CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
77.7%
This update for bouncycastle to version 1.59 fixes the following issues :
These security issues were fixed :
CVE-2017-13098: BouncyCastle, when configured to use the JCE (Java Cryptography Extension) for cryptographic functions, provided a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange was negotiated. An attacker can recover the private key from a vulnerable application. This vulnerability is referred to as ‘ROBOT’ (bsc#1072697).
CVE-2016-1000338: Ensure full validation of ASN.1 encoding of signature on verification. It was possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may have allowed the introduction of ‘invisible’ data into a signed structure (bsc#1095722).
CVE-2016-1000339: Prevent AESEngine key information leak via lookup table accesses (boo#1095853).
CVE-2016-1000340: Preventcarry propagation bugs in the implementation of squaring for several raw math classes (boo#1095854).
CVE-2016-1000341: Fix DSA signature generation vulnerability to timing attack (boo#1095852).
CVE-2016-1000341: DSA signature generation was vulnerable to timing attack. Where timings can be closely observed for the generation of signatures may have allowed an attacker to gain information about the signature’s k value and ultimately the private value as well (bsc#1095852).
CVE-2016-1000342: Ensure that ECDSA does fully validate ASN.1 encoding of signature on verification. It was possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may have allowed the introduction of ‘invisible’ data into a signed structure (bsc#1095850).
CVE-2016-1000343: Prevent weak default settings for private DSA key pair generation (boo#1095849).
CVE-2016-1000344: Removed DHIES from the provider to disable the unsafe usage of ECB mode (boo#1096026).
CVE-2016-1000345: The DHIES/ECIES CBC mode was vulnerable to padding oracle attack. In an environment where timings can be easily observed, it was possible with enough observations to identify when the decryption is failing due to padding (bsc#1096025).
CVE-2016-1000346: The other party DH public key was not fully validated. This could have caused issues as invalid keys could be used to reveal details about the other party’s private key where static Diffie-Hellman is in use (bsc#1096024).
CVE-2016-1000352: Remove ECIES from the provider to disable the unsafe usage of ECB mode (boo#1096022).
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2018-628.
#
# The text description of this plugin is (C) SUSE LLC.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(110530);
script_version("1.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_cve_id("CVE-2016-1000338", "CVE-2016-1000339", "CVE-2016-1000340", "CVE-2016-1000341", "CVE-2016-1000342", "CVE-2016-1000343", "CVE-2016-1000344", "CVE-2016-1000345", "CVE-2016-1000346", "CVE-2016-1000352", "CVE-2017-13098");
script_name(english:"openSUSE Security Update : bouncycastle (openSUSE-2018-628)");
script_summary(english:"Check for the openSUSE-2018-628 patch");
script_set_attribute(
attribute:"synopsis",
value:"The remote openSUSE host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"This update for bouncycastle to version 1.59 fixes the following
issues :
These security issues were fixed :
- CVE-2017-13098: BouncyCastle, when configured to use the
JCE (Java Cryptography Extension) for cryptographic
functions, provided a weak Bleichenbacher oracle when
any TLS cipher suite using RSA key exchange was
negotiated. An attacker can recover the private key from
a vulnerable application. This vulnerability is referred
to as 'ROBOT' (bsc#1072697).
- CVE-2016-1000338: Ensure full validation of ASN.1
encoding of signature on verification. It was possible
to inject extra elements in the sequence making up the
signature and still have it validate, which in some
cases may have allowed the introduction of 'invisible'
data into a signed structure (bsc#1095722).
- CVE-2016-1000339: Prevent AESEngine key information leak
via lookup table accesses (boo#1095853).
- CVE-2016-1000340: Preventcarry propagation bugs in the
implementation of squaring for several raw math classes
(boo#1095854).
- CVE-2016-1000341: Fix DSA signature generation
vulnerability to timing attack (boo#1095852).
- CVE-2016-1000341: DSA signature generation was
vulnerable to timing attack. Where timings can be
closely observed for the generation of signatures may
have allowed an attacker to gain information about the
signature's k value and ultimately the private value as
well (bsc#1095852).
- CVE-2016-1000342: Ensure that ECDSA does fully validate
ASN.1 encoding of signature on verification. It was
possible to inject extra elements in the sequence making
up the signature and still have it validate, which in
some cases may have allowed the introduction of
'invisible' data into a signed structure (bsc#1095850).
- CVE-2016-1000343: Prevent weak default settings for
private DSA key pair generation (boo#1095849).
- CVE-2016-1000344: Removed DHIES from the provider to
disable the unsafe usage of ECB mode (boo#1096026).
- CVE-2016-1000345: The DHIES/ECIES CBC mode was
vulnerable to padding oracle attack. In an environment
where timings can be easily observed, it was possible
with enough observations to identify when the decryption
is failing due to padding (bsc#1096025).
- CVE-2016-1000346: The other party DH public key was not
fully validated. This could have caused issues as
invalid keys could be used to reveal details about the
other party's private key where static Diffie-Hellman is
in use (bsc#1096024).
- CVE-2016-1000352: Remove ECIES from the provider to
disable the unsafe usage of ECB mode (boo#1096022)."
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1072697"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1095722"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1095849"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1095850"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1095852"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1095853"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1095854"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1096022"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1096024"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1096025"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1096026"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected bouncycastle packages."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:bouncycastle");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:bouncycastle-javadoc");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.3");
script_set_attribute(attribute:"patch_publication_date", value:"2018/06/14");
script_set_attribute(attribute:"plugin_publication_date", value:"2018/06/14");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE42\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.3", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if ( rpm_check(release:"SUSE42.3", reference:"bouncycastle-1.59-23.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"bouncycastle-javadoc-1.59-23.3.1") ) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bouncycastle / bouncycastle-javadoc");
}
Vendor | Product | Version | CPE |
---|---|---|---|
novell | opensuse | bouncycastle | p-cpe:/a:novell:opensuse:bouncycastle |
novell | opensuse | bouncycastle-javadoc | p-cpe:/a:novell:opensuse:bouncycastle-javadoc |
novell | opensuse | 42.3 | cpe:/o:novell:opensuse:42.3 |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000338
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000339
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000340
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000341
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000342
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000343
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000344
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000345
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000346
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000352
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13098
bugzilla.opensuse.org/show_bug.cgi?id=1072697
bugzilla.opensuse.org/show_bug.cgi?id=1095722
bugzilla.opensuse.org/show_bug.cgi?id=1095849
bugzilla.opensuse.org/show_bug.cgi?id=1095850
bugzilla.opensuse.org/show_bug.cgi?id=1095852
bugzilla.opensuse.org/show_bug.cgi?id=1095853
bugzilla.opensuse.org/show_bug.cgi?id=1095854
bugzilla.opensuse.org/show_bug.cgi?id=1096022
bugzilla.opensuse.org/show_bug.cgi?id=1096024
bugzilla.opensuse.org/show_bug.cgi?id=1096025
bugzilla.opensuse.org/show_bug.cgi?id=1096026
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
77.7%