CVSS: 5.9EPSS: 96%CPEs: 60EXPL: 2CVE-2016-2107 – OpenSSL - Padding Oracle in AES-NI CBC MAC Check
https://notcve.org/view.php?id=CVE-2016-2107
The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169. La implementación de AES-NI en OpenSSL en versiones anteriores a 1.0.1t y 1.0.2 en versiones anteriores a 1.0.2h no considera la asignación de memoria durante una comprobación de relleno determinada, lo que permite a atacantes remotos obtener información de texto claro sensible a través de un ataque de padding-oracle contra una sesión AES CBC . NOTA: esta vulnerabilidad existe debido a una corrección incorrecta para CVE-2013-0169. It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when the connection used the AES CBC cipher suite and the server supported AES-NI. • https://www.exploit-db.com/exploits/39768 https://github.com/FiloSottile/CVE-2016-2107 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183457.html http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183607.html http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184605.html http://lists.opensuse.org/opensuse-security • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-310: Cryptographic Issues •
CVSS: 10.0EPSS: 71%CPEs: 32EXPL: 0CVE-2016-2842 – openssl: doapr_outch function does not verify that certain memory allocation succeeds
https://notcve.org/view.php?id=CVE-2016-2842
The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-0799. La función doapr_outch en crypto/bio/b_print.c en OpenSSL 1.0.1 en versiones anteriores a 1.0.1s y 1.0.2 en versiones anteriores a 1.0.2g no verifica que una asignación determinada de memoria tenga éxito, lo que permite a atacantes remotos causar una denegación de servicio (escritura fuera de rango o consumo de memoria) o posiblemente causar otro impacto no especificado a través de una cadena de carácteres más larga, como ha quedado demostrado por una gran cantidad de ASN.1 data, una vulnerabilidad diferente a CVE-2016-0799. Several flaws were found in the way BIO_*printf functions were implemented in OpenSSL. Applications which passed large amounts of untrusted data through these functions could crash or potentially execute code with the permissions of the user running such an application. • http://marc.info/?l=bugtraq&m=145983526810210&w=2 http://marc.info/?l=bugtraq&m=146108058503441&w=2 http://openssl.org/news/secadv/20160301.txt http://rhn.redhat.com/errata/RHSA-2016-0722.html http://rhn.redhat.com/errata/RHSA-2016-0996.html http://rhn.redhat.com/errata/RHSA-2016-2073.html http://rhn.redhat.com/errata/RHSA-2016-2957.html http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html http://www.securityfocus.com/bid/84169 https:&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 68%CPEs: 32EXPL: 0CVE-2016-0798
https://notcve.org/view.php?id=CVE-2016-0798
Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory consumption) by providing an invalid username in a connection attempt, related to apps/s_server.c and crypto/srp/srp_vfy.c. Fuga de memoria en la implementación de SRP_VBASE_get_by_user en OpenSSL 1.0.1 en versiones anteriores a 1.0.1s y 1.0.2 en versiones anteriores a 1.0.2g permite a atacantes remotos causar una denegación de servicio (consumo de memoria) proporcionando un nombre de usuario no válido en un intento de conexión, relacionada con apps/s_server.c y crypto/srp/srp_vfy.c. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.h • CWE-399: Resource Management Errors •
CVSS: 5.9EPSS: 0%CPEs: 44EXPL: 0CVE-2016-0703 – openssl: Divide-and-conquer session key recovery in SSLv2
https://notcve.org/view.php?id=CVE-2016-0703
The get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a accepts a nonzero CLIENT-MASTER-KEY CLEAR-KEY-LENGTH value for an arbitrary cipher, which allows man-in-the-middle attackers to determine the MASTER-KEY value and decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a related issue to CVE-2016-0800. La función get_client_master_key en s2_srvr.c en la implementación de SSLv2 en OpenSSL en versiones anteriores a 0.9.8zf, 1.0.0 en versiones anteriores a 1.0.0r, 1.0.1 en versiones anteriores a 1.0.1m y 1.0.2 en versiones anteriores a 1.0.2a acepta un valor CLIENT-MASTER-KEY CLEAR-KEY-LENGTH distinto de cero para un cifrado arbitrario, lo que permite a atacantes man-in-the-middle determinar el valor MASTER-KEY y descifrar datos de texto cifrados con TLS aprovechándose de un Bleichenbacher RSA padding oracle, un caso relacionado con CVE-2016-0800. It was discovered that the SSLv2 servers using OpenSSL accepted SSLv2 connection handshakes that indicated non-zero clear key length for non-export cipher suites. An attacker could use this flaw to decrypt recorded SSLv2 sessions with the server by using it as a decryption oracle. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.h • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.9EPSS: 1%CPEs: 44EXPL: 0CVE-2016-0704 – openssl: SSLv2 Bleichenbacher protection overwrites wrong bytes for export ciphers
https://notcve.org/view.php?id=CVE-2016-0704
An oracle protection mechanism in the get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a overwrites incorrect MASTER-KEY bytes during use of export cipher suites, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a related issue to CVE-2016-0800. Un mecanismo de protección oracle en la función get_client_master_key en s2_srvr.c en la implementación de SSLv2 en OpenSSL en versiones anteriores a 0.9.8zf, 1.0.0 en versiones anteriores a 1.0.0r, 1.0.1 en versiones anteriores a 1.0.1m y 1.0.2 en versiones anteriores a 1.0.2a sobrescribe MASTER-KEY bytes incorrectos durante el uso de suites de cifrado de exportación, lo que facilita a atacantes remotos el descifrado de datos de texto cifrados con TLS aprovechándose de un Bleichenbacher RSA padding oracle, un caso relacionado con CVE-2016-0800. It was discovered that the SSLv2 protocol implementation in OpenSSL did not properly implement the Bleichenbacher protection for export cipher suites. An attacker could use a SSLv2 server using OpenSSL as a Bleichenbacher oracle. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.h • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •