Search...

Junos Multiple OpenSSL Vulnerabilities

2016-10-14T00:00:00

ID OPENVAS:1361412562310106355
Type openvas
Reporter This script is Copyright (C) 2016 Greenbone Networks GmbH
Modified 2018-10-29T00:00:00

Description

Junos OS is prone to multiple vulnerabilities in OpenSSL.

                                        
                                            ###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_junos_cve-2016-2105.nasl 12149 2018-10-29 10:48:30Z asteins $
#
# Junos Multiple OpenSSL Vulnerabilities
#
# Authors:
# Christian Kuersteiner &lt;christian.kuersteiner@greenbone.net&gt;
#
# Copyright:
# Copyright (c) 2016 Greenbone Networks GmbH
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

CPE = 'cpe:/o:juniper:junos';

if (description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.106355");
  script_version("$Revision: 12149 $");
  script_tag(name:"last_modification", value:"$Date: 2018-10-29 11:48:30 +0100 (Mon, 29 Oct 2018) $");
  script_tag(name:"creation_date", value:"2016-10-14 09:51:23 +0700 (Fri, 14 Oct 2016)");
  script_tag(name:"cvss_base", value:"10.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");

  script_tag(name:"qod_type", value:"package");

  script_tag(name:"solution_type", value:"VendorFix");

  script_cve_id("CVE-2016-2105", "CVE-2016-2106", "CVE-2016-2108", "CVE-2016-2109", "CVE-2016-2176",
"CVE-2016-2180");

  script_name("Junos Multiple OpenSSL Vulnerabilities");

  script_category(ACT_GATHER_INFO);

  script_family("JunOS Local Security Checks");
  script_copyright("This script is Copyright (C) 2016 Greenbone Networks GmbH");
  script_dependencies("gb_ssh_junos_get_version.nasl", "gb_junos_snmp_version.nasl");
  script_mandatory_keys("Junos/Version");

  script_tag(name:"summary", value:"Junos OS is prone to multiple vulnerabilities in OpenSSL.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable OS build is present on the target host.");

  script_tag(name:"impact", value:"A remote attacker may execute arbitrary code or cause a denial of service
condition.");

  script_tag(name:"affected", value:"Junos OS 13.3, 14.1, 14.2 and 15.1");

  script_tag(name:"solution", value:"New builds of Junos OS software are available from Juniper.");

  script_xref(name:"URL", value:"http://kb.juniper.net/JSA10759");

  exit(0);
}

include("host_details.inc");
include("revisions-lib.inc");
include("version_func.inc");

if (!version = get_app_version(cpe: CPE, nofork: TRUE))
  exit(0);

if (version =~ "^15") {
  if (revcomp(a: version, b: "15.1F5-S4") &lt; 0) {
    report = report_fixed_ver(installed_version: version, fixed_version: "15.1F5-S4");
    security_message(port: 0, data: report);
    exit(0);
  }
  else if ((revcomp(a: version, b: "15.1F6-S2") &lt; 0) &&
           (revcomp(a: version, b: "15.1F6") &gt;= 0)) {
    report = report_fixed_ver(installed_version: version, fixed_version: "15.1F6-S2");
    security_message(port: 0, data: report);
    exit(0);
  }
  else if ((revcomp(a: version, b: "15.1R4") &lt; 0) &&
           (revcomp(a: version, b: "15.1R1") &gt;= 0)) {
    report = report_fixed_ver(installed_version: version, fixed_version: "15.1R4");
    security_message(port: 0, data: report);
    exit(0);
  }
  else if ((revcomp(a: version, b: "15.1X53-D50") &lt; 0) &&
           (revcomp(a: version, b: "15.1X53") &gt;= 0)) {
    report = report_fixed_ver(installed_version: version, fixed_version: "15.1X53-D50");
    security_message(port: 0, data: report);
    exit(0);
  }
}

if (version =~ "^14") {
  if (revcomp(a: version, b: "14.1R9") &lt; 0) {
    report = report_fixed_ver(installed_version: version, fixed_version: "14.1R9");
    security_message(port: 0, data: report);
    exit(0);
  }
  else if ((revcomp(a: version, b: "14.1X53-D40") &lt; 0) &&
           (revcomp(a: version, b: "14.1X53") &gt;= 0)) {
    report = report_fixed_ver(installed_version: version, fixed_version: "14.1X53-D40");
    security_message(port: 0, data: report);
    exit(0);
  }
  else if ((revcomp(a: version, b: "14.2R8") &lt; 0) &&
           (revcomp(a: version, b: "14.2") &gt;= 0)) {
    report = report_fixed_ver(installed_version: version, fixed_version: "14.2R8");
    security_message(port: 0, data: report);
    exit(0);
  }
}

if (version =~ "^13") {
  if (revcomp(a: version, b: "13.3R10") &lt; 0) {
    report = report_fixed_ver(installed_version: version, fixed_version: "13.3R10");
    security_message(port: 0, data: report);
    exit(0);
  }
}

exit(99);

JSON Vulners Source

Initial Source

{"id": "OPENVAS:1361412562310106355", "type": "openvas", "bulletinFamily": "scanner", "title": "Junos Multiple OpenSSL Vulnerabilities", "description": "Junos OS is prone to multiple vulnerabilities in OpenSSL.", "published": "2016-10-14T00:00:00", "modified": "2018-10-29T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310106355", "reporter": "This script is Copyright (C) 2016 Greenbone Networks GmbH", "references": ["http://kb.juniper.net/JSA10759"], "cvelist": ["CVE-2016-2108", "CVE-2016-2105", "CVE-2016-2180", "CVE-2016-2109", "CVE-2016-2176", "CVE-2016-2106"], "lastseen": "2019-05-29T18:35:30", "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["AIX_OPENSSL_ADVISORY20.NASL", "SLACKWARE_SSA_2016-124-01.NASL", "UBUNTU_USN-2959-1.NASL", "OPENSUSE-2016-562.NASL", "FREEBSD_PKG_01D729CA114311E6B55EB499BAEBFEAF.NASL", "SUSE_SU-2016-1228-1.NASL", "DEBIAN_DLA-456.NASL", "ALA_ALAS-2016-695.NASL", "OPENSSL_1_0_1T.NASL", "OPENSSL_1_0_2H.NASL"]}, {"type": "aix", "idList": ["OPENSSL_ADVISORY20.ASC"]}, {"type": "cisco", "idList": ["CISCO-SA-20160504-OPENSSL"]}, {"type": "debian", "idList": ["DEBIAN:DSA-3566-1:D74F5", "DEBIAN:DLA-456-1:BB65D"]}, {"type": "openvas", "idList": ["OPENVAS:703566", "OPENVAS:1361412562310842729", "OPENVAS:1361412562310851308", "OPENVAS:1361412562310106262", "OPENVAS:1361412562310851309", "OPENVAS:1361412562310851295", "OPENVAS:1361412562310851299", "OPENVAS:1361412562310120684", "OPENVAS:1361412562310851297", "OPENVAS:1361412562310851289"]}, {"type": "cve", "idList": ["CVE-2016-2109", "CVE-2016-2105", "CVE-2016-2176", "CVE-2016-2180", "CVE-2016-2106", "CVE-2016-2108"]}, {"type": "android", "idList": ["ANDROID:CVE-2016-2108"]}, {"type": "slackware", "idList": ["SSA-2016-124-01"]}, {"type": "f5", "idList": ["SOL36488941", "F5:K51920288", "F5:K47145213", "F5:K36488941", "SOL47145213", "SOL07538415", "F5:K23230229", "F5:K07538415", "F5:K75152412", "F5:K02652550"]}, {"type": "huawei", "idList": ["HUAWEI-SA-20160706-01-OPENSSL"]}, {"type": "freebsd", "idList": ["01D729CA-1143-11E6-B55E-B499BAEBFEAF"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2016:1242-1", "OPENSUSE-SU-2016:1237-1", "SUSE-SU-2016:1360-1", "OPENSUSE-SU-2016:1243-1", "SUSE-SU-2016:1267-1", "SUSE-SU-2016:1290-1", "SUSE-SU-2016:1228-1", "SUSE-SU-2016:1231-1", "OPENSUSE-SU-2016:1273-1", "SUSE-SU-2016:1233-1"]}, {"type": "amazon", "idList": ["ALAS-2016-695"]}, {"type": "symantec", "idList": ["SMNTC-1363"]}, {"type": "ubuntu", "idList": ["USN-2959-1"]}, {"type": "paloalto", "idList": ["PAN-SA-2016-0023"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:F006390335E44CFEC69607A8E9BE3B62"]}, {"type": "archlinux", "idList": ["ASA-201605-3", "ASA-201605-4"]}, {"type": "hackerone", "idList": ["H1:221789"]}, {"type": "oraclelinux", "idList": ["ELSA-2016-3576", "ELSA-2016-0722"]}, {"type": "redhat", "idList": ["RHSA-2016:0722"]}], "modified": "2019-05-29T18:35:30", "rev": 2}, "score": {"value": 8.0, "vector": "NONE", "modified": "2019-05-29T18:35:30", "rev": 2}, "vulnersScore": 8.0}, "pluginID": "1361412562310106355", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_junos_cve-2016-2105.nasl 12149 2018-10-29 10:48:30Z asteins $\n#\n# Junos Multiple OpenSSL Vulnerabilities\n#\n# Authors:\n# Christian Kuersteiner <christian.kuersteiner@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = 'cpe:/o:juniper:junos';\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.106355\");\n script_version(\"$Revision: 12149 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-29 11:48:30 +0100 (Mon, 29 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-10-14 09:51:23 +0700 (Fri, 14 Oct 2016)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_cve_id(\"CVE-2016-2105\", \"CVE-2016-2106\", \"CVE-2016-2108\", \"CVE-2016-2109\", \"CVE-2016-2176\",\n\"CVE-2016-2180\");\n\n script_name(\"Junos Multiple OpenSSL Vulnerabilities\");\n\n script_category(ACT_GATHER_INFO);\n\n script_family(\"JunOS Local Security Checks\");\n script_copyright(\"This script is Copyright (C) 2016 Greenbone Networks GmbH\");\n script_dependencies(\"gb_ssh_junos_get_version.nasl\", \"gb_junos_snmp_version.nasl\");\n script_mandatory_keys(\"Junos/Version\");\n\n script_tag(name:\"summary\", value:\"Junos OS is prone to multiple vulnerabilities in OpenSSL.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable OS build is present on the target host.\");\n\n script_tag(name:\"impact\", value:\"A remote attacker may execute arbitrary code or cause a denial of service\ncondition.\");\n\n script_tag(name:\"affected\", value:\"Junos OS 13.3, 14.1, 14.2 and 15.1\");\n\n script_tag(name:\"solution\", value:\"New builds of Junos OS software are available from Juniper.\");\n\n script_xref(name:\"URL\", value:\"http://kb.juniper.net/JSA10759\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"revisions-lib.inc\");\ninclude(\"version_func.inc\");\n\nif (!version = get_app_version(cpe: CPE, nofork: TRUE))\n exit(0);\n\nif (version =~ \"^15\") {\n if (revcomp(a: version, b: \"15.1F5-S4\") < 0) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"15.1F5-S4\");\n security_message(port: 0, data: report);\n exit(0);\n }\n else if ((revcomp(a: version, b: \"15.1F6-S2\") < 0) &&\n (revcomp(a: version, b: \"15.1F6\") >= 0)) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"15.1F6-S2\");\n security_message(port: 0, data: report);\n exit(0);\n }\n else if ((revcomp(a: version, b: \"15.1R4\") < 0) &&\n (revcomp(a: version, b: \"15.1R1\") >= 0)) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"15.1R4\");\n security_message(port: 0, data: report);\n exit(0);\n }\n else if ((revcomp(a: version, b: \"15.1X53-D50\") < 0) &&\n (revcomp(a: version, b: \"15.1X53\") >= 0)) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"15.1X53-D50\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nif (version =~ \"^14\") {\n if (revcomp(a: version, b: \"14.1R9\") < 0) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"14.1R9\");\n security_message(port: 0, data: report);\n exit(0);\n }\n else if ((revcomp(a: version, b: \"14.1X53-D40\") < 0) &&\n (revcomp(a: version, b: \"14.1X53\") >= 0)) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"14.1X53-D40\");\n security_message(port: 0, data: report);\n exit(0);\n }\n else if ((revcomp(a: version, b: \"14.2R8\") < 0) &&\n (revcomp(a: version, b: \"14.2\") >= 0)) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"14.2R8\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nif (version =~ \"^13\") {\n if (revcomp(a: version, b: \"13.3R10\") < 0) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"13.3R10\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nexit(99);\n", "naslFamily": "JunOS Local Security Checks", "immutableFields": []}

{"aix": [{"lastseen": "2019-05-29T19:19:12", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2108", "CVE-2016-2105", "CVE-2016-2109", "CVE-2016-2176", "CVE-2016-2106"], "description": "IBM SECURITY ADVISORY\n\nFirst Issued: Tue Jul 12 14:14:43 CDT 2016\n\nThe most recent version of this document is available here:\n\nhttp://aix.software.ibm.com/aix/efixes/security/openssl_advisory20.asc\nhttps://aix.software.ibm.com/aix/efixes/security/openssl_advisory20.asc\nftp://aix.software.ibm.com/aix/efixes/security/openssl_advisory20.asc\n\n\nSecurity Bulletin: Vulnerabilities in OpenSSL affect AIX (CVE-2016-2176 \n CVE-2016-2109 CVE-2016-2108 CVE-2016-2106 CVE-2016-2105)\n\n===============================================================================\n\nSUMMARY:\n\n This bulletin addresses CVE-2016-2176 CVE-2016-2109 CVE-2016-2108 \n CVE-2016-2106 CVE-2016-2105 for AIX.\n\n\n===============================================================================\n\nVULNERABILITY DETAILS:\n \n CVEID: CVE-2016-2176\n DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive\n information, by sending an overly long ASN.1 string to the \n X509_NAME_oneline() function. An attacker could exploit this vulnerability\n to return arbitrary stack data in the buffer.\n CVSS Base Score: 5.3\n CVSS Temporal Score: See \n https://exchange.xforce.ibmcloud.com/vulnerabilities/112858 for the \n current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:P)\n \n CVEID: CVE-2016-2109\n DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a \n memory allocation error. By reading specially crafted ASN.1 data from a BIO \n using functions such as d2i_CMS_bio(), an attacker could exploit this \n vulnerability to consume all available resources and exhaust memory.\n CVSS Base Score: 5.3\n CVSS Temporal Score: See \n https://exchange.xforce.ibmcloud.com/vulnerabilities/112857 for the \n current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:C)\n\n CVEID: CVE-2016-2108\n DESCRIPTION: OpenSSL could allow a remote attacker to execute arbitrary code\n on the system, caused by a buffer underflow when deserializing untrusted ASN.1\n structures and later reserializes them. An attacker could exploit this \n vulnerability to corrupt memory and trigger an out-of-bounds write and execute \n arbitrary code on the system.\n CVSS Base Score: 8.1\n CVSS Temporal Score: See \n https://exchange.xforce.ibmcloud.com/vulnerabilities/112853 for the \n current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)\n\n CVEID: CVE-2016-2106\n DESCRIPTION: OpenSSL is vulnerable to a heap-based buffer overflow, caused by \n improper bounds checking by the EVP_EncryptUpdate() function. By sending an overly \n long argument, a remote attacker could overflow a buffer and execute arbitrary \n code on the system or cause the application to crash.\n CVSS Base Score: 5.6\n CVSS Temporal Score: See \n https://exchange.xforce.ibmcloud.com/vulnerabilities/112856 for the \n current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n CVEID: CVE-2016-2105\n DESCRIPTION: OpenSSL is vulnerable to a heap-based buffer overflow, caused by \n improper bounds checking by the EVP_EncodeUpdate() function. By sending an overly \n long argument, a remote attacker could overflow a buffer and execute arbitrary \n code on the system or cause the application to crash.\n CVSS Base Score: 5.6\n CVSS Temporal Score: See \n https://exchange.xforce.ibmcloud.com/vulnerabilities/112855 for the \n current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n AFFECTED PRODUCTS AND VERSIONS:\n \n AIX 5.3, 6.1, 7.1, 7.2\n VIOS 2.2.x\n\n The following fileset levels are vulnerable:\n \n key_fileset = osrcaix\n\n Fileset Lower Level Upper Level KEY \n --------------------------------------------------\n openssl.base 0.9.8.401 0.9.8.2506 key_w_fs\n openssl.base 1.0.1.500 1.0.1.515 key_w_fs\n openssl.base 1.0.2.500 1.0.2.500 key_w_fs\n openssl.base 12.9.8.1100 12.9.8.2506 key_w_fs\n openssl.base 20.11.101.500 20.11.101.500 key_w_fs\n\n Note, 0.9.8.401 and 12.9.8.1100 are the Lowest OpenSSL version\n available in aix web download site. Even OpenSSL versions below \n this are impacted.\n\n Note: To find out whether the affected filesets are installed \n on your systems, refer to the lslpp command found in AIX user's guide.\n\n Example: lslpp -L | grep -i openssl.base\n\n REMEDIATION:\n\n A. FIXES\n\n A fix is available, and it can be downloaded from:\n\n https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=aixbp\n\n To extract the fixes from the tar file:\n\n For Openssl 1.0.1 version - \n zcat openssl-1.0.1.516.tar.Z | tar xvf -\n For Openssl 0.9.8 version - \n zcat openssl-0.9.8.2507.tar.Z | tar xvf -\n For Openssl 12.9.8 version - \n zcat openssl-12.9.8.2507.tar.Z | tar xvf -\n For Openssl 1.0.2 version - \n zcat openssl-1.0.2.800.tar.Z | tar xvf -\n For Openssl 20.11.101 version - \n zcat openssl-20.11.101.501.tar.Z | tar xvf - \n\n IMPORTANT: If possible, it is recommended that a mksysb backup\n of the system be created. Verify it is both bootable and\n readable before proceeding.\n\n Note that all the previously reported security vulnerability fixes is also\n included in above mentioned fileset level. Please refer to the readme file \n (provided along with the fileset) for the complete list of vulnerabilities fixed.\n\n To preview the fix installation:\n\n installp -apYd . openssl\n\n To install the fix package:\n\n installp -aXYd . openssl\n \n openssl dgst -sha1 -verify <pubkey_file> -signature <advisory_file>.sig <advisory_file>\n\n openssl dgst -sha1 -verify <pubkey_file> -signature <ifix_file>.sig <ifix_file>\n\n Published advisory OpenSSL signature file location:\n \n http://aix.software.ibm.com/aix/efixes/security/openssl_advisory20.asc.sig\n https://aix.software.ibm.com/aix/efixes/security/openssl_advisory20.asc.sig\n ftp://aix.software.ibm.com/aix/efixes/security/openssl_advisory20.asc.sig \n\n\n WORKAROUNDS AND MITIGATIONS:\n\n None.\n\n\n===============================================================================\n\nCONTACT US:\n\n Note: Keywords labeled as KEY in this document are used for parsing\n purposes.\n\n If you would like to receive AIX Security Advisories via email,\n please visit \"My Notifications\":\n\n http://www.ibm.com/support/mynotifications\n\n To view previously issued advisories, please visit:\n\n http://www14.software.ibm.com/webapp/set2/subscriptions/onvdq\n \n Comments regarding the content of this announcement can be\n directed to:\n\n security-alert@austin.ibm.com\n\n To obtain the OpenSSL public key that can be used to verify the\n signed advisories and ifixes:\n\n Download the key from our web page:\n\n http://www.ibm.com/systems/resources/systems_p_os_aix_security_pubkey.txt\n\n To obtain the PGP public key that can be used to communicate\n securely with the AIX Security Team via security-alert@austin.ibm.com you\n can :\n\n A. Download the key from our web page:\n\n http://www.ibm.com/systems/resources/systems_p_os_aix_security_pgppubkey.txt\n\n B. Download the key from a PGP Public Key Server. The key ID is:\n\n 0x28BFAA12\n\n Please contact your local IBM AIX support center for any\n assistance.\n\n\nREFERENCES:\n \n Note: Keywords labeled as KEY in this document are used for parsing purposes.\n\n eServer is a trademark of International Business Machines\n Corporation. IBM, AIX and pSeries are registered trademarks of\n International Business Machines Corporation. All other trademarks\n are property of their respective holders.\n\n Complete CVSS Guide: http://www.first.org/cvss/cvss-guide.html\n On-line Calculator V2: http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2\n\n X-Force Vulnerability Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/112858\n X-Force Vulnerability Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/112857\n X-Force Vulnerability Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/112853\n X-Force Vulnerability Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/112856\n X-Force Vulnerability Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/112855\n CVE-2016-2176 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2176\n CVE-2016-2109 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2109\n CVE-2016-2108 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2108\n CVE-2016-2106 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2106\n CVE-2016-2105 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2105\n\n \n\n\nACKNOWLEDGEMENTS:\n\n None.\n\n\nCHANGE HISTORY:\n\n First Issued: Tue Jul 12 14:14:43 CDT 2016\n\n===============================================================================\n\n*The CVSS Environment Score is customer environment specific and will \nultimately impact the Overall CVSS Score. Customers can evaluate the impact \nof this vulnerability in their environments by accessing the links in the \nReference section of this Security Bulletin. \n\nDisclaimer\nAccording to the Forum of Incident Response and Security Teams (FIRST), the \nCommon Vulnerability Scoring System (CVSS) is an \"industry open standard \ndesigned to convey vulnerability severity and help to determine urgency and \npriority of response.\" IBM PROVIDES THE CVSS SCORES \"AS IS\" WITHOUT WARRANTY \nOF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS \nFOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT \nOF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n", "edition": 4, "modified": "2016-07-12T14:14:43", "published": "2016-07-12T14:14:43", "id": "OPENSSL_ADVISORY20.ASC", "href": "https://aix.software.ibm.com/aix/efixes/security/openssl_advisory20.asc", "title": "Vulnerabilities in OpenSSL affect AIX", "type": "aix", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-01-06T09:18:37", "description": "The version of OpenSSL installed on the remote AIX host is affected by\nthe following vulnerabilities :\n\n - A heap buffer overflow condition exists in the\n EVP_EncodeUpdate() function within file\n crypto/evp/encode.c that is triggered when handling\n a large amount of input data. An unauthenticated, remote\n attacker can exploit this to cause a denial of service\n condition. (CVE-2016-2105)\n\n - A heap buffer overflow condition exists in the\n EVP_EncryptUpdate() function within file\n crypto/evp/evp_enc.c that is triggered when handling a\n large amount of input data after a previous call occurs\n to the same function with a partial block. An\n unauthenticated, remote attacker can exploit this to\n cause a denial of service condition. (CVE-2016-2106)\n\n - A remote code execution vulnerability exists in the\n ASN.1 encoder due to an underflow condition that occurs\n when attempting to encode the value zero represented as\n a negative integer. An unauthenticated, remote attacker\n can exploit this to corrupt memory, resulting in the\n execution of arbitrary code. (CVE-2016-2108)\n\n - Multiple unspecified flaws exist in the d2i BIO\n functions when reading ASN.1 data from a BIO due to\n invalid encoding causing a large allocation of memory.\n An unauthenticated, remote attacker can exploit these to\n cause a denial of service condition through resource\n exhaustion. (CVE-2016-2109)\n\n - An out-of-bounds read error exists in the\n X509_NAME_oneline() function within file\n crypto/x509/x509_obj.c when handling very long ASN1\n strings. An unauthenticated, remote attacker can exploit\n this to disclose the contents of stack memory.\n (CVE-2016-2176)", "edition": 29, "published": "2016-07-15T00:00:00", "title": "AIX OpenSSL Advisory : openssl_advisory20.asc", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2108", "CVE-2016-2105", "CVE-2016-2109", "CVE-2016-2176", "CVE-2016-2106"], "modified": "2016-07-15T00:00:00", "cpe": ["cpe:/a:openssl:openssl", "cpe:/o:ibm:aix"], "id": "AIX_OPENSSL_ADVISORY20.NASL", "href": "https://www.tenable.com/plugins/nessus/92323", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(92323);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\n \"CVE-2016-2105\",\n \"CVE-2016-2106\",\n \"CVE-2016-2108\",\n \"CVE-2016-2109\",\n \"CVE-2016-2176\"\n );\n script_bugtraq_id(\n 87940,\n 89744,\n 89746,\n 89752,\n 89757\n );\n\n script_name(english:\"AIX OpenSSL Advisory : openssl_advisory20.asc\");\n script_summary(english:\"Checks the version of the OpenSSL packages and iFixes.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AIX host has a version of OpenSSL installed that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of OpenSSL installed on the remote AIX host is affected by\nthe following vulnerabilities :\n\n - A heap buffer overflow condition exists in the\n EVP_EncodeUpdate() function within file\n crypto/evp/encode.c that is triggered when handling\n a large amount of input data. An unauthenticated, remote\n attacker can exploit this to cause a denial of service\n condition. (CVE-2016-2105)\n\n - A heap buffer overflow condition exists in the\n EVP_EncryptUpdate() function within file\n crypto/evp/evp_enc.c that is triggered when handling a\n large amount of input data after a previous call occurs\n to the same function with a partial block. An\n unauthenticated, remote attacker can exploit this to\n cause a denial of service condition. (CVE-2016-2106)\n\n - A remote code execution vulnerability exists in the\n ASN.1 encoder due to an underflow condition that occurs\n when attempting to encode the value zero represented as\n a negative integer. An unauthenticated, remote attacker\n can exploit this to corrupt memory, resulting in the\n execution of arbitrary code. (CVE-2016-2108)\n\n - Multiple unspecified flaws exist in the d2i BIO\n functions when reading ASN.1 data from a BIO due to\n invalid encoding causing a large allocation of memory.\n An unauthenticated, remote attacker can exploit these to\n cause a denial of service condition through resource\n exhaustion. (CVE-2016-2109)\n\n - An out-of-bounds read error exists in the\n X509_NAME_oneline() function within file\n crypto/x509/x509_obj.c when handling very long ASN1\n strings. An unauthenticated, remote attacker can exploit\n this to disclose the contents of stack memory.\n (CVE-2016-2176)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://aix.software.ibm.com/aix/efixes/security/openssl_advisory20.asc\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20160503.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"A fix is available and can be downloaded from the IBM AIX website.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openssl:openssl\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"AIX Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\");\n\n exit(0);\n}\n\ninclude(\"aix.inc\");\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\noslevel = get_kb_item_or_exit(\"Host/AIX/version\");\nif ( oslevel != \"AIX-5.3\" && oslevel != \"AIX-6.1\" && oslevel != \"AIX-7.1\" && oslevel != \"AIX-7.2\" )\n{\n oslevel = ereg_replace(string:oslevel, pattern:\"-\", replace:\" \");\n audit(AUDIT_OS_NOT, \"AIX 5.3 / 6.1 / 7.1 / 7.2\", oslevel);\n}\n\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nflag = 0;\n\n#0.9.8.2507\nif (aix_check_package(release:\"5.3\", package:\"openssl.base\", minpackagever:\"0.9.8.401\", maxpackagever:\"0.9.8.2506\", fixpackagever:\"12.9.8.2507\") > 0) flag++;\nif (aix_check_package(release:\"6.1\", package:\"openssl.base\", minpackagever:\"0.9.8.401\", maxpackagever:\"0.9.8.2506\", fixpackagever:\"12.9.8.2507\") > 0) flag++;\nif (aix_check_package(release:\"7.1\", package:\"openssl.base\", minpackagever:\"0.9.8.401\", maxpackagever:\"0.9.8.2506\", fixpackagever:\"12.9.8.2507\") > 0) flag++;\nif (aix_check_package(release:\"7.2\", package:\"openssl.base\", minpackagever:\"0.9.8.401\", maxpackagever:\"0.9.8.2506\", fixpackagever:\"12.9.8.2507\") > 0) flag++;\n\n#12.9.8.2507\nif (aix_check_package(release:\"5.3\", package:\"openssl.base\", minpackagever:\"12.9.8.1100\", maxpackagever:\"12.9.8.2506\", fixpackagever:\"12.9.8.2507\") > 0) flag++;\nif (aix_check_package(release:\"6.1\", package:\"openssl.base\", minpackagever:\"12.9.8.1100\", maxpackagever:\"12.9.8.2506\", fixpackagever:\"12.9.8.2507\") > 0) flag++;\nif (aix_check_package(release:\"7.1\", package:\"openssl.base\", minpackagever:\"12.9.8.1100\", maxpackagever:\"12.9.8.2506\", fixpackagever:\"12.9.8.2507\") > 0) flag++;\nif (aix_check_package(release:\"7.2\", package:\"openssl.base\", minpackagever:\"12.9.8.1100\", maxpackagever:\"12.9.8.2506\", fixpackagever:\"12.9.8.2507\") > 0) flag++;\n\n#1.0.1.516\nif (aix_check_package(release:\"5.3\", package:\"openssl.base\", minpackagever:\"1.0.1.500\", maxpackagever:\"1.0.1.515\", fixpackagever:\"1.0.1.516\") > 0) flag++;\nif (aix_check_package(release:\"6.1\", package:\"openssl.base\", minpackagever:\"1.0.1.500\", maxpackagever:\"1.0.1.515\", fixpackagever:\"1.0.1.516\") > 0) flag++;\nif (aix_check_package(release:\"7.1\", package:\"openssl.base\", minpackagever:\"1.0.1.500\", maxpackagever:\"1.0.1.515\", fixpackagever:\"1.0.1.516\") > 0) flag++;\nif (aix_check_package(release:\"7.2\", package:\"openssl.base\", minpackagever:\"1.0.1.500\", maxpackagever:\"1.0.1.515\", fixpackagever:\"1.0.1.516\") > 0) flag++;\n\n#1.0.2.800\nif (aix_check_package(release:\"5.3\", package:\"openssl.base\", minpackagever:\"1.0.2.500\", maxpackagever:\"1.0.2.799\", fixpackagever:\"1.0.2.800\") > 0) flag++;\nif (aix_check_package(release:\"6.1\", package:\"openssl.base\", minpackagever:\"1.0.2.500\", maxpackagever:\"1.0.2.799\", fixpackagever:\"1.0.2.800\") > 0) flag++;\nif (aix_check_package(release:\"7.1\", package:\"openssl.base\", minpackagever:\"1.0.2.500\", maxpackagever:\"1.0.2.799\", fixpackagever:\"1.0.2.800\") > 0) flag++;\nif (aix_check_package(release:\"7.2\", package:\"openssl.base\", minpackagever:\"1.0.2.500\", maxpackagever:\"1.0.2.799\", fixpackagever:\"1.0.2.800\") > 0) flag++;\n\n#20.11.101.501\nif (aix_check_package(release:\"5.3\", package:\"openssl.base\", minpackagever:\"20.11.101.500\", maxpackagever:\"20.11.101.500\", fixpackagever:\"20.11.101.501\") > 0) flag++;\nif (aix_check_package(release:\"6.1\", package:\"openssl.base\", minpackagever:\"20.11.101.500\", maxpackagever:\"20.11.101.500\", fixpackagever:\"20.11.101.501\") > 0) flag++;\nif (aix_check_package(release:\"7.1\", package:\"openssl.base\", minpackagever:\"20.11.101.500\", maxpackagever:\"20.11.101.500\", fixpackagever:\"20.11.101.501\") > 0) flag++;\nif (aix_check_package(release:\"7.2\", package:\"openssl.base\", minpackagever:\"20.11.101.500\", maxpackagever:\"20.11.101.500\", fixpackagever:\"20.11.101.501\") > 0) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : aix_report_get()\n );\n}\nelse\n{\n tested = aix_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl.base\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T09:10:53", "description": "New openssl packages are available for Slackware 14.0, 14.1, and\n-current to fix security issues.", "edition": 22, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-05-04T00:00:00", "title": "Slackware 14.0 / 14.1 / current : openssl (SSA:2016-124-01)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2108", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2176", "CVE-2016-2106"], "modified": "2016-05-04T00:00:00", "cpe": ["cpe:/o:slackware:slackware_linux:14.1", "p-cpe:/a:slackware:slackware_linux:openssl", "cpe:/o:slackware:slackware_linux:14.0", "p-cpe:/a:slackware:slackware_linux:openssl-solibs", "cpe:/o:slackware:slackware_linux"], "id": "SLACKWARE_SSA_2016-124-01.NASL", "href": "https://www.tenable.com/plugins/nessus/90863", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2016-124-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90863);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-2105\", \"CVE-2016-2106\", \"CVE-2016-2107\", \"CVE-2016-2108\", \"CVE-2016-2109\", \"CVE-2016-2176\");\n script_xref(name:\"SSA\", value:\"2016-124-01\");\n\n script_name(english:\"Slackware 14.0 / 14.1 / current : openssl (SSA:2016-124-01)\");\n script_summary(english:\"Checks for updated packages in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New openssl packages are available for Slackware 14.0, 14.1, and\n-current to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.542103\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ddcc7818\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl and / or openssl-solibs packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:openssl-solibs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"14.0\", pkgname:\"openssl\", pkgver:\"1.0.1t\", pkgarch:\"i486\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", pkgname:\"openssl-solibs\", pkgver:\"1.0.1t\", pkgarch:\"i486\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"openssl\", pkgver:\"1.0.1t\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"openssl-solibs\", pkgver:\"1.0.1t\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.0\")) flag++;\n\nif (slackware_check(osver:\"14.1\", pkgname:\"openssl\", pkgver:\"1.0.1t\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", pkgname:\"openssl-solibs\", pkgver:\"1.0.1t\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"openssl\", pkgver:\"1.0.1t\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"openssl-solibs\", pkgver:\"1.0.1t\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"openssl\", pkgver:\"1.0.2h\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", pkgname:\"openssl-solibs\", pkgver:\"1.0.2h\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"openssl\", pkgver:\"1.0.2h\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"openssl-solibs\", pkgver:\"1.0.2h\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T10:46:44", "description": "OpenSSL reports :\n\nMemory corruption in the ASN.1 encoder\n\nPadding oracle in AES-NI CBC MAC check\n\nEVP_EncodeUpdate overflow\n\nEVP_EncryptUpdate overflow\n\nASN.1 BIO excessive memory allocation\n\nEBCDIC overread (OpenSSL only)", "edition": 23, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-05-04T00:00:00", "title": "FreeBSD : OpenSSL -- multiple vulnerabilities (01d729ca-1143-11e6-b55e-b499baebfeaf)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2108", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2176", "CVE-2016-2106"], "modified": "2016-05-04T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:libressl-devel", "p-cpe:/a:freebsd:freebsd:linux-c6-openssl", "cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:libressl", "p-cpe:/a:freebsd:freebsd:openssl"], "id": "FREEBSD_PKG_01D729CA114311E6B55EB499BAEBFEAF.NASL", "href": "https://www.tenable.com/plugins/nessus/90876", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90876);\n script_version(\"2.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-2105\", \"CVE-2016-2106\", \"CVE-2016-2107\", \"CVE-2016-2108\", \"CVE-2016-2109\", \"CVE-2016-2176\");\n script_xref(name:\"FreeBSD\", value:\"SA-16:17.openssl\");\n\n script_name(english:\"FreeBSD : OpenSSL -- multiple vulnerabilities (01d729ca-1143-11e6-b55e-b499baebfeaf)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"OpenSSL reports :\n\nMemory corruption in the ASN.1 encoder\n\nPadding oracle in AES-NI CBC MAC check\n\nEVP_EncodeUpdate overflow\n\nEVP_EncryptUpdate overflow\n\nASN.1 BIO excessive memory allocation\n\nEBCDIC overread (OpenSSL only)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openssl.org/news/secadv/20160503.txt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://marc.info/?l=openbsd-tech&m=146228598730414\"\n );\n # https://vuxml.freebsd.org/freebsd/01d729ca-1143-11e6-b55e-b499baebfeaf.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7231d985\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:libressl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:libressl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-c6-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"openssl<1.0.2_11\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-c6-openssl<1.0.1e_8\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"libressl>=2.3.0<2.3.4\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"libressl<2.2.7\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"libressl-devel<2.3.4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T09:43:46", "description": "Several vulnerabilities were discovered in OpenSSL, a Secure Socket\nLayer toolkit.\n\nCVE-2016-2105\n\nGuido Vranken discovered that an overflow can occur in the function\nEVP_EncodeUpdate(), used for Base64 encoding, if an attacker can\nsupply a large amount of data. This could lead to a heap corruption.\n\nCVE-2016-2106\n\nGuido Vranken discovered that an overflow can occur in the function\nEVP_EncryptUpdate() if an attacker can supply a large amount of data.\nThis could lead to a heap corruption.\n\nCVE-2016-2107\n\nJuraj Somorovsky discovered a padding oracle in the AES CBC cipher\nimplementation based on the AES-NI instruction set. This could allow\nan attacker to decrypt TLS traffic encrypted with one of the cipher\nsuites based on AES CBC.\n\nCVE-2016-2108\n\nDavid Benjamin from Google discovered that two separate bugs in the\nASN.1 encoder, related to handling of negative zero integer values and\nlarge universal tags, could lead to an out-of-bounds write.\n\nCVE-2016-2109\n\nBrian Carpenter discovered that when ASN.1 data is read from a BIO\nusing functions such as d2i_CMS_bio(), a short invalid encoding can\ncasuse allocation of large amounts of memory potentially consuming\nexcessive resources or exhausting memory.\n\nCVE-2016-2176\n\nGuido Vranken discovered that ASN.1 Strings that are over 1024 bytes\ncan cause an overread in applications using the X509_NAME_oneline()\nfunction on EBCDIC systems. This could result in arbitrary stack data\nbeing returned in the buffer.\n\nAdditional information about these issues can be found in the OpenSSL\nsecurity advisory at https://www.openssl.org/news/secadv/20160503.txt\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 16, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-05-04T00:00:00", "title": "Debian DLA-456-1 : openssl security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2108", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2176", "CVE-2016-2106"], "modified": "2016-05-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libssl1.0.0", "p-cpe:/a:debian:debian_linux:libssl-dev", "p-cpe:/a:debian:debian_linux:libssl-doc", "cpe:/o:debian:debian_linux:7.0", "p-cpe:/a:debian:debian_linux:libssl1.0.0-dbg", "p-cpe:/a:debian:debian_linux:openssl"], "id": "DEBIAN_DLA-456.NASL", "href": "https://www.tenable.com/plugins/nessus/90874", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-456-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90874);\n script_version(\"2.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-2105\", \"CVE-2016-2106\", \"CVE-2016-2107\", \"CVE-2016-2108\", \"CVE-2016-2109\", \"CVE-2016-2176\");\n\n script_name(english:\"Debian DLA-456-1 : openssl security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were discovered in OpenSSL, a Secure Socket\nLayer toolkit.\n\nCVE-2016-2105\n\nGuido Vranken discovered that an overflow can occur in the function\nEVP_EncodeUpdate(), used for Base64 encoding, if an attacker can\nsupply a large amount of data. This could lead to a heap corruption.\n\nCVE-2016-2106\n\nGuido Vranken discovered that an overflow can occur in the function\nEVP_EncryptUpdate() if an attacker can supply a large amount of data.\nThis could lead to a heap corruption.\n\nCVE-2016-2107\n\nJuraj Somorovsky discovered a padding oracle in the AES CBC cipher\nimplementation based on the AES-NI instruction set. This could allow\nan attacker to decrypt TLS traffic encrypted with one of the cipher\nsuites based on AES CBC.\n\nCVE-2016-2108\n\nDavid Benjamin from Google discovered that two separate bugs in the\nASN.1 encoder, related to handling of negative zero integer values and\nlarge universal tags, could lead to an out-of-bounds write.\n\nCVE-2016-2109\n\nBrian Carpenter discovered that when ASN.1 data is read from a BIO\nusing functions such as d2i_CMS_bio(), a short invalid encoding can\ncasuse allocation of large amounts of memory potentially consuming\nexcessive resources or exhausting memory.\n\nCVE-2016-2176\n\nGuido Vranken discovered that ASN.1 Strings that are over 1024 bytes\ncan cause an overread in applications using the X509_NAME_oneline()\nfunction on EBCDIC systems. This could result in arbitrary stack data\nbeing returned in the buffer.\n\nAdditional information about these issues can be found in the OpenSSL\nsecurity advisory at https://www.openssl.org/news/secadv/20160503.txt\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2016/05/msg00006.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/openssl\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openssl.org/news/secadv/20160503.txt\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libssl-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libssl-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libssl1.0.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libssl1.0.0-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libssl-dev\", reference:\"1.0.1e-2+deb7u21\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libssl-doc\", reference:\"1.0.1e-2+deb7u21\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libssl1.0.0\", reference:\"1.0.1e-2+deb7u21\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libssl1.0.0-dbg\", reference:\"1.0.1e-2+deb7u21\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"openssl\", reference:\"1.0.1e-2+deb7u21\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-04-01T04:55:15", "description": "According to its banner, the remote host is running a version of\nOpenSSL 1.0.1 prior to 1.0.1t. It is, therefore, affected by the\nfollowing vulnerabilities :\n\n - A heap buffer overflow condition exists in the\n EVP_EncodeUpdate() function within file\n crypto/evp/encode.c that is triggered when handling\n a large amount of input data. An unauthenticated, remote\n attacker can exploit this to cause a denial of service\n condition. (CVE-2016-2105)\n\n - A heap buffer overflow condition exists in the\n EVP_EncryptUpdate() function within file\n crypto/evp/evp_enc.c that is triggered when handling a\n large amount of input data after a previous call occurs\n to the same function with a partial block. An\n unauthenticated, remote attacker can exploit this to\n cause a denial of service condition. (CVE-2016-2106)\n\n - Flaws exist in the aesni_cbc_hmac_sha1_cipher()\n function in file crypto/evp/e_aes_cbc_hmac_sha1.c and\n the aesni_cbc_hmac_sha256_cipher() function in file\n crypto/evp/e_aes_cbc_hmac_sha256.c that are triggered\n when the connection uses an AES-CBC cipher and AES-NI\n is supported by the server. A man-in-the-middle attacker\n can exploit these to conduct a padding oracle attack,\n resulting in the ability to decrypt the network traffic.\n (CVE-2016-2107)\n\n - Multiple unspecified flaws exist in the d2i BIO\n functions when reading ASN.1 data from a BIO due to\n invalid encoding causing a large allocation of memory.\n An unauthenticated, remote attacker can exploit these to\n cause a denial of service condition through resource\n exhaustion. (CVE-2016-2109)\n\n - An out-of-bounds read error exists in the\n X509_NAME_oneline() function within file\n crypto/x509/x509_obj.c when handling very long ASN1\n strings. An unauthenticated, remote attacker can exploit\n this to disclose the contents of stack memory.\n (CVE-2016-2176)", "edition": 29, "cvss3": {"score": 8.2, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"}, "published": "2016-05-04T00:00:00", "title": "OpenSSL 1.0.1 < 1.0.1t Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2176", "CVE-2016-2106"], "modified": "2021-04-02T00:00:00", "cpe": ["cpe:/a:openssl:openssl"], "id": "OPENSSL_1_0_1T.NASL", "href": "https://www.tenable.com/plugins/nessus/90890", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90890);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/11/20\");\n\n script_cve_id(\n \"CVE-2016-2105\",\n \"CVE-2016-2106\",\n \"CVE-2016-2107\",\n \"CVE-2016-2109\",\n \"CVE-2016-2176\"\n );\n script_bugtraq_id(\n 87940,\n 89744,\n 89746,\n 89757,\n 89760\n );\n script_xref(name:\"EDB-ID\", value:\"39768\");\n\n script_name(english:\"OpenSSL 1.0.1 < 1.0.1t Multiple Vulnerabilities\");\n script_summary(english:\"Performs a banner check.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote service is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the remote host is running a version of\nOpenSSL 1.0.1 prior to 1.0.1t. It is, therefore, affected by the\nfollowing vulnerabilities :\n\n - A heap buffer overflow condition exists in the\n EVP_EncodeUpdate() function within file\n crypto/evp/encode.c that is triggered when handling\n a large amount of input data. An unauthenticated, remote\n attacker can exploit this to cause a denial of service\n condition. (CVE-2016-2105)\n\n - A heap buffer overflow condition exists in the\n EVP_EncryptUpdate() function within file\n crypto/evp/evp_enc.c that is triggered when handling a\n large amount of input data after a previous call occurs\n to the same function with a partial block. An\n unauthenticated, remote attacker can exploit this to\n cause a denial of service condition. (CVE-2016-2106)\n\n - Flaws exist in the aesni_cbc_hmac_sha1_cipher()\n function in file crypto/evp/e_aes_cbc_hmac_sha1.c and\n the aesni_cbc_hmac_sha256_cipher() function in file\n crypto/evp/e_aes_cbc_hmac_sha256.c that are triggered\n when the connection uses an AES-CBC cipher and AES-NI\n is supported by the server. A man-in-the-middle attacker\n can exploit these to conduct a padding oracle attack,\n resulting in the ability to decrypt the network traffic.\n (CVE-2016-2107)\n\n - Multiple unspecified flaws exist in the d2i BIO\n functions when reading ASN.1 data from a BIO due to\n invalid encoding causing a large allocation of memory.\n An unauthenticated, remote attacker can exploit these to\n cause a denial of service condition through resource\n exhaustion. (CVE-2016-2109)\n\n - An out-of-bounds read error exists in the\n X509_NAME_oneline() function within file\n crypto/x509/x509_obj.c when handling very long ASN1\n strings. An unauthenticated, remote attacker can exploit\n this to disclose the contents of stack memory.\n (CVE-2016-2176)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20160503.txt\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/cl101.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to OpenSSL version 1.0.1t or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-2176\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openssl:openssl\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"openssl_version.nasl\");\n script_require_keys(\"openssl/port\");\n\n exit(0);\n}\n\ninclude(\"openssl_version.inc\");\n\nopenssl_check_version(fixed:'1.0.1t', min:\"1.0.1\", severity:SECURITY_WARNING);\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2021-04-01T04:55:18", "description": "According to its banner, the remote host is running a version of\nOpenSSL 1.0.2 prior to 1.0.2h. It is, therefore, affected by the\nfollowing vulnerabilities :\n\n - A heap buffer overflow condition exists in the\n EVP_EncodeUpdate() function within file\n crypto/evp/encode.c that is triggered when handling\n a large amount of input data. An unauthenticated, remote\n attacker can exploit this to cause a denial of service\n condition. (CVE-2016-2105)\n\n - A heap buffer overflow condition exists in the\n EVP_EncryptUpdate() function within file\n crypto/evp/evp_enc.c that is triggered when handling a\n large amount of input data after a previous call occurs\n to the same function with a partial block. An\n unauthenticated, remote attacker can exploit this to\n cause a denial of service condition. (CVE-2016-2106)\n\n - Flaws exist in the aesni_cbc_hmac_sha1_cipher()\n function in file crypto/evp/e_aes_cbc_hmac_sha1.c and\n the aesni_cbc_hmac_sha256_cipher() function in file\n crypto/evp/e_aes_cbc_hmac_sha256.c that are triggered\n when the connection uses an AES-CBC cipher and AES-NI\n is supported by the server. A man-in-the-middle attacker\n can exploit these to conduct a padding oracle attack,\n resulting in the ability to decrypt the network traffic.\n (CVE-2016-2107)\n\n - Multiple unspecified flaws exist in the d2i BIO\n functions when reading ASN.1 data from a BIO due to\n invalid encoding causing a large allocation of memory.\n An unauthenticated, remote attacker can exploit these to\n cause a denial of service condition through resource\n exhaustion. (CVE-2016-2109)\n\n - An out-of-bounds read error exists in the\n X509_NAME_oneline() function within file\n crypto/x509/x509_obj.c when handling very long ASN1\n strings. An unauthenticated, remote attacker can exploit\n this to disclose the contents of stack memory.\n (CVE-2016-2176)", "edition": 29, "cvss3": {"score": 8.2, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"}, "published": "2016-05-04T00:00:00", "title": "OpenSSL 1.0.2 < 1.0.2h Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2176", "CVE-2016-2106"], "modified": "2021-04-02T00:00:00", "cpe": ["cpe:/a:openssl:openssl"], "id": "OPENSSL_1_0_2H.NASL", "href": "https://www.tenable.com/plugins/nessus/90891", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90891);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/11/20\");\n\n script_cve_id(\n \"CVE-2016-2105\",\n \"CVE-2016-2106\",\n \"CVE-2016-2107\",\n \"CVE-2016-2109\",\n \"CVE-2016-2176\"\n );\n script_bugtraq_id(\n 87940,\n 89744,\n 89746,\n 89757,\n 89760\n );\n script_xref(name:\"EDB-ID\", value:\"39768\");\n\n script_name(english:\"OpenSSL 1.0.2 < 1.0.2h Multiple Vulnerabilities\");\n script_summary(english:\"Performs a banner check.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote service is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the remote host is running a version of\nOpenSSL 1.0.2 prior to 1.0.2h. It is, therefore, affected by the\nfollowing vulnerabilities :\n\n - A heap buffer overflow condition exists in the\n EVP_EncodeUpdate() function within file\n crypto/evp/encode.c that is triggered when handling\n a large amount of input data. An unauthenticated, remote\n attacker can exploit this to cause a denial of service\n condition. (CVE-2016-2105)\n\n - A heap buffer overflow condition exists in the\n EVP_EncryptUpdate() function within file\n crypto/evp/evp_enc.c that is triggered when handling a\n large amount of input data after a previous call occurs\n to the same function with a partial block. An\n unauthenticated, remote attacker can exploit this to\n cause a denial of service condition. (CVE-2016-2106)\n\n - Flaws exist in the aesni_cbc_hmac_sha1_cipher()\n function in file crypto/evp/e_aes_cbc_hmac_sha1.c and\n the aesni_cbc_hmac_sha256_cipher() function in file\n crypto/evp/e_aes_cbc_hmac_sha256.c that are triggered\n when the connection uses an AES-CBC cipher and AES-NI\n is supported by the server. A man-in-the-middle attacker\n can exploit these to conduct a padding oracle attack,\n resulting in the ability to decrypt the network traffic.\n (CVE-2016-2107)\n\n - Multiple unspecified flaws exist in the d2i BIO\n functions when reading ASN.1 data from a BIO due to\n invalid encoding causing a large allocation of memory.\n An unauthenticated, remote attacker can exploit these to\n cause a denial of service condition through resource\n exhaustion. (CVE-2016-2109)\n\n - An out-of-bounds read error exists in the\n X509_NAME_oneline() function within file\n crypto/x509/x509_obj.c when handling very long ASN1\n strings. An unauthenticated, remote attacker can exploit\n this to disclose the contents of stack memory.\n (CVE-2016-2176)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20160503.txt\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/cl102.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to OpenSSL version 1.0.2h or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-2176\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openssl:openssl\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"openssl_version.nasl\");\n script_require_keys(\"openssl/port\");\n\n exit(0);\n}\n\ninclude(\"openssl_version.inc\");\n\nopenssl_check_version(fixed:'1.0.2h', min:\"1.0.2\", severity:SECURITY_WARNING);\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2021-01-20T14:45:38", "description": "This update for openssl fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2016-2108: Memory corruption in the ASN.1 encoder\n (bsc#977617)\n\n - CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614)\n\n - CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615)\n\n - CVE-2016-2109: ASN.1 BIO excessive memory allocation\n (bsc#976942)\n\n - CVE-2016-0702: Side channel attack on modular\n exponentiation 'CacheBleed' (bsc#968050)\n\nBugs fixed :\n\n - fate#320304: build 32bit devel package\n\n - bsc#976943: Fix buffer overrun in ASN1_parse\n\n - bsc#973223: allow weak DH groups, vulnerable to the\n logjam attack, when environment variable\n OPENSSL_ALLOW_LOGJAM_ATTACK is set\n\n - bsc#889013: Rename README.SuSE to the new spelling\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 26, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-05-16T00:00:00", "title": "SUSE SLES11 Security Update : openssl (SUSE-SU-2016:1290-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2108", "CVE-2016-2105", "CVE-2016-0702", "CVE-2016-2109", "CVE-2016-2106"], "modified": "2016-05-16T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:openssl-doc", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:libopenssl0_9_8", "p-cpe:/a:novell:suse_linux:libopenssl-devel", "p-cpe:/a:novell:suse_linux:openssl", "p-cpe:/a:novell:suse_linux:libopenssl0_9_8-hmac"], "id": "SUSE_SU-2016-1290-1.NASL", "href": "https://www.tenable.com/plugins/nessus/91158", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:1290-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91158);\n script_version(\"2.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-0702\", \"CVE-2016-2105\", \"CVE-2016-2106\", \"CVE-2016-2108\", \"CVE-2016-2109\");\n\n script_name(english:\"SUSE SLES11 Security Update : openssl (SUSE-SU-2016:1290-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for openssl fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2016-2108: Memory corruption in the ASN.1 encoder\n (bsc#977617)\n\n - CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614)\n\n - CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615)\n\n - CVE-2016-2109: ASN.1 BIO excessive memory allocation\n (bsc#976942)\n\n - CVE-2016-0702: Side channel attack on modular\n exponentiation 'CacheBleed' (bsc#968050)\n\nBugs fixed :\n\n - fate#320304: build 32bit devel package\n\n - bsc#976943: Fix buffer overrun in ASN1_parse\n\n - bsc#973223: allow weak DH groups, vulnerable to the\n logjam attack, when environment variable\n OPENSSL_ALLOW_LOGJAM_ATTACK is set\n\n - bsc#889013: Rename README.SuSE to the new spelling\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=889013\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=968050\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=976942\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=976943\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=977614\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=977615\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=977617\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-0702/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2105/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2106/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2108/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2109/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20161290-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?66635c17\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Studio Onsite 1.3 :\n\nzypper in -t patch slestso13-openssl-12557=1\n\nSUSE OpenStack Cloud 5 :\n\nzypper in -t patch sleclo50sp3-openssl-12557=1\n\nSUSE Manager Proxy 2.1 :\n\nzypper in -t patch slemap21-openssl-12557=1\n\nSUSE Manager 2.1 :\n\nzypper in -t patch sleman21-openssl-12557=1\n\nSUSE Linux Enterprise Software Development Kit 11-SP4 :\n\nzypper in -t patch sdksp4-openssl-12557=1\n\nSUSE Linux Enterprise Server 11-SP4 :\n\nzypper in -t patch slessp4-openssl-12557=1\n\nSUSE Linux Enterprise Server 11-SP3-LTSS :\n\nzypper in -t patch slessp3-openssl-12557=1\n\nSUSE Linux Enterprise Server 11-SP2-LTSS :\n\nzypper in -t patch slessp2-openssl-12557=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4 :\n\nzypper in -t patch dbgsp4-openssl-12557=1\n\nSUSE Linux Enterprise Debuginfo 11-SP3 :\n\nzypper in -t patch dbgsp3-openssl-12557=1\n\nSUSE Linux Enterprise Debuginfo 11-SP2 :\n\nzypper in -t patch dbgsp2-openssl-12557=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl0_9_8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl0_9_8-hmac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/03/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(2|3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP2/3/4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"libopenssl0_9_8-32bit-0.9.8j-0.97.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"libopenssl0_9_8-hmac-32bit-0.9.8j-0.97.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"libopenssl0_9_8-32bit-0.9.8j-0.97.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"libopenssl0_9_8-hmac-32bit-0.9.8j-0.97.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libopenssl0_9_8-0.9.8j-0.97.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libopenssl0_9_8-hmac-0.9.8j-0.97.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"openssl-0.9.8j-0.97.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"openssl-doc-0.9.8j-0.97.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"libopenssl0_9_8-32bit-0.9.8j-0.97.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"libopenssl0_9_8-hmac-32bit-0.9.8j-0.97.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"s390x\", reference:\"libopenssl0_9_8-32bit-0.9.8j-0.97.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"s390x\", reference:\"libopenssl0_9_8-hmac-32bit-0.9.8j-0.97.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"libopenssl-devel-0.9.8j-0.97.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"libopenssl0_9_8-0.9.8j-0.97.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"libopenssl0_9_8-hmac-0.9.8j-0.97.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"openssl-0.9.8j-0.97.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"openssl-doc-0.9.8j-0.97.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"x86_64\", reference:\"libopenssl0_9_8-32bit-0.9.8j-0.97.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"x86_64\", reference:\"libopenssl0_9_8-hmac-32bit-0.9.8j-0.97.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"s390x\", reference:\"libopenssl0_9_8-32bit-0.9.8j-0.97.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"s390x\", reference:\"libopenssl0_9_8-hmac-32bit-0.9.8j-0.97.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"libopenssl-devel-0.9.8j-0.97.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"libopenssl0_9_8-0.9.8j-0.97.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"libopenssl0_9_8-hmac-0.9.8j-0.97.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"openssl-0.9.8j-0.97.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"openssl-doc-0.9.8j-0.97.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-04-01T07:27:05", "description": "Huzaifa Sidhpurwala, Hanno Bock, and David Benjamin discovered that\nOpenSSL incorrectly handled memory when decoding ASN.1 structures. A\nremote attacker could use this issue to cause OpenSSL to crash,\nresulting in a denial of service, or possibly execute arbitrary code.\n(CVE-2016-2108)\n\nJuraj Somorovsky discovered that OpenSSL incorrectly performed padding\nwhen the connection uses the AES CBC cipher and the server supports\nAES-NI. A remote attacker could possibly use this issue to perform a\npadding oracle attack and decrypt traffic. (CVE-2016-2107)\n\nGuido Vranken discovered that OpenSSL incorrectly handled large\namounts of input data to the EVP_EncodeUpdate() function. A remote\nattacker could use this issue to cause OpenSSL to crash, resulting in\na denial of service, or possibly execute arbitrary code.\n(CVE-2016-2105)\n\nGuido Vranken discovered that OpenSSL incorrectly handled large\namounts of input data to the EVP_EncryptUpdate() function. A remote\nattacker could use this issue to cause OpenSSL to crash, resulting in\na denial of service, or possibly execute arbitrary code.\n(CVE-2016-2106)\n\nBrian Carpenter discovered that OpenSSL incorrectly handled memory\nwhen ASN.1 data is read from a BIO. A remote attacker could possibly\nuse this issue to cause memory consumption, resulting in a denial of\nservice. (CVE-2016-2109)\n\nAs a security improvement, this update also modifies OpenSSL behaviour\nto reject DH key sizes below 1024 bits, preventing a possible\ndowngrade attack.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 29, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-05-04T00:00:00", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 15.10 / 16.04 LTS : openssl vulnerabilities (USN-2959-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2108", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2106"], "modified": "2021-04-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libssl1.0.0", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:15.10", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-2959-1.NASL", "href": "https://www.tenable.com/plugins/nessus/90887", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2959-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90887);\n script_version(\"2.18\");\n script_cvs_date(\"Date: 2019/09/18 12:31:45\");\n\n script_cve_id(\"CVE-2016-2105\", \"CVE-2016-2106\", \"CVE-2016-2107\", \"CVE-2016-2108\", \"CVE-2016-2109\");\n script_xref(name:\"USN\", value:\"2959-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 15.10 / 16.04 LTS : openssl vulnerabilities (USN-2959-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Huzaifa Sidhpurwala, Hanno Bock, and David Benjamin discovered that\nOpenSSL incorrectly handled memory when decoding ASN.1 structures. A\nremote attacker could use this issue to cause OpenSSL to crash,\nresulting in a denial of service, or possibly execute arbitrary code.\n(CVE-2016-2108)\n\nJuraj Somorovsky discovered that OpenSSL incorrectly performed padding\nwhen the connection uses the AES CBC cipher and the server supports\nAES-NI. A remote attacker could possibly use this issue to perform a\npadding oracle attack and decrypt traffic. (CVE-2016-2107)\n\nGuido Vranken discovered that OpenSSL incorrectly handled large\namounts of input data to the EVP_EncodeUpdate() function. A remote\nattacker could use this issue to cause OpenSSL to crash, resulting in\na denial of service, or possibly execute arbitrary code.\n(CVE-2016-2105)\n\nGuido Vranken discovered that OpenSSL incorrectly handled large\namounts of input data to the EVP_EncryptUpdate() function. A remote\nattacker could use this issue to cause OpenSSL to crash, resulting in\na denial of service, or possibly execute arbitrary code.\n(CVE-2016-2106)\n\nBrian Carpenter discovered that OpenSSL incorrectly handled memory\nwhen ASN.1 data is read from a BIO. A remote attacker could possibly\nuse this issue to cause memory consumption, resulting in a denial of\nservice. (CVE-2016-2109)\n\nAs a security improvement, this update also modifies OpenSSL behaviour\nto reject DH key sizes below 1024 bits, preventing a possible\ndowngrade attack.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2959-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libssl1.0.0 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libssl1.0.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:15.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04|14\\.04|15\\.10|16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 15.10 / 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libssl1.0.0\", pkgver:\"1.0.1-4ubuntu5.36\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libssl1.0.0\", pkgver:\"1.0.1f-1ubuntu2.19\")) flag++;\nif (ubuntu_check(osver:\"15.10\", pkgname:\"libssl1.0.0\", pkgver:\"1.0.2d-0ubuntu1.5\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libssl1.0.0\", pkgver:\"1.0.2g-1ubuntu4.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libssl1.0.0\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T14:23:53", "description": "This update for openssl fixes the following issues :\n\n - CVE-2016-2108: Memory corruption in the ASN.1 encoder\n (bsc#977617)\n\n - CVE-2016-2107: Padding oracle in AES-NI CBC MAC check\n (bsc#977616)\n\n - CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614)\n\n - CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615)\n\n - CVE-2016-2109: ASN.1 BIO excessive memory allocation\n (bsc#976942)\n\n - bsc#976943: Buffer overrun in ASN1_parse\n\n - bsc#977621: Preserve negotiated digests for SNI\n (bsc#977621)\n\n - bsc#958501: Fix openssl enc -non-fips-allow option in\n FIPS mode (bsc#958501)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 28, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-05-05T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2016:1228-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2108", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2106"], "modified": "2016-05-05T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:openssl-debuginfo", "cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:libopenssl1_0_0-hmac", "p-cpe:/a:novell:suse_linux:libopenssl1_0_0-debuginfo", "p-cpe:/a:novell:suse_linux:openssl", "p-cpe:/a:novell:suse_linux:libopenssl1_0_0", "p-cpe:/a:novell:suse_linux:openssl-debugsource"], "id": "SUSE_SU-2016-1228-1.NASL", "href": "https://www.tenable.com/plugins/nessus/90913", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:1228-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90913);\n script_version(\"2.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-2105\", \"CVE-2016-2106\", \"CVE-2016-2107\", \"CVE-2016-2108\", \"CVE-2016-2109\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2016:1228-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for openssl fixes the following issues :\n\n - CVE-2016-2108: Memory corruption in the ASN.1 encoder\n (bsc#977617)\n\n - CVE-2016-2107: Padding oracle in AES-NI CBC MAC check\n (bsc#977616)\n\n - CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614)\n\n - CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615)\n\n - CVE-2016-2109: ASN.1 BIO excessive memory allocation\n (bsc#976942)\n\n - bsc#976943: Buffer overrun in ASN1_parse\n\n - bsc#977621: Preserve negotiated digests for SNI\n (bsc#977621)\n\n - bsc#958501: Fix openssl enc -non-fips-allow option in\n FIPS mode (bsc#958501)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=958501\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=976942\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=976943\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=977614\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=977615\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=977616\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=977617\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=977621\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2105/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2106/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2107/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2108/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2109/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20161228-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?91f413d4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12 :\n\nzypper in -t patch SUSE-SLE-SDK-12-2016-715=1\n\nSUSE Linux Enterprise Server 12 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-2016-715=1\n\nSUSE Linux Enterprise Desktop 12 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-2016-715=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_0_0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_0_0-hmac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libopenssl1_0_0-1.0.1i-27.16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libopenssl1_0_0-debuginfo-1.0.1i-27.16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libopenssl1_0_0-hmac-1.0.1i-27.16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"openssl-1.0.1i-27.16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"openssl-debuginfo-1.0.1i-27.16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"openssl-debugsource-1.0.1i-27.16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libopenssl1_0_0-32bit-1.0.1i-27.16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libopenssl1_0_0-debuginfo-32bit-1.0.1i-27.16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libopenssl1_0_0-hmac-32bit-1.0.1i-27.16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-1.0.1i-27.16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-32bit-1.0.1i-27.16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-debuginfo-1.0.1i-27.16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-debuginfo-32bit-1.0.1i-27.16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"openssl-1.0.1i-27.16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"openssl-debuginfo-1.0.1i-27.16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"openssl-debugsource-1.0.1i-27.16.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T12:30:24", "description": "This update for openssl fixes the following issues :\n\n - CVE-2016-2108: Memory corruption in the ASN.1 encoder\n (bsc#977617)\n\n - CVE-2016-2107: Padding oracle in AES-NI CBC MAC check\n (bsc#977616)\n\n - CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614)\n\n - CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615)\n\n - CVE-2016-2109: ASN.1 BIO excessive memory allocation\n (bsc#976942)\n\n - bsc#976943: Buffer overrun in ASN1_parse\n\n - bsc#977621: Preserve negotiated digests for SNI\n (bsc#977621)\n\n - bsc#958501: Fix openssl enc -non-fips-allow option in\n FIPS mode (bsc#958501)\n\nThis update was imported from the SUSE:SLE-12-SP1:Update update\nproject.", "edition": 18, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-05-06T00:00:00", "title": "openSUSE Security Update : openssl (openSUSE-2016-564)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2108", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2106"], "modified": "2016-05-06T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:openssl", "cpe:/o:novell:opensuse:42.1", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-32bit", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-hmac-32bit", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:openssl-debugsource", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-hmac", "p-cpe:/a:novell:opensuse:libopenssl-devel", "p-cpe:/a:novell:opensuse:openssl-debuginfo", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo", "p-cpe:/a:novell:opensuse:libopenssl-devel-32bit", "p-cpe:/a:novell:opensuse:libopenssl1_0_0"], "id": "OPENSUSE-2016-564.NASL", "href": "https://www.tenable.com/plugins/nessus/90934", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-564.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90934);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-2105\", \"CVE-2016-2106\", \"CVE-2016-2107\", \"CVE-2016-2108\", \"CVE-2016-2109\");\n\n script_name(english:\"openSUSE Security Update : openssl (openSUSE-2016-564)\");\n script_summary(english:\"Check for the openSUSE-2016-564 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for openssl fixes the following issues :\n\n - CVE-2016-2108: Memory corruption in the ASN.1 encoder\n (bsc#977617)\n\n - CVE-2016-2107: Padding oracle in AES-NI CBC MAC check\n (bsc#977616)\n\n - CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614)\n\n - CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615)\n\n - CVE-2016-2109: ASN.1 BIO excessive memory allocation\n (bsc#976942)\n\n - bsc#976943: Buffer overrun in ASN1_parse\n\n - bsc#977621: Preserve negotiated digests for SNI\n (bsc#977621)\n\n - bsc#958501: Fix openssl enc -non-fips-allow option in\n FIPS mode (bsc#958501)\n\nThis update was imported from the SUSE:SLE-12-SP1:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=958501\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=976942\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=976943\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=977614\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=977615\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=977616\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=977617\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=977621\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-hmac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-hmac-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libopenssl-devel-1.0.1i-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libopenssl1_0_0-1.0.1i-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libopenssl1_0_0-debuginfo-1.0.1i-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libopenssl1_0_0-hmac-1.0.1i-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"openssl-1.0.1i-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"openssl-debuginfo-1.0.1i-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"openssl-debugsource-1.0.1i-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libopenssl-devel-32bit-1.0.1i-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-32bit-1.0.1i-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-debuginfo-32bit-1.0.1i-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-hmac-32bit-1.0.1i-15.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libopenssl-devel / libopenssl-devel-32bit / libopenssl1_0_0 / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2021-02-02T06:28:04", "description": "The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to obtain sensitive information from process stack memory or cause a denial of service (buffer over-read) via crafted EBCDIC ASN.1 data.", "edition": 6, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 8.2, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 4.2}, "published": "2016-05-05T01:59:00", "title": "CVE-2016-2176", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2176"], "modified": "2018-07-19T01:29:00", "cpe": ["cpe:/a:openssl:openssl:1.0.2", "cpe:/a:openssl:openssl:1.0.2a", "cpe:/a:openssl:openssl:1.0.2c", "cpe:/a:openssl:openssl:1.0.2b", "cpe:/a:openssl:openssl:1.0.2f", "cpe:/a:openssl:openssl:1.0.2d", "cpe:/a:openssl:openssl:1.0.2e", "cpe:/a:openssl:openssl:1.0.1s", "cpe:/a:openssl:openssl:1.0.2g"], "id": "CVE-2016-2176", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2176", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}, "cpe23": ["cpe:2.3:a:openssl:openssl:1.0.2g:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1s:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:28:04", "description": "The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding.", "edition": 6, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-05-05T01:59:00", "title": "CVE-2016-2109", "type": "cve", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2109"], "modified": "2018-07-19T01:29:00", "cpe": ["cpe:/o:redhat:enterprise_linux_desktop:6.0", "cpe:/a:openssl:openssl:1.0.2", "cpe:/a:openssl:openssl:1.0.2a", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/a:openssl:openssl:1.0.2c", "cpe:/a:openssl:openssl:1.0.2b", "cpe:/a:openssl:openssl:1.0.2f", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/o:redhat:enterprise_linux_hpc_node:7.0", "cpe:/a:openssl:openssl:1.0.2d", "cpe:/o:redhat:enterprise_linux_server_aus:7.2", "cpe:/o:redhat:enterprise_linux_hpc_node:6.0", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/o:redhat:enterprise_linux_workstation:6.0", "cpe:/o:redhat:enterprise_linux_server_eus:7.2", "cpe:/o:redhat:enterprise_linux_server:6.0", "cpe:/a:openssl:openssl:1.0.2e", "cpe:/a:openssl:openssl:1.0.1s", "cpe:/o:redhat:enterprise_linux_hpc_node_eus:7.2", "cpe:/a:openssl:openssl:1.0.2g"], "id": "CVE-2016-2109", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2109", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:a:openssl:openssl:1.0.2g:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1s:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:28:04", "description": "The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation in OpenSSL through 1.0.2h allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted time-stamp file that is mishandled by the \"openssl ts\" command.", "edition": 5, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-08-01T02:59:00", "title": "CVE-2016-2180", "type": "cve", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2180"], "modified": "2019-12-27T16:08:00", "cpe": ["cpe:/o:oracle:linux:6", "cpe:/a:openssl:openssl:1.0.2h", "cpe:/a:openssl:openssl:1.0.1a", "cpe:/a:openssl:openssl:1.0.1", "cpe:/a:openssl:openssl:1.0.1e", "cpe:/a:openssl:openssl:1.0.1d", "cpe:/a:openssl:openssl:1.0.1o", "cpe:/a:openssl:openssl:1.0.1t", "cpe:/a:openssl:openssl:1.0.1g", "cpe:/a:openssl:openssl:1.0.1r", "cpe:/a:openssl:openssl:1.0.2", "cpe:/a:openssl:openssl:1.0.1q", "cpe:/a:openssl:openssl:1.0.2a", "cpe:/a:openssl:openssl:1.0.1b", "cpe:/a:openssl:openssl:1.0.1h", "cpe:/a:openssl:openssl:1.0.2c", "cpe:/a:openssl:openssl:1.0.2b", "cpe:/a:openssl:openssl:1.0.2f", "cpe:/a:openssl:openssl:1.0.1c", "cpe:/a:openssl:openssl:1.0.1i", "cpe:/a:openssl:openssl:1.0.1m", "cpe:/a:openssl:openssl:1.0.1n", "cpe:/a:openssl:openssl:1.0.2d", "cpe:/o:oracle:linux:7", "cpe:/a:openssl:openssl:1.0.1j", "cpe:/a:openssl:openssl:1.0.1f", "cpe:/a:openssl:openssl:1.0.1p", "cpe:/a:openssl:openssl:1.0.2e", "cpe:/a:openssl:openssl:1.0.1s", "cpe:/a:openssl:openssl:1.0.2g", "cpe:/a:openssl:openssl:1.0.1l", "cpe:/a:openssl:openssl:1.0.1k"], "id": "CVE-2016-2180", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2180", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:openssl:openssl:1.0.2h:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2g:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1p:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1r:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1q:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1t:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*", "cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1s:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*", "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:28:04", "description": "Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data.", "edition": 7, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-05-05T01:59:00", "title": "CVE-2016-2105", "type": "cve", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2105"], "modified": "2019-02-21T15:09:00", "cpe": ["cpe:/a:openssl:openssl:1.0.1a", "cpe:/a:oracle:mysql:5.7.12", "cpe:/a:openssl:openssl:1.0.1", "cpe:/a:openssl:openssl:1.0.1e", "cpe:/a:openssl:openssl:1.0.1d", "cpe:/a:openssl:openssl:1.0.1o", "cpe:/o:redhat:enterprise_linux_desktop:6.0", "cpe:/a:openssl:openssl:1.0.1g", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/a:openssl:openssl:1.0.1r", "cpe:/a:openssl:openssl:1.0.2", "cpe:/a:openssl:openssl:1.0.1q", "cpe:/a:openssl:openssl:1.0.2a", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/a:openssl:openssl:1.0.1b", "cpe:/a:openssl:openssl:1.0.1h", "cpe:/a:openssl:openssl:1.0.2c", "cpe:/o:canonical:ubuntu_linux:15.10", "cpe:/o:opensuse:opensuse:13.2", "cpe:/a:openssl:openssl:1.0.2b", "cpe:/a:openssl:openssl:1.0.2f", "cpe:/a:openssl:openssl:1.0.1c", "cpe:/o:opensuse:leap:42.1", "cpe:/a:openssl:openssl:1.0.1i", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/a:openssl:openssl:1.0.1m", "cpe:/a:openssl:openssl:1.0.1n", "cpe:/o:redhat:enterprise_linux_hpc_node:7.0", "cpe:/a:openssl:openssl:1.0.2d", "cpe:/o:redhat:enterprise_linux_server_aus:7.2", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/o:redhat:enterprise_linux_hpc_node:6", "cpe:/a:openssl:openssl:1.0.1j", "cpe:/a:openssl:openssl:1.0.1f", "cpe:/a:openssl:openssl:1.0.1p", "cpe:/o:redhat:enterprise_linux_workstation:6.0", "cpe:/o:redhat:enterprise_linux_server_eus:7.2", "cpe:/o:redhat:enterprise_linux_server:6.0", "cpe:/a:openssl:openssl:1.0.2e", "cpe:/a:openssl:openssl:1.0.1s", "cpe:/o:apple:mac_os_x:10.11.5", "cpe:/a:oracle:mysql:5.6.30", "cpe:/o:redhat:enterprise_linux_hpc_node_eus:7.2", "cpe:/a:openssl:openssl:1.0.2g", "cpe:/a:openssl:openssl:1.0.1l", "cpe:/a:openssl:openssl:1.0.1k", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2016-2105", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2105", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:redhat:enterprise_linux_hpc_node:6:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2g:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1p:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.7.12:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1r:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.6.30:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1q:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1s:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.11.5:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:28:04", "description": "Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data.", "edition": 6, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-05-05T01:59:00", "title": "CVE-2016-2106", "type": "cve", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2106"], "modified": "2018-07-19T01:29:00", "cpe": ["cpe:/o:redhat:enterprise_linux_desktop:6.0", "cpe:/a:openssl:openssl:1.0.2", "cpe:/a:openssl:openssl:1.0.2a", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/a:openssl:openssl:1.0.2c", "cpe:/a:openssl:openssl:1.0.2b", "cpe:/a:openssl:openssl:1.0.2f", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/o:redhat:enterprise_linux_hpc_node:7.0", "cpe:/a:openssl:openssl:1.0.2d", "cpe:/o:redhat:enterprise_linux_server_aus:7.2", "cpe:/o:redhat:enterprise_linux_hpc_node:6.0", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/o:redhat:enterprise_linux_workstation:6.0", "cpe:/o:redhat:enterprise_linux_server_eus:7.2", "cpe:/o:redhat:enterprise_linux_server:6.0", "cpe:/a:openssl:openssl:1.0.2e", "cpe:/a:openssl:openssl:1.0.1s", "cpe:/o:redhat:enterprise_linux_hpc_node_eus:7.2", "cpe:/a:openssl:openssl:1.0.2g"], "id": "CVE-2016-2106", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2106", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:openssl:openssl:1.0.2g:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1s:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:28:04", "description": "The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the \"negative zero\" issue.", "edition": 6, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-05-05T01:59:00", "title": "CVE-2016-2108", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2108"], "modified": "2018-01-05T02:30:00", "cpe": ["cpe:/o:google:android:6.0", "cpe:/o:google:android:5.1.0", "cpe:/o:google:android:4.2", "cpe:/o:google:android:4.1", "cpe:/o:redhat:enterprise_linux_desktop:6.0", "cpe:/o:google:android:4.4.2", "cpe:/o:google:android:4.0", "cpe:/o:google:android:4.4.1", "cpe:/o:google:android:4.0.3", "cpe:/a:openssl:openssl:1.0.2", "cpe:/o:google:android:4.3", "cpe:/o:google:android:4.0.4", "cpe:/a:openssl:openssl:1.0.2a", "cpe:/o:google:android:5.0", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/o:google:android:4.2.1", "cpe:/a:openssl:openssl:1.0.2b", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/a:openssl:openssl:1.0.1n", "cpe:/o:redhat:enterprise_linux_hpc_node:7.0", "cpe:/o:google:android:4.2.2", "cpe:/o:redhat:enterprise_linux_server_aus:7.2", "cpe:/o:redhat:enterprise_linux_hpc_node:6.0", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/o:google:android:5.1", "cpe:/o:google:android:4.3.1", "cpe:/o:google:android:6.0.1", "cpe:/o:redhat:enterprise_linux_workstation:6.0", "cpe:/o:google:android:4.1.2", "cpe:/o:google:android:4.0.2", "cpe:/o:redhat:enterprise_linux_server_eus:7.2", "cpe:/o:redhat:enterprise_linux_server:6.0", "cpe:/o:google:android:4.4.3", "cpe:/o:google:android:5.0.1", "cpe:/o:redhat:enterprise_linux_hpc_node_eus:7.2", "cpe:/o:google:android:4.0.1", "cpe:/o:google:android:4.4"], "id": "CVE-2016-2108", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2108", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*", "cpe:2.3:o:google:android:5.1.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:4.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:4.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:4.1:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:4.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:4.4:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:4.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:4.3:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:4.2:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:4.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:4.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:4.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:5.1:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:4.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*", "cpe:2.3:o:google:android:4.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:4.1.2:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:4.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:4.0.2:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2019-05-29T18:35:27", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2108", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2176", "CVE-2016-2106"], "description": "Splunk Enterprise is prone to multiple OpenSSL vulnerabilities.", "modified": "2018-11-13T00:00:00", "published": "2016-09-19T00:00:00", "id": "OPENVAS:1361412562310106262", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310106262", "type": "openvas", "title": "Splunk Enterprise Multiple OpenSSL Vulnerabilities", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_splunk_enterprise_openssl_vuln.nasl 12338 2018-11-13 14:51:17Z asteins $\n#\n# Splunk Enterprise Multiple OpenSSL Vulnerabilities\n#\n# Authors:\n# Christian Kuersteiner <christian.kuersteiner@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = 'cpe:/a:splunk:splunk';\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.106262\");\n script_version(\"$Revision: 12338 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-13 15:51:17 +0100 (Tue, 13 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-09-19 11:58:34 +0700 (Mon, 19 Sep 2016)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_cve_id(\"CVE-2016-2105\", \"CVE-2016-2106\", \"CVE-2016-2107\", \"CVE-2016-2108\", \"CVE-2016-2109\",\n\"CVE-2016-2176\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"Splunk Enterprise Multiple OpenSSL Vulnerabilities\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"This script is Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_splunk_detect.nasl\");\n script_mandatory_keys(\"Splunk/installed\");\n\n script_tag(name:\"summary\", value:\"Splunk Enterprise is prone to multiple OpenSSL vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Splunk Enterprise is affected by multiple OpenSSL vulnerabilities.\");\n\n script_tag(name:\"affected\", value:\"Splunk Enterprise 6.4.x, 6.3.x, 6.2.x, 6.1.x, 6.0.x and 5.0.x\");\n\n script_tag(name:\"solution\", value:\"Update to version 6.4.2, 6.3.6, 6.2.10, 6.1.11, 6.0.12 or later.\");\n\n script_xref(name:\"URL\", value:\"https://www.splunk.com/view/SP-CAAAPQM\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (!port = get_app_port(cpe: CPE))\n exit(0);\n\nif (!version = get_app_version(cpe: CPE, port: port))\n exit(0);\n\nif (version =~ \"^6\\.4\") {\n if (version_is_less(version: version, test_version: \"6.4.2\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"6.4.2\");\n security_message(port: port, data: report);\n exit(0);\n }\n}\n\nif (version =~ \"^6\\.3\") {\n if (version_is_less(version: version, test_version: \"6.3.6\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"6.3.6\");\n security_message(port: port, data: report);\n exit(0);\n }\n}\n\n\nif (version =~ \"^6\\.2\") {\n if (version_is_less(version: version, test_version: \"6.2.10\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"6.2.10\");\n security_message(port: port, data: report);\n exit(0);\n }\n}\n\nif (version =~ \"^6\\.1\") {\n if (version_is_less(version: version, test_version: \"6.1.11\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"6.1.11\");\n security_message(port: port, data: report);\n exit(0);\n }\n}\n\nif (version_is_less(version: version, test_version: \"6.0.12\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"6.0.12\");\n security_message(port: port, data: report);\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:52", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2176", "CVE-2016-2106"], "description": "This host is running OpenSSL and is prone\n to multiple vulnerabilities.", "modified": "2019-02-27T00:00:00", "published": "2016-05-02T00:00:00", "id": "OPENVAS:1361412562310807570", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807570", "type": "openvas", "title": "OpenSSL Multiple Vulnerabilities -01 May16 (Linux)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_openssl_mult_vuln01_may16_lin.nasl 13898 2019-02-27 08:37:43Z cfischer $\n#\n# OpenSSL Multiple Vulnerabilities -01 May16 (Linux)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:openssl:openssl\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807570\");\n script_version(\"$Revision: 13898 $\");\n script_cve_id(\"CVE-2016-2176\", \"CVE-2016-2109\", \"CVE-2016-2106\", \"CVE-2016-2107\", \"CVE-2016-2105\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-02-27 09:37:43 +0100 (Wed, 27 Feb 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-05-02 12:46:24 +0530 (Mon, 02 May 2016)\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_name(\"OpenSSL Multiple Vulnerabilities -01 May16 (Linux)\");\n\n script_tag(name:\"summary\", value:\"This host is running OpenSSL and is prone\n to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - An integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c\n script in OpenSSL.\n\n - An integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c\n script in OpenSSL.\n\n - An error in the 'asn1_d2i_read_bio' function in crypto/asn1/a_d2i_fp.c script\n in the ASN.1 BIO implementation in OpenSSL.\n\n - An error in 'X509_NAME_oneline' function in crypto/x509/x509_obj.c in OpenSSL.\n\n - A MITM attacker can use a padding oracle attack to decrypt traffic\n when the connection uses an AES CBC cipher and the server support AES-NI.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow a remote\n attacker to conduct mitm attack, gain access to potentially sensitive information,\n and cause denial of service condition.\");\n\n script_tag(name:\"affected\", value:\"OpenSSL versions 1.0.1 before 1.0.1t\n and 1.0.2 before 1.0.2h on Linux.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to OpenSSL 1.0.1t or 1.0.2h or\n later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"https://www.openssl.org/news/secadv/20160503.txt\");\n script_xref(name:\"URL\", value:\"https://mta.openssl.org/pipermail/openssl-announce/2016-April/000069.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_openssl_detect.nasl\", \"gb_openssl_detect_lin.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"openssl/detected\", \"Host/runs_unixoide\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(isnull(port = get_app_port(cpe:CPE)))\n exit(0);\n\nif(!infos = get_app_version_and_location(cpe:CPE, port:port, exit_no_version:TRUE))\n exit(0);\n\nvers = infos['version'];\npath = infos['location'];\n\nif(vers =~ \"^1\\.0\\.1\")\n{\n if(version_is_less(version:vers, test_version:\"1.0.1t\"))\n {\n fix = \"1.0.1t\";\n VULN = TRUE;\n }\n}\n\nelse if(vers =~ \"^1\\.0\\.2\")\n{\n if(version_is_less(version:vers, test_version:\"1.0.2h\"))\n {\n fix = \"1.0.2h\";\n VULN = TRUE;\n }\n}\n\nif(VULN)\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:fix, install_path:path);\n security_message(port:port, data:report);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:35:18", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2176", "CVE-2016-2106"], "description": "This host is running OpenSSL and is prone\n to multiple vulnerabilities.", "modified": "2019-02-27T00:00:00", "published": "2016-05-02T00:00:00", "id": "OPENVAS:1361412562310807569", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807569", "type": "openvas", "title": "OpenSSL Multiple Vulnerabilities -01 May16 (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_openssl_mult_vuln01_may16_win.nasl 13898 2019-02-27 08:37:43Z cfischer $\n#\n# OpenSSL Multiple Vulnerabilities -01 May16 (Windows)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:openssl:openssl\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807569\");\n script_version(\"$Revision: 13898 $\");\n script_cve_id(\"CVE-2016-2176\", \"CVE-2016-2109\", \"CVE-2016-2106\", \"CVE-2016-2107\",\n \"CVE-2016-2105\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-02-27 09:37:43 +0100 (Wed, 27 Feb 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-05-02 12:46:24 +0530 (Mon, 02 May 2016)\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_name(\"OpenSSL Multiple Vulnerabilities -01 May16 (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is running OpenSSL and is prone\n to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - An integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c\n script in OpenSSL.\n\n - An integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c\n script in OpenSSL.\n\n - An error in the 'asn1_d2i_read_bio' function in crypto/asn1/a_d2i_fp.c script\n in the ASN.1 BIO implementation in OpenSSL.\n\n - An error in 'X509_NAME_oneline' function in crypto/x509/x509_obj.c in OpenSSL.\n\n - A MITM attacker can use a padding oracle attack to decrypt traffic\n when the connection uses an AES CBC cipher and the server support AES-NI.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow a remote\n attacker to conduct mitm attack, gain access to potentially sensitive information,\n and cause denial of service condition.\");\n\n script_tag(name:\"affected\", value:\"OpenSSL versions 1.0.1 before 1.0.1t\n and 1.0.2 before 1.0.2h on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to OpenSSL 1.0.1t or 1.0.2h or\n later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"https://www.openssl.org/news/secadv/20160503.txt\");\n script_xref(name:\"URL\", value:\"https://mta.openssl.org/pipermail/openssl-announce/2016-April/000069.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_openssl_detect.nasl\", \"gb_openssl_detect_win.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"openssl/detected\", \"Host/runs_windows\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(isnull(port = get_app_port(cpe:CPE)))\n exit(0);\n\nif(!infos = get_app_version_and_location(cpe:CPE, port:port, exit_no_version:TRUE))\n exit(0);\n\nvers = infos['version'];\npath = infos['location'];\n\nif(vers =~ \"^1\\.0\\.1\")\n{\n if(version_is_less(version:vers, test_version:\"1.0.1t\"))\n {\n fix = \"1.0.1t\";\n VULN = TRUE;\n }\n}\n\nelse if(vers =~ \"^1\\.0\\.2\")\n{\n if(version_is_less(version:vers, test_version:\"1.0.2h\"))\n {\n fix = \"1.0.2h\";\n VULN = TRUE;\n }\n}\n\nif(VULN)\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:fix, install_path:path);\n security_message(port:port, data:report);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-01-31T18:35:58", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2108", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2106"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2016-05-06T00:00:00", "id": "OPENVAS:1361412562310851297", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851297", "type": "openvas", "title": "openSUSE: Security Advisory for openssl (openSUSE-SU-2016:1238-1)", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851297\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-05-06 05:19:21 +0200 (Fri, 06 May 2016)\");\n script_cve_id(\"CVE-2016-2105\", \"CVE-2016-2106\", \"CVE-2016-2107\", \"CVE-2016-2108\",\n \"CVE-2016-2109\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for openssl (openSUSE-SU-2016:1238-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for openssl fixes the following issues:\n\n - CVE-2016-2108: Memory corruption in the ASN.1 encoder (boo#977617)\n\n - CVE-2016-2107: Padding oracle in AES-NI CBC MAC check (boo#977616)\n\n - CVE-2016-2105: EVP_EncodeUpdate overflow (boo#977614)\n\n - CVE-2016-2106: EVP_EncryptUpdate overflow (boo#977615)\n\n - CVE-2016-2109: ASN.1 BIO excessive memory allocation (boo#976942)\n\n - boo#976943: Buffer overrun in ASN1_parse\n\n - boo#977621: Preserve digests for SNI\n\n - boo#958501: Fix openssl enc -non-fips-allow option in FIPS mode\");\n\n script_tag(name:\"affected\", value:\"openssl on openSUSE 13.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:1238-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE13\\.2\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE13.2\")\n{\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl-devel\", rpm:\"libopenssl-devel~1.0.1k~2.36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0\", rpm:\"libopenssl1_0_0~1.0.1k~2.36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0-debuginfo\", rpm:\"libopenssl1_0_0-debuginfo~1.0.1k~2.36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0-hmac\", rpm:\"libopenssl1_0_0-hmac~1.0.1k~2.36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1k~2.36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-debuginfo\", rpm:\"openssl-debuginfo~1.0.1k~2.36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-debugsource\", rpm:\"openssl-debugsource~1.0.1k~2.36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-doc\", rpm:\"openssl-doc~1.0.1k~2.36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl-devel-32bit\", rpm:\"libopenssl-devel-32bit~1.0.1k~2.36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0-32bit\", rpm:\"libopenssl1_0_0-32bit~1.0.1k~2.36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0-debuginfo-32bit\", rpm:\"libopenssl1_0_0-debuginfo-32bit~1.0.1k~2.36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0-hmac-32bit\", rpm:\"libopenssl1_0_0-hmac-32bit~1.0.1k~2.36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:35:07", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2108", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2106"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2016-05-06T00:00:00", "id": "OPENVAS:1361412562310851295", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851295", "type": "openvas", "title": "openSUSE: Security Advisory for openssl (openSUSE-SU-2016:1243-1)", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851295\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-05-06 05:19:10 +0200 (Fri, 06 May 2016)\");\n script_cve_id(\"CVE-2016-2105\", \"CVE-2016-2106\", \"CVE-2016-2107\", \"CVE-2016-2108\",\n \"CVE-2016-2109\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for openssl (openSUSE-SU-2016:1243-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for openssl fixes the following issues:\n\n - CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617)\n\n - CVE-2016-2107: Padding oracle in AES-NI CBC MAC check (bsc#977616)\n\n - CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614)\n\n - CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615)\n\n - CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942)\n\n - bsc#976943: Buffer overrun in ASN1_parse\n\n - bsc#977621: Preserve negotiated digests for SNI (bsc#977621)\n\n - bsc#958501: Fix openssl enc -non-fips-allow option in FIPS mode\n (bsc#958501)\n\n This update was imported from the SUSE:SLE-12-SP1:Update update project.\");\n\n script_tag(name:\"affected\", value:\"openssl on openSUSE Leap 42.1\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:1243-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.1\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.1\") {\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl-devel\", rpm:\"libopenssl-devel~1.0.1i~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0\", rpm:\"libopenssl1_0_0~1.0.1i~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0-debuginfo\", rpm:\"libopenssl1_0_0-debuginfo~1.0.1i~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0-hmac\", rpm:\"libopenssl1_0_0-hmac~1.0.1i~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1i~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-debuginfo\", rpm:\"openssl-debuginfo~1.0.1i~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-debugsource\", rpm:\"openssl-debugsource~1.0.1i~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl-devel-32bit\", rpm:\"libopenssl-devel-32bit~1.0.1i~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0-32bit\", rpm:\"libopenssl1_0_0-32bit~1.0.1i~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0-debuginfo-32bit\", rpm:\"libopenssl1_0_0-debuginfo-32bit~1.0.1i~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0-hmac-32bit\", rpm:\"libopenssl1_0_0-hmac-32bit~1.0.1i~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-doc\", rpm:\"openssl-doc~1.0.1i~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:36:42", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2108", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2106"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2016-05-06T00:00:00", "id": "OPENVAS:1361412562310851299", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851299", "type": "openvas", "title": "openSUSE: Security Advisory for openssl (openSUSE-SU-2016:1240-1)", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851299\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-05-06 05:19:37 +0200 (Fri, 06 May 2016)\");\n script_cve_id(\"CVE-2016-2105\", \"CVE-2016-2106\", \"CVE-2016-2107\", \"CVE-2016-2108\",\n \"CVE-2016-2109\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for openssl (openSUSE-SU-2016:1240-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for openssl fixes the following issues:\n\n - CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614)\n\n - CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615)\n\n - CVE-2016-2107: Padding oracle in AES-NI CBC MAC check (bsc#977616)\n\n - CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617)\n\n - CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942)\n\n - bsc#976943: Buffer overrun in ASN1_parse\");\n\n script_tag(name:\"affected\", value:\"openssl on openSUSE 13.1\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:1240-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE13\\.1\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE13.1\")\n{\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl-devel\", rpm:\"libopenssl-devel~1.0.1k~11.87.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0\", rpm:\"libopenssl1_0_0~1.0.1k~11.87.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0-debuginfo\", rpm:\"libopenssl1_0_0-debuginfo~1.0.1k~11.87.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1k~11.87.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-debuginfo\", rpm:\"openssl-debuginfo~1.0.1k~11.87.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-debugsource\", rpm:\"openssl-debugsource~1.0.1k~11.87.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl-devel-32bit\", rpm:\"libopenssl-devel-32bit~1.0.1k~11.87.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0-32bit\", rpm:\"libopenssl1_0_0-32bit~1.0.1k~11.87.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0-debuginfo-32bit\", rpm:\"libopenssl1_0_0-debuginfo-32bit~1.0.1k~11.87.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-doc\", rpm:\"openssl-doc~1.0.1k~11.87.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:35:48", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2108", "CVE-2016-2105", "CVE-2016-0702", "CVE-2016-2109", "CVE-2016-2106"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2016-05-11T00:00:00", "id": "OPENVAS:1361412562310851309", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851309", "type": "openvas", "title": "openSUSE: Security Advisory for compat-openssl098 (openSUSE-SU-2016:1273-1)", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851309\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-05-11 05:24:06 +0200 (Wed, 11 May 2016)\");\n script_cve_id(\"CVE-2016-0702\", \"CVE-2016-2105\", \"CVE-2016-2106\", \"CVE-2016-2108\",\n \"CVE-2016-2109\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for compat-openssl098 (openSUSE-SU-2016:1273-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'compat-openssl098'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for compat-openssl098 fixes the following issues:\n\n - CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617)\n\n - CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614)\n\n - CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615)\n\n - CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942)\n\n - CVE-2016-0702: Side channel attack on modular exponentiation\n 'CacheBleed' (bsc#968050)\n\n - bsc#976943: Buffer overrun in ASN1_parse\n\n The following non-security bugs were fixed:\n\n - bsc#889013: Rename README.SuSE to the new spelling (bsc#889013)\n\n This update was imported from the SUSE:SLE-12:Update update project.\");\n\n script_tag(name:\"affected\", value:\"compat-openssl098 on openSUSE Leap 42.1\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:1273-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.1\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.1\") {\n if(!isnull(res = isrpmvuln(pkg:\"compat-openssl098-debugsource\", rpm:\"compat-openssl098-debugsource~0.9.8j~12.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl0_9_8\", rpm:\"libopenssl0_9_8~0.9.8j~12.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl0_9_8-debuginfo\", rpm:\"libopenssl0_9_8-debuginfo~0.9.8j~12.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl0_9_8-32bit\", rpm:\"libopenssl0_9_8-32bit~0.9.8j~12.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl0_9_8-debuginfo-32bit\", rpm:\"libopenssl0_9_8-debuginfo-32bit~0.9.8j~12.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:34:26", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2108", "CVE-2016-2105", "CVE-2016-0702", "CVE-2016-2109", "CVE-2016-2106"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2016-05-06T00:00:00", "id": "OPENVAS:1361412562310851296", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851296", "type": "openvas", "title": "openSUSE: Security Advisory for libopenssl0_9_8 (openSUSE-SU-2016:1242-1)", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851296\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-05-06 05:19:16 +0200 (Fri, 06 May 2016)\");\n script_cve_id(\"CVE-2016-0702\", \"CVE-2016-2105\", \"CVE-2016-2106\", \"CVE-2016-2108\",\n \"CVE-2016-2109\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for libopenssl0_9_8 (openSUSE-SU-2016:1242-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libopenssl0_9_8'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for libopenssl0_9_8 fixes the following issues:\n\n - CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614)\n\n - CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615)\n\n - CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617)\n\n - CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942)\n\n - CVE-2016-0702: Side channel attack on modular exponentiation\n 'CacheBleed' (bsc#968050)\n\n - bsc#976943: Buffer overrun in ASN1_parse\");\n\n script_tag(name:\"affected\", value:\"libopenssl0_9_8 on openSUSE Leap 42.1, openSUSE 13.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:1242-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE13\\.2\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE13.2\")\n{\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl0_9_8\", rpm:\"libopenssl0_9_8~0.9.8zh~9.6.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl0_9_8-debuginfo\", rpm:\"libopenssl0_9_8-debuginfo~0.9.8zh~9.6.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl0_9_8-debugsource\", rpm:\"libopenssl0_9_8-debugsource~0.9.8zh~9.6.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl0_9_8-32bit\", rpm:\"libopenssl0_9_8-32bit~0.9.8zh~9.6.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl0_9_8-debuginfo-32bit\", rpm:\"libopenssl0_9_8-debuginfo-32bit~0.9.8zh~9.6.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-17T22:56:10", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2108", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2106"], "description": "The remote host is missing an update announced via the referenced Security Advisory.", "modified": "2020-03-13T00:00:00", "published": "2016-05-09T00:00:00", "id": "OPENVAS:1361412562310120684", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120684", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2016-695)", "sourceData": "# Copyright (C) 2016 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120684\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2016-05-09 14:12:00 +0300 (Mon, 09 May 2016)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2016-695)\");\n script_tag(name:\"insight\", value:\"Multiple flaws were found in OpenSSL. Please see the references for more information.\");\n script_tag(name:\"solution\", value:\"Run yum update openssl to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2016-695.html\");\n script_cve_id(\"CVE-2016-2105\", \"CVE-2016-2107\", \"CVE-2016-2106\", \"CVE-2016-2109\", \"CVE-2016-2108\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2016 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"openssl-static\", rpm:\"openssl-static~1.0.1k~14.91.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1k~14.91.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-perl\", rpm:\"openssl-perl~1.0.1k~14.91.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.1k~14.91.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-debuginfo\", rpm:\"openssl-debuginfo~1.0.1k~14.91.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:36", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2108", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2106"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2016-05-04T00:00:00", "id": "OPENVAS:1361412562310842729", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842729", "type": "openvas", "title": "Ubuntu Update for openssl USN-2959-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for openssl USN-2959-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842729\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-05-04 05:19:55 +0200 (Wed, 04 May 2016)\");\n script_cve_id(\"CVE-2016-2108\", \"CVE-2016-2107\", \"CVE-2016-2105\", \"CVE-2016-2106\", \"CVE-2016-2109\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for openssl USN-2959-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Huzaifa Sidhpurwala, Hanno B&#246 ck, and\n David Benjamin discovered that OpenSSL incorrectly handled memory when decoding\n ASN.1 structures. A remote attacker could use this issue to cause OpenSSL to\n crash, resulting in a denial of service, or possibly execute arbitrary code.\n (CVE-2016-2108)\n\n Juraj Somorovsky discovered that OpenSSL incorrectly performed padding when\n the connection uses the AES CBC cipher and the server supports AES-NI. A\n remote attacker could possibly use this issue to perform a padding oracle\n attack and decrypt traffic. (CVE-2016-2107)\n\n Guido Vranken discovered that OpenSSL incorrectly handled large amounts of\n input data to the EVP_EncodeUpdate() function. A remote attacker could use\n this issue to cause OpenSSL to crash, resulting in a denial of service, or\n possibly execute arbitrary code. (CVE-2016-2105)\n\n Guido Vranken discovered that OpenSSL incorrectly handled large amounts of\n input data to the EVP_EncryptUpdate() function. A remote attacker could use\n this issue to cause OpenSSL to crash, resulting in a denial of service, or\n possibly execute arbitrary code. (CVE-2016-2106)\n\n Brian Carpenter discovered that OpenSSL incorrectly handled memory when\n ASN.1 data is read from a BIO. A remote attacker could possibly use this\n issue to cause memory consumption, resulting in a denial of service.\n (CVE-2016-2109)\n\n As a security improvement, this update also modifies OpenSSL behaviour to\n reject DH key sizes below 1024 bits, preventing a possible downgrade\n attack.\");\n script_tag(name:\"affected\", value:\"openssl on Ubuntu 15.10,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"2959-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2959-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|12\\.04 LTS|15\\.10)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl1.0.0:i386\", ver:\"1.0.1f-1ubuntu2.19\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libssl1.0.0:amd64\", ver:\"1.0.1f-1ubuntu2.19\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl1.0.0:i386\", ver:\"1.0.1-4ubuntu5.36\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libssl1.0.0:amd64\", ver:\"1.0.1-4ubuntu5.36\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU15.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl1.0.0:i386\", ver:\"1.0.2d-0ubuntu1.5\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libssl1.0.0:amd64\", ver:\"1.0.2d-0ubuntu1.5\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "f5": [{"lastseen": "2016-11-09T00:10:02", "bulletinFamily": "software", "cvelist": ["CVE-2016-2108", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2176", "CVE-2016-2106"], "edition": 1, "description": "Supplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n", "modified": "2016-06-02T00:00:00", "published": "2016-05-03T00:00:00", "id": "SOL07538415", "href": "http://support.f5.com/kb/en-us/solutions/public/k/07/sol07538415.html", "type": "f5", "title": "SOL07538415 - Multiple OpenSSL vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-06-08T10:18:53", "bulletinFamily": "software", "cvelist": ["CVE-2016-2108", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2176", "CVE-2016-2106"], "edition": 1, "description": "\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "modified": "2017-03-14T22:07:00", "published": "2016-05-04T03:23:00", "href": "https://support.f5.com/csp/article/K07538415", "id": "F5:K07538415", "title": "Multiple OpenSSL vulnerabilities", "type": "f5", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-06-08T02:18:22", "bulletinFamily": "software", "cvelist": ["CVE-2016-2176"], "edition": 1, "description": "\nF5 Product Development has assigned ID 591609 (BIG-IP) and ID 500324 (ARX) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| None| 12.0.0 - 12.1.0 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP AAM| None| 12.0.0 - 12.1.0 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP AFM| None| 12.0.0 - 12.1.0 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP Analytics| None| 12.0.0 - 12.1.0 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP APM| None| 12.0.0 - 12.1.0 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP ASM| None| 12.0.0 - 12.1.0 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP DNS| None| 12.0.0 - 12.1.0| Not vulnerable| None \nBIG-IP Edge Gateway| None| 10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP GTM| None| 11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP Link Controller| None| 12.0.0 - 12.1.0 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP PEM| None| 12.0.0 - 12.1.0 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP PSM| None| 11.4.0 - 11.4.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP WebAccelerator| None| 10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP WOM| None| 10.2.1 - 10.2.4| Not vulnerable| None \nARX| 6.2.0 - 6.4.0| None| Low| OpenSSL (when accessing the management IP) \nEnterprise Manager| None| 3.1.1| Not vulnerable| None \nFirePass| None| 7.0.0| Not vulnerable| None \nBIG-IQ Cloud| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Device| None| 4.2.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Security| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nBIG-IQ Centralized Management| None| 4.6.0| Not vulnerable| None \nBIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| None| 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1| Not vulnerable| None\n\nIf you are running a version listed in the **Versions known to be vulnerable **column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable **column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the** Severity** values published in the previous table. The **Severity **values and other security vulnerability parameters are defined in [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>).\n\nARX\n\nTo mitigate this vulnerability, you should permit access to the ARX GUI only over a secure network.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "modified": "2017-03-14T22:05:00", "published": "2016-05-07T03:37:00", "id": "F5:K47145213", "href": "https://support.f5.com/csp/article/K47145213", "title": "OpenSSL vulnerability CVE-2016-2176", "type": "f5", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-26T17:23:21", "bulletinFamily": "software", "cvelist": ["CVE-2016-2176"], "edition": 1, "description": "Vulnerability Recommended Actions\n\nIf you are running a version listed in the **Versions known to be vulnerable **column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable **column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the** Severity** values published in the previous table. The **Severity **values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\nARX\n\nTo mitigate this vulnerability, you should permit access to the ARX GUI only over a secure network.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n", "modified": "2016-06-02T00:00:00", "published": "2016-05-06T00:00:00", "id": "SOL47145213", "href": "http://support.f5.com/kb/en-us/solutions/public/k/47/sol47145213.html", "type": "f5", "title": "SOL47145213 - OpenSSL vulnerability CVE-2016-2176", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-11-14T23:22:44", "bulletinFamily": "software", "cvelist": ["CVE-2016-2109"], "description": "\nF5 Product Development has assigned IDs 591042, 591325, 591327, 591328, and 591329 (BIG-IP), ID 594024 (BIG-IQ and iWorkflow), ID 594030 (Enterprise Manager), ID 500324 (ARX), and LRS-60729 (LineRate) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth>) may list Heuristic H591062-4 and H591062-6 on the **Diagnostics** > **Identified** > **Low** screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | 12.0.0 - 12.1.1 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 \n11.2.1 \n10.2.1 - 10.2.4 | 13.0.0 \n12.1.2 \n11.6.1 HF1 \n11.5.4 HF3 | Low | OpenSSL and TMM \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.5.0 - 11.5.4 | 13.0.0 \n12.1.2 HF1 \n11.6.1 HF1 \n11.5.4 HF3 | Low | f5-rest-node \nBIG-IP AAM | 12.0.0 - 12.1.1 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 | 13.0.0 \n12.1.2 \n11.6.1 HF1 \n11.5.4 HF3 | Low | OpenSSL and TMM \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.5.0 - 11.5.4 | 13.0.0 \n12.1.2 HF1 \n11.6.1 HF1 \n11.5.4 HF3 | Low | f5-rest-node \nBIG-IP AFM | 12.0.0 - 12.1.1 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 | 13.0.0 \n12.1.2 \n11.6.1 HF1 \n11.5.4 HF3 | Low | OpenSSL and TMM \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.5.0 - 11.5.4 | 13.0.0 \n12.1.2 HF1 \n11.6.1 HF1 \n11.5.4 HF3 | Low | f5-rest-node \nBIG-IP Analytics | 12.0.0 - 12.1.1 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 \n11.2.1 | 13.0.0 \n12.1.2 \n11.6.1 HF1 \n11.5.4 HF3 | Low | OpenSSL and TMM \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.5.0 - 11.5.4 | 13.0.0 \n12.1.2 HF1 \n11.6.1 HF1 \n11.5.4 HF3 | Low | f5-rest-node \nBIG-IP APM | 12.0.0 - 12.1.1 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 \n11.2.1 \n10.2.1 - 10.2.4 | 13.0.0 \n12.1.2 \n11.6.1 HF1 \n11.5.4 HF3 | Low | OpenSSL and TMM \n12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4 | 13.0.0 \n12.1.2 \n11.6.1 HF2 | Low | Oracle SDK for OAM \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.5.0 - 11.5.4 | 13.0.0 \n12.1.2 HF1 \n11.6.1 HF1 \n11.5.4 HF3 | Low | f5-rest-node \nBIG-IP ASM | 12.0.0 - 12.1.1 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 \n11.2.1 \n10.2.1 - 10.2.4 | 13.0.0 \n12.1.2 \n11.6.1 HF1 \n11.5.4 HF3 | Low | OpenSSL and TMM \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.5.0 - 11.5.4 | 13.0.0 \n12.1.2 HF1 \n11.6.1 HF1 \n11.5.4 HF3 | Low | f5-rest-node \nBIG-IP DNS | 12.0.0 - 12.1.1 | 13.0.0 \n12.1.2 | Low | OpenSSL and TMM \n | 12.0.0 - 12.1.2 | 13.0.0 \n12.1.2 HF1 | Low | f5-rest-node \nBIG-IP Edge Gateway | 11.2.1 \n10.2.1 - 10.2.4 | None | Low | OpenSSL, TMM, and f5-rest-node \nBIG-IP GTM | 11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 \n11.2.1 \n10.2.1 - 10.2.4 | 11.6.1 HF1 \n11.5.4 HF3 | Low | OpenSSL, TMM, and f5-rest-node \nBIG-IP Link Controller | 12.0.0 - 12.1.1 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 \n11.2.1 \n10.2.1 - 10.2.4 | 13.0.0 \n12.1.2 \n11.6.1 HF1 \n11.5.4 HF3 | Low | OpenSSL and TMM \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.5.0 - 11.5.4 | 13.0.0 \n12.1.2 HF1 \n11.6.1 HF1 \n11.5.4 HF3 | Low | f5-rest-node \nBIG-IP PEM | 12.0.0 - 12.1.1 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 | 13.0.0 \n12.1.2 \n11.6.1 HF1 \n11.5.4 HF3 | Low | OpenSSL and TMM \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.5.0 - 11.5.4 | 13.0.0 \n12.1.2 HF1 \n11.6.1 HF1 \n11.5.4 HF3 | Low | f5-rest-node \nBIG-IP PSM | 11.4.0 - 11.4.1 \n10.2.1 - 10.2.4 | None | Low | OpenSSL, TMM, and f5-rest-node \nBIG-IP WebAccelerator | 10.2.1 - 10.2.4 | None | Low | OpenSSL, TMM, and f5-rest-node \nBIG-IP WOM | 10.2.1 - 10.2.4 | None | Low | OpenSSL, TMM, and f5-rest-node \nARX | 6.2.0 - 6.4.0 | None | Low | OpenSSL (when accessing the management IP) \nEnterprise Manager | 3.1.1 | None | Low | OpenSSL \nFirePass | None | 7.0.0 | Not vulnerable | None \nBIG-IQ Cloud | 4.0.0 - 4.5.0 | None | Low | OpenSSL \nBIG-IQ Device | 4.2.0 - 4.5.0 | None | Low | OpenSSL \nBIG-IQ Security | 4.0.0 - 4.5.0 | None | Low | OpenSSL \nBIG-IQ ADC | 4.5.0 | None | Low | OpenSSL \nBIG-IQ Centralized Management | 5.0.0 \n4.6.0 | 5.1.0 | Low | OpenSSL \nBIG-IQ Cloud and Orchestration | 1.0.0 | None | Low | OpenSSL \nF5 iWorkflow | 2.0.0 | 2.0.1 | Low | OpenSSL \nLineRate | 2.4.0 - 2.6.1 | None | Low | OpenSSL \nF5 WebSafe | None | 1.0.0 | Not vulnerable | None \nTraffix SDC | None | 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1 | Not vulnerable | None\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable **column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nARX\n\nTo mitigate this vulnerability, you should permit access to the ARX GUI only over a secure network.\n\nLineRate\n\nTo mitigate this vulnerability, you can avoid using the Node.js loadPKCS12 function on untrusted input.\n\n**Impact of action:** Changing the design of your Node.js code may have additional traffic processing effects. Ensure any modification is compatible with your environment.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K13123: Managing BIG-IP product hotfixes (11.x - 13.x)](<https://support.f5.com/csp/article/K13123>)\n * [K9502: BIG-IP hotfix matrix](<https://support.f5.com/csp/article/K9502>)\n", "edition": 1, "modified": "2018-04-20T21:33:00", "published": "2016-05-07T03:39:00", "id": "F5:K23230229", "href": "https://support.f5.com/csp/article/K23230229", "title": "OpenSSL vulnerability CVE-2016-2109", "type": "f5", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-11-08T18:03:40", "bulletinFamily": "software", "cvelist": ["CVE-2016-2180"], "description": "\nF5 Product Development has assigned ID 613225 (BIG-IP), ID 613353 (BIG-IQ/F5 iWorkflow), and ID 410742 (ARX) to this vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H02652550 on the **Diagnostics** > **Identified** > **Medium** page.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table.\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | 12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.5.0 - 11.5.5 | 13.0.0 \n12.1.3 \n12.1.2 HF1 \n11.6.2 \n11.5.6 \n11.4.0 - 11.4.1 \n11.2.1 \n10.2.1 - 10.2.4 | Medium | OpenSSL1 \nBIG-IP AAM | 12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.5.0 - 11.5.5 | 13.0.0 \n12.1.3 \n12.1.2 HF1 \n11.6.2 \n11.5.6 \n11.4.0 - 11.4.1 | Medium | OpenSSL1 \nBIG-IP AFM | 12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.5.0 - 11.5.5 | 13.0.0 \n12.1.3 \n12.1.2 HF1 \n11.6.2 \n11.5.6 \n11.4.0 - 11.4.1 | Medium | OpenSSL1 \nBIG-IP Analytics | 12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.5.0 - 11.5.5 | 13.0.0 \n12.1.3 \n12.1.2 HF1 \n11.6.2 \n11.5.6 \n11.4.0 - 11.4.1 \n11.2.1 | Medium | OpenSSL1 \nBIG-IP APM | 12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.5.0 - 11.5.5 | 13.0.0 \n12.1.3 \n12.1.2 HF1 \n11.6.2 \n11.5.6 \n11.4.0 - 11.4.1 \n11.2.1 \n10.2.1 - 10.2.4 | Medium | OpenSSL1 \nBIG-IP ASM | 12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.5.0 - 11.5.5 | 13.0.0 \n12.1.3 \n12.1.2 HF1 \n11.6.2 \n11.5.6 \n11.4.0 - 11.4.1 \n11.2.1 \n10.2.1 - 10.2.4 | Medium | OpenSSL1 \nBIG-IP DNS | 12.0.0 - 12.1.2 | 13.0.0 \n12.1.3 \n12.1.2 HF1 | Medium | OpenSSL1 \nBIG-IP Edge Gateway | None | 11.2.1 \n10.2.1 - 10.2.4 | Not vulnerable | None \nBIG-IP GTM | 11.6.0 - 11.6.1 \n11.5.0 - 11.5.5 | 11.6.2 \n11.5.6 \n11.4.0 - 11.4.1 \n11.2.1 \n10.2.1 - 10.2.4 | Medium | OpenSSL1 \nBIG-IP Link Controller | 12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.5.0 - 11.5.5 | 13.0.0 \n12.1.3 \n12.1.2 HF1 \n11.6.2 \n11.5.6 \n11.4.0 - 11.4.1 \n11.2.1 \n10.2.1 - 10.2.4 | Medium | OpenSSL1 \nBIG-IP PEM | 12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.5.0 - 11.5.5 | 13.0.0 \n12.1.3 \n12.1.2 HF1 \n11.6.2 \n11.5.6 \n11.4.0 - 11.4.1 | Medium | OpenSSL1 \nBIG-IP PSM | None | 11.4.0 - 11.4.1 \n10.2.1 - 10.2.4 | Not vulnerable | None \nBIG-IP WebAccelerator | None | 11.2.1 \n10.2.1 - 10.2.4 | Not vulnerable | None \nBIG-IP WebSafe | 12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.5.0 - 11.5.5 | 13.0.0 \n12.1.3 \n12.1.2 HF1 \n11.6.2 \n11.5.6 | Medium \n\n \n\n| OpenSSL1 \nARX | 6.2.0 - 6.4.0 | None | Medium | OpenSSL1 \nEnterprise Manager | None | 3.1.1 | Not vulnerable | None \nBIG-IQ Cloud | 4.4.0 - 4.5.0 | 4.2.0 - 4.3.0 | Low | OpenSSL1 \nBIG-IQ Device | 4.4.0 - 4.5.0 | 4.2.0 - 4.3.0 | Low | OpenSSL1 \nBIG-IQ Security | 4.4.0 - 4.5.0 | 4.2.0 - 4.3.0 | Low | OpenSSL1 \nBIG-IQ ADC | 4.5.0 | None | Low | OpenSSL1 \nBIG-IQ Centralized Management | 5.0.0 - 5.1.0 \n4.6.0 | None | Low | OpenSSL1 \nBIG-IQ Cloud and Orchestration | None | 1.0.0 | Not vulnerable | None \nF5 iWorkflow | 2.0.0 | None | Low | OpenSSL1 \nLineRate | None | 2.5.0 - 2.6.1 | Not vulnerable | None \nTraffix SDC | None | 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0 | Not vulnerable | None \n \n \n1 BIG-IP products are not vulnerable in their default, standard configurations. The vulnerability can only be exposed through the** openssl ts** command.\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable **column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nTo determine the necessary upgrade path for your BIG-IQ system, you should understand the BIG-IQ product offering name changes. For more information, refer to [K21232150: Considerations for upgrading BIG-IQ or F5 iWorkflow systems](<https://support.f5.com/csp/article/K21232150>).\n\nMitigation\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K13123: Managing BIG-IP product hotfixes (11.x - 13.x)](<https://support.f5.com/csp/article/K13123>)\n * [K9502: BIG-IP hotfix and point release matrix](<https://support.f5.com/csp/article/K9502>)\n", "edition": 1, "modified": "2018-04-17T18:32:00", "published": "2016-11-14T20:31:00", "id": "F5:K02652550", "href": "https://support.f5.com/csp/article/K02652550", "title": "OpenSSL vulnerability CVE-2016-2180", "type": "f5", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-11-15T09:22:11", "bulletinFamily": "software", "cvelist": ["CVE-2016-2106"], "description": "\nF5 Product Development has assigned IDs 591042, 591325, 591327, 591328, and 591329 (BIG-IP), ID 594024 (BIG-IQ and iWorkflow), ID 594030 (Enterprise Manager), and ID 500324 (ARX) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth>) may list Heuristic H591062-1 on the **Diagnostics** > **Identified** > **Low** screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | 12.0.0 - 12.1.1 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 \n11.2.1 \n10.2.1 - 10.2.4 | 13.0.0 \n12.1.2 \n11.6.1 HF1 \n11.5.4 HF3 | Low | iControl REST, OpenSSL, OpenSSH, Advanced Routing, IPsec, TMM, and the **mcpd** process \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.5.0 - 11.5.4 | 13.0.0 \n12.1.2 HF1 \n11.6.1 HF1 \n11.5.4 HF3 | Low | iAppsLX (f5-rest-node) \nBIG-IP AAM | 12.0.0 - 12.1.1 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 | 13.0.0 \n12.1.2 \n11.6.1 HF1 \n11.5.4 HF3 | Low | iControl REST, OpenSSL, OpenSSH, Advanced Routing, IPsec, TMM, and the **mcpd** process \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.5.0 - 11.5.4 | 13.0.0 \n12.1.2 HF1 \n11.6.1 HF1 \n11.5.4 HF3 | Low | iAppsLX (f5-rest-node) \nBIG-IP AFM | 12.0.0 - 12.1.1 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 | 13.0.0 \n12.1.2 \n11.6.1 HF1 \n11.5.4 HF3 | Low | iControl REST, OpenSSL, OpenSSH, Advanced Routing, IPsec, TMM, and the **mcpd** process \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.5.0 - 11.5.4 | 13.0.0 \n12.1.2 HF1 \n11.6.1 HF1 \n11.5.4 HF3 | Low | iAppsLX (f5-rest-node) \nBIG-IP Analytics | 12.0.0 - 12.1.1 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 \n11.2.1 | 13.0.0 \n12.1.2 \n11.6.1 HF1 \n11.5.4 HF3 | Low | iControl REST, OpenSSL, OpenSSH, Advanced Routing, IPsec, TMM, and the **mcpd** process \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.5.0 - 11.5.4 | 13.0.0 \n12.1.2 HF1 \n11.6.1 HF1 \n11.5.4 HF3 | Low | iAppsLX (f5-rest-node) \nBIG-IP APM | 12.0.0 - 12.1.1 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 \n11.2.1 \n10.2.1 - 10.2.4 | 13.0.0 \n12.1.2 \n11.6.1 HF1 \n11.5.4 HF3 | Low | iControl REST, OpenSSL, OpenSSH, Advanced Routing, IPsec, TMM, and the **mcpd** process \n12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4 | 13.0.0 \n12.1.2 \n11.6.1 HF2 | Low | Oracle SDK for OAM \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.5.0 - 11.5.4 | 13.0.0 \n12.1.2 HF1 \n11.6.1 HF1 \n11.5.4 HF3 | Low | iAppsLX (f5-rest-node) \nBIG-IP ASM | 12.0.0 - 12.1.1 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 \n11.2.1 \n10.2.1 - 10.2.4 | 13.0.0 \n12.1.2 \n11.6.1 HF1 \n11.5.4 HF3 | Low | iControl REST, OpenSSL, OpenSSH, Advanced Routing, IPsec, TMM, and the **mcpd** process \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.5.0 - 11.5.4 | 13.0.0 \n12.1.2 HF1 \n11.6.1 HF1 \n11.5.4 HF3 | Low | iAppsLX (f5-rest-node) \nBIG-IP DNS | 12.0.0 - 12.1.1 | 13.0.0 \n12.1.2 | Low | iControl REST, OpenSSL, OpenSSH, Advanced Routing, IPsec, TMM, and the **mcpd** process \n12.0.0 - 12.1.2 | 13.0.0 \n12.1.2 HF1 | Low | iAppsLX (f5-rest-node) \nBIG-IP Edge Gateway | 11.2.1 \n10.2.1 - 10.2.4 | None | Low | iControl REST, OpenSSL, OpenSSH, Advanced Routing, IPsec, TMM, and the **mcpd** process \nBIG-IP GTM | 11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 \n11.2.1 \n10.2.1 - 10.2.4 | 11.6.1 HF1 \n11.5.4 HF3 | Low | iControl REST, OpenSSL, OpenSSH, Advanced Routing, IPsec, TMM, and the **mcpd** process \nBIG-IP Link Controller | 12.0.0 - 12.1.1 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 \n11.2.1 \n10.2.1 - 10.2.4 | 13.0.0 \n12.1.2 \n11.6.1 HF1 \n11.5.4 HF3 | Low | iControl REST, OpenSSL, OpenSSH, Advanced Routing, IPsec, TMM, and the **mcpd** process \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.5.0 - 11.5.4 | 13.0.0 \n12.1.2 HF1 \n11.6.1 HF1 \n11.5.4 HF3 | Low | iAppsLX (f5-rest-node) \nBIG-IP PEM | 12.0.0 - 12.1.1 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 | 13.0.0 \n12.1.2 \n11.6.1 HF1 \n11.5.4 HF3 | Low | iControl REST, OpenSSL, OpenSSH, Advanced Routing, IPsec, TMM, and the **mcpd** process \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.5.0 - 11.5.4 | 13.0.0 \n12.1.2 HF1 \n11.6.1 HF1 \n11.5.4 HF3 | Low | iAppsLX (f5-rest-node) \nBIG-IP PSM | 11.4.0 - 11.4.1 \n11.2.1 \n10.2.1 - 10.2.4 | None | Low | iControl REST, OpenSSL, OpenSSH, Advanced Routing, IPsec, TMM, and the **mcpd** process \nBIG-IP WebAccelerator | 11.2.1 \n10.2.1 - 10.2.4 | None | Low | iControl REST, OpenSSL, OpenSSH, Advanced Routing, IPsec, TMM, and the **mcpd** process \nBIG-IP WOM | 11.2.1 \n10.2.1 - 10.2.4 | None | Low | iControl REST, OpenSSL, OpenSSH, Advanced Routing, IPsec, TMM, and the **mcpd** process \nARX | 6.2.0 - 6.4.0 | None | Low | OpenSSL (when accessing the management IP) \nEnterprise Manager | 3.1.1 | None | Low | OpenSSL \nFirePass | None | 7.0.0 | Not vulnerable | None \nBIG-IQ Cloud | 4.0.0 - 4.5.0 | None | Low | OpenSSL \nBIG-IQ Device | 4.2.0 - 4.5.0 | None | Low | OpenSSL \nBIG-IQ Security | 4.0.0 - 4.5.0 | None | Low | OpenSSL \nBIG-IQ ADC | 4.5.0 | None | Low | OpenSSL \nBIG-IQ Centralized Management | 5.0.0 \n4.6.0 | 5.1.0 | Low | OpenSSL \nBIG-IQ Cloud and Orchestration | 1.0.0 | None | Low | OpenSSL \nF5 iWorkflow | 2.0.0 | 2.0.1 | Low | OpenSSL \nLineRate | None | 2.5.0 - 2.6.1 | Not vulnerable | None \nF5 WebSafe | None | 1.0.0 | Not vulnerable | None \nTraffix SDC | None | 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1 | Not vulnerable | None\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable **column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nARX\n\nTo mitigate this vulnerability, you should permit access to the ARX GUI only over a secure network.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K13123: Managing BIG-IP product hotfixes (11.x - 13.x)](<https://support.f5.com/csp/article/K13123>)\n * [K9502: BIG-IP hotfix matrix](<https://support.f5.com/csp/article/K9502>)\n", "edition": 1, "modified": "2018-04-20T21:49:00", "published": "2016-05-20T00:59:00", "id": "F5:K36488941", "href": "https://support.f5.com/csp/article/K36488941", "title": "OpenSSL vulnerability CVE-2016-2106", "type": "f5", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-11-19T09:29:41", "bulletinFamily": "software", "cvelist": ["CVE-2016-2105"], "description": "\nF5 Product Development has assigned IDs 591042, 591325, 591327, 591328, and 591329 (BIG-IP), ID 594024 (BIG-IQ and F5 iWorkflow), ID 594030 (Enterprise Manager), and ID 500324 (ARX) to this vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth>) may list Heuristic H591062 on the **Diagnostics** > **Identified** > **Low** screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | 12.0.0 - 12.1.1 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 \n11.2.1 \n10.2.1 - 10.2.4 | 13.0.0 \n12.1.2 \n11.6.1 HF1 \n11.5.4 HF3 | Low | iControl REST, OpenSSL \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.5.0 - 11.5.4 | 13.0.0 \n12.1.2 HF1 \n11.6.1 HF1 \n11.5.4 HF3 | Low | iAppsLX (f5-rest-node) \nBIG-IP AAM | 12.0.0 - 12.1.1 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 | 13.0.0 \n12.1.2 \n11.6.1 HF1 \n11.5.4 HF3 | Low | iControl REST, OpenSSL \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.5.0 - 11.5.4 | 13.0.0 \n12.1.2 HF1 \n11.6.1 HF1 \n11.5.4 HF3 | Low | iAppsLX (f5-rest-node) \n \nBIG-IP AFM | 12.0.0 - 12.1.1 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 | 13.0.0 \n12.1.2 \n11.6.1 HF1 \n11.5.4 HF3 | Low | iControl REST, OpenSSL \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.5.0 - 11.5.4 | 13.0.0 \n12.1.2 HF1 \n11.6.1 HF1 \n11.5.4 HF3 | Low | iAppsLX (f5-rest-node) \nBIG-IP Analytics | 12.0.0 - 12.1.1 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 \n11.2.1 | 13.0.0 \n12.1.2 \n11.6.1 HF1 \n11.5.4 HF3 | Low | iControl REST, OpenSSL \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.5.0 - 11.5.4 | 13.0.0 \n12.1.2 HF1 \n11.6.1 HF1 \n11.5.4 HF3 | Low | iAppsLX (f5-rest-node) \n \nBIG-IP APM | 12.0.0 - 12.1.1 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 \n11.2.1 \n10.2.1 - 10.2.4 | 13.0.0 \n12.1.2 \n11.6.1 HF1 \n11.5.4 HF3 | Low | iControl REST, OpenSSL \n12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4 | 13.0.0 \n12.1.2 \n11.6.1 HF2 | Low | Oracle SDK for OAM \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.5.0 - 11.5.4 | 13.0.0 \n12.1.2 HF1 \n11.6.1 HF1 \n11.5.4 HF3 | Low | iAppsLX (f5-rest-node) \n \nBIG-IP ASM | 12.0.0 - 12.1.1 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 \n11.2.1 \n10.2.1 - 10.2.4 | 13.0.0 \n12.1.2 \n11.6.1 HF1 \n11.5.4 HF3 | Low | iControl REST, OpenSSL \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.5.0 - 11.5.4 | 13.0.0 \n12.1.2 HF1 \n11.6.1 HF1 \n11.5.4 HF3 | Low | iAppsLX (f5-rest-node) \n \nBIG-IP DNS | 12.0.0 - 12.1.1 | 13.0.0 \n12.1.2 | Low | iControl REST, OpenSSL \n12.0.0 - 12.1.2 | 13.0.0 \n12.1.2 HF1 | Low | iAppsLX (f5-rest-node) \n \nBIG-IP Edge Gateway | 11.2.1 \n10.2.1 - 10.2.4 | None | Low | iControl REST, OpenSSL \nBIG-IP GTM | 11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 \n11.2.1 \n10.2.1 - 10.2.4 | 11.6.1 HF1 \n11.5.4 HF3 | Low | iControl REST, OpenSSL \nBIG-IP Link Controller | 12.0.0 - 12.1.1 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 \n11.2.1 \n10.2.1 - 10.2.4 | 13.0.0 \n12.1.2 \n11.6.1 HF1 \n11.5.4 HF3 | Low | iControl REST, OpenSSL \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.5.0 - 11.5.4 | 13.0.0 \n12.1.2 HF1 \n11.6.1 HF1 \n11.5.4 HF3 | Low | iAppsLX (f5-rest-node) \n \nBIG-IP PEM | 12.0.0 - 12.1.1 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 | 13.0.0 \n12.1.2 \n11.6.1 HF1 \n11.5.4 HF3 | Low | iControl REST, OpenSSL \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.5.0 - 11.5.4 | 13.0.0 \n12.1.2 HF1 \n11.6.1 HF1 \n11.5.4 HF3 | Low | iAppsLX (f5-rest-node) \n \nBIG-IP PSM | 11.4.0 - 11.4.1 \n11.2.1 \n10.2.1 - 10.2.4 | None | Low | iControl REST, OpenSSL \nBIG-IP WebAccelerator | 11.2.1 \n10.2.1 - 10.2.4 | None | Low | iControl REST, OpenSSL \nBIG-IP WOM | 11.2.1 \n10.2.1 - 10.2.4 | None | Low | iControl REST, OpenSSL \nARX | 6.2.0 - 6.4.0 | None | Low | OpenSSL (when accessing the management IP) \nEnterprise Manager | 3.1.1 | None | Low | OpenSSL \nFirePass | None | 7.0.0 | Not vulnerable | None \nBIG-IQ Cloud | 4.0.0 - 4.5.0 | None | Low | OpenSSL \nBIG-IQ Device | 4.2.0 - 4.5.0 | None | Low | OpenSSL \nBIG-IQ Security | 4.0.0 - 4.5.0 | None | Low | OpenSSL \nBIG-IQ ADC | 4.5.0 | None | Low | OpenSSL \nBIG-IQ Centralized Management | 5.0.0 \n4.6.0 | 5.1.0 | Low | OpenSSL \nBIG-IQ Cloud and Orchestration | 1.0.0 | None | Low | OpenSSL \nF5 iWorkflow | 2.0.0 | 2.0.1 | Low | OpenSSL \nLineRate | None | 2.5.0 - 2.6.1 | Not vulnerable | None \nF5 WebSafe | None | 1.0.0 | Not vulnerable | None \nTraffix SDC | None | 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1 | Not vulnerable | None\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable **column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nARX\n\nTo mitigate this vulnerability, you should permit access to the ARX GUI only over a secure network.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K13123: Managing BIG-IP product hotfixes (11.x - 13.x)](<https://support.f5.com/csp/article/K13123>)\n", "edition": 1, "modified": "2018-04-20T19:03:00", "published": "2016-05-20T01:06:00", "id": "F5:K51920288", "href": "https://support.f5.com/csp/article/K51920288", "title": "OpenSSL vulnerability CVE-2016-2105", "type": "f5", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2017-09-15T01:19:23", "bulletinFamily": "software", "cvelist": ["CVE-2016-2108"], "edition": 1, "description": "\nF5 Product Development has assigned IDs 591042, 591325, 591327, 591328, and 591329 (BIG-IP), ID 594024 (BIG-IQ and iWorkflow), ID 594030 (Enterprise Manager), ID 500324 (ARX), and LRS-60730 (LineRate) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth>) may list Heuristic H591062-3 on the **Diagnostics** > **Identified** > **High** screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4 | 13.0.0 \n12.1.2 \n11.6.1 HF1 \n11.5.4 HF3 | High | OpenSSL*, ConfigSync, f5-rest-node \nBIG-IP AAM | 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 | 13.0.0 \n12.1.2 \n11.6.1 HF1 \n11.5.4 HF3 | High | OpenSSL*, ConfigSync, f5-rest-node \nBIG-IP AFM | 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 | 13.0.0 \n12.1.2 \n11.6.1 HF1 \n11.5.4 HF3 | High | OpenSSL*, ConfigSync, f5-rest-node \nBIG-IP Analytics | 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 | 13.0.0 \n12.1.2 \n11.6.1 HF1 \n11.5.4 HF3 | High | OpenSSL*, ConfigSync, f5-rest-node \nBIG-IP APM | 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4 | 13.0.0 \n12.1.2 \n11.6.1 HF1 \n11.5.4 HF3 | High | OpenSSL*, ConfigSync, f5-rest-node \n12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4 | 13.0.0 \n12.1.2 \n11.6.1 HF2 | High | Oracle SDK for OAM \nBIG-IP ASM | 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4 | 13.0.0 \n12.1.2 \n11.6.1 HF1 \n11.5.4 HF3 | High | OpenSSL*, ConfigSync, f5-rest-node \nBIG-IP DNS | 12.0.0 - 12.1.1 | 13.0.0 \n12.1.2 | High | OpenSSL*, ConfigSync, f5-rest-node \nBIG-IP Edge Gateway | 11.2.1 \n10.2.1 - 10.2.4 | None | High | OpenSSL*, ConfigSync \nBIG-IP GTM | 11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4 | 11.6.1 HF1 \n11.5.4 HF3 | High | OpenSSL*, ConfigSync, f5-rest-node \nBIG-IP Link Controller | 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4 | 13.0.0 \n12.1.2 \n11.6.1 HF1 \n11.5.4 HF3 | High | OpenSSL*, ConfigSync, f5-rest-node \nBIG-IP PEM | 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 | 13.0.0 \n12.1.2 \n11.6.1 HF1 \n11.5.4 HF3 | High | OpenSSL*, ConfigSync, f5-rest-node \nBIG-IP PSM | 11.4.0 - 11.4.1 \n11.2.1 \n10.2.1 - 10.2.4 | None | High | OpenSSL*, ConfigSync \nBIG-IP WebAccelerator | 11.2.1 \n10.2.1 - 10.2.4 | None | High | OpenSSL*, ConfigSync \nBIG-IP WOM | 11.2.1 \n10.2.1 - 10.2.4 | None | High | OpenSSL*, ConfigSync \nARX | 6.2.0 - 6.4.0 | None | Low | OpenSSL (when accessing the management IP) \nEnterprise Manager | 3.1.1 | None | High | OpenSSL \nFirePass | None | 7.0.0 | Not vulnerable | None \nBIG-IQ Cloud | 4.0.0 - 4.5.0 | None | High | OpenSSL \nBIG-IQ Device | 4.2.0 - 4.5.0 | None | High | OpenSSL \nBIG-IQ Security | 4.0.0 - 4.5.0 | None | High | OpenSSL \nBIG-IQ ADC | 4.5.0 | None | High | OpenSSL \nBIG-IQ Centralized Management | 5.0.0 \n4.6.0 | 5.1.0 | High | OpenSSL \nBIG-IQ Cloud and Orchestration | 1.0.0 | None | High | OpenSSL \nF5 iWorkflow | 2.0.0 | 2.0.1 | High | OpenSSL \nLineRate | 2.6.0 - 2.6.1 \n2.5.0 - 2.5.2 | 2.6.2 \n2.5.3 | High | OpenSSL \nF5 WebSafe | None | 1.0.0 | Not vulnerable | None \nTraffix SDC | None | 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1 | Not vulnerable | None \n \n* BIG-IP products are vulnerable through SSL certification validation when validating both client certificates (such as an SSL client profile) or server certificates (such as an SSL forward proxy).\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable **column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nBIG-IP, BIG-IQ, iWorkflow, and Enterprise Manager\n\nTo minimize risk, ensure that certificates accepted from clients or servers are configured to validate against a known-secure Certificate Authority (CA).\n\nARX\n\nTo mitigate this vulnerability, you should permit access to the ARX GUI only over a secure network.\n\nLineRate\n\nTo mitigate this vulnerability, you should avoid configuring certificate bundles on the SSL profile from an untrusted source.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K13123: Managing BIG-IP product hotfixes (11.x - 13.x)](<https://support.f5.com/csp/article/K13123>)\n", "modified": "2017-09-15T00:09:00", "published": "2016-05-20T01:01:00", "id": "F5:K75152412", "href": "https://support.f5.com/csp/article/K75152412", "title": "OpenSSL vulnerability CVE-2016-2108", "type": "f5", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-11-18T17:26:57", "bulletinFamily": "software", "cvelist": ["CVE-2016-2109"], "edition": 1, "description": "Vulnerability Recommended Actions\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable **column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nARX\n\nTo mitigate this vulnerability, you should permit access to the ARX GUI only over a secure network.\n\nLineRate\n\nTo mitigate this vulnerability, you can avoid using the Node.js loadPKCS12 function on untrusted input.\n\n**Impact of action:** Changing the design of your Node.js code may have additional traffic processing effects. Ensure any modification is compatible with your environment.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL167: Downloading software and firmware from F5\n * SOL13123: Managing BIG-IP product hotfixes (11.x - 12.x)\n * SOL9502: BIG-IP hotfix matrix\n", "modified": "2016-11-18T00:00:00", "published": "2016-05-06T00:00:00", "id": "SOL23230229", "href": "http://support.f5.com/kb/en-us/solutions/public/k/23/sol23230229.html", "type": "f5", "title": "SOL23230229 - OpenSSL vulnerability CVE-2016-2109", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "huawei": [{"lastseen": "2019-02-01T18:02:18", "bulletinFamily": "software", "cvelist": ["CVE-2016-2108", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2176", "CVE-2016-2106"], "description": "Products\n\nSwitches\nRouters\nWLAN\nServers\nSee All\n\n\n\nSolutions\n\nCloud Data Center\nEnterprise Networking\nWireless Private Network\nSolutions by Industry\nSee All\n\n\n\nServices\n\nTraining and Certification\nICT Lifecycle Services\nTechnology Services\nIndustry Solution Services\nSee All\n\n\n\nSee all offerings at e.huawei.com\n\n\n\nNeed Support ?\n\nProduct Support\nSoftware Download\nCommunity\nTools\n\nGo to Full Support", "edition": 1, "modified": "2017-01-11T00:00:00", "published": "2016-07-06T00:00:00", "id": "HUAWEI-SA-20160706-01-OPENSSL", "href": "https://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20160706-01-openssl-en", "title": "Security Advisory - Multiple Vulnerabilities in OpenSSL in May 2016", "type": "huawei", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2020-08-12T01:06:04", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2108", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2176", "CVE-2016-2106"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3566-1 security@debian.org\nhttps://www.debian.org/security/ Alessandro Ghedini\nMay 03, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : openssl\nCVE ID : CVE-2016-2105 CVE-2016-2106 CVE-2016-2107 CVE-2016-2108 \n CVE-2016-2109 CVE-2016-2176\n\nSeveral vulnerabilities were discovered in OpenSSL, a Secure Socket Layer\ntoolkit.\n\nCVE-2016-2105\n\n Guido Vranken discovered that an overflow can occur in the function\n EVP_EncodeUpdate(), used for Base64 encoding, if an attacker can\n supply a large amount of data. This could lead to a heap corruption.\n\nCVE-2016-2106\n\n Guido Vranken discovered that an overflow can occur in the function\n EVP_EncryptUpdate() if an attacker can supply a large amount of data.\n This could lead to a heap corruption.\n\nCVE-2016-2107\n\n Juraj Somorovsky discovered a padding oracle in the AES CBC cipher\n implementation based on the AES-NI instruction set. This could allow\n an attacker to decrypt TLS traffic encrypted with one of the cipher\n suites based on AES CBC.\n\nCVE-2016-2108\n\n David Benjamin from Google discovered that two separate bugs in the\n ASN.1 encoder, related to handling of negative zero integer values\n and large universal tags, could lead to an out-of-bounds write.\n\nCVE-2016-2109\n\n Brian Carpenter discovered that when ASN.1 data is read from a BIO\n using functions such as d2i_CMS_bio(), a short invalid encoding can\n casuse allocation of large amounts of memory potentially consuming\n excessive resources or exhausting memory.\n\nCVE-2016-2176\n\n Guido Vranken discovered that ASN.1 Strings that are over 1024 bytes\n can cause an overread in applications using the X509_NAME_oneline()\n function on EBCDIC systems. This could result in arbitrary stack data\n being returned in the buffer.\n\nAdditional information about these issues can be found in the OpenSSL\nsecurity advisory at https://www.openssl.org/news/secadv/20160503.txt\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1.0.1k-3+deb8u5.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.0.2h-1.\n\nWe recommend that you upgrade your openssl packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 8, "modified": "2016-05-03T18:24:41", "published": "2016-05-03T18:24:41", "id": "DEBIAN:DSA-3566-1:D74F5", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2016/msg00142.html", "title": "[SECURITY] [DSA 3566-1] openssl security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-12T01:02:59", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2108", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2176", "CVE-2016-2106"], "description": "Package : openssl\nVersion : 1.0.1e-2+deb7u21\nCVE ID : CVE-2016-2105 CVE-2016-2106 CVE-2016-2107 CVE-2016-2108 \n CVE-2016-2109 CVE-2016-2176\n\nSeveral vulnerabilities were discovered in OpenSSL, a Secure Socket Layer\ntoolkit.\n\nCVE-2016-2105\n\n Guido Vranken discovered that an overflow can occur in the function\n EVP_EncodeUpdate(), used for Base64 encoding, if an attacker can\n supply a large amount of data. This could lead to a heap corruption.\n\nCVE-2016-2106\n\n Guido Vranken discovered that an overflow can occur in the function\n EVP_EncryptUpdate() if an attacker can supply a large amount of data.\n This could lead to a heap corruption.\n\nCVE-2016-2107\n\n Juraj Somorovsky discovered a padding oracle in the AES CBC cipher\n implementation based on the AES-NI instruction set. This could allow\n an attacker to decrypt TLS traffic encrypted with one of the cipher\n suites based on AES CBC.\n\nCVE-2016-2108\n\n David Benjamin from Google discovered that two separate bugs in the\n ASN.1 encoder, related to handling of negative zero integer values\n and large universal tags, could lead to an out-of-bounds write.\n\nCVE-2016-2109\n\n Brian Carpenter discovered that when ASN.1 data is read from a BIO\n using functions such as d2i_CMS_bio(), a short invalid encoding can\n casuse allocation of large amounts of memory potentially consuming\n excessive resources or exhausting memory.\n\nCVE-2016-2176\n\n Guido Vranken discovered that ASN.1 Strings that are over 1024 bytes\n can cause an overread in applications using the X509_NAME_oneline()\n function on EBCDIC systems. This could result in arbitrary stack data\n being returned in the buffer.\n\nAdditional information about these issues can be found in the OpenSSL\nsecurity advisory at https://www.openssl.org/news/secadv/20160503.txt\n", "edition": 7, "modified": "2016-05-03T20:54:05", "published": "2016-05-03T20:54:05", "id": "DEBIAN:DLA-456-1:BB65D", "href": "https://lists.debian.org/debian-lts-announce/2016/debian-lts-announce-201605/msg00006.html", "title": "[SECURITY] [DLA 456-1] openssl security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "freebsd": [{"lastseen": "2019-05-29T18:32:43", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2108", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2176", "CVE-2016-2106"], "description": "\nOpenSSL reports:\n\nMemory corruption in the ASN.1 encoder\nPadding oracle in AES-NI CBC MAC check\nEVP_EncodeUpdate overflow\nEVP_EncryptUpdate overflow\nASN.1 BIO excessive memory allocation\nEBCDIC overread (OpenSSL only)\n\n", "edition": 4, "modified": "2016-08-09T00:00:00", "published": "2016-05-03T00:00:00", "id": "01D729CA-1143-11E6-B55E-B499BAEBFEAF", "href": "https://vuxml.freebsd.org/freebsd/01d729ca-1143-11e6-b55e-b499baebfeaf.html", "title": "OpenSSL -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "cisco": [{"lastseen": "2020-12-24T11:41:16", "bulletinFamily": "software", "cvelist": ["CVE-2016-2105", "CVE-2016-2106", "CVE-2016-2107", "CVE-2016-2108", "CVE-2016-2109", "CVE-2016-2176"], "description": "A vulnerability in OpenSSL could allow a local attacker to cause a denial of service (DoS) condition on a targeted system.\n\nThe vulnerability is due to memory exhaustion while processing certain data. An attacker could exploit this vulnerability by sending crafted ASN.1 data to a targeted system. An exploit could cause the consumption of excessive memory resources, resulting in a DoS condition.\n\nA vulnerability in OpenSSL could allow an unauthenticated, remote\nattacker to gain access to sensitive information on a targeted system.\n\nThe vulnerability is due to improper memory processes by the affected software. An attacker could exploit this vulnerability by sending a crafted ASN.1 string greater than 1004 bytes to the X509_NAME_oneline() function of the affected software. A successful exploit could allow an attacker to cause a memory overread condition and gain access to sensitive information on a targeted system.\n\nA vulnerability in OpenSSL could allow an unauthenticated, remote attacker to decrypt and access sensitive information.\n\nThe vulnerability is due to insufficient padding checks by the affected software. An attacker could exploit this vulnerability by conducting a padding oracle attack if the attacker is in a man-in-the-middle position between a targeted system and a Transport Layer Security/Secure Sockets Layer (TLS/SSL) or Datagram Transport Layer Security (DTLS) server supporting Advanced Encryption Standards New Instructions (AES-NI) and the connection uses an AES Cipher Block Chaining (CBC) cipher. A successful exploit could allow the attacker to decrypt sensitive information in encrypted packets, which could be leveraged to conduct further attacks.\n\nA vulnerability in OpenSSL could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on a targeted system.\n\nThe vulnerability is due to improper validation of user-supplied input by the affected software. An attacker could exploit this vulnerability by submitting large amounts of specially crafted data to the EVP_EncryptUpdate() function of the affected software. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the user or cause a DoS condition on a targeted system.\n\nA vulnerability in the ASN.1 encoder in OpenSSL could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition.\n\nThe vulnerability is due to the way the affected software encodes certain ASN.1 data structures. An attacker could exploit this vulnerability by sending a crafted certificate to the targeted system. An exploit could cause the affected software to crash or allow the attacker to execute arbitrary code with the privileges of a targeted user running an application that is using the OpenSSL library. If the user has elevated privileges, a successful exploit could result in a complete system compromise.\n\nA vulnerability in the EVP_EncodeUpdate() function in OpenSSL could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition.\n\nThe vulnerability is due to insufficient bounds checks by the affected software. An attacker could exploit this vulnerability by submitting large amounts of data to an application that uses the OpenSSL library on a targeted system. A successful exploit could trigger an overflow condition that results in heap corruption. The attacker could use the heap corruption to cause the application to crash or to execute arbitrary code in the security context of the user who is running the application. If the user is running the application with elevated privileges, the attacker could execute arbitrary code with those privileges and compromise the system completely.\n\nOn May 3, 2016, the OpenSSL Software Foundation released a security advisory that included six vulnerabilities. Of the six vulnerabilities disclosed, four of them may cause memory corruption or excessive memory usage, one could allow a padding oracle attack to decrypt traffic when the connection uses an AES CBC cipher and the server supports AES-NI, and, lastly, one is specific to a product performing an operation with Extended Binary Coded Decimal Interchange Code (EBCDIC) encoding.\n\nMultiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities. \n\nThis advisory will be updated as additional information becomes available.\n\nThis advisory is available at the following link:\n\nhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl[\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl\"]", "modified": "2016-12-05T16:10:21", "published": "2016-05-04T19:30:00", "id": "CISCO-SA-20160504-OPENSSL", "href": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl", "type": "cisco", "title": "Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 ", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "slackware": [{"lastseen": "2020-10-25T16:36:28", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2105", "CVE-2016-2106", "CVE-2016-2107", "CVE-2016-2108", "CVE-2016-2109", "CVE-2016-2176"], "description": "New openssl packages are available for Slackware 14.0, 14.1, and -current to\nfix security issues.\n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n\npatches/packages/openssl-1.0.1t-i486-1_slack14.1.txz: Upgraded.\n This update fixes the following security issues:\n Memory corruption in the ASN.1 encoder (CVE-2016-2108)\n Padding oracle in AES-NI CBC MAC check (CVE-2016-2107)\n EVP_EncodeUpdate overflow (CVE-2016-2105)\n EVP_EncryptUpdate overflow (CVE-2016-2106)\n ASN.1 BIO excessive memory allocation (CVE-2016-2109)\n EBCDIC overread (CVE-2016-2176)\n For more information, see:\n https://www.openssl.org/news/secadv/20160503.txt\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2108\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2107\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2105\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2106\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2109\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2176\n (* Security fix *)\npatches/packages/openssl-solibs-1.0.1t-i486-1_slack14.1.txz: Upgraded.\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated packages for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1t-i486-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1t-i486-1_slack14.0.txz\n\nUpdated packages for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1t-x86_64-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1t-x86_64-1_slack14.0.txz\n\nUpdated packages for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1t-i486-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1t-i486-1_slack14.1.txz\n\nUpdated packages for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1t-x86_64-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1t-x86_64-1_slack14.1.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.2h-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.2h-i586-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.2h-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.2h-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 14.0 packages:\n033bd9509aeb07712e6bb3adf89c18e4 openssl-1.0.1t-i486-1_slack14.0.txz\n9e91d781e33f7af80cbad08b245e84ed openssl-solibs-1.0.1t-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 packages:\ne5c77ec16e3f2fcb2f1d53d84a6ba951 openssl-1.0.1t-x86_64-1_slack14.0.txz\n2de7b6196a905233036d7f38008984bd openssl-solibs-1.0.1t-x86_64-1_slack14.0.txz\n\nSlackware 14.1 packages:\n96dcae05ae2f585c30de852a55eb870f openssl-1.0.1t-i486-1_slack14.1.txz\n59618b061e62fd9d73ba17df7626b2e7 openssl-solibs-1.0.1t-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 packages:\n3d5ebfce099917703d537ab603e58a9b openssl-1.0.1t-x86_64-1_slack14.1.txz\nbf3a6bbdbe835dd2ce73333822cc9f06 openssl-solibs-1.0.1t-x86_64-1_slack14.1.txz\n\nSlackware -current packages:\n4889a10c5f3aa7104167c7d50eedf7ea a/openssl-solibs-1.0.2h-i586-1.txz\n8e3439f35c3cb4e11ca64eebb238a52f n/openssl-1.0.2h-i586-1.txz\n\nSlackware x86_64 -current packages:\nb4a852bb7e86389ec228288ccb7e79bb a/openssl-solibs-1.0.2h-x86_64-1.txz\nbcf9dc7bb04173f002644e3ce33ab4ab n/openssl-1.0.2h-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the packages as root:\n > upgradepkg openssl-1.0.1t-i486-1_slack14.1.txz openssl-solibs-1.0.1t-i486-1_slack14.1.txz \n\nThen, reboot the machine or restart any network services that use OpenSSL.", "modified": "2016-05-03T21:05:31", "published": "2016-05-03T21:05:31", "id": "SSA-2016-124-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.542103", "type": "slackware", "title": "[slackware-security] openssl", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2016-09-04T12:42:10", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2108", "CVE-2016-2105", "CVE-2016-2109", "CVE-2016-2106"], "description": "This update for compat-openssl097g fixes the following issues:\n\n Security issues fixed:\n - CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617)\n - CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614)\n - CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615)\n - CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942)\n\n Bugs fixed:\n - bsc#976943: Fix buffer overrun in ASN1_parse\n\n", "edition": 1, "modified": "2016-05-04T18:08:19", "published": "2016-05-04T18:08:19", "id": "SUSE-SU-2016:1231-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.html", "title": "Security update for compat-openssl097g (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:45:45", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2108", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2106"], "description": "This update for openssl fixes the following issues:\n\n - CVE-2016-2108: Memory corruption in the ASN.1 encoder (boo#977617)\n - CVE-2016-2107: Padding oracle in AES-NI CBC MAC check (boo#977616)\n - CVE-2016-2105: EVP_EncodeUpdate overflow (boo#977614)\n - CVE-2016-2106: EVP_EncryptUpdate overflow (boo#977615)\n - CVE-2016-2109: ASN.1 BIO excessive memory allocation (boo#976942)\n - boo#976943: Buffer overrun in ASN1_parse\n - boo#977621: Preserve digests for SNI\n - boo#958501: Fix openssl enc -non-fips-allow option in FIPS mode\n\n", "edition": 1, "modified": "2016-05-05T13:08:31", "published": "2016-05-05T13:08:31", "id": "OPENSUSE-SU-2016:1238-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html", "title": "Security update for openssl (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:42:03", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2108", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2106"], "description": "This update for openssl fixes the following issues:\n\n - CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617)\n - CVE-2016-2107: Padding oracle in AES-NI CBC MAC check (bsc#977616)\n - CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614)\n - CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615)\n - CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942)\n - bsc#976943: Buffer overrun in ASN1_parse\n - bsc#977621: Preserve negotiated digests for SNI (bsc#977621)\n - bsc#958501: Fix openssl enc -non-fips-allow option in FIPS mode\n (bsc#958501)\n\n", "edition": 1, "modified": "2016-05-04T16:14:12", "published": "2016-05-04T16:14:12", "id": "SUSE-SU-2016:1228-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html", "title": "Security update for openssl (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:08:02", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2108", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2106"], "description": "This update for openssl fixes the following issues:\n\n - CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614)\n - CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615)\n - CVE-2016-2107: Padding oracle in AES-NI CBC MAC check (bsc#977616)\n - CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617)\n - CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942)\n - bsc#976943: Buffer overrun in ASN1_parse\n\n", "edition": 1, "modified": "2016-05-05T13:07:36", "published": "2016-05-05T13:07:36", "id": "OPENSUSE-SU-2016:1237-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html", "title": "Security update for openssl (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:38:49", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2108", "CVE-2016-2105", "CVE-2016-0702", "CVE-2016-2109", "CVE-2016-2106"], "description": "This update for OpenSSL fixes the following security issues:\n\n * CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614)\n * CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615)\n * CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617)\n * CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942)\n * CVE-2016-0702: Side channel attack on modular exponentiation\n "CacheBleed" (bsc#968050)\n\n Additionally, the following non-security issues have been fixed:\n\n * Fix buffer overrun in ASN1_parse. (bsc#976943)\n * Allow weak DH groups. (bsc#973223)\n\n Security Issues:\n\n * CVE-2016-2105\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2105\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2105</a>>\n * CVE-2016-2106\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2106\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2106</a>>\n * CVE-2016-2108\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2108\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2108</a>>\n * CVE-2016-2109\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2109\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2109</a>>\n * CVE-2016-0702\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0702\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0702</a>>\n\n\n", "edition": 1, "modified": "2016-05-19T19:09:52", "published": "2016-05-19T19:09:52", "id": "SUSE-SU-2016:1360-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html", "type": "suse", "title": "Security update for openssl (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:41:56", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2108", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2106"], "description": "This update for openssl fixes the following issues:\n\n - CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614)\n - CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615)\n - CVE-2016-2107: Padding oracle in AES-NI CBC MAC check (bsc#977616)\n - CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617)\n - CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942)\n - bsc#976943: Buffer overrun in ASN1_parse\n\n", "edition": 1, "modified": "2016-05-05T13:11:19", "published": "2016-05-05T13:11:19", "id": "OPENSUSE-SU-2016:1240-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html", "title": "Security update for openssl (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:27:16", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2108", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2106"], "description": "This update for openssl fixes the following issues:\n\n - CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617)\n - CVE-2016-2107: Padding oracle in AES-NI CBC MAC check (bsc#977616)\n - CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614)\n - CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615)\n - CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942)\n - bsc#976943: Buffer overrun in ASN1_parse\n - bsc#977621: Preserve negotiated digests for SNI (bsc#977621)\n - bsc#958501: Fix openssl enc -non-fips-allow option in FIPS mode\n (bsc#958501)\n\n This update was imported from the SUSE:SLE-12-SP1:Update update project.\n\n", "edition": 1, "modified": "2016-05-05T18:08:51", "published": "2016-05-05T18:08:51", "id": "OPENSUSE-SU-2016:1243-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html", "title": "Security update for openssl (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:05:46", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2108", "CVE-2016-2105", "CVE-2016-0702", "CVE-2016-2109", "CVE-2016-2106"], "edition": 1, "description": "This update for openssl fixes the following issues:\n\n Security issues fixed:\n - CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617)\n - CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614)\n - CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615)\n - CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942)\n - CVE-2016-0702: Side channel attack on modular exponentiation\n "CacheBleed" (bsc#968050)\n\n Bugs fixed:\n - fate#320304: build 32bit devel package\n - bsc#976943: Fix buffer overrun in ASN1_parse\n - bsc#973223: allow weak DH groups, vulnerable to the logjam attack, when\n environment variable OPENSSL_ALLOW_LOGJAM_ATTACK is set\n - bsc#889013: Rename README.SuSE to the new spelling\n\n", "modified": "2016-05-12T20:08:02", "published": "2016-05-12T20:08:02", "id": "SUSE-SU-2016:1290-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html", "type": "suse", "title": "Security update for openssl (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:32:45", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2108", "CVE-2016-2105", "CVE-2016-0702", "CVE-2016-2109", "CVE-2016-2106"], "description": "This update for libopenssl0_9_8 fixes the following issues:\n\n - CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614)\n - CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615)\n - CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617)\n - CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942)\n - CVE-2016-0702: Side channel attack on modular exponentiation\n "CacheBleed" (bsc#968050)\n - bsc#976943: Buffer overrun in ASN1_parse\n\n", "edition": 1, "modified": "2016-05-05T18:07:52", "published": "2016-05-05T18:07:52", "id": "OPENSUSE-SU-2016:1242-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html", "title": "Security update for libopenssl0_9_8 (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:19:39", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2108", "CVE-2016-2105", "CVE-2016-0702", "CVE-2016-2109", "CVE-2016-2106"], "description": "This update for compat-openssl098 fixes the following issues:\n\n - CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617)\n - CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614)\n - CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615)\n - CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942)\n - CVE-2016-0702: Side channel attack on modular exponentiation\n "CacheBleed" (bsc#968050)\n - bsc#976943: Buffer overrun in ASN1_parse\n\n The following non-security bugs were fixed:\n\n - bsc#889013: Rename README.SuSE to the new spelling (bsc#889013)\n\n This update was imported from the SUSE:SLE-12:Update update project.\n\n", "edition": 1, "modified": "2016-05-11T00:07:42", "published": "2016-05-11T00:07:42", "id": "OPENSUSE-SU-2016:1273-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html", "type": "suse", "title": "Security update for compat-openssl098 (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "android": [{"lastseen": "2020-06-22T14:42:09", "bulletinFamily": "software", "cvelist": ["CVE-2016-2108"], "description": "The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the \"negative zero\" issue.", "edition": 1, "modified": "2019-07-25T00:00:00", "published": "2018-07-01T00:00:00", "id": "ANDROID:CVE-2016-2108", "href": "http://www.androidvulnerabilities.org/vulnerabilities/CVE-2016-2108.html", "title": "CVE-2016-2108", "type": "android", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "symantec": [{"lastseen": "2021-03-14T10:41:36", "bulletinFamily": "software", "cvelist": ["CVE-2013-0169", "CVE-2016-2105", "CVE-2016-2106", "CVE-2016-2107", "CVE-2016-2108", "CVE-2016-2109", "CVE-2016-2176"], "description": "### SUMMARY\n\nBlue Coat products using affected versions of OpenSSL are susceptible to multiple vulnerabilities. A remote attacker can exploit these vulnerabilities to intercept and decrypt TLS sessions, obtain arbitrary data from the target's memory stack, or execute arbitrary code through buffer underflow and overflow. The attacker can also cause denial of service through memory corruption and depletion. \n \n\n\n### AFFECTED PRODUCTS\n\nThe following products are vulnerable:\n\n**Advanced Secure Gateway (ASG)** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2016-2105, CVE-2016-2106 \nCVE-2016-2107, CVE-2016-2108, \nCVE-2016-2109 | 6.7 and later | Not vulnerable, fixed in 6.7.2.1 \n6.6 | Upgrade to 6.6.5.1. \n \n \n\n**Android Mobile Agent** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2016-2105, CVE-2016-2106, \nCVE-2016-2107, CVE-2016-2108, \nCVE-2016-2109 | 1.3 | Upgrade to 1.3.8. \n \n \n\n**BCAAA** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2016-2105, CVE-2016-2106, \nCVE-2016-2107, CVE-2016-2108, \nCVE-2016-2109, CVE-2016-2176 | 6.1 (only when a Novell SSO realm is used) | An updated Novell SSO SDK is no longer available. Please, contact Novell for more information. \n \n \n\n**CacheFlow** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2016-2108, CVE-2016-2109 | 3.4 | Upgrade to 3.4.2.7. \n \n \n\n**Client Connector** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2016-2105, CVE-2016-2106, \nCVE-2016-2107, CVE-2016-2108, \nCVE-2016-2109 | 1.6 | Upgrade to latest release of Unified Agent with fixes. \n \n \n\n**Content Analysis System (CAS)** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2016-2105, CVE-2016-2106, \nCVE-2016-2107, CVE-2016-2108, \nCVE-2016-2109 | 2.1 and later | Not vulnerable, fixed in 2.1.1.1 \n1.3 | Upgrade to 1.3.7.1. \n1.2 | Upgrade to later release with fixes. \n \n \n\n**Director** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2016-2105, CVE-2016-2106, \nCVE-2016-2108, CVE-2016-2109, \nCVE-2016-2176 | 6.1 | Upgrade to 6.1.23.1. \n \n \n\n**Mail Threat Defense (MTD)** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2016-2105, CVE-2016-2106, \nCVE-2016-2107, CVE-2016-2108, \nCVE-2016-2109 | 1.1 | Not available at this time \n \n \n\n**Malware Analysis Appliance (MAA)** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2016-2105, CVE-2016-2107, \nCVE-2016-2108 | 4.2 | Upgrade to 4.2.11. \n \n \n\n**Management Center (MC)** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2016-2105, CVE-2016-2106, \nCVE-2016-2108, CVE-2016-2109 | 1.6 and later | Not vulnerable, fixed in 1.6.1.1 \n1.5 | Upgrade to later release with fixes. \n \n \n\n**Norman Shark Industrial Control System Protection (ICSP)** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2016-2105, CVE-2016-2106, \nCVE-2016-2107 (only on certain hardware platforms), CVE-2016-2108, \nCVE-2016-2109 | 5.4 and later | Not vulnerable, fixed in 5.4.1 \n5.3 | Upgrade to 5.3.6. \n \n \n\n**Norman Shark Network Protection (NNP)** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2016-2105, CVE-2016-2106, \nCVE-2016-2107 (only on certain hardware platforms), CVE-2016-2108, \nCVE-2016-2109 | 5.3 | Upgrade to 5.3.6. \n \n \n\n**Norman Shark SCADA Protection (NSP)** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2016-2105, CVE-2016-2106, \nCVE-2016-2107 (only on certain hardware platforms), CVE-2016-2108, \nCVE-2016-2109 | 5.3 | Upgrade to 5.3.6. \n \n \n\n**PacketShaper (PS)** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2016-2106, CVE-2016-2109 | 9.2 | Upgrade to 9.2.13p2. \nCVE-2016-2108 | 9.2 | Upgrade to 9.2.13p1. \n \n \n\n**PacketShaper (PS) S-Series** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2016-2106, CVE-2016-2107, \nCVE-2016-2108 | 11.6 and later | Not vulnerable, fixed in 11.6.1.1 \n11.5 | Upgrade to 11.5.3.2. \n11.2, 11.3, 11.4 | Upgrade to later release with fixes. \n \n \n\n**PolicyCenter (PC)** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2016-2106, CVE-2016-2109 | 9.2 | Upgrade to 9.2.13p2. \nCVE-2016-2108 | 9.2 | Upgrade to 9.2.13p1. \n \n \n\n**PolicyCenter (PC) S-Series** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2016-2106, CVE-2016-2107, \nCVE-2016-2108. | 1.1 | Upgrade to 1.1.2.2. \n \n \n\n**ProxyAV** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2016-2105, CVE-2016-2106, \nCVE-2016-2108, CVE-2016-2109, \nCVE-2016-2176 | 3.5 | Upgrade to 3.5.4.2. \n \n \n\n**ProxyClient** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2016-2105, CVE-2016-2106, \nCVE-2016-2107, CVE-2016-2108, \nCVE-2016-2109 | 3.4 | Upgrade to latest release of Unified Agent with fixes. \n \n \n\n**ProxySG** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2016-2107 (only on certain hardware platforms), CVE-2016-2108, \nCVE-2016-2109 | 6.7 and later | Not vulnerable, fixed in 6.7.1.1. \n6.6 | Upgrade to 6.6.4.1. \n6.5 | Upgrade to 6.5.9.8. \n \n \n\n**Reporter** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2016-2105, CVE-2016-2106, \nCVE-2016-2107, CVE-2016-2108, \nCVE-2016-2109 | 10.2 and later | Not vulnerable, fixed in 10.2.1.1 \n10.1 | Upgrade to 10.1.4.2. \n9.5 | Upgrade to 9.5.4.1. \nCVE-2016-2105, CVE-2016-2106, \nCVE-2016-2108, CVE-2016-2109 | 9.4 | Upgrade to later release with fixes. \n \n \n\n**Security Analytics** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nAll CVEs except CVE-2016-2176 | 7.2 and later | Not vulnerable, fixed in 7.2.1 \nCVE-2016-2105, CVE-2016-2106, \nCVE-2016-2108, CVE-2016-2109 | 7.1 | Apply RPM patch from customer support. \n7.0 | Not available at this time \n6.6 | Apply RPM patch from customer support. \nCVE-2016-2107 | 7.1 | Apply RPM patch from customer support. \n6.6 | Apply RPM patch from customer support. \n \n \n\n**SSL Visibility (SSLV)** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2016-2105, CVE-2016-2106, \nCVE-2016-2107 (only on certain hardware platforms), CVE-2016-2108, \nCVE-2016-2109. | 3.10 and later | Not vulnerable, fixed in 3.10.1.1 \n3.9 | Upgrade to 3.9.3.6. \n3.8.4FC | Upgrade to 3.8.4FC-55. \n3.8 | Upgrade to later release with fixes. \n \n \n\n**Unified Agent** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nAll CVEs except CVE-2016-2176 | 4.7 and later | Not vulnerable, fixed in 4.7.1 \nCVE-2016-2105, CVE-2016-2106, \nCVE-2016-2107, CVE-2016-2109 | 4.6 | Upgrade to later release with fixes. \nAll CVEs except CVE-2016-2176 | 4.1 | Upgrade to later release with fixes. \n \n \n\n**X-Series XOS** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2016-2105, CVE-2016-2106, \nCVE-2016-2107 (only on certain hardware platforms), CVE-2016-2108, \nCVE-2016-2109 | 11.0 | Not available at this time \n10.0 | Not available at this time \n9.7 | Upgrade to later release with fixes. \n \n \n\n### ADDITIONAL PRODUCT INFORMATION\n\nBlue Coat products may act as both client and server in SSL/TLS connections, and may use application functionality for cryptographic operations. Blue Coat products act as a client when connecting to Blue Coat services such as WebPulse, DRTR, and licensing and subscription services. Products should be considered vulnerable in all interfaces that provide SSL/TLS connections for data and management interfaces unless the CVE is specific to SSL/TLS client or server functionality (as noted in the descriptions above) or unless otherwise stated below:\n\n * **CacheFlow:** All CVEs affect only management connections.\n * **ProxySG:** CVE-2016-2109 affects only management connections.\n\nBlue Coat products that use a native installation of OpenSSL but do not install or maintain that implementation are not vulnerable to any of these CVEs. However, the underlying platform or application that installs and maintains OpenSSL may be vulnerable. Blue Coat urges our customers to update the versions of OpenSSL that are natively installed for Client Connector for OS X, Proxy Client for OS X, and Reporter 9.x for Linux.\n\nSome Blue Coat products do not enable or use all functionality within OpenSSL. The products listed below do not utilize the functionality described in the CVEs below and are thus not known to be vulnerable to them. However, fixes for these CVEs will be included in the patches that are provided.\n\n * **CacheFlow:** CVE-2016-2105, CVE-2016-2106, and CVE-2016-2107\n * **MAA:** CVE-2016-2106 and CVE-2016-2109\n * **MC:** CVE-2016-2107\n * **PacketShaper:** CVE-2016-2105\n * **PacketShaper S-Series:** CVE-2016-2105 and CVE-2016-2109\n * **PolicyCenter:** CVE-2016-2105\n * **PolicyCenter S-Series:** CVE-2016-2105 and CVE-2016-2109\n * **ProxyAV:** CVE-2016-2107\n * **ProxySG:** CVE-2016-2105 and CVE-2016-2106\n\nSome Blue Coat hardware platforms do not support the AESNI instruction set in their CPU architectures. The products and hardware platforms listed below do not support AESNI, do not use the AESNI-based AES implementation in OpenSSL, and are thus not vulnerable to CVE-2016-2107. However, a fix for this CVE will be included in the software patches that are provided.\n\n * **ICSP:** AFL2-12A-D525, customer-provided hardware platforms that do not support AESNI\n * **NNP:** customer-provided hardware platforms that do not support AESNI\n * **NSP:** customer-provided hardware platforms that do not support AESNI\n * **ProxySG:** SG300, SG600, SG900, SG9000\n * **Security Analytics:** customer-provided hardware platforms that do not support AESNI\n * **SSLV:** SV1800\n * **XOS:** APM-8650, CPM-8600, CPM-9600\n\nThe following products are not vulnerable: \n**AuthConnector \nBlue Coat HSM Agent for the Luna SP \nCloud Data Protection for Salesforce \nCloud Data Protection for Salesforce Analytics \nCloud Data Protection for ServiceNow \nCloud Data Protection for Oracle CRM On Demand \nCloud Data Protection for Oracle Field Service Cloud \nCloud Data Protection for Oracle Sales Cloud \nCloud Data Protection Integration Server \nCloud Data Protection Communication Server \nCloud Data Protection Policy Builder \nGeneral Auth Connector Login Application \nK9 \nProxyAV ConLog and ConLogXP \nWeb Isolation** \n \nInformation for the following products is not available. NetDialog NetX is a replacement product for IntelligenceCenter. \n**IntelligenceCenter \nIntelligenceCenter Data Collector** \n \nBlue Coat no longer provides vulnerability information for the following products: \n \n**DLP** \nPlease, contact Digital Guardian technical support regarding vulnerability information for DLP. \n \n\n\n### ISSUES\n\n**CVE-2016-2105** \n--- \n**Severity / CVSSv2** | Medium / 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n**References** | SecurityFocus: [BID 89757](<https://www.securityfocus.com/bid/89757>) / NVD: [CVE-2016-2105](<https://nvd.nist.gov/vuln/detail/CVE-2016-2105>) \n**Impact** | Denial of service, code execution \n**Description** | A flaw in the Base64 encoding module allows a remote attacker to supply large input data and trigger a heap overflow, resulting in denial of service and possibly arbitrary code execution. \n \n \n\n**CVE-2016-2106** \n--- \n**Severity / CVSSv2** | Medium / 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n**References** | SecurityFocus: [BID 89744](<https://www.securityfocus.com/bid/89744>) / NVD: [CVE-2016-2106](<https://nvd.nist.gov/vuln/detail/CVE-2016-2106>) \n**Impact** | Denial of service, code execution \n**Description** | A flaw in the generic symmetric encryption/decryption module allows a remote attacker to supply large input data and trigger a heap overflow, resulting in denial of service and possibly arbitrary code execution. \n \n \n\n**CVE-2016-2107** \n--- \n**Severity / CVSSv2** | Low / 2.6 (AV:N/AC:H/Au:N/C:P/I:N/A:N) \n**References** | SecurityFocus: [BID 89760](<https://www.securityfocus.com/bid/89760>) / NVD: [CVE-2016-2107](<https://nvd.nist.gov/vuln/detail/CVE-2016-2107>) \n**Impact** | Information disclosure \n**Description** | A flaw introduced as part of the fix for CVE-2013-0169 (Lucky13) allows a remote man-in-the-middle (MITM) attacker to perform a padding oracle attack and decrypt intercepted TLS traffic when the TLS sessions use AES CBC cipher suites and the server supports AESNI. The CVSS v2 score for CVE-2016-2107 listed in this Security Advisory is published by the National Vulnerability Database (NVD). The effective CVSS v2 score my be higher for Blue Coat products if the decrypted plaintext contains cookie or password information. \n \n \n\n**CVE-2016-2108** \n--- \n**Severity / CVSSv2** | High / 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n**References** | SecurityFocus: [BID 89752](<https://www.securityfocus.com/bid/89752>) / NVD: [CVE-2016-2108](<https://nvd.nist.gov/vuln/detail/CVE-2016-2108>) \n**Impact** | Denial of service, code execution \n**Description** | A flaw in the ASN.1 encoder allows a remote attacker to send a crafted X.509 certificate and trigger a buffer underflow on the target if it parses and re-encodes the certificate. Parsing and re-encoding occurs only if the target successfully verifies that certificate signature. Exploiting this vulnerability can result in denial of service through memory corruption and possible arbitrary code execution. \n \n \n\n**CVE-2016-2109** \n--- \n**Severity / CVSSv2** | High / 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C) \n**References** | SecurityFocus: [BID 87940](<https://www.securityfocus.com/bid/87940>) / NVD: [CVE-2016-2109](<https://nvd.nist.gov/vuln/detail/CVE-2016-2109>) \n**Impact** | Denial of service \n**Description** | A flaw in the ASN.1 decoder allows a remote attacker to send crafted ASN.1 data and trigger excessive memory allocation on the target. This can result in denial of service through memory depletion. \n \n \n\n**CVE-2016-2176** \n--- \n**Severity / CVSSv2** | Medium / 6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P) \n**References** | SecurityFocus: [BID 89746](<https://www.securityfocus.com/bid/89746>) / NVD: [CVE-2016-2176](<https://nvd.nist.gov/vuln/detail/CVE-2016-2176>) \n**Impact** | Information disclosure \n**Description** | An overread flaw in X.509 certificate ASN.1 string parsing on EBCDIC systems allows a remote attacker to send crafted X.509 certificates and obtain arbitrary data from the target's memory stack. \n \n \n\n### MITIGATION\n\nThese vulnerabilities can be exploited in CacheFlow only through the management interface. Allowing only machines, IP addresses and subnets from a trusted network to access the CacheFlow management interface reduces the threat of exploiting the vulnerabilities. \n \n\n\n### REFERENCES\n\nOpenSSL Security Advisory - <https://www.openssl.org/news/secadv/20160503.txt> \nCVE-2013-0169 (Lucky13) - <https://nvd.nist.gov/vuln/detail/CVE-2013-0169> \n \n\n\n### REVISION\n\n2020-04-22 Advisory status moved to Closed. \n2019-10-02 Web Isolation is not vulnerable. \n2019-01-10 A fix for Director 6.1 is available in 6.1.23.1. \n2018-04-25 A fix for XOS 9.7 will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2018-04-22 PacketShaper S-Series 11.10 is not vulnerable. \n2018-04-06 A fix for Reporter 9.5 is available in 9.5.4.1. \n2017-11-06 ASG 6.7 is not vulnerable because a fix is available in 6.7.2.1. \n2017-08-02 SSLV 4.1 is not vulnerable. \n2017-07-24 PacketShaper S-Series 11.9 is not vulnerable. \n2017-07-21 Reporter 9.4, 9.5, and 10.1 are vulnerable to CVE-2016-2105, CVE-2016-2106, CVE-2016-2108, and CVE-2016-2109. Reporter 9.5 and 10.1 are also vulnerable to CVE-2016-2107. A fix for Reporter 10.1 is available in 10.1.4.2. \n2017-07-20 MC 1.10 is not vulnerable. \n2016-06-30 A fix for ProxyAV 3.5 is available in 3.5.4.2. \n2017-06-22 Security Analytics 7.3 is not vulnerable. \n2017-06-05 PacketShaper S-Series 11.8 is not vulnerable. \n2017-05-18 CAS 2.1 is not vulnerable. \n2017-03-30 MC 1.9 is not vulnerable. \n2017-03-06 MC 1.8 is not vulnerable. ProxySG 6.7 is not vulnerable. SSLV 4.0 is not vulnerable. \n2017-02-07 A fix for Android Mobile Agent is available in 1.3.8. Vulnerability inquiries for DLP should be addressed to Digital Guardian technical support. \n2016-12-19 A fix for MAA is available in 4.2.11. \n2016-12-04 PacketShaper S-Series 11.7 is not vulnerable. \n2016-12-04 SSLV 3.11 is not vulnerable. \n2016-11-17 Cloud Data Protection for Oracle Field Service Cloud is not vulnerable. \n2016-11-11 SSLV 3.10 is not vulnerable. \n2016-11-03 A fix for all CVEs in PacketShaper 9.2 is available in 9.2.13p2. A fix for all CVEs in PolicyCenter 9.2 is available in 9.2.13p2. \n2016-11-02 Further investigation in the MAA fixes has shown that all MAA 4.2 releases are vulnerable. A fix is not available at this time. \n2016-10-26 A fix for ASG is available in 6.6.5.1. A fix for MC 1.6 is available in 1.6.1.1. MC 1.7 is not vulnerable. A fix for MC 1.5 will not be provided. MAA 4.2.10 accidentally re-introduced the vulnerabilities and is vulnerable to CVE-2016-2105, CVE-2016-2107 (all supported hardware platforms) and CVE-2016-2108. \n2016-09-01 A fix for SSLV 3.8.4FC is available in 3.8.4FC-55. \n2016-08-19 A fix for CacheFlow is available in 3.4.2.7. \n2016-08-12 A fix for CAS 1.3 is availabe in 1.3.7.1. Security Analytics 7.2 is not vulnerable. \n2016-08-10 A fix for Unified Agent is available in 4.7.1. \n2016-07-19 ProxySG is not vulnerable to CVE-2016-2107 when running on the SG300 and SG600 hardware platforms. CVE-2016-2109 on ProxySG only affects management connections. CVE-2016-2108 can be exploited through a crafted X.509 certificate only if the target successfully verifies the certificate signature. \n2016-06-30 PacketShaper S-Series 11.6 is not vulnerable. \n2016-06-27 Fixes will not be provided for PacketShaper S-Series 11.2, 11.3, and 11.4. Please upgrade to a later version with the vulnerability fixes. \n2016-06-25 Security Analytics 7.0 is vulnerable to CVE-2016-2105, CVE-2016-2106, CVE-2016-2108, and CVE-2016-2109. A fix will not be provided. Please upgrade to the latest version with the vulnerability fixes. \n2016-06-24 A fix for PacketShaper S-Series 11.5 is available in 11.5.3.2. A fix for PolicyCenter S-Series is available in 1.1.2.2. \n2016-06-21 A fix for ProxySG 6.6 is available in 6.6.4.1. \n2016-06-13 Fixes for ICSP, NNP, and NSP are available in 5.3.6. \n2016-06-11 A fix for ProxySG 6.5 is available in 6.5.9.8. \n2016-06-07 A fix for SSLV 3.9 is available in 3.9.3.6. \n2016-06-03 A fix for MAA is available in 4.2.9. \n2016-05-26 Added hardware platform information. Clarified that Android Mobile Agent, Client Connector for Windows, ProxyClient for Windows, and Unified Agent are vulnerable to CVE-2016-2107. \n2016-05-25 Security Analytics 6.6 and 7.1 are vulnerable to CVE-2016-2107 on all hardware platforms. Security Analytics 7.0 is under investigation. Fixes are available for Security Analytics 6.6 and 7.1 through RPM patches available from customer support. \n2016-05-12 A fix for SSLV 3.8 will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2016-05-11 Fixes for CVE-2016-2108 are available in PacketShaper 9.2.13p1 and PolicyCenter 9.2.13p1. \n2016-05-09 initial public release\n", "modified": "2020-04-22T21:53:52", "published": "2016-05-09T07:00:00", "id": "SMNTC-1363", "href": "", "type": "symantec", "title": "SA123 : OpenSSL Vulnerabilities 3-May-2016", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "paloalto": [{"lastseen": "2019-05-29T23:19:22", "bulletinFamily": "software", "cvelist": ["CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2176", "CVE-2016-2106"], "description": "The OpenSSL library embedded in the GlobalProtect\u2122 agent, TerminalServer\u2122 agent and UserID\u2122 agent is affected by the following public vulnerabilities: CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2109, and CVE-2016-2176 (Ref # 100669, 100133, PAN-60833).\n", "edition": 4, "modified": "2016-10-12T00:00:00", "published": "2016-09-02T00:00:00", "id": "PAN-SA-2016-0023", "href": "https://securityadvisories.paloaltonetworks.com/Home/Detail/56", "title": "OpenSSL Vulnerabilities", "type": "paloalto", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "amazon": [{"lastseen": "2020-11-10T12:37:13", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2108", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2106"], "description": "**Issue Overview:**\n\nA vulnerability was discovered that allows a man-in-the-middle attacker to use a padding oracle attack to decrypt traffic on a connection using an AES CBC cipher with a server supporting AES-NI. ([CVE-2016-2107 __](<https://access.redhat.com/security/cve/CVE-2016-2107>), Important)\n\nIt was discovered that the ASN.1 parser can misinterpret a large universal tag as a negative value. If an application deserializes and later reserializes untrusted ASN.1 structures containing an ANY field, an attacker may be able to trigger an out-of-bounds write, which can cause potentially exploitable memory corruption. ([CVE-2016-2108 __](<https://access.redhat.com/security/cve/CVE-2016-2108>), Important)\n\nAn overflow bug was discovered in the EVP_EncodeUpdate() function. An attacker could supply very large amounts of input data to overflow a length check, resulting in heap corruption. ([CVE-2016-2105 __](<https://access.redhat.com/security/cve/CVE-2016-2105>), Low)\n\nAn overflow bug was discovered in the EVP_EncryptUpdate() function. An attacker could supply very large amounts of input data to overflow a length check, resulting in heap corruption. ([CVE-2016-2106 __](<https://access.redhat.com/security/cve/CVE-2016-2106>), Low)\n\nAn issue was discovered in the BIO functions, such as d2i_CMS_bio(), where a short invalid encoding in ASN.1 data can cause allocation of large amounts of memory, potentially resulting in a denial of service. ([CVE-2016-2109 __](<https://access.redhat.com/security/cve/CVE-2016-2109>), Low)\n\n \n**Affected Packages:** \n\n\nopenssl\n\n \n**Issue Correction:** \nRun _yum update openssl_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n openssl-static-1.0.1k-14.91.amzn1.i686 \n openssl-1.0.1k-14.91.amzn1.i686 \n openssl-perl-1.0.1k-14.91.amzn1.i686 \n openssl-devel-1.0.1k-14.91.amzn1.i686 \n openssl-debuginfo-1.0.1k-14.91.amzn1.i686 \n \n src: \n openssl-1.0.1k-14.91.amzn1.src \n \n x86_64: \n openssl-perl-1.0.1k-14.91.amzn1.x86_64 \n openssl-devel-1.0.1k-14.91.amzn1.x86_64 \n openssl-debuginfo-1.0.1k-14.91.amzn1.x86_64 \n openssl-static-1.0.1k-14.91.amzn1.x86_64 \n openssl-1.0.1k-14.91.amzn1.x86_64 \n \n \n", "edition": 3, "modified": "2016-05-03T10:30:00", "published": "2016-05-03T10:30:00", "id": "ALAS-2016-695", "href": "https://alas.aws.amazon.com/ALAS-2016-695.html", "title": "Important: openssl", "type": "amazon", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2020-07-02T11:34:54", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2108", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2106"], "description": "Huzaifa Sidhpurwala, Hanno B\u00f6ck, and David Benjamin discovered that OpenSSL \nincorrectly handled memory when decoding ASN.1 structures. A remote \nattacker could use this issue to cause OpenSSL to crash, resulting in a \ndenial of service, or possibly execute arbitrary code. (CVE-2016-2108)\n\nJuraj Somorovsky discovered that OpenSSL incorrectly performed padding when \nthe connection uses the AES CBC cipher and the server supports AES-NI. A \nremote attacker could possibly use this issue to perform a padding oracle \nattack and decrypt traffic. (CVE-2016-2107)\n\nGuido Vranken discovered that OpenSSL incorrectly handled large amounts of \ninput data to the EVP_EncodeUpdate() function. A remote attacker could use \nthis issue to cause OpenSSL to crash, resulting in a denial of service, or \npossibly execute arbitrary code. (CVE-2016-2105)\n\nGuido Vranken discovered that OpenSSL incorrectly handled large amounts of \ninput data to the EVP_EncryptUpdate() function. A remote attacker could use \nthis issue to cause OpenSSL to crash, resulting in a denial of service, or \npossibly execute arbitrary code. (CVE-2016-2106)\n\nBrian Carpenter discovered that OpenSSL incorrectly handled memory when \nASN.1 data is read from a BIO. A remote attacker could possibly use this \nissue to cause memory consumption, resulting in a denial of service. \n(CVE-2016-2109)\n\nAs a security improvement, this update also modifies OpenSSL behaviour to \nreject DH key sizes below 1024 bits, preventing a possible downgrade \nattack.", "edition": 5, "modified": "2016-05-03T00:00:00", "published": "2016-05-03T00:00:00", "id": "USN-2959-1", "href": "https://ubuntu.com/security/notices/USN-2959-1", "title": "OpenSSL vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "cloudfoundry": [{"lastseen": "2019-05-29T18:32:55", "bulletinFamily": "software", "cvelist": ["CVE-2016-2108", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2106"], "description": "USN-2959-1 OpenSSL vulnerabilities\n\n# \n\nHigh\n\n# Vendor\n\nCanonical Ubuntu, OpenSSL\n\n# Versions Affected\n\n * Canonical Ubuntu 14.04 LTS, OpenSSLv1 \n\n# Description\n\nHuzaifa Sidhpurwala, Hanno B\u00f6ck, and David Benjamin discovered that OpenSSL incorrectly handled memory when decoding ASN.1 structures. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. ([CVE-2016-2108](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-2108/>))\n\nJuraj Somorovsky discovered that OpenSSL incorrectly performed padding when the connection uses the AES CBC cipher and the server supports AES-NI. A remote attacker could possibly use this issue to perform a padding oracle attack and decrypt traffic. ([CVE-2016-2107](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-2107>))\n\nGuido Vranken discovered that OpenSSL incorrectly handled large amounts of input data to the EVP_EncodeUpdate() function. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. ([CVE-2016-2105](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-2105>))\n\nGuido Vranken discovered that OpenSSL incorrectly handled large amounts of input data to the EVP_EncryptUpdate() function. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. ([CVE-2016-2106](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-2106>))\n\nBrian Carpenter discovered that OpenSSL incorrectly handled memory when ASN.1 data is read from a BIO. A remote attacker could possibly use this issue to cause memory consumption, resulting in a denial of service. ([CVE-2016-2109](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-2109>))\n\nAs a security improvement, this update also modifies OpenSSL behaviour to reject DH key sizes below 1024 bits, preventing a possible downgrade attack.\n\n# Affected Products and Versions\n\n_Severity is high unless otherwise noted. \n_\n\n * Cloud Foundry BOSH stemcells 3146.x versions prior to 3146.11 AND other versions prior to 3232.2 are vulnerable \n\n# Mitigation\n\nUsers of affected versions should apply the following mitigation:\n\n * The Cloud Foundry project recommends that Cloud Foundry upgrade BOSH stemcell 3146.x versions to 3146.11 OR other versions to 3232.2 \n\n# Credit\n\nHuzaifa Sidhpurwala, Hanno B\u00f6ck, and David Benjamin, Juraj Somorovsky, Guido Vranken, Brian Carpenter\n\n# References\n\n * <http://www.ubuntu.com/usn/usn-2959-1/>\n", "edition": 5, "modified": "2016-05-06T00:00:00", "published": "2016-05-06T00:00:00", "id": "CFOUNDRY:F006390335E44CFEC69607A8E9BE3B62", "href": "https://www.cloudfoundry.org/blog/usn-2959-1/", "title": "USN-2959-1 OpenSSL vulnerabilities | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "archlinux": [{"lastseen": "2016-09-02T18:44:39", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0169", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2176", "CVE-2016-2106"], "description": "- CVE-2016-2105 (buffer overflow):\n\nAn overflow can occur in the EVP_EncodeUpdate() function which is used\nfor Base64 encoding of binary data. If an attacker is able to supply\nvery large amounts of input data then a length check can overflow\nresulting in a heap corruption.\n\nInternally to OpenSSL the EVP_EncodeUpdate() function is primarily used\nby the PEM_write_bio* family of functions. These are mainly used within\nthe OpenSSL command line applications. These internal uses are not\nconsidered vulnerable because all calls are bounded with length checks\nso no overflow is possible.\nUser applications that call these APIs directly with large amounts of\nuntrusted data may be vulnerable. (Note: Initial analysis suggested that\nthe PEM_write_bio* were vulnerable, and this is reflected in the patch\ncommit message. This is no longer believed to be the case).\n\n- CVE-2016-2106 (buffer overflow):\n\nAn overflow can occur in the EVP_EncryptUpdate() function. If an\nattacker is able to supply very large amounts of input data after a\nprevious call to EVP_EncryptUpdate() with a partial block then a length\ncheck can overflow resulting in a heap corruption. Following an analysis\nof all OpenSSL internal usage of the EVP_EncryptUpdate() function all\nusage is one of two forms.\nThe first form is where the EVP_EncryptUpdate() call is known to be the\nfirst called function after an EVP_EncryptInit(), and therefore that\nspecific call must be safe. The second form is where the length passed\nto EVP_EncryptUpdate() can be seen from the code to be some small value\nand therefore there is no possibility of an overflow. Since all\ninstances are one of these two forms, it\nis believed that there can be no overflows in internal code due to this\nproblem.\nIt should be noted that EVP_DecryptUpdate() can call EVP_EncryptUpdate()\nin certain code paths. Also EVP_CipherUpdate() is a synonym for\nEVP_EncryptUpdate(). All instances of these calls have also been\nanalysed too and it is believed there are no instances in internal usage\nwhere an overflow could occur.\n\nThis could still represent a security issue for end user code that calls\nthis function directly.\n\n- CVE-2016-2107 (man-in-the-middle):\n\nA MITM attacker can use a padding oracle attack to decrypt traffic when\nthe connection uses an AES CBC cipher and the server support AES-NI.\n\nThis issue was introduced as part of the fix for Lucky 13 padding attack\n(CVE-2013-0169). The padding check was rewritten to be in constant time\nby making sure that always the same bytes are read and compared against\neither the MAC or padding bytes. But it no longer checked that there was\nenough data to have both the MAC and padding bytes.\n\n- CVE-2016-2109 (memory exhaustion):\n\nWhen ASN.1 data is read from a BIO using functions such as d2i_CMS_bio()\na short invalid encoding can cause allocation of large amounts of memory\npotentially consuming excessive resources or exhausting memory.\n\nAny application parsing untrusted data through d2i BIO functions is\naffected. The memory based functions such as d2i_X509() are *not*\naffected. Since the memory based functions are used by the TLS library,\nTLS applications are not affected.\n\n- CVE-2016-2176 (information leak):\n\nASN1 Strings that are over 1024 bytes can cause an overread in\napplications using the X509_NAME_oneline() function on EBCDIC systems.\nThis could result in arbitrary stack data being returned in the buffer.", "modified": "2016-05-04T00:00:00", "published": "2016-05-04T00:00:00", "id": "ASA-201605-3", "href": "https://lists.archlinux.org/pipermail/arch-security/2016-May/000610.html", "type": "archlinux", "title": "openssl: multiple issues", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-09-02T18:44:35", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0169", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2176", "CVE-2016-2106"], "description": "- CVE-2016-2105 (buffer overflow):\n\nAn overflow can occur in the EVP_EncodeUpdate() function which is used\nfor Base64 encoding of binary data. If an attacker is able to supply\nvery large amounts of input data then a length check can overflow\nresulting in a heap corruption.\n\nInternally to OpenSSL the EVP_EncodeUpdate() function is primarily used\nby the PEM_write_bio* family of functions. These are mainly used within\nthe OpenSSL command line applications. These internal uses are not\nconsidered vulnerable because all calls are bounded with length checks\nso no overflow is possible.\nUser applications that call these APIs directly with large amounts of\nuntrusted data may be vulnerable. (Note: Initial analysis suggested that\nthe PEM_write_bio* were vulnerable, and this is reflected in the patch\ncommit message. This is no longer believed to be the case).\n\n- CVE-2016-2106 (buffer overflow):\n\nAn overflow can occur in the EVP_EncryptUpdate() function. If an\nattacker is able to supply very large amounts of input data after a\nprevious call to EVP_EncryptUpdate() with a partial block then a length\ncheck can overflow resulting in a heap corruption. Following an analysis\nof all OpenSSL internal usage of the EVP_EncryptUpdate() function all\nusage is one of two forms.\nThe first form is where the EVP_EncryptUpdate() call is known to be the\nfirst called function after an EVP_EncryptInit(), and therefore that\nspecific call must be safe. The second form is where the length passed\nto EVP_EncryptUpdate() can be seen from the code to be some small value\nand therefore there is no possibility of an overflow. Since all\ninstances are one of these two forms, it\nis believed that there can be no overflows in internal code due to this\nproblem.\nIt should be noted that EVP_DecryptUpdate() can call EVP_EncryptUpdate()\nin certain code paths. Also EVP_CipherUpdate() is a synonym for\nEVP_EncryptUpdate(). All instances of these calls have also been\nanalysed too and it is believed there are no instances in internal usage\nwhere an overflow could occur.\n\nThis could still represent a security issue for end user code that calls\nthis function directly.\n\n- CVE-2016-2107 (man-in-the-middle):\n\nA MITM attacker can use a padding oracle attack to decrypt traffic when\nthe connection uses an AES CBC cipher and the server support AES-NI.\n\nThis issue was introduced as part of the fix for Lucky 13 padding attack\n(CVE-2013-0169). The padding check was rewritten to be in constant time\nby making sure that always the same bytes are read and compared against\neither the MAC or padding bytes. But it no longer checked that there was\nenough data to have both the MAC and padding bytes.\n\n- CVE-2016-2109 (memory exhaustion):\n\nWhen ASN.1 data is read from a BIO using functions such as d2i_CMS_bio()\na short invalid encoding can cause allocation of large amounts of memory\npotentially consuming excessive resources or exhausting memory.\n\nAny application parsing untrusted data through d2i BIO functions is\naffected. The memory based functions such as d2i_X509() are *not*\naffected. Since the memory based functions are used by the TLS library,\nTLS applications are not affected.\n\n- CVE-2016-2176 (information leak):\n\nASN1 Strings that are over 1024 bytes can cause an overread in\napplications using the X509_NAME_oneline() function on EBCDIC systems.\nThis could result in arbitrary stack data being returned in the buffer.", "modified": "2016-05-04T00:00:00", "published": "2016-05-04T00:00:00", "id": "ASA-201605-4", "href": "https://lists.archlinux.org/pipermail/arch-security/2016-May/000611.html", "type": "archlinux", "title": "lib32-openssl: multiple issues", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "hackerone": [{"lastseen": "2018-08-31T00:39:13", "bulletinFamily": "bugbounty", "bounty": 500.0, "cvelist": ["CVE-2016-2180"], "description": "The function TS_OBJ_print_bio() misuses OBJ_obj2txt(): the return value is\nthe total length the OID text representation would use and not the amount\nof data written. This will result in OOB reads when large OIDs are presented.\n\nrefer:\nhttps://www.openssl.org/news/secadv/20160922.txt", "modified": "2017-05-25T01:32:55", "published": "2017-04-18T07:38:28", "id": "H1:221789", "href": "https://hackerone.com/reports/221789", "type": "hackerone", "title": "OpenSSL (IBB): OOB read in TS_OBJ_print_bio() (CVE-2016-2180)", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-01-30T22:19:16", "bulletinFamily": "bugbounty", "bounty": 500.0, "cvelist": ["CVE-2016-2109"], "description": "On 4 April 2016 I reported a bug to the OpenSSL Security Team where I was able to force OpenSSL to use large amounts of cpu time, memory and swap space. They confirmed receipt on 6 April 2016 and on 22 April 2016 I was notified that they were assigning CVE-2016-2109 to this flaw and the fix was committed to git on 22 April 2016. \n\n```\nThe main cause is the way asn1_d2i_read_bio works: it allocates memory depending on the length field. Your test cases looks like this:\n\n30 84 30 30 30 30 30\n\nWhich translates to a SEQUENCE with a length of 0x30303030 which explains the huge memory requirements.\n\nIn some cases this is intended (for example large CMS messages) so we can't just reject these. Additionally because the input comes from a BIO we may not know the actual length of the data (e.g. from a pipe) so we can't immediately determine if there isn't enough data to read. We can however read the input in\nsmaller chunks and determine if there is an unexpected EOF. That would mean that you couldn't have a tiny file allocate huge amounts of memory. We currently have a patch being reviewed that does this: that would reject your test case instead of allocating lots of memory.\n\nIf you're calling the memory based ASN.1 decoders this shouldn't happen because they can sanity check length fields.\n```\n\nFixed in master:\nhttps://git.openssl.org/?p=openssl.git;a=commit;h=c62981390d6cf9e3d612c489b8b77c2913b25807", "modified": "2016-05-03T20:38:06", "published": "2016-04-26T22:31:48", "id": "H1:134880", "href": "https://hackerone.com/reports/134880", "type": "hackerone", "title": "OpenSSL (IBB): ASN.1 BIO excessive memory allocation (CVE-2016-2109)", "cvss": {"score": 0.0, "vector": "NONE"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:35:39", "bulletinFamily": "unix", "cvelist": ["CVE-2016-0799", "CVE-2016-2105", "CVE-2016-2109", "CVE-2016-2106"], "description": "[0.9.8e-40.0.2]\n- CVE-2016-0799 - Fix memory issues in BIO_*printf functions\n- CVE-2016-2105 - Avoid overflow in EVP_EncodeUpdate\n- CVE-2016-2106 - Fix encrypt overflow\n- CVE-2016-2109 - Harden ASN.1 BIO handling of large amounts of data.", "edition": 4, "modified": "2016-06-21T00:00:00", "published": "2016-06-21T00:00:00", "id": "ELSA-2016-3576", "href": "http://linux.oracle.com/errata/ELSA-2016-3576.html", "title": "openssl security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2105", "CVE-2016-2106", "CVE-2016-2107", "CVE-2016-2108"], "description": "The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. ", "modified": "2016-05-04T18:54:36", "published": "2016-05-04T18:54:36", "id": "FEDORA:44719604F0C3", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 23 Update: openssl-1.0.2h-1.fc23", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2105", "CVE-2016-2106", "CVE-2016-2107", "CVE-2016-2108"], "description": "The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. ", "modified": "2016-05-10T17:58:11", "published": "2016-05-10T17:58:11", "id": "FEDORA:A3C8D604C8B1", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 22 Update: openssl-1.0.1k-15.fc22", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2105", "CVE-2016-2106", "CVE-2016-2107", "CVE-2016-2108"], "description": "The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. ", "modified": "2016-05-07T12:15:14", "published": "2016-05-07T12:15:14", "id": "FEDORA:6DCC66067328", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 24 Update: openssl-1.0.2h-1.fc24", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}