CVSS: 10.0EPSS: 6%CPEs: 61EXPL: 0CVE-2016-0705 – OpenSSL: Double-free in DSA code
https://notcve.org/view.php?id=CVE-2016-0705
Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key. Vulnerabilidad de liberación doble en la función dsa_priv_decode en crypto/dsa/dsa_ameth.c en OpenSSL 1.0.1 en versiones anteriores a 1.0.1s y 1.0.2 en versiones anteriores a 1.0.2g permite a atacantes remotos causar una denegación de servicio (corrupción de memoria) o posiblemente tener otro impacto no especificado a través de una clave DSA privada malformada. A double-free flaw was found in the way OpenSSL parsed certain malformed DSA (Digital Signature Algorithm) private keys. An attacker could create specially crafted DSA private keys that, when processed by an application compiled against OpenSSL, could cause the application to crash. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178358.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178817.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2016-03/ •
CVSS: 5.1EPSS: 0%CPEs: 40EXPL: 0CVE-2016-0702 – OpenSSL: Side channel attack on modular exponentiation
https://notcve.org/view.php?id=CVE-2016-0702
The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a "CacheBleed" attack. La función MOD_EXP_CTIME_COPY_FROM_PREBUF en crypto/bn/bn_exp.c en OpenSSL 1.0.1 en versiones anteriores a 1.0.1s y 1.0.2 en versiones anteriores a 1.0.2g no considera correctamente las veces que se accede al cache-bank durante la exponenciación modular, lo que facilita a usuarios locales descubrir las claves RSA ejecutando una aplicación manipulada en el mismo núcleo de la CPU Intel Sandy Bridge como víctima y aprovechándose de los conflictos del cache-bank, también conocida como un ataque "CacheBleed". A side-channel attack was found that makes use of cache-bank conflicts on the Intel Sandy-Bridge microarchitecture. An attacker who has the ability to control code in a thread running on the same hyper-threaded core as the victim's thread that is performing decryption, could use this flaw to recover RSA private keys. • http://cachebleed.info http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178358.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178817.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html http://lists.opensuse.org/opensuse- • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.9EPSS: 94%CPEs: 34EXPL: 0CVE-2016-0800 – SSL/TLS: Cross-protocol attack on TLS using SSLv2 (DROWN)
https://notcve.org/view.php?id=CVE-2016-0800
The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a "DROWN" attack. El protocolo SSLv2, como se utiliza en OpenSSL en versiones anteriores a 1.0.1s y 1.0.2 en versiones anteriores a 1.0.2g y otros productos requiere un servidor para enviar un mensaje ServerVerify antes de establecer que un cliente posee ciertos datos RSA en texto plano, lo que facilita a atacantes remotos descifrar datos de texto cifrados con TLS aprovechándose de un Bleichenbacher RSA padding oracle, también conocida como ataque "DROWN". A padding oracle flaw was found in the Secure Sockets Layer version 2.0 (SSLv2) protocol. An attacker could potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10722 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00005.html http: • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-310: Cryptographic Issues •
CVSS: 5.9EPSS: 1%CPEs: 38EXPL: 0CVE-2015-3197 – OpenSSL: SSLv2 doesn't block disabled ciphers
https://notcve.org/view.php?id=CVE-2015-3197
ssl/s2_srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f does not prevent use of disabled ciphers, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by performing computations on SSLv2 traffic, related to the get_client_master_key and get_client_hello functions. ssl/s2_srvr.c en OpenSSL 1.0.1 en versiones anteriores a 1.0.1r y 1.0.2 en versiones anteriores a 1.0.2f no impide el uso de cifrados deshabilitados, lo que hace que sea más fácil para atacantes man-in-the-middle vencer los mecanismos de protección criptográfica llevando a cabo cálculos sobre tráfico SSLv2, relacionado con las funciones get_client_master_key y get_client_hello. A flaw was found in the way malicious SSLv2 clients could negotiate SSLv2 ciphers that were disabled on the server. This could result in weak SSLv2 ciphers being used for SSLv2 connections, making them vulnerable to man-in-the-middle attacks. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176373.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-310: Cryptographic Issues •
CVSS: 3.7EPSS: 11%CPEs: 9EXPL: 0CVE-2016-0701
https://notcve.org/view.php?id=CVE-2016-0701
The DH_check_pub_key function in crypto/dh/dh_check.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman (DH) key exchange, which makes it easier for remote attackers to discover a private DH exponent by making multiple handshakes with a peer that chose an inappropriate number, as demonstrated by a number in an X9.42 file. La función DH_check_pub_key en crypto/dh/dh_check.c en OpenSSL 1.0.2 en versiones anteriores a 1.0.2f no asegura que los número primos son apropiados para el intercambio de clave Diffie-Hellman (DH), lo que hace que sea más fácil para atacantes remotos descubrir el exponente DH privado mediante la realización de múltiples apretones de mano con un par que eligió un número inapropiado, según lo demostrado por un número en un archivo X9.42. • http://intothesymmetry.blogspot.com/2016/01/openssl-key-recovery-attack-on-dh-small.html http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176373.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html http://www.openssl.org/news/secadv/20160128.txt http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html ht • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •