hex2bn() and BN_dec2bn() functions. A remote attacker can exploit this to trigger a heap corruption, resulting in the execution of arbitrary code. (CVE-2016-0797) - A denial of service vulnerability exists due to improper handling of invalid usernames. A remote attacker can exploit this, via a specially crafted username, to leak 300 bytes of memory per connection, exhausting available memory resources. (CVE-2016-0798) - Multiple memory corruption issues exist that allow a remote attacker to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-0799) - A flaw exists that allows a cross-protocol Bleichenbacher padding oracle attack known as DROWN (Decrypting RSA with Obsolete and Weakened eNcryption). This vulnerability exists due to a flaw in the Secure Sockets Layer Version 2 (SSLv2) implementation, and it allows captured TLS traffic to be decrypted. A man-in-the-middle attacker can exploit this to decrypt the TLS connection by utilizing previously captured traffic and weak cryptography along with a series of specially crafted connections to an SSLv2 server that uses the same private key. (CVE-2016-0800) - A denial of service vulnerability exists due to improper verification of memory allocation by the doapr_outch() function in file crypto/bio/b_print.c. A remote attacker can exploit this, via a specially crafted string, to write data out-of-bounds or exhaust memory resources or possibly have other unspecified impact. (CVE-2016-2842) last seen 2020-06-01 modified 2020-06-02 plugin id 90448 published 2016-04-13 reporter This script is Copyright (C) 2016-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/90448 title AIX OpenSSL Advisory : openssl_advisory18.asc / openssl_advisory19.asc (DROWN) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2914-1.NASL description Yuval Yarom, Daniel Genkin, and Nadia Heninger discovered that OpenSSL was vulnerable to a side-channel attack on modular exponentiation. On certain CPUs, a local attacker could possibly use this issue to recover RSA keys. This flaw is known as CacheBleed. (CVE-2016-0702) Adam Langley discovered that OpenSSL incorrectly handled memory when parsing DSA private keys. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-0705) Guido Vranken discovered that OpenSSL incorrectly handled hex digit calculation in the BN_hex2bn function. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-0797) Emilia Kasper discovered that OpenSSL incorrectly handled memory when performing SRP user database lookups. A remote attacker could possibly use this issue to cause OpenSSL to consume memory, resulting in a denial of service. (CVE-2016-0798) Guido Vranken discovered that OpenSSL incorrectly handled memory when printing very long strings. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-0799). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 89078 published 2016-03-02 reporter Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/89078 title Ubuntu 12.04 LTS / 14.04 LTS / 15.10 : openssl vulnerabilities (USN-2914-1)
Packetstorm
data source | https://packetstormsecurity.com/files/download/143369/orionbrowser79-mitm.txt |
id | PACKETSTORM:143369 |
last seen | 2017-07-15 |
published | 2017-07-14 |
reporter | MaXe |
source | https://packetstormsecurity.com/files/143369/Orion-Elite-Hidden-IP-Browser-Pro-7.9-OpenSSL-Tor-Man-In-The-Middle.html |
title | Orion Elite Hidden IP Browser Pro 7.9 OpenSSL / Tor / Man-In-The-Middle |
References
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00005.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00005.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html
- http://openssl.org/news/secadv/20160301.txt
- http://openssl.org/news/secadv/20160301.txt
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl
- http://www.debian.org/security/2016/dsa-3500
- http://www.debian.org/security/2016/dsa-3500
- http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
- http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.securityfocus.com/bid/83705
- http://www.securityfocus.com/bid/83705
- http://www.securityfocus.com/bid/91787
- http://www.securityfocus.com/bid/91787
- http://www.securitytracker.com/id/1035133
- http://www.securitytracker.com/id/1035133
- http://www.ubuntu.com/usn/USN-2914-1
- http://www.ubuntu.com/usn/USN-2914-1
- https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
- https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=259b664f950c2ba66fbf4b0fe5281327904ead21
- https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=259b664f950c2ba66fbf4b0fe5281327904ead21
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03741en_us
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03741en_us
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168
- https://security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.asc
- https://security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.asc
- https://security.gentoo.org/glsa/201603-15
- https://security.gentoo.org/glsa/201603-15
- https://www.openssl.org/news/secadv/20160301.txt
- https://www.openssl.org/news/secadv/20160301.txt