ID ELSA-2016-0722 Type oraclelinux Reporter Oracle Modified 2016-05-09T00:00:00
Description
[1.0.1e-51.5]
- fix CVE-2016-2105 - possible overflow in base64 encoding
- fix CVE-2016-2106 - possible overflow in EVP_EncryptUpdate()
- fix CVE-2016-2107 - padding oracle in stitched AES-NI CBC-MAC
- fix CVE-2016-2108 - memory corruption in ASN.1 encoder
- fix CVE-2016-2109 - possible DoS when reading ASN.1 data from BIO
- fix CVE-2016-0799 - memory issues in BIO_printf
{"nessus": [{"lastseen": "2021-01-17T13:49:15", "description": "Security Fix(es) :\n\n - A flaw was found in the way OpenSSL encoded certain\n ASN.1 data structures. An attacker could use this flaw\n to create a specially crafted certificate which, when\n verified or re-encoded by OpenSSL, could cause it to\n crash, or execute arbitrary code using the permissions\n of the user running an application compiled against the\n OpenSSL library. (CVE-2016-2108)\n\n - Two integer overflow flaws, leading to buffer overflows,\n were found in the way the EVP_EncodeUpdate() and\n EVP_EncryptUpdate() functions of OpenSSL parsed very\n large amounts of input data. A remote attacker could use\n these flaws to crash an application using OpenSSL or,\n possibly, execute arbitrary code with the permissions of\n the user running that application. (CVE-2016-2105,\n CVE-2016-2106)\n\n - It was discovered that OpenSSL leaked timing information\n when decrypting TLS/SSL and DTLS protocol encrypted\n records when the connection used the AES CBC cipher\n suite and the server supported AES-NI. A remote attacker\n could possibly use this flaw to retrieve plain text from\n encrypted packets by using a TLS/SSL or DTLS server as a\n padding oracle. (CVE-2016-2107)\n\n - Several flaws were found in the way BIO_*printf\n functions were implemented in OpenSSL. Applications\n which passed large amounts of untrusted data through\n these functions could crash or potentially execute code\n with the permissions of the user running such an\n application. (CVE-2016-0799, CVE-2016-2842)\n\n - A denial of service flaw was found in the way OpenSSL\n parsed certain ASN.1-encoded data from BIO (OpenSSL's\n I/O abstraction) inputs. An application using OpenSSL\n that accepts untrusted ASN.1 BIO input could be forced\n to allocate an excessive amount of data. (CVE-2016-2109)", "edition": 16, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-06-09T00:00:00", "title": "Scientific Linux Security Update : openssl on SL6.x i386/x86_64 (20160510)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2108", "CVE-2016-0799", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2842", "CVE-2016-2106"], "modified": "2016-06-09T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:openssl-devel", "p-cpe:/a:fermilab:scientific_linux:openssl-debuginfo", "p-cpe:/a:fermilab:scientific_linux:openssl", "p-cpe:/a:fermilab:scientific_linux:openssl-perl", "x-cpe:/o:fermilab:scientific_linux", "p-cpe:/a:fermilab:scientific_linux:openssl-static"], "id": "SL_20160510_OPENSSL_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/91541", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91541);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-0799\", \"CVE-2016-2105\", \"CVE-2016-2106\", \"CVE-2016-2107\", \"CVE-2016-2108\", \"CVE-2016-2109\", \"CVE-2016-2842\");\n\n script_name(english:\"Scientific Linux Security Update : openssl on SL6.x i386/x86_64 (20160510)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - A flaw was found in the way OpenSSL encoded certain\n ASN.1 data structures. An attacker could use this flaw\n to create a specially crafted certificate which, when\n verified or re-encoded by OpenSSL, could cause it to\n crash, or execute arbitrary code using the permissions\n of the user running an application compiled against the\n OpenSSL library. (CVE-2016-2108)\n\n - Two integer overflow flaws, leading to buffer overflows,\n were found in the way the EVP_EncodeUpdate() and\n EVP_EncryptUpdate() functions of OpenSSL parsed very\n large amounts of input data. A remote attacker could use\n these flaws to crash an application using OpenSSL or,\n possibly, execute arbitrary code with the permissions of\n the user running that application. (CVE-2016-2105,\n CVE-2016-2106)\n\n - It was discovered that OpenSSL leaked timing information\n when decrypting TLS/SSL and DTLS protocol encrypted\n records when the connection used the AES CBC cipher\n suite and the server supported AES-NI. A remote attacker\n could possibly use this flaw to retrieve plain text from\n encrypted packets by using a TLS/SSL or DTLS server as a\n padding oracle. (CVE-2016-2107)\n\n - Several flaws were found in the way BIO_*printf\n functions were implemented in OpenSSL. Applications\n which passed large amounts of untrusted data through\n these functions could crash or potentially execute code\n with the permissions of the user running such an\n application. (CVE-2016-0799, CVE-2016-2842)\n\n - A denial of service flaw was found in the way OpenSSL\n parsed certain ASN.1-encoded data from BIO (OpenSSL's\n I/O abstraction) inputs. An application using OpenSSL\n that accepts untrusted ASN.1 BIO input could be forced\n to allocate an excessive amount of data. (CVE-2016-2109)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1606&L=scientific-linux-errata&F=&S=&P=2153\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?52edfd08\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/03/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"openssl-1.0.1e-48.el6_8.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"openssl-debuginfo-1.0.1e-48.el6_8.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"openssl-devel-1.0.1e-48.el6_8.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"openssl-perl-1.0.1e-48.el6_8.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"openssl-static-1.0.1e-48.el6_8.1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-debuginfo / openssl-devel / openssl-perl / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T12:50:38", "description": "From Red Hat Security Advisory 2016:0722 :\n\nAn update for openssl is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL)\nand Transport Layer Security (TLS) protocols, as well as a\nfull-strength general-purpose cryptography library.\n\nSecurity Fix(es) :\n\n* A flaw was found in the way OpenSSL encoded certain ASN.1 data\nstructures. An attacker could use this flaw to create a specially\ncrafted certificate which, when verified or re-encoded by OpenSSL,\ncould cause it to crash, or execute arbitrary code using the\npermissions of the user running an application compiled against the\nOpenSSL library. (CVE-2016-2108)\n\n* Two integer overflow flaws, leading to buffer overflows, were found\nin the way the EVP_EncodeUpdate() and EVP_EncryptUpdate() functions of\nOpenSSL parsed very large amounts of input data. A remote attacker\ncould use these flaws to crash an application using OpenSSL or,\npossibly, execute arbitrary code with the permissions of the user\nrunning that application. (CVE-2016-2105, CVE-2016-2106)\n\n* It was discovered that OpenSSL leaked timing information when\ndecrypting TLS/SSL and DTLS protocol encrypted records when the\nconnection used the AES CBC cipher suite and the server supported\nAES-NI. A remote attacker could possibly use this flaw to retrieve\nplain text from encrypted packets by using a TLS/SSL or DTLS server as\na padding oracle. (CVE-2016-2107)\n\n* Several flaws were found in the way BIO_*printf functions were\nimplemented in OpenSSL. Applications which passed large amounts of\nuntrusted data through these functions could crash or potentially\nexecute code with the permissions of the user running such an\napplication. (CVE-2016-0799, CVE-2016-2842)\n\n* A denial of service flaw was found in the way OpenSSL parsed certain\nASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An\napplication using OpenSSL that accepts untrusted ASN.1 BIO input could\nbe forced to allocate an excessive amount of data. (CVE-2016-2109)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2016-2108, CVE-2016-2842, CVE-2016-2105, CVE-2016-2106,\nCVE-2016-2107, and CVE-2016-0799. Upstream acknowledges Huzaifa\nSidhpurwala (Red Hat), Hanno Bock, and David Benjamin (Google) as the\noriginal reporters of CVE-2016-2108; Guido Vranken as the original\nreporter of CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, and\nCVE-2016-0799; and Juraj Somorovsky as the original reporter of\nCVE-2016-2107.", "edition": 27, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-05-11T00:00:00", "title": "Oracle Linux 7 : openssl (ELSA-2016-0722)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2108", "CVE-2016-0799", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2842", "CVE-2016-2106"], "modified": "2016-05-11T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:openssl-libs", "p-cpe:/a:oracle:linux:openssl-devel", "p-cpe:/a:oracle:linux:openssl", "p-cpe:/a:oracle:linux:openssl-static", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:openssl-perl"], "id": "ORACLELINUX_ELSA-2016-0722.NASL", "href": "https://www.tenable.com/plugins/nessus/91029", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2016:0722 and \n# Oracle Linux Security Advisory ELSA-2016-0722 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91029);\n script_version(\"2.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-0799\", \"CVE-2016-2105\", \"CVE-2016-2106\", \"CVE-2016-2107\", \"CVE-2016-2108\", \"CVE-2016-2109\", \"CVE-2016-2842\");\n script_xref(name:\"RHSA\", value:\"2016:0722\");\n\n script_name(english:\"Oracle Linux 7 : openssl (ELSA-2016-0722)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2016:0722 :\n\nAn update for openssl is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL)\nand Transport Layer Security (TLS) protocols, as well as a\nfull-strength general-purpose cryptography library.\n\nSecurity Fix(es) :\n\n* A flaw was found in the way OpenSSL encoded certain ASN.1 data\nstructures. An attacker could use this flaw to create a specially\ncrafted certificate which, when verified or re-encoded by OpenSSL,\ncould cause it to crash, or execute arbitrary code using the\npermissions of the user running an application compiled against the\nOpenSSL library. (CVE-2016-2108)\n\n* Two integer overflow flaws, leading to buffer overflows, were found\nin the way the EVP_EncodeUpdate() and EVP_EncryptUpdate() functions of\nOpenSSL parsed very large amounts of input data. A remote attacker\ncould use these flaws to crash an application using OpenSSL or,\npossibly, execute arbitrary code with the permissions of the user\nrunning that application. (CVE-2016-2105, CVE-2016-2106)\n\n* It was discovered that OpenSSL leaked timing information when\ndecrypting TLS/SSL and DTLS protocol encrypted records when the\nconnection used the AES CBC cipher suite and the server supported\nAES-NI. A remote attacker could possibly use this flaw to retrieve\nplain text from encrypted packets by using a TLS/SSL or DTLS server as\na padding oracle. (CVE-2016-2107)\n\n* Several flaws were found in the way BIO_*printf functions were\nimplemented in OpenSSL. Applications which passed large amounts of\nuntrusted data through these functions could crash or potentially\nexecute code with the permissions of the user running such an\napplication. (CVE-2016-0799, CVE-2016-2842)\n\n* A denial of service flaw was found in the way OpenSSL parsed certain\nASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An\napplication using OpenSSL that accepts untrusted ASN.1 BIO input could\nbe forced to allocate an excessive amount of data. (CVE-2016-2109)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2016-2108, CVE-2016-2842, CVE-2016-2105, CVE-2016-2106,\nCVE-2016-2107, and CVE-2016-0799. Upstream acknowledges Huzaifa\nSidhpurwala (Red Hat), Hanno Bock, and David Benjamin (Google) as the\noriginal reporters of CVE-2016-2108; Guido Vranken as the original\nreporter of CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, and\nCVE-2016-0799; and Juraj Somorovsky as the original reporter of\nCVE-2016-2107.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2016-May/006014.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/03/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"openssl-1.0.1e-51.el7_2.5\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"openssl-devel-1.0.1e-51.el7_2.5\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"openssl-libs-1.0.1e-51.el7_2.5\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"openssl-perl-1.0.1e-51.el7_2.5\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"openssl-static-1.0.1e-51.el7_2.5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-devel / openssl-libs / openssl-perl / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-03-01T05:37:51", "description": "An update for openssl is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL)\nand Transport Layer Security (TLS) protocols, as well as a\nfull-strength general-purpose cryptography library.\n\nSecurity Fix(es) :\n\n* A flaw was found in the way OpenSSL encoded certain ASN.1 data\nstructures. An attacker could use this flaw to create a specially\ncrafted certificate which, when verified or re-encoded by OpenSSL,\ncould cause it to crash, or execute arbitrary code using the\npermissions of the user running an application compiled against the\nOpenSSL library. (CVE-2016-2108)\n\n* Two integer overflow flaws, leading to buffer overflows, were found\nin the way the EVP_EncodeUpdate() and EVP_EncryptUpdate() functions of\nOpenSSL parsed very large amounts of input data. A remote attacker\ncould use these flaws to crash an application using OpenSSL or,\npossibly, execute arbitrary code with the permissions of the user\nrunning that application. (CVE-2016-2105, CVE-2016-2106)\n\n* It was discovered that OpenSSL leaked timing information when\ndecrypting TLS/SSL and DTLS protocol encrypted records when the\nconnection used the AES CBC cipher suite and the server supported\nAES-NI. A remote attacker could possibly use this flaw to retrieve\nplain text from encrypted packets by using a TLS/SSL or DTLS server as\na padding oracle. (CVE-2016-2107)\n\n* Several flaws were found in the way BIO_*printf functions were\nimplemented in OpenSSL. Applications which passed large amounts of\nuntrusted data through these functions could crash or potentially\nexecute code with the permissions of the user running such an\napplication. (CVE-2016-0799, CVE-2016-2842)\n\n* A denial of service flaw was found in the way OpenSSL parsed certain\nASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An\napplication using OpenSSL that accepts untrusted ASN.1 BIO input could\nbe forced to allocate an excessive amount of data. (CVE-2016-2109)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2016-2108, CVE-2016-2842, CVE-2016-2105, CVE-2016-2106,\nCVE-2016-2107, and CVE-2016-0799. Upstream acknowledges Huzaifa\nSidhpurwala (Red Hat), Hanno Bock, and David Benjamin (Google) as the\noriginal reporters of CVE-2016-2108; Guido Vranken as the original\nreporter of CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, and\nCVE-2016-0799; and Juraj Somorovsky as the original reporter of\nCVE-2016-2107.", "edition": 31, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-05-11T00:00:00", "title": "RHEL 7 : openssl (RHSA-2016:0722)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2108", "CVE-2016-0799", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2842", "CVE-2016-2106"], "modified": "2021-03-02T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:openssl-libs", "p-cpe:/a:redhat:enterprise_linux:openssl-static", "cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7.7", "p-cpe:/a:redhat:enterprise_linux:openssl-debuginfo", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:openssl-perl", "cpe:/o:redhat:enterprise_linux:7.3", "p-cpe:/a:redhat:enterprise_linux:openssl", "cpe:/o:redhat:enterprise_linux:7.2", "cpe:/o:redhat:enterprise_linux:7.6", "p-cpe:/a:redhat:enterprise_linux:openssl-devel"], "id": "REDHAT-RHSA-2016-0722.NASL", "href": "https://www.tenable.com/plugins/nessus/91033", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:0722. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91033);\n script_version(\"2.20\");\n script_cvs_date(\"Date: 2019/10/24 15:35:41\");\n\n script_cve_id(\"CVE-2016-0799\", \"CVE-2016-2105\", \"CVE-2016-2106\", \"CVE-2016-2107\", \"CVE-2016-2108\", \"CVE-2016-2109\", \"CVE-2016-2842\");\n script_xref(name:\"RHSA\", value:\"2016:0722\");\n\n script_name(english:\"RHEL 7 : openssl (RHSA-2016:0722)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for openssl is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL)\nand Transport Layer Security (TLS) protocols, as well as a\nfull-strength general-purpose cryptography library.\n\nSecurity Fix(es) :\n\n* A flaw was found in the way OpenSSL encoded certain ASN.1 data\nstructures. An attacker could use this flaw to create a specially\ncrafted certificate which, when verified or re-encoded by OpenSSL,\ncould cause it to crash, or execute arbitrary code using the\npermissions of the user running an application compiled against the\nOpenSSL library. (CVE-2016-2108)\n\n* Two integer overflow flaws, leading to buffer overflows, were found\nin the way the EVP_EncodeUpdate() and EVP_EncryptUpdate() functions of\nOpenSSL parsed very large amounts of input data. A remote attacker\ncould use these flaws to crash an application using OpenSSL or,\npossibly, execute arbitrary code with the permissions of the user\nrunning that application. (CVE-2016-2105, CVE-2016-2106)\n\n* It was discovered that OpenSSL leaked timing information when\ndecrypting TLS/SSL and DTLS protocol encrypted records when the\nconnection used the AES CBC cipher suite and the server supported\nAES-NI. A remote attacker could possibly use this flaw to retrieve\nplain text from encrypted packets by using a TLS/SSL or DTLS server as\na padding oracle. (CVE-2016-2107)\n\n* Several flaws were found in the way BIO_*printf functions were\nimplemented in OpenSSL. Applications which passed large amounts of\nuntrusted data through these functions could crash or potentially\nexecute code with the permissions of the user running such an\napplication. (CVE-2016-0799, CVE-2016-2842)\n\n* A denial of service flaw was found in the way OpenSSL parsed certain\nASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An\napplication using OpenSSL that accepts untrusted ASN.1 BIO input could\nbe forced to allocate an excessive amount of data. (CVE-2016-2109)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2016-2108, CVE-2016-2842, CVE-2016-2105, CVE-2016-2106,\nCVE-2016-2107, and CVE-2016-0799. Upstream acknowledges Huzaifa\nSidhpurwala (Red Hat), Hanno Bock, and David Benjamin (Google) as the\noriginal reporters of CVE-2016-2108; Guido Vranken as the original\nreporter of CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, and\nCVE-2016-0799; and Juraj Somorovsky as the original reporter of\nCVE-2016-2107.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:0722\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-0799\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2105\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2106\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2107\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2108\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2109\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2842\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/03/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:0722\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"openssl-1.0.1e-51.el7_2.5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"openssl-1.0.1e-51.el7_2.5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"openssl-debuginfo-1.0.1e-51.el7_2.5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"openssl-devel-1.0.1e-51.el7_2.5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"openssl-libs-1.0.1e-51.el7_2.5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"openssl-perl-1.0.1e-51.el7_2.5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"openssl-perl-1.0.1e-51.el7_2.5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"openssl-static-1.0.1e-51.el7_2.5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-debuginfo / openssl-devel / openssl-libs / etc\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:49:14", "description": "Security Fix(es) :\n\n - A flaw was found in the way OpenSSL encoded certain\n ASN.1 data structures. An attacker could use this flaw\n to create a specially crafted certificate which, when\n verified or re-encoded by OpenSSL, could cause it to\n crash, or execute arbitrary code using the permissions\n of the user running an application compiled against the\n OpenSSL library. (CVE-2016-2108)\n\n - Two integer overflow flaws, leading to buffer overflows,\n were found in the way the EVP_EncodeUpdate() and\n EVP_EncryptUpdate() functions of OpenSSL parsed very\n large amounts of input data. A remote attacker could use\n these flaws to crash an application using OpenSSL or,\n possibly, execute arbitrary code with the permissions of\n the user running that application. (CVE-2016-2105,\n CVE-2016-2106)\n\n - It was discovered that OpenSSL leaked timing information\n when decrypting TLS/SSL and DTLS protocol encrypted\n records when the connection used the AES CBC cipher\n suite and the server supported AES-NI. A remote attacker\n could possibly use this flaw to retrieve plain text from\n encrypted packets by using a TLS/SSL or DTLS server as a\n padding oracle. (CVE-2016-2107)\n\n - Several flaws were found in the way BIO_*printf\n functions were implemented in OpenSSL. Applications\n which passed large amounts of untrusted data through\n these functions could crash or potentially execute code\n with the permissions of the user running such an\n application. (CVE-2016-0799, CVE-2016-2842)\n\n - A denial of service flaw was found in the way OpenSSL\n parsed certain ASN.1-encoded data from BIO (OpenSSL's\n I/O abstraction) inputs. An application using OpenSSL\n that accepts untrusted ASN.1 BIO input could be forced\n to allocate an excessive amount of data. (CVE-2016-2109)", "edition": 16, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-05-11T00:00:00", "title": "Scientific Linux Security Update : openssl on SL7.x x86_64 (20160509)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2108", "CVE-2016-0799", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2842", "CVE-2016-2106"], "modified": "2016-05-11T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:openssl-devel", "p-cpe:/a:fermilab:scientific_linux:openssl-debuginfo", "p-cpe:/a:fermilab:scientific_linux:openssl", "p-cpe:/a:fermilab:scientific_linux:openssl-perl", "x-cpe:/o:fermilab:scientific_linux", "p-cpe:/a:fermilab:scientific_linux:openssl-static", "p-cpe:/a:fermilab:scientific_linux:openssl-libs"], "id": "SL_20160509_OPENSSL_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/91041", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91041);\n script_version(\"2.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-0799\", \"CVE-2016-2105\", \"CVE-2016-2106\", \"CVE-2016-2107\", \"CVE-2016-2108\", \"CVE-2016-2109\", \"CVE-2016-2842\");\n\n script_name(english:\"Scientific Linux Security Update : openssl on SL7.x x86_64 (20160509)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - A flaw was found in the way OpenSSL encoded certain\n ASN.1 data structures. An attacker could use this flaw\n to create a specially crafted certificate which, when\n verified or re-encoded by OpenSSL, could cause it to\n crash, or execute arbitrary code using the permissions\n of the user running an application compiled against the\n OpenSSL library. (CVE-2016-2108)\n\n - Two integer overflow flaws, leading to buffer overflows,\n were found in the way the EVP_EncodeUpdate() and\n EVP_EncryptUpdate() functions of OpenSSL parsed very\n large amounts of input data. A remote attacker could use\n these flaws to crash an application using OpenSSL or,\n possibly, execute arbitrary code with the permissions of\n the user running that application. (CVE-2016-2105,\n CVE-2016-2106)\n\n - It was discovered that OpenSSL leaked timing information\n when decrypting TLS/SSL and DTLS protocol encrypted\n records when the connection used the AES CBC cipher\n suite and the server supported AES-NI. A remote attacker\n could possibly use this flaw to retrieve plain text from\n encrypted packets by using a TLS/SSL or DTLS server as a\n padding oracle. (CVE-2016-2107)\n\n - Several flaws were found in the way BIO_*printf\n functions were implemented in OpenSSL. Applications\n which passed large amounts of untrusted data through\n these functions could crash or potentially execute code\n with the permissions of the user running such an\n application. (CVE-2016-0799, CVE-2016-2842)\n\n - A denial of service flaw was found in the way OpenSSL\n parsed certain ASN.1-encoded data from BIO (OpenSSL's\n I/O abstraction) inputs. An application using OpenSSL\n that accepts untrusted ASN.1 BIO input could be forced\n to allocate an excessive amount of data. (CVE-2016-2109)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1605&L=scientific-linux-errata&F=&S=&P=778\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f2b821af\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/03/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"openssl-1.0.1e-51.el7_2.5\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"openssl-debuginfo-1.0.1e-51.el7_2.5\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"openssl-devel-1.0.1e-51.el7_2.5\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"openssl-libs-1.0.1e-51.el7_2.5\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"openssl-perl-1.0.1e-51.el7_2.5\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"openssl-static-1.0.1e-51.el7_2.5\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-debuginfo / openssl-devel / openssl-libs / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-03-01T05:37:52", "description": "An update for openssl is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL)\nand Transport Layer Security (TLS) protocols, as well as a\nfull-strength general-purpose cryptography library.\n\nSecurity Fix(es) :\n\n* A flaw was found in the way OpenSSL encoded certain ASN.1 data\nstructures. An attacker could use this flaw to create a specially\ncrafted certificate which, when verified or re-encoded by OpenSSL,\ncould cause it to crash, or execute arbitrary code using the\npermissions of the user running an application compiled against the\nOpenSSL library. (CVE-2016-2108)\n\n* Two integer overflow flaws, leading to buffer overflows, were found\nin the way the EVP_EncodeUpdate() and EVP_EncryptUpdate() functions of\nOpenSSL parsed very large amounts of input data. A remote attacker\ncould use these flaws to crash an application using OpenSSL or,\npossibly, execute arbitrary code with the permissions of the user\nrunning that application. (CVE-2016-2105, CVE-2016-2106)\n\n* It was discovered that OpenSSL leaked timing information when\ndecrypting TLS/SSL and DTLS protocol encrypted records when the\nconnection used the AES CBC cipher suite and the server supported\nAES-NI. A remote attacker could possibly use this flaw to retrieve\nplain text from encrypted packets by using a TLS/SSL or DTLS server as\na padding oracle. (CVE-2016-2107)\n\n* Several flaws were found in the way BIO_*printf functions were\nimplemented in OpenSSL. Applications which passed large amounts of\nuntrusted data through these functions could crash or potentially\nexecute code with the permissions of the user running such an\napplication. (CVE-2016-0799, CVE-2016-2842)\n\n* A denial of service flaw was found in the way OpenSSL parsed certain\nASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An\napplication using OpenSSL that accepts untrusted ASN.1 BIO input could\nbe forced to allocate an excessive amount of data. (CVE-2016-2109)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2016-2108, CVE-2016-2842, CVE-2016-2105, CVE-2016-2106,\nCVE-2016-2107, and CVE-2016-0799. Upstream acknowledges Huzaifa\nSidhpurwala (Red Hat), Hanno Bock, and David Benjamin (Google) as the\noriginal reporters of CVE-2016-2108; Guido Vranken as the original\nreporter of CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, and\nCVE-2016-0799; and Juraj Somorovsky as the original reporter of\nCVE-2016-2107.", "edition": 30, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-05-11T00:00:00", "title": "RHEL 6 : openssl (RHSA-2016:0996)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2108", "CVE-2016-0799", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2842", "CVE-2016-2106"], "modified": "2021-03-02T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:openssl-static", "p-cpe:/a:redhat:enterprise_linux:openssl-debuginfo", "p-cpe:/a:redhat:enterprise_linux:openssl-perl", "p-cpe:/a:redhat:enterprise_linux:openssl", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:openssl-devel"], "id": "REDHAT-RHSA-2016-0996.NASL", "href": "https://www.tenable.com/plugins/nessus/91037", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:0996. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91037);\n script_version(\"2.18\");\n script_cvs_date(\"Date: 2019/10/24 15:35:41\");\n\n script_cve_id(\"CVE-2016-0799\", \"CVE-2016-2105\", \"CVE-2016-2106\", \"CVE-2016-2107\", \"CVE-2016-2108\", \"CVE-2016-2109\", \"CVE-2016-2842\");\n script_xref(name:\"RHSA\", value:\"2016:0996\");\n\n script_name(english:\"RHEL 6 : openssl (RHSA-2016:0996)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for openssl is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL)\nand Transport Layer Security (TLS) protocols, as well as a\nfull-strength general-purpose cryptography library.\n\nSecurity Fix(es) :\n\n* A flaw was found in the way OpenSSL encoded certain ASN.1 data\nstructures. An attacker could use this flaw to create a specially\ncrafted certificate which, when verified or re-encoded by OpenSSL,\ncould cause it to crash, or execute arbitrary code using the\npermissions of the user running an application compiled against the\nOpenSSL library. (CVE-2016-2108)\n\n* Two integer overflow flaws, leading to buffer overflows, were found\nin the way the EVP_EncodeUpdate() and EVP_EncryptUpdate() functions of\nOpenSSL parsed very large amounts of input data. A remote attacker\ncould use these flaws to crash an application using OpenSSL or,\npossibly, execute arbitrary code with the permissions of the user\nrunning that application. (CVE-2016-2105, CVE-2016-2106)\n\n* It was discovered that OpenSSL leaked timing information when\ndecrypting TLS/SSL and DTLS protocol encrypted records when the\nconnection used the AES CBC cipher suite and the server supported\nAES-NI. A remote attacker could possibly use this flaw to retrieve\nplain text from encrypted packets by using a TLS/SSL or DTLS server as\na padding oracle. (CVE-2016-2107)\n\n* Several flaws were found in the way BIO_*printf functions were\nimplemented in OpenSSL. Applications which passed large amounts of\nuntrusted data through these functions could crash or potentially\nexecute code with the permissions of the user running such an\napplication. (CVE-2016-0799, CVE-2016-2842)\n\n* A denial of service flaw was found in the way OpenSSL parsed certain\nASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An\napplication using OpenSSL that accepts untrusted ASN.1 BIO input could\nbe forced to allocate an excessive amount of data. (CVE-2016-2109)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2016-2108, CVE-2016-2842, CVE-2016-2105, CVE-2016-2106,\nCVE-2016-2107, and CVE-2016-0799. Upstream acknowledges Huzaifa\nSidhpurwala (Red Hat), Hanno Bock, and David Benjamin (Google) as the\noriginal reporters of CVE-2016-2108; Guido Vranken as the original\nreporter of CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, and\nCVE-2016-0799; and Juraj Somorovsky as the original reporter of\nCVE-2016-2107.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:0996\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-0799\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2105\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2106\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2107\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2108\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2109\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2842\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/03/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:0996\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"openssl-1.0.1e-48.el6_8.1\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"openssl-debuginfo-1.0.1e-48.el6_8.1\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"openssl-devel-1.0.1e-48.el6_8.1\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"openssl-perl-1.0.1e-48.el6_8.1\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"openssl-perl-1.0.1e-48.el6_8.1\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"openssl-perl-1.0.1e-48.el6_8.1\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"openssl-static-1.0.1e-48.el6_8.1\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"openssl-static-1.0.1e-48.el6_8.1\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"openssl-static-1.0.1e-48.el6_8.1\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-debuginfo / openssl-devel / openssl-perl / etc\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T09:30:36", "description": "An update for openssl is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL)\nand Transport Layer Security (TLS) protocols, as well as a\nfull-strength general-purpose cryptography library.\n\nSecurity Fix(es) :\n\n* A flaw was found in the way OpenSSL encoded certain ASN.1 data\nstructures. An attacker could use this flaw to create a specially\ncrafted certificate which, when verified or re-encoded by OpenSSL,\ncould cause it to crash, or execute arbitrary code using the\npermissions of the user running an application compiled against the\nOpenSSL library. (CVE-2016-2108)\n\n* Two integer overflow flaws, leading to buffer overflows, were found\nin the way the EVP_EncodeUpdate() and EVP_EncryptUpdate() functions of\nOpenSSL parsed very large amounts of input data. A remote attacker\ncould use these flaws to crash an application using OpenSSL or,\npossibly, execute arbitrary code with the permissions of the user\nrunning that application. (CVE-2016-2105, CVE-2016-2106)\n\n* It was discovered that OpenSSL leaked timing information when\ndecrypting TLS/SSL and DTLS protocol encrypted records when the\nconnection used the AES CBC cipher suite and the server supported\nAES-NI. A remote attacker could possibly use this flaw to retrieve\nplain text from encrypted packets by using a TLS/SSL or DTLS server as\na padding oracle. (CVE-2016-2107)\n\n* Several flaws were found in the way BIO_*printf functions were\nimplemented in OpenSSL. Applications which passed large amounts of\nuntrusted data through these functions could crash or potentially\nexecute code with the permissions of the user running such an\napplication. (CVE-2016-0799, CVE-2016-2842)\n\n* A denial of service flaw was found in the way OpenSSL parsed certain\nASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An\napplication using OpenSSL that accepts untrusted ASN.1 BIO input could\nbe forced to allocate an excessive amount of data. (CVE-2016-2109)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2016-2108, CVE-2016-2842, CVE-2016-2105, CVE-2016-2106,\nCVE-2016-2107, and CVE-2016-0799. Upstream acknowledges Huzaifa\nSidhpurwala (Red Hat), Hanno Bock, and David Benjamin (Google) as the\noriginal reporters of CVE-2016-2108; Guido Vranken as the original\nreporter of CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, and\nCVE-2016-0799; and Juraj Somorovsky as the original reporter of\nCVE-2016-2107.", "edition": 30, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-05-11T00:00:00", "title": "CentOS 7 : openssl (CESA-2016:0722)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2108", "CVE-2016-0799", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2842", "CVE-2016-2106"], "modified": "2016-05-11T00:00:00", "cpe": ["p-cpe:/a:centos:centos:openssl-perl", "p-cpe:/a:centos:centos:openssl-devel", "p-cpe:/a:centos:centos:openssl-libs", "cpe:/o:centos:centos:7", "p-cpe:/a:centos:centos:openssl", "p-cpe:/a:centos:centos:openssl-static"], "id": "CENTOS_RHSA-2016-0722.NASL", "href": "https://www.tenable.com/plugins/nessus/91017", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:0722 and \n# CentOS Errata and Security Advisory 2016:0722 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91017);\n script_version(\"2.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-0799\", \"CVE-2016-2105\", \"CVE-2016-2106\", \"CVE-2016-2107\", \"CVE-2016-2108\", \"CVE-2016-2109\", \"CVE-2016-2842\");\n script_xref(name:\"RHSA\", value:\"2016:0722\");\n\n script_name(english:\"CentOS 7 : openssl (CESA-2016:0722)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for openssl is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL)\nand Transport Layer Security (TLS) protocols, as well as a\nfull-strength general-purpose cryptography library.\n\nSecurity Fix(es) :\n\n* A flaw was found in the way OpenSSL encoded certain ASN.1 data\nstructures. An attacker could use this flaw to create a specially\ncrafted certificate which, when verified or re-encoded by OpenSSL,\ncould cause it to crash, or execute arbitrary code using the\npermissions of the user running an application compiled against the\nOpenSSL library. (CVE-2016-2108)\n\n* Two integer overflow flaws, leading to buffer overflows, were found\nin the way the EVP_EncodeUpdate() and EVP_EncryptUpdate() functions of\nOpenSSL parsed very large amounts of input data. A remote attacker\ncould use these flaws to crash an application using OpenSSL or,\npossibly, execute arbitrary code with the permissions of the user\nrunning that application. (CVE-2016-2105, CVE-2016-2106)\n\n* It was discovered that OpenSSL leaked timing information when\ndecrypting TLS/SSL and DTLS protocol encrypted records when the\nconnection used the AES CBC cipher suite and the server supported\nAES-NI. A remote attacker could possibly use this flaw to retrieve\nplain text from encrypted packets by using a TLS/SSL or DTLS server as\na padding oracle. (CVE-2016-2107)\n\n* Several flaws were found in the way BIO_*printf functions were\nimplemented in OpenSSL. Applications which passed large amounts of\nuntrusted data through these functions could crash or potentially\nexecute code with the permissions of the user running such an\napplication. (CVE-2016-0799, CVE-2016-2842)\n\n* A denial of service flaw was found in the way OpenSSL parsed certain\nASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An\napplication using OpenSSL that accepts untrusted ASN.1 BIO input could\nbe forced to allocate an excessive amount of data. (CVE-2016-2109)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2016-2108, CVE-2016-2842, CVE-2016-2105, CVE-2016-2106,\nCVE-2016-2107, and CVE-2016-0799. Upstream acknowledges Huzaifa\nSidhpurwala (Red Hat), Hanno Bock, and David Benjamin (Google) as the\noriginal reporters of CVE-2016-2108; Guido Vranken as the original\nreporter of CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, and\nCVE-2016-0799; and Juraj Somorovsky as the original reporter of\nCVE-2016-2107.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2016-May/021860.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a8963b97\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-0799\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/03/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"openssl-1.0.1e-51.el7_2.5\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"openssl-devel-1.0.1e-51.el7_2.5\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"openssl-libs-1.0.1e-51.el7_2.5\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"openssl-perl-1.0.1e-51.el7_2.5\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"openssl-static-1.0.1e-51.el7_2.5\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-devel / openssl-libs / openssl-perl / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T12:50:40", "description": "From Red Hat Security Advisory 2016:0996 :\n\nAn update for openssl is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL)\nand Transport Layer Security (TLS) protocols, as well as a\nfull-strength general-purpose cryptography library.\n\nSecurity Fix(es) :\n\n* A flaw was found in the way OpenSSL encoded certain ASN.1 data\nstructures. An attacker could use this flaw to create a specially\ncrafted certificate which, when verified or re-encoded by OpenSSL,\ncould cause it to crash, or execute arbitrary code using the\npermissions of the user running an application compiled against the\nOpenSSL library. (CVE-2016-2108)\n\n* Two integer overflow flaws, leading to buffer overflows, were found\nin the way the EVP_EncodeUpdate() and EVP_EncryptUpdate() functions of\nOpenSSL parsed very large amounts of input data. A remote attacker\ncould use these flaws to crash an application using OpenSSL or,\npossibly, execute arbitrary code with the permissions of the user\nrunning that application. (CVE-2016-2105, CVE-2016-2106)\n\n* It was discovered that OpenSSL leaked timing information when\ndecrypting TLS/SSL and DTLS protocol encrypted records when the\nconnection used the AES CBC cipher suite and the server supported\nAES-NI. A remote attacker could possibly use this flaw to retrieve\nplain text from encrypted packets by using a TLS/SSL or DTLS server as\na padding oracle. (CVE-2016-2107)\n\n* Several flaws were found in the way BIO_*printf functions were\nimplemented in OpenSSL. Applications which passed large amounts of\nuntrusted data through these functions could crash or potentially\nexecute code with the permissions of the user running such an\napplication. (CVE-2016-0799, CVE-2016-2842)\n\n* A denial of service flaw was found in the way OpenSSL parsed certain\nASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An\napplication using OpenSSL that accepts untrusted ASN.1 BIO input could\nbe forced to allocate an excessive amount of data. (CVE-2016-2109)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2016-2108, CVE-2016-2842, CVE-2016-2105, CVE-2016-2106,\nCVE-2016-2107, and CVE-2016-0799. Upstream acknowledges Huzaifa\nSidhpurwala (Red Hat), Hanno Bock, and David Benjamin (Google) as the\noriginal reporters of CVE-2016-2108; Guido Vranken as the original\nreporter of CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, and\nCVE-2016-0799; and Juraj Somorovsky as the original reporter of\nCVE-2016-2107.", "edition": 27, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-05-16T00:00:00", "title": "Oracle Linux 6 : openssl (ELSA-2016-0996)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2108", "CVE-2016-0799", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2842", "CVE-2016-2106"], "modified": "2016-05-16T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:openssl-devel", "p-cpe:/a:oracle:linux:openssl", "p-cpe:/a:oracle:linux:openssl-static", "p-cpe:/a:oracle:linux:openssl-perl"], "id": "ORACLELINUX_ELSA-2016-0996.NASL", "href": "https://www.tenable.com/plugins/nessus/91152", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2016:0996 and \n# Oracle Linux Security Advisory ELSA-2016-0996 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91152);\n script_version(\"2.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-0799\", \"CVE-2016-2105\", \"CVE-2016-2106\", \"CVE-2016-2107\", \"CVE-2016-2108\", \"CVE-2016-2109\", \"CVE-2016-2842\");\n script_xref(name:\"RHSA\", value:\"2016:0996\");\n\n script_name(english:\"Oracle Linux 6 : openssl (ELSA-2016-0996)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2016:0996 :\n\nAn update for openssl is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL)\nand Transport Layer Security (TLS) protocols, as well as a\nfull-strength general-purpose cryptography library.\n\nSecurity Fix(es) :\n\n* A flaw was found in the way OpenSSL encoded certain ASN.1 data\nstructures. An attacker could use this flaw to create a specially\ncrafted certificate which, when verified or re-encoded by OpenSSL,\ncould cause it to crash, or execute arbitrary code using the\npermissions of the user running an application compiled against the\nOpenSSL library. (CVE-2016-2108)\n\n* Two integer overflow flaws, leading to buffer overflows, were found\nin the way the EVP_EncodeUpdate() and EVP_EncryptUpdate() functions of\nOpenSSL parsed very large amounts of input data. A remote attacker\ncould use these flaws to crash an application using OpenSSL or,\npossibly, execute arbitrary code with the permissions of the user\nrunning that application. (CVE-2016-2105, CVE-2016-2106)\n\n* It was discovered that OpenSSL leaked timing information when\ndecrypting TLS/SSL and DTLS protocol encrypted records when the\nconnection used the AES CBC cipher suite and the server supported\nAES-NI. A remote attacker could possibly use this flaw to retrieve\nplain text from encrypted packets by using a TLS/SSL or DTLS server as\na padding oracle. (CVE-2016-2107)\n\n* Several flaws were found in the way BIO_*printf functions were\nimplemented in OpenSSL. Applications which passed large amounts of\nuntrusted data through these functions could crash or potentially\nexecute code with the permissions of the user running such an\napplication. (CVE-2016-0799, CVE-2016-2842)\n\n* A denial of service flaw was found in the way OpenSSL parsed certain\nASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An\napplication using OpenSSL that accepts untrusted ASN.1 BIO input could\nbe forced to allocate an excessive amount of data. (CVE-2016-2109)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2016-2108, CVE-2016-2842, CVE-2016-2105, CVE-2016-2106,\nCVE-2016-2107, and CVE-2016-0799. Upstream acknowledges Huzaifa\nSidhpurwala (Red Hat), Hanno Bock, and David Benjamin (Google) as the\noriginal reporters of CVE-2016-2108; Guido Vranken as the original\nreporter of CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, and\nCVE-2016-0799; and Juraj Somorovsky as the original reporter of\nCVE-2016-2107.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2016-May/006053.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/03/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"openssl-1.0.1e-48.el6_8.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"openssl-devel-1.0.1e-48.el6_8.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"openssl-perl-1.0.1e-48.el6_8.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"openssl-static-1.0.1e-48.el6_8.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-devel / openssl-perl / openssl-static\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T09:30:38", "description": "An update for openssl is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL)\nand Transport Layer Security (TLS) protocols, as well as a\nfull-strength general-purpose cryptography library.\n\nSecurity Fix(es) :\n\n* A flaw was found in the way OpenSSL encoded certain ASN.1 data\nstructures. An attacker could use this flaw to create a specially\ncrafted certificate which, when verified or re-encoded by OpenSSL,\ncould cause it to crash, or execute arbitrary code using the\npermissions of the user running an application compiled against the\nOpenSSL library. (CVE-2016-2108)\n\n* Two integer overflow flaws, leading to buffer overflows, were found\nin the way the EVP_EncodeUpdate() and EVP_EncryptUpdate() functions of\nOpenSSL parsed very large amounts of input data. A remote attacker\ncould use these flaws to crash an application using OpenSSL or,\npossibly, execute arbitrary code with the permissions of the user\nrunning that application. (CVE-2016-2105, CVE-2016-2106)\n\n* It was discovered that OpenSSL leaked timing information when\ndecrypting TLS/SSL and DTLS protocol encrypted records when the\nconnection used the AES CBC cipher suite and the server supported\nAES-NI. A remote attacker could possibly use this flaw to retrieve\nplain text from encrypted packets by using a TLS/SSL or DTLS server as\na padding oracle. (CVE-2016-2107)\n\n* Several flaws were found in the way BIO_*printf functions were\nimplemented in OpenSSL. Applications which passed large amounts of\nuntrusted data through these functions could crash or potentially\nexecute code with the permissions of the user running such an\napplication. (CVE-2016-0799, CVE-2016-2842)\n\n* A denial of service flaw was found in the way OpenSSL parsed certain\nASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An\napplication using OpenSSL that accepts untrusted ASN.1 BIO input could\nbe forced to allocate an excessive amount of data. (CVE-2016-2109)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2016-2108, CVE-2016-2842, CVE-2016-2105, CVE-2016-2106,\nCVE-2016-2107, and CVE-2016-0799. Upstream acknowledges Huzaifa\nSidhpurwala (Red Hat), Hanno B\u00c3\u00b6ck, and David Benjamin (Google) as the\noriginal reporters of CVE-2016-2108; Guido Vranken as the original\nreporter of CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, and\nCVE-2016-0799; and Juraj Somorovsky as the original reporter of\nCVE-2016-2107.", "edition": 25, "published": "2016-05-17T00:00:00", "title": "CentOS 6 : openssl (CESA-2016:0996)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2108", "CVE-2016-0799", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2842", "CVE-2016-2106"], "modified": "2016-05-17T00:00:00", "cpe": ["p-cpe:/a:centos:centos:openssl-perl", "p-cpe:/a:centos:centos:openssl-devel", "cpe:/o:centos:centos:6", "p-cpe:/a:centos:centos:openssl", "p-cpe:/a:centos:centos:openssl-static"], "id": "CENTOS_RHSA-2016-0996.NASL", "href": "https://www.tenable.com/plugins/nessus/91171", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:0996 and \n# CentOS Errata and Security Advisory 2016:0996 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91171);\n script_version(\"2.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-0799\", \"CVE-2016-2105\", \"CVE-2016-2106\", \"CVE-2016-2107\", \"CVE-2016-2108\", \"CVE-2016-2109\", \"CVE-2016-2842\");\n script_xref(name:\"RHSA\", value:\"2016:0996\");\n\n script_name(english:\"CentOS 6 : openssl (CESA-2016:0996)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for openssl is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL)\nand Transport Layer Security (TLS) protocols, as well as a\nfull-strength general-purpose cryptography library.\n\nSecurity Fix(es) :\n\n* A flaw was found in the way OpenSSL encoded certain ASN.1 data\nstructures. An attacker could use this flaw to create a specially\ncrafted certificate which, when verified or re-encoded by OpenSSL,\ncould cause it to crash, or execute arbitrary code using the\npermissions of the user running an application compiled against the\nOpenSSL library. (CVE-2016-2108)\n\n* Two integer overflow flaws, leading to buffer overflows, were found\nin the way the EVP_EncodeUpdate() and EVP_EncryptUpdate() functions of\nOpenSSL parsed very large amounts of input data. A remote attacker\ncould use these flaws to crash an application using OpenSSL or,\npossibly, execute arbitrary code with the permissions of the user\nrunning that application. (CVE-2016-2105, CVE-2016-2106)\n\n* It was discovered that OpenSSL leaked timing information when\ndecrypting TLS/SSL and DTLS protocol encrypted records when the\nconnection used the AES CBC cipher suite and the server supported\nAES-NI. A remote attacker could possibly use this flaw to retrieve\nplain text from encrypted packets by using a TLS/SSL or DTLS server as\na padding oracle. (CVE-2016-2107)\n\n* Several flaws were found in the way BIO_*printf functions were\nimplemented in OpenSSL. Applications which passed large amounts of\nuntrusted data through these functions could crash or potentially\nexecute code with the permissions of the user running such an\napplication. (CVE-2016-0799, CVE-2016-2842)\n\n* A denial of service flaw was found in the way OpenSSL parsed certain\nASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An\napplication using OpenSSL that accepts untrusted ASN.1 BIO input could\nbe forced to allocate an excessive amount of data. (CVE-2016-2109)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2016-2108, CVE-2016-2842, CVE-2016-2105, CVE-2016-2106,\nCVE-2016-2107, and CVE-2016-0799. Upstream acknowledges Huzaifa\nSidhpurwala (Red Hat), Hanno B\u00c3\u00b6ck, and David Benjamin (Google) as the\noriginal reporters of CVE-2016-2108; Guido Vranken as the original\nreporter of CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, and\nCVE-2016-0799; and Juraj Somorovsky as the original reporter of\nCVE-2016-2107.\"\n );\n # http://lists.centos.org/pipermail/centos-cr-announce/2016-May/003097.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b86a0c1f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n# Temporarily disabled\nexit(0);\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"openssl-1.0.1e-48.el6_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"openssl-devel-1.0.1e-48.el6_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"openssl-perl-1.0.1e-48.el6_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"openssl-static-1.0.1e-48.el6_8.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-03-01T05:38:18", "description": "An update for openssl is now available for Red Hat Enterprise Linux\n6.7 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL)\nand Transport Layer Security (TLS) protocols, as well as a\nfull-strength general-purpose cryptography library.\n\nSecurity Fix(es) :\n\n* A flaw was found in the way OpenSSL encoded certain ASN.1 data\nstructures. An attacker could use this flaw to create a specially\ncrafted certificate which, when verified or re-encoded by OpenSSL,\ncould cause it to crash, or execute arbitrary code using the\npermissions of the user running an application compiled against the\nOpenSSL library. (CVE-2016-2108)\n\n* Two integer overflow flaws, leading to buffer overflows, were found\nin the way the EVP_EncodeUpdate() and EVP_EncryptUpdate() functions of\nOpenSSL parsed very large amounts of input data. A remote attacker\ncould use these flaws to crash an application using OpenSSL or,\npossibly, execute arbitrary code with the permissions of the user\nrunning that application. (CVE-2016-2105, CVE-2016-2106)\n\n* It was discovered that OpenSSL leaked timing information when\ndecrypting TLS/SSL and DTLS protocol encrypted records when the\nconnection used the AES CBC cipher suite and the server supported\nAES-NI. A remote attacker could possibly use this flaw to retrieve\nplain text from encrypted packets by using a TLS/SSL or DTLS server as\na padding oracle. (CVE-2016-2107)\n\n* Several flaws were found in the way BIO_*printf functions were\nimplemented in OpenSSL. Applications which passed large amounts of\nuntrusted data through these functions could crash or potentially\nexecute code with the permissions of the user running such an\napplication. (CVE-2016-0799, CVE-2016-2842)\n\n* A denial of service flaw was found in the way OpenSSL parsed certain\nASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An\napplication using OpenSSL that accepts untrusted ASN.1 BIO input could\nbe forced to allocate an excessive amount of data. (CVE-2016-2109)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2016-2108, CVE-2016-2842, CVE-2016-2105, CVE-2016-2106,\nCVE-2016-2107, and CVE-2016-0799. Upstream acknowledges Huzaifa\nSidhpurwala (Red Hat), Hanno Bock, and David Benjamin (Google) as the\noriginal reporters of CVE-2016-2108; Guido Vranken as the original\nreporter of CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, and\nCVE-2016-0799; and Juraj Somorovsky as the original reporter of\nCVE-2016-2107.", "edition": 30, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-10-18T00:00:00", "title": "RHEL 6 : openssl (RHSA-2016:2073)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2108", "CVE-2016-0799", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2842", "CVE-2016-2106"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:6.7", "p-cpe:/a:redhat:enterprise_linux:openssl-static", "p-cpe:/a:redhat:enterprise_linux:openssl-debuginfo", "p-cpe:/a:redhat:enterprise_linux:openssl-perl", "p-cpe:/a:redhat:enterprise_linux:openssl", "p-cpe:/a:redhat:enterprise_linux:openssl-devel"], "id": "REDHAT-RHSA-2016-2073.NASL", "href": "https://www.tenable.com/plugins/nessus/94105", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:2073. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(94105);\n script_version(\"2.9\");\n script_cvs_date(\"Date: 2019/10/24 15:35:42\");\n\n script_cve_id(\"CVE-2016-0799\", \"CVE-2016-2105\", \"CVE-2016-2106\", \"CVE-2016-2107\", \"CVE-2016-2108\", \"CVE-2016-2109\", \"CVE-2016-2842\");\n script_xref(name:\"RHSA\", value:\"2016:2073\");\n\n script_name(english:\"RHEL 6 : openssl (RHSA-2016:2073)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for openssl is now available for Red Hat Enterprise Linux\n6.7 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL)\nand Transport Layer Security (TLS) protocols, as well as a\nfull-strength general-purpose cryptography library.\n\nSecurity Fix(es) :\n\n* A flaw was found in the way OpenSSL encoded certain ASN.1 data\nstructures. An attacker could use this flaw to create a specially\ncrafted certificate which, when verified or re-encoded by OpenSSL,\ncould cause it to crash, or execute arbitrary code using the\npermissions of the user running an application compiled against the\nOpenSSL library. (CVE-2016-2108)\n\n* Two integer overflow flaws, leading to buffer overflows, were found\nin the way the EVP_EncodeUpdate() and EVP_EncryptUpdate() functions of\nOpenSSL parsed very large amounts of input data. A remote attacker\ncould use these flaws to crash an application using OpenSSL or,\npossibly, execute arbitrary code with the permissions of the user\nrunning that application. (CVE-2016-2105, CVE-2016-2106)\n\n* It was discovered that OpenSSL leaked timing information when\ndecrypting TLS/SSL and DTLS protocol encrypted records when the\nconnection used the AES CBC cipher suite and the server supported\nAES-NI. A remote attacker could possibly use this flaw to retrieve\nplain text from encrypted packets by using a TLS/SSL or DTLS server as\na padding oracle. (CVE-2016-2107)\n\n* Several flaws were found in the way BIO_*printf functions were\nimplemented in OpenSSL. Applications which passed large amounts of\nuntrusted data through these functions could crash or potentially\nexecute code with the permissions of the user running such an\napplication. (CVE-2016-0799, CVE-2016-2842)\n\n* A denial of service flaw was found in the way OpenSSL parsed certain\nASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An\napplication using OpenSSL that accepts untrusted ASN.1 BIO input could\nbe forced to allocate an excessive amount of data. (CVE-2016-2109)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2016-2108, CVE-2016-2842, CVE-2016-2105, CVE-2016-2106,\nCVE-2016-2107, and CVE-2016-0799. Upstream acknowledges Huzaifa\nSidhpurwala (Red Hat), Hanno Bock, and David Benjamin (Google) as the\noriginal reporters of CVE-2016-2108; Guido Vranken as the original\nreporter of CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, and\nCVE-2016-0799; and Juraj Somorovsky as the original reporter of\nCVE-2016-2107.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:2073\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-0799\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2105\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2106\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2107\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2108\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2109\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2842\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/03/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6\\.7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.7\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:2073\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", reference:\"openssl-1.0.1e-42.el6_7.5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", reference:\"openssl-debuginfo-1.0.1e-42.el6_7.5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", reference:\"openssl-devel-1.0.1e-42.el6_7.5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"i686\", reference:\"openssl-perl-1.0.1e-42.el6_7.5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"s390x\", reference:\"openssl-perl-1.0.1e-42.el6_7.5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"x86_64\", reference:\"openssl-perl-1.0.1e-42.el6_7.5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"i686\", reference:\"openssl-static-1.0.1e-42.el6_7.5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"s390x\", reference:\"openssl-static-1.0.1e-42.el6_7.5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"x86_64\", reference:\"openssl-static-1.0.1e-42.el6_7.5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-debuginfo / openssl-devel / openssl-perl / etc\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-03-01T07:30:52", "description": "Huzaifa Sidhpurwala, Hanno Bock, and David Benjamin discovered that\nOpenSSL incorrectly handled memory when decoding ASN.1 structures. A\nremote attacker could use this issue to cause OpenSSL to crash,\nresulting in a denial of service, or possibly execute arbitrary code.\n(CVE-2016-2108)\n\nJuraj Somorovsky discovered that OpenSSL incorrectly performed padding\nwhen the connection uses the AES CBC cipher and the server supports\nAES-NI. A remote attacker could possibly use this issue to perform a\npadding oracle attack and decrypt traffic. (CVE-2016-2107)\n\nGuido Vranken discovered that OpenSSL incorrectly handled large\namounts of input data to the EVP_EncodeUpdate() function. A remote\nattacker could use this issue to cause OpenSSL to crash, resulting in\na denial of service, or possibly execute arbitrary code.\n(CVE-2016-2105)\n\nGuido Vranken discovered that OpenSSL incorrectly handled large\namounts of input data to the EVP_EncryptUpdate() function. A remote\nattacker could use this issue to cause OpenSSL to crash, resulting in\na denial of service, or possibly execute arbitrary code.\n(CVE-2016-2106)\n\nBrian Carpenter discovered that OpenSSL incorrectly handled memory\nwhen ASN.1 data is read from a BIO. A remote attacker could possibly\nuse this issue to cause memory consumption, resulting in a denial of\nservice. (CVE-2016-2109)\n\nAs a security improvement, this update also modifies OpenSSL behaviour\nto reject DH key sizes below 1024 bits, preventing a possible\ndowngrade attack.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 28, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-05-04T00:00:00", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 15.10 / 16.04 LTS : openssl vulnerabilities (USN-2959-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2108", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2106"], "modified": "2021-03-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libssl1.0.0", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:15.10", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-2959-1.NASL", "href": "https://www.tenable.com/plugins/nessus/90887", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2959-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90887);\n script_version(\"2.18\");\n script_cvs_date(\"Date: 2019/09/18 12:31:45\");\n\n script_cve_id(\"CVE-2016-2105\", \"CVE-2016-2106\", \"CVE-2016-2107\", \"CVE-2016-2108\", \"CVE-2016-2109\");\n script_xref(name:\"USN\", value:\"2959-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 15.10 / 16.04 LTS : openssl vulnerabilities (USN-2959-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Huzaifa Sidhpurwala, Hanno Bock, and David Benjamin discovered that\nOpenSSL incorrectly handled memory when decoding ASN.1 structures. A\nremote attacker could use this issue to cause OpenSSL to crash,\nresulting in a denial of service, or possibly execute arbitrary code.\n(CVE-2016-2108)\n\nJuraj Somorovsky discovered that OpenSSL incorrectly performed padding\nwhen the connection uses the AES CBC cipher and the server supports\nAES-NI. A remote attacker could possibly use this issue to perform a\npadding oracle attack and decrypt traffic. (CVE-2016-2107)\n\nGuido Vranken discovered that OpenSSL incorrectly handled large\namounts of input data to the EVP_EncodeUpdate() function. A remote\nattacker could use this issue to cause OpenSSL to crash, resulting in\na denial of service, or possibly execute arbitrary code.\n(CVE-2016-2105)\n\nGuido Vranken discovered that OpenSSL incorrectly handled large\namounts of input data to the EVP_EncryptUpdate() function. A remote\nattacker could use this issue to cause OpenSSL to crash, resulting in\na denial of service, or possibly execute arbitrary code.\n(CVE-2016-2106)\n\nBrian Carpenter discovered that OpenSSL incorrectly handled memory\nwhen ASN.1 data is read from a BIO. A remote attacker could possibly\nuse this issue to cause memory consumption, resulting in a denial of\nservice. (CVE-2016-2109)\n\nAs a security improvement, this update also modifies OpenSSL behaviour\nto reject DH key sizes below 1024 bits, preventing a possible\ndowngrade attack.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2959-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libssl1.0.0 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libssl1.0.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:15.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04|14\\.04|15\\.10|16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 15.10 / 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libssl1.0.0\", pkgver:\"1.0.1-4ubuntu5.36\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libssl1.0.0\", pkgver:\"1.0.1f-1ubuntu2.19\")) flag++;\nif (ubuntu_check(osver:\"15.10\", pkgname:\"libssl1.0.0\", pkgver:\"1.0.2d-0ubuntu1.5\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libssl1.0.0\", pkgver:\"1.0.2g-1ubuntu4.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libssl1.0.0\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-05-29T18:35:34", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2108", "CVE-2016-0799", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2842", "CVE-2016-2106"], "description": "Oracle Linux Local Security Checks ELSA-2016-0722", "modified": "2019-03-14T00:00:00", "published": "2016-05-09T00:00:00", "id": "OPENVAS:1361412562310122924", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122924", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2016-0722", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2016-0722.nasl 14180 2019-03-14 12:29:16Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.fi>\n#\n# Copyright:\n# Copyright (c) 2016 Eero Volotinen, http://solinor.fi\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122924\");\n script_version(\"$Revision: 14180 $\");\n script_tag(name:\"creation_date\", value:\"2016-05-09 14:24:42 +0300 (Mon, 09 May 2016)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-14 13:29:16 +0100 (Thu, 14 Mar 2019) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2016-0722\");\n script_tag(name:\"insight\", value:\"ELSA-2016-0722 - openssl security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2016-0722\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2016-0722.html\");\n script_cve_id(\"CVE-2016-0799\", \"CVE-2016-2105\", \"CVE-2016-2107\", \"CVE-2016-2842\", \"CVE-2016-2106\", \"CVE-2016-2108\", \"CVE-2016-2109\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux7\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1e~51.el7_2.5\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.1e~51.el7_2.5\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-libs\", rpm:\"openssl-libs~1.0.1e~51.el7_2.5\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-perl\", rpm:\"openssl-perl~1.0.1e~51.el7_2.5\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-static\", rpm:\"openssl-static~1.0.1e~51.el7_2.5\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:55", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2108", "CVE-2016-0799", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2842", "CVE-2016-2106"], "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2016-05-10T00:00:00", "id": "OPENVAS:1361412562310871610", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871610", "type": "openvas", "title": "RedHat Update for openssl RHSA-2016:0722-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for openssl RHSA-2016:0722-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871610\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-05-10 05:19:08 +0200 (Tue, 10 May 2016)\");\n script_cve_id(\"CVE-2016-0799\", \"CVE-2016-2105\", \"CVE-2016-2106\", \"CVE-2016-2107\",\n \"CVE-2016-2108\", \"CVE-2016-2109\", \"CVE-2016-2842\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for openssl RHSA-2016:0722-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"OpenSSL is a toolkit that implements the\nSecure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as\na full-strength general-purpose cryptography library.\n\nSecurity Fix(es):\n\n * A flaw was found in the way OpenSSL encoded certain ASN.1 data\nstructures. An attacker could use this flaw to create a specially crafted\ncertificate which, when verified or re-encoded by OpenSSL, could cause it\nto crash, or execute arbitrary code using the permissions of the user\nrunning an application compiled against the OpenSSL library.\n(CVE-2016-2108)\n\n * Two integer overflow flaws, leading to buffer overflows, were found in\nthe way the EVP_EncodeUpdate() and EVP_EncryptUpdate() functions of OpenSSL\nparsed very large amounts of input data. A remote attacker could use these\nflaws to crash an application using OpenSSL or, possibly, execute arbitrary\ncode with the permissions of the user running that application.\n(CVE-2016-2105, CVE-2016-2106)\n\n * It was discovered that OpenSSL leaked timing information when decrypting\nTLS/SSL and DTLS protocol encrypted records when the connection used the\nAES CBC cipher suite and the server supported AES-NI. A remote attacker\ncould possibly use this flaw to retrieve plain text from encrypted packets\nby using a TLS/SSL or DTLS server as a padding oracle. (CVE-2016-2107)\n\n * Several flaws were found in the way BIO_*printf functions were\nimplemented in OpenSSL. Applications which passed large amounts of\nuntrusted data through these functions could crash or potentially execute\ncode with the permissions of the user running such an application.\n(CVE-2016-0799, CVE-2016-2842)\n\n * A denial of service flaw was found in the way OpenSSL parsed certain\nASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An\napplication using OpenSSL that accepts untrusted ASN.1 BIO input could be\nforced to allocate an excessive amount of data. (CVE-2016-2109)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2016-2108, CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107,\nand CVE-2016-0799. Upstream acknowledges Huzaifa Sidhpurwala (Red Hat),\nHanno Bock, and David Benjamin (Google) as the original reporters of\nCVE-2016-2108 Guido Vranken as the original reporter of CVE-2016-2842,\nCVE-2016-2105, CVE-2016-2106, and CVE-2016-0799 and Juraj Somorovsky as\nthe original reporter of CVE-2016-2107.\");\n script_tag(name:\"affected\", value:\"openssl on Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2016:0722-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2016-May/msg00008.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_7\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1e~51.el7_2.5\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-debuginfo\", rpm:\"openssl-debuginfo~1.0.1e~51.el7_2.5\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.1e~51.el7_2.5\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-libs\", rpm:\"openssl-libs~1.0.1e~51.el7_2.5\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:19", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2108", "CVE-2016-0799", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2842", "CVE-2016-2106"], "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2016-05-11T00:00:00", "id": "OPENVAS:1361412562310871614", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871614", "type": "openvas", "title": "RedHat Update for openssl RHSA-2016:0996-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for openssl RHSA-2016:0996-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871614\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-05-11 05:23:21 +0200 (Wed, 11 May 2016)\");\n script_cve_id(\"CVE-2016-0799\", \"CVE-2016-2105\", \"CVE-2016-2106\", \"CVE-2016-2107\", \"CVE-2016-2108\", \"CVE-2016-2109\", \"CVE-2016-2842\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for openssl RHSA-2016:0996-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and\nTransport Layer Security (TLS) protocols, as well as a full-strength\ngeneral-purpose cryptography library.\n\nSecurity Fix(es):\n\n * A flaw was found in the way OpenSSL encoded certain ASN.1 data\nstructures. An attacker could use this flaw to create a specially crafted\ncertificate which, when verified or re-encoded by OpenSSL, could cause it\nto crash, or execute arbitrary code using the permissions of the user\nrunning an application compiled against the OpenSSL library.\n(CVE-2016-2108)\n\n * Two integer overflow flaws, leading to buffer overflows, were found in\nthe way the EVP_EncodeUpdate() and EVP_EncryptUpdate() functions of OpenSSL\nparsed very large amounts of input data. A remote attacker could use these\nflaws to crash an application using OpenSSL or, possibly, execute arbitrary\ncode with the permissions of the user running that application.\n(CVE-2016-2105, CVE-2016-2106)\n\n * It was discovered that OpenSSL leaked timing information when decrypting\nTLS/SSL and DTLS protocol encrypted records when the connection used the\nAES CBC cipher suite and the server supported AES-NI. A remote attacker\ncould possibly use this flaw to retrieve plain text from encrypted packets\nby using a TLS/SSL or DTLS server as a padding oracle. (CVE-2016-2107)\n\n * Several flaws were found in the way BIO_*printf functions were\nimplemented in OpenSSL. Applications which passed large amounts of\nuntrusted data through these functions could crash or potentially execute\ncode with the permissions of the user running such an application.\n(CVE-2016-0799, CVE-2016-2842)\n\n * A denial of service flaw was found in the way OpenSSL parsed certain\nASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An\napplication using OpenSSL that accepts untrusted ASN.1 BIO input could be\nforced to allocate an excessive amount of data. (CVE-2016-2109)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2016-2108, CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107,\nand CVE-2016-0799. Upstream acknowledges Huzaifa Sidhpurwala (Red Hat),\nHanno Bock, and David Benjamin (Google) as the original reporters of\nCVE-2016-2108 Guido Vranken as the original reporter of CVE-2016-2842,\nCVE-2016-2105, CVE-2016-2106, and CVE-2016-0799 and Juraj Somorovsky as\nthe original reporter of CVE-2016-2107.\");\n script_tag(name:\"affected\", value:\"openssl on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2016:0996-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2016-May/msg00017.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1e~48.el6_8.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-debuginfo\", rpm:\"openssl-debuginfo~1.0.1e~48.el6_8.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.1e~48.el6_8.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:32", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2108", "CVE-2016-0799", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2842", "CVE-2016-2106"], "description": "Check the version of openssl", "modified": "2019-03-08T00:00:00", "published": "2016-05-10T00:00:00", "id": "OPENVAS:1361412562310882486", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882486", "type": "openvas", "title": "CentOS Update for openssl CESA-2016:0722 centos7", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for openssl CESA-2016:0722 centos7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882486\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-05-10 05:19:51 +0200 (Tue, 10 May 2016)\");\n script_cve_id(\"CVE-2016-0799\", \"CVE-2016-2105\", \"CVE-2016-2106\", \"CVE-2016-2107\",\n \"CVE-2016-2108\", \"CVE-2016-2109\", \"CVE-2016-2842\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for openssl CESA-2016:0722 centos7\");\n script_tag(name:\"summary\", value:\"Check the version of openssl\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"OpenSSL is a toolkit that implements the\nSecure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols,\nas well as a full-strength general-purpose cryptography library.\n\nSecurity Fix(es):\n\n * A flaw was found in the way OpenSSL encoded certain ASN.1 data\nstructures. An attacker could use this flaw to create a specially crafted\ncertificate which, when verified or re-encoded by OpenSSL, could cause it\nto crash, or execute arbitrary code using the permissions of the user\nrunning an application compiled against the OpenSSL library.\n(CVE-2016-2108)\n\n * Two integer overflow flaws, leading to buffer overflows, were found in\nthe way the EVP_EncodeUpdate() and EVP_EncryptUpdate() functions of OpenSSL\nparsed very large amounts of input data. A remote attacker could use these\nflaws to crash an application using OpenSSL or, possibly, execute arbitrary\ncode with the permissions of the user running that application.\n(CVE-2016-2105, CVE-2016-2106)\n\n * It was discovered that OpenSSL leaked timing information when decrypting\nTLS/SSL and DTLS protocol encrypted records when the connection used the\nAES CBC cipher suite and the server supported AES-NI. A remote attacker\ncould possibly use this flaw to retrieve plain text from encrypted packets\nby using a TLS/SSL or DTLS server as a padding oracle. (CVE-2016-2107)\n\n * Several flaws were found in the way BIO_*printf functions were\nimplemented in OpenSSL. Applications which passed large amounts of\nuntrusted data through these functions could crash or potentially execute\ncode with the permissions of the user running such an application.\n(CVE-2016-0799, CVE-2016-2842)\n\n * A denial of service flaw was found in the way OpenSSL parsed certain\nASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An\napplication using OpenSSL that accepts untrusted ASN.1 BIO input could be\nforced to allocate an excessive amount of data. (CVE-2016-2109)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2016-2108, CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107,\nand CVE-2016-0799. Upstream acknowledges Huzaifa Sidhpurwala (Red Hat),\nHanno Bock, and David Benjamin (Google) as the original reporters of\nCVE-2016-2108 Guido Vranken as the original reporter of CVE-2016-2842,\nCVE-2016-2105, CVE-2016-2106, and CVE-2016-0799 and Juraj Somorovsky as\nthe original reporter of CVE-2016-2107.\");\n script_tag(name:\"affected\", value:\"openssl on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2016:0722\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2016-May/021860.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1e~51.el7_2.5\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.1e~51.el7_2.5\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-libs\", rpm:\"openssl-libs~1.0.1e~51.el7_2.5\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-perl\", rpm:\"openssl-perl~1.0.1e~51.el7_2.5\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-static\", rpm:\"openssl-static~1.0.1e~51.el7_2.5\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:36", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2108", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2106"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2016-05-04T00:00:00", "id": "OPENVAS:1361412562310842729", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842729", "type": "openvas", "title": "Ubuntu Update for openssl USN-2959-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for openssl USN-2959-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842729\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-05-04 05:19:55 +0200 (Wed, 04 May 2016)\");\n script_cve_id(\"CVE-2016-2108\", \"CVE-2016-2107\", \"CVE-2016-2105\", \"CVE-2016-2106\", \"CVE-2016-2109\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for openssl USN-2959-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Huzaifa Sidhpurwala, Hanno Bö ck, and\n David Benjamin discovered that OpenSSL incorrectly handled memory when decoding\n ASN.1 structures. A remote attacker could use this issue to cause OpenSSL to\n crash, resulting in a denial of service, or possibly execute arbitrary code.\n (CVE-2016-2108)\n\n Juraj Somorovsky discovered that OpenSSL incorrectly performed padding when\n the connection uses the AES CBC cipher and the server supports AES-NI. A\n remote attacker could possibly use this issue to perform a padding oracle\n attack and decrypt traffic. (CVE-2016-2107)\n\n Guido Vranken discovered that OpenSSL incorrectly handled large amounts of\n input data to the EVP_EncodeUpdate() function. A remote attacker could use\n this issue to cause OpenSSL to crash, resulting in a denial of service, or\n possibly execute arbitrary code. (CVE-2016-2105)\n\n Guido Vranken discovered that OpenSSL incorrectly handled large amounts of\n input data to the EVP_EncryptUpdate() function. A remote attacker could use\n this issue to cause OpenSSL to crash, resulting in a denial of service, or\n possibly execute arbitrary code. (CVE-2016-2106)\n\n Brian Carpenter discovered that OpenSSL incorrectly handled memory when\n ASN.1 data is read from a BIO. A remote attacker could possibly use this\n issue to cause memory consumption, resulting in a denial of service.\n (CVE-2016-2109)\n\n As a security improvement, this update also modifies OpenSSL behaviour to\n reject DH key sizes below 1024 bits, preventing a possible downgrade\n attack.\");\n script_tag(name:\"affected\", value:\"openssl on Ubuntu 15.10,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"2959-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2959-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|12\\.04 LTS|15\\.10)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl1.0.0:i386\", ver:\"1.0.1f-1ubuntu2.19\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libssl1.0.0:amd64\", ver:\"1.0.1f-1ubuntu2.19\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl1.0.0:i386\", ver:\"1.0.1-4ubuntu5.36\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libssl1.0.0:amd64\", ver:\"1.0.1-4ubuntu5.36\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU15.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl1.0.0:i386\", ver:\"1.0.2d-0ubuntu1.5\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libssl1.0.0:amd64\", ver:\"1.0.2d-0ubuntu1.5\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:39", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2108", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2106"], "description": "Several vulnerabilities were discovered\nin OpenSSL, a Secure Socket Layer toolkit.\n\nCVE-2016-2105\nGuido Vranken discovered that an overflow can occur in the function\nEVP_EncodeUpdate(), used for Base64 encoding, if an attacker can\nsupply a large amount of data. This could lead to a heap corruption.\n\nCVE-2016-2106\nGuido Vranken discovered that an overflow can occur in the function\nEVP_EncryptUpdate() if an attacker can supply a large amount of data.\nThis could lead to a heap corruption.\n\nCVE-2016-2107\nJuraj Somorovsky discovered a padding oracle in the AES CBC cipher\nimplementation based on the AES-NI instruction set. This could allow\nan attacker to decrypt TLS traffic encrypted with one of the cipher\nsuites based on AES CBC.\n\nCVE-2016-2108\nDavid Benjamin from Google discovered that two separate bugs in the\nASN.1 encoder, related to handling of negative zero integer values\nand large universal tags, could lead to an out-of-bounds write.\n\nCVE-2016-2109\nBrian Carpenter discovered that when ASN.1 data is read from a BIO\nusing functions such as d2i_CMS_bio(), a short invalid encoding can\ncause allocation of large amounts of memory potentially consuming\nexcessive resources or exhausting memory.", "modified": "2019-03-18T00:00:00", "published": "2016-05-03T00:00:00", "id": "OPENVAS:1361412562310703566", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703566", "type": "openvas", "title": "Debian Security Advisory DSA 3566-1 (openssl - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3566.nasl 14279 2019-03-18 14:48:34Z cfischer $\n# Auto-generated from advisory DSA 3566-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703566\");\n script_version(\"$Revision: 14279 $\");\n script_cve_id(\"CVE-2016-2105\", \"CVE-2016-2106\", \"CVE-2016-2107\", \"CVE-2016-2108\",\n \"CVE-2016-2109\");\n script_name(\"Debian Security Advisory DSA 3566-1 (openssl - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:48:34 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-05-03 00:00:00 +0200 (Tue, 03 May 2016)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2016/dsa-3566.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n script_tag(name:\"affected\", value:\"openssl on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (jessie),\nthese problems have been fixed in version 1.0.1k-3+deb8u5.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.0.2h-1.\n\nWe recommend that you upgrade your openssl packages.\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities were discovered\nin OpenSSL, a Secure Socket Layer toolkit.\n\nCVE-2016-2105\nGuido Vranken discovered that an overflow can occur in the function\nEVP_EncodeUpdate(), used for Base64 encoding, if an attacker can\nsupply a large amount of data. This could lead to a heap corruption.\n\nCVE-2016-2106\nGuido Vranken discovered that an overflow can occur in the function\nEVP_EncryptUpdate() if an attacker can supply a large amount of data.\nThis could lead to a heap corruption.\n\nCVE-2016-2107\nJuraj Somorovsky discovered a padding oracle in the AES CBC cipher\nimplementation based on the AES-NI instruction set. This could allow\nan attacker to decrypt TLS traffic encrypted with one of the cipher\nsuites based on AES CBC.\n\nCVE-2016-2108\nDavid Benjamin from Google discovered that two separate bugs in the\nASN.1 encoder, related to handling of negative zero integer values\nand large universal tags, could lead to an out-of-bounds write.\n\nCVE-2016-2109\nBrian Carpenter discovered that when ASN.1 data is read from a BIO\nusing functions such as d2i_CMS_bio(), a short invalid encoding can\ncause allocation of large amounts of memory potentially consuming\nexcessive resources or exhausting memory.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed\nsoftware version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libcrypto1.0.0-udeb\", ver:\"1.0.1k-3+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl-dev:amd64\", ver:\"1.0.1k-3+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl-dev:i386\", ver:\"1.0.1k-3+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl-doc\", ver:\"1.0.1k-3+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl1.0.0:amd64\", ver:\"1.0.1k-3+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl1.0.0:i386\", ver:\"1.0.1k-3+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif((res = isdpkgvuln(pkg:\"libssl1.0.0-dbg:amd64\", ver:\"1.0.1k-3+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl1.0.0-dbg:i386\", ver:\"1.0.1k-3+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openssl\", ver:\"1.0.1k-3+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:34:23", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2108", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2106"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2016-05-06T00:00:00", "id": "OPENVAS:1361412562310851289", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851289", "type": "openvas", "title": "SUSE: Security Advisory for openssl (SUSE-SU-2016:1228-1)", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851289\");\n script_version(\"2020-01-31T07:58:03+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 07:58:03 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-05-06 15:29:09 +0530 (Fri, 06 May 2016)\");\n script_cve_id(\"CVE-2016-2105\", \"CVE-2016-2106\", \"CVE-2016-2107\", \"CVE-2016-2108\",\n \"CVE-2016-2109\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SUSE: Security Advisory for openssl (SUSE-SU-2016:1228-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for openssl fixes the following issues:\n\n - CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617)\n\n - CVE-2016-2107: Padding oracle in AES-NI CBC MAC check (bsc#977616)\n\n - CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614)\n\n - CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615)\n\n - CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942)\n\n - bsc#976943: Buffer overrun in ASN1_parse\n\n - bsc#977621: Preserve negotiated digests for SNI (bsc#977621)\n\n - bsc#958501: Fix openssl enc -non-fips-allow option in FIPS mode\n (bsc#958501)\");\n\n script_tag(name:\"affected\", value:\"openssl on SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Desktop 12\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"SUSE-SU\", value:\"2016:1228-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=(SLED12\\.0SP0|SLES12\\.0SP0)\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"SLED12.0SP0\") {\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0\", rpm:\"libopenssl1_0_0~1.0.1i~27.16.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0-32bit\", rpm:\"libopenssl1_0_0-32bit~1.0.1i~27.16.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0-debuginfo\", rpm:\"libopenssl1_0_0-debuginfo~1.0.1i~27.16.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0-debuginfo-32bit\", rpm:\"libopenssl1_0_0-debuginfo-32bit~1.0.1i~27.16.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1i~27.16.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-debuginfo\", rpm:\"openssl-debuginfo~1.0.1i~27.16.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-debugsource\", rpm:\"openssl-debugsource~1.0.1i~27.16.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"SLES12.0SP0\") {\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0\", rpm:\"libopenssl1_0_0~1.0.1i~27.16.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0-debuginfo\", rpm:\"libopenssl1_0_0-debuginfo~1.0.1i~27.16.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0-hmac\", rpm:\"libopenssl1_0_0-hmac~1.0.1i~27.16.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1i~27.16.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-debuginfo\", rpm:\"openssl-debuginfo~1.0.1i~27.16.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-debugsource\", rpm:\"openssl-debugsource~1.0.1i~27.16.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0-32bit\", rpm:\"libopenssl1_0_0-32bit~1.0.1i~27.16.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0-debuginfo-32bit\", rpm:\"libopenssl1_0_0-debuginfo-32bit~1.0.1i~27.16.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0-hmac-32bit\", rpm:\"libopenssl1_0_0-hmac-32bit~1.0.1i~27.16.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-doc\", rpm:\"openssl-doc~1.0.1i~27.16.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:35:07", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2108", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2106"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2016-05-06T00:00:00", "id": "OPENVAS:1361412562310851295", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851295", "type": "openvas", "title": "openSUSE: Security Advisory for openssl (openSUSE-SU-2016:1243-1)", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851295\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-05-06 05:19:10 +0200 (Fri, 06 May 2016)\");\n script_cve_id(\"CVE-2016-2105\", \"CVE-2016-2106\", \"CVE-2016-2107\", \"CVE-2016-2108\",\n \"CVE-2016-2109\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for openssl (openSUSE-SU-2016:1243-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for openssl fixes the following issues:\n\n - CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617)\n\n - CVE-2016-2107: Padding oracle in AES-NI CBC MAC check (bsc#977616)\n\n - CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614)\n\n - CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615)\n\n - CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942)\n\n - bsc#976943: Buffer overrun in ASN1_parse\n\n - bsc#977621: Preserve negotiated digests for SNI (bsc#977621)\n\n - bsc#958501: Fix openssl enc -non-fips-allow option in FIPS mode\n (bsc#958501)\n\n This update was imported from the SUSE:SLE-12-SP1:Update update project.\");\n\n script_tag(name:\"affected\", value:\"openssl on openSUSE Leap 42.1\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:1243-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.1\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.1\") {\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl-devel\", rpm:\"libopenssl-devel~1.0.1i~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0\", rpm:\"libopenssl1_0_0~1.0.1i~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0-debuginfo\", rpm:\"libopenssl1_0_0-debuginfo~1.0.1i~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0-hmac\", rpm:\"libopenssl1_0_0-hmac~1.0.1i~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1i~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-debuginfo\", rpm:\"openssl-debuginfo~1.0.1i~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-debugsource\", rpm:\"openssl-debugsource~1.0.1i~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl-devel-32bit\", rpm:\"libopenssl-devel-32bit~1.0.1i~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0-32bit\", rpm:\"libopenssl1_0_0-32bit~1.0.1i~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0-debuginfo-32bit\", rpm:\"libopenssl1_0_0-debuginfo-32bit~1.0.1i~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0-hmac-32bit\", rpm:\"libopenssl1_0_0-hmac-32bit~1.0.1i~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-doc\", rpm:\"openssl-doc~1.0.1i~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-17T22:56:10", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2108", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2106"], "description": "The remote host is missing an update announced via the referenced Security Advisory.", "modified": "2020-03-13T00:00:00", "published": "2016-05-09T00:00:00", "id": "OPENVAS:1361412562310120684", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120684", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2016-695)", "sourceData": "# Copyright (C) 2016 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120684\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2016-05-09 14:12:00 +0300 (Mon, 09 May 2016)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2016-695)\");\n script_tag(name:\"insight\", value:\"Multiple flaws were found in OpenSSL. Please see the references for more information.\");\n script_tag(name:\"solution\", value:\"Run yum update openssl to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2016-695.html\");\n script_cve_id(\"CVE-2016-2105\", \"CVE-2016-2107\", \"CVE-2016-2106\", \"CVE-2016-2109\", \"CVE-2016-2108\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2016 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"openssl-static\", rpm:\"openssl-static~1.0.1k~14.91.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1k~14.91.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-perl\", rpm:\"openssl-perl~1.0.1k~14.91.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.1k~14.91.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-debuginfo\", rpm:\"openssl-debuginfo~1.0.1k~14.91.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:35:58", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2108", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2106"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2016-05-06T00:00:00", "id": "OPENVAS:1361412562310851297", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851297", "type": "openvas", "title": "openSUSE: Security Advisory for openssl (openSUSE-SU-2016:1238-1)", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851297\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-05-06 05:19:21 +0200 (Fri, 06 May 2016)\");\n script_cve_id(\"CVE-2016-2105\", \"CVE-2016-2106\", \"CVE-2016-2107\", \"CVE-2016-2108\",\n \"CVE-2016-2109\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for openssl (openSUSE-SU-2016:1238-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for openssl fixes the following issues:\n\n - CVE-2016-2108: Memory corruption in the ASN.1 encoder (boo#977617)\n\n - CVE-2016-2107: Padding oracle in AES-NI CBC MAC check (boo#977616)\n\n - CVE-2016-2105: EVP_EncodeUpdate overflow (boo#977614)\n\n - CVE-2016-2106: EVP_EncryptUpdate overflow (boo#977615)\n\n - CVE-2016-2109: ASN.1 BIO excessive memory allocation (boo#976942)\n\n - boo#976943: Buffer overrun in ASN1_parse\n\n - boo#977621: Preserve digests for SNI\n\n - boo#958501: Fix openssl enc -non-fips-allow option in FIPS mode\");\n\n script_tag(name:\"affected\", value:\"openssl on openSUSE 13.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:1238-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE13\\.2\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE13.2\")\n{\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl-devel\", rpm:\"libopenssl-devel~1.0.1k~2.36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0\", rpm:\"libopenssl1_0_0~1.0.1k~2.36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0-debuginfo\", rpm:\"libopenssl1_0_0-debuginfo~1.0.1k~2.36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0-hmac\", rpm:\"libopenssl1_0_0-hmac~1.0.1k~2.36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1k~2.36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-debuginfo\", rpm:\"openssl-debuginfo~1.0.1k~2.36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-debugsource\", rpm:\"openssl-debugsource~1.0.1k~2.36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-doc\", rpm:\"openssl-doc~1.0.1k~2.36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl-devel-32bit\", rpm:\"libopenssl-devel-32bit~1.0.1k~2.36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0-32bit\", rpm:\"libopenssl1_0_0-32bit~1.0.1k~2.36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0-debuginfo-32bit\", rpm:\"libopenssl1_0_0-debuginfo-32bit~1.0.1k~2.36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0-hmac-32bit\", rpm:\"libopenssl1_0_0-hmac-32bit~1.0.1k~2.36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:44:35", "bulletinFamily": "unix", "cvelist": ["CVE-2016-0799", "CVE-2016-2105", "CVE-2016-2106", "CVE-2016-2107", "CVE-2016-2108", "CVE-2016-2109", "CVE-2016-2842"], "description": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.\n\nSecurity Fix(es):\n\n* A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an application compiled against the OpenSSL library. (CVE-2016-2108)\n\n* Two integer overflow flaws, leading to buffer overflows, were found in the way the EVP_EncodeUpdate() and EVP_EncryptUpdate() functions of OpenSSL parsed very large amounts of input data. A remote attacker could use these flaws to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application. (CVE-2016-2105, CVE-2016-2106)\n\n* It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when the connection used the AES CBC cipher suite and the server supported AES-NI. A remote attacker could possibly use this flaw to retrieve plain text from encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2016-2107)\n\n* Several flaws were found in the way BIO_*printf functions were implemented in OpenSSL. Applications which passed large amounts of untrusted data through these functions could crash or potentially execute code with the permissions of the user running such an application. (CVE-2016-0799, CVE-2016-2842)\n\n* A denial of service flaw was found in the way OpenSSL parsed certain ASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An application using OpenSSL that accepts untrusted ASN.1 BIO input could be forced to allocate an excessive amount of data. (CVE-2016-2109)\n\nRed Hat would like to thank the OpenSSL project for reporting CVE-2016-2108, CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, and CVE-2016-0799. Upstream acknowledges Huzaifa Sidhpurwala (Red Hat), Hanno B\u00f6ck, and David Benjamin (Google) as the original reporters of CVE-2016-2108; Guido Vranken as the original reporter of CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, and CVE-2016-0799; and Juraj Somorovsky as the original reporter of CVE-2016-2107.", "modified": "2018-06-06T20:24:08", "published": "2016-05-10T11:00:21", "id": "RHSA-2016:0996", "href": "https://access.redhat.com/errata/RHSA-2016:0996", "type": "redhat", "title": "(RHSA-2016:0996) Important: openssl security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:44:55", "bulletinFamily": "unix", "cvelist": ["CVE-2016-0799", "CVE-2016-2105", "CVE-2016-2106", "CVE-2016-2107", "CVE-2016-2108", "CVE-2016-2109", "CVE-2016-2842"], "description": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.\n\nSecurity Fix(es):\n\n* A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an application compiled against the OpenSSL library. (CVE-2016-2108)\n\n* Two integer overflow flaws, leading to buffer overflows, were found in the way the EVP_EncodeUpdate() and EVP_EncryptUpdate() functions of OpenSSL parsed very large amounts of input data. A remote attacker could use these flaws to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application. (CVE-2016-2105, CVE-2016-2106)\n\n* It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when the connection used the AES CBC cipher suite and the server supported AES-NI. A remote attacker could possibly use this flaw to retrieve plain text from encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2016-2107)\n\n* Several flaws were found in the way BIO_*printf functions were implemented in OpenSSL. Applications which passed large amounts of untrusted data through these functions could crash or potentially execute code with the permissions of the user running such an application. (CVE-2016-0799, CVE-2016-2842)\n\n* A denial of service flaw was found in the way OpenSSL parsed certain ASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An application using OpenSSL that accepts untrusted ASN.1 BIO input could be forced to allocate an excessive amount of data. (CVE-2016-2109)\n\nRed Hat would like to thank the OpenSSL project for reporting CVE-2016-2108, CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, and CVE-2016-0799. Upstream acknowledges Huzaifa Sidhpurwala (Red Hat), Hanno B\u00f6ck, and David Benjamin (Google) as the original reporters of CVE-2016-2108; Guido Vranken as the original reporter of CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, and CVE-2016-0799; and Juraj Somorovsky as the original reporter of CVE-2016-2107.", "modified": "2018-04-12T03:32:43", "published": "2016-05-09T08:44:04", "id": "RHSA-2016:0722", "href": "https://access.redhat.com/errata/RHSA-2016:0722", "type": "redhat", "title": "(RHSA-2016:0722) Important: openssl security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:44:50", "bulletinFamily": "unix", "cvelist": ["CVE-2016-0799", "CVE-2016-2105", "CVE-2016-2106", "CVE-2016-2107", "CVE-2016-2108", "CVE-2016-2109", "CVE-2016-2842"], "description": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.\n\nSecurity Fix(es):\n\n* A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an application compiled against the OpenSSL library. (CVE-2016-2108)\n\n* Two integer overflow flaws, leading to buffer overflows, were found in the way the EVP_EncodeUpdate() and EVP_EncryptUpdate() functions of OpenSSL parsed very large amounts of input data. A remote attacker could use these flaws to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application. (CVE-2016-2105, CVE-2016-2106)\n\n* It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when the connection used the AES CBC cipher suite and the server supported AES-NI. A remote attacker could possibly use this flaw to retrieve plain text from encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2016-2107)\n\n* Several flaws were found in the way BIO_*printf functions were implemented in OpenSSL. Applications which passed large amounts of untrusted data through these functions could crash or potentially execute code with the permissions of the user running such an application. (CVE-2016-0799, CVE-2016-2842)\n\n* A denial of service flaw was found in the way OpenSSL parsed certain ASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An application using OpenSSL that accepts untrusted ASN.1 BIO input could be forced to allocate an excessive amount of data. (CVE-2016-2109)\n\nRed Hat would like to thank the OpenSSL project for reporting CVE-2016-2108, CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, and CVE-2016-0799. Upstream acknowledges Huzaifa Sidhpurwala (Red Hat), Hanno B\u00f6ck, and David Benjamin (Google) as the original reporters of CVE-2016-2108; Guido Vranken as the original reporter of CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, and CVE-2016-0799; and Juraj Somorovsky as the original reporter of CVE-2016-2107.", "modified": "2016-10-18T10:25:17", "published": "2016-10-18T10:21:20", "id": "RHSA-2016:2073", "href": "https://access.redhat.com/errata/RHSA-2016:2073", "type": "redhat", "title": "(RHSA-2016:2073) Important: openssl security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:34:44", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2108", "CVE-2016-0799", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2842", "CVE-2016-2106"], "description": "[1.0.1t-2.0.1]\n- update to upstream 1.0.1t\n- Original 1.0.1 test certificates has expired on May 10, 2016. Updated certificatea were copied from 1.0.2h tree (alexey.petrenko@oracle.com)", "edition": 4, "modified": "2016-06-15T00:00:00", "published": "2016-06-15T00:00:00", "id": "ELSA-2016-3571", "href": "http://linux.oracle.com/errata/ELSA-2016-3571.html", "title": "openssl-fips security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:30", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2108", "CVE-2016-0799", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2842", "CVE-2016-2106"], "description": "[1.0.1e-48.1]\n- fix CVE-2016-2105 - possible overflow in base64 encoding\n- fix CVE-2016-2106 - possible overflow in EVP_EncryptUpdate()\n- fix CVE-2016-2107 - padding oracle in stitched AES-NI CBC-MAC\n- fix CVE-2016-2108 - memory corruption in ASN.1 encoder\n- fix CVE-2016-2109 - possible DoS when reading ASN.1 data from BIO\n- fix CVE-2016-0799 - memory issues in BIO_printf", "edition": 4, "modified": "2016-05-13T00:00:00", "published": "2016-05-13T00:00:00", "id": "ELSA-2016-3558", "href": "http://linux.oracle.com/errata/ELSA-2016-3558.html", "title": "openssl security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:39", "bulletinFamily": "unix", "cvelist": ["CVE-2016-0799", "CVE-2016-2105", "CVE-2016-2109", "CVE-2016-2106"], "description": "[0.9.8e-40.0.2]\n- CVE-2016-0799 - Fix memory issues in BIO_*printf functions\n- CVE-2016-2105 - Avoid overflow in EVP_EncodeUpdate\n- CVE-2016-2106 - Fix encrypt overflow\n- CVE-2016-2109 - Harden ASN.1 BIO handling of large amounts of data.", "edition": 4, "modified": "2016-06-21T00:00:00", "published": "2016-06-21T00:00:00", "id": "ELSA-2016-3576", "href": "http://linux.oracle.com/errata/ELSA-2016-3576.html", "title": "openssl security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2019-12-20T18:25:12", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2108", "CVE-2016-0799", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2842", "CVE-2016-2106"], "description": "**CentOS Errata and Security Advisory** CESA-2016:0722\n\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.\n\nSecurity Fix(es):\n\n* A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an application compiled against the OpenSSL library. (CVE-2016-2108)\n\n* Two integer overflow flaws, leading to buffer overflows, were found in the way the EVP_EncodeUpdate() and EVP_EncryptUpdate() functions of OpenSSL parsed very large amounts of input data. A remote attacker could use these flaws to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application. (CVE-2016-2105, CVE-2016-2106)\n\n* It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when the connection used the AES CBC cipher suite and the server supported AES-NI. A remote attacker could possibly use this flaw to retrieve plain text from encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2016-2107)\n\n* Several flaws were found in the way BIO_*printf functions were implemented in OpenSSL. Applications which passed large amounts of untrusted data through these functions could crash or potentially execute code with the permissions of the user running such an application. (CVE-2016-0799, CVE-2016-2842)\n\n* A denial of service flaw was found in the way OpenSSL parsed certain ASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An application using OpenSSL that accepts untrusted ASN.1 BIO input could be forced to allocate an excessive amount of data. (CVE-2016-2109)\n\nRed Hat would like to thank the OpenSSL project for reporting CVE-2016-2108, CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, and CVE-2016-0799. Upstream acknowledges Huzaifa Sidhpurwala (Red Hat), Hanno B\u00f6ck, and David Benjamin (Google) as the original reporters of CVE-2016-2108; Guido Vranken as the original reporter of CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, and CVE-2016-0799; and Juraj Somorovsky as the original reporter of CVE-2016-2107.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2016-May/033898.html\n\n**Affected packages:**\nopenssl\nopenssl-devel\nopenssl-libs\nopenssl-perl\nopenssl-static\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2016-0722.html", "edition": 3, "modified": "2016-05-09T08:40:50", "published": "2016-05-09T08:40:50", "href": "http://lists.centos.org/pipermail/centos-announce/2016-May/033898.html", "id": "CESA-2016:0722", "title": "openssl security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-20T18:26:33", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2108", "CVE-2016-0799", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2842", "CVE-2016-2106"], "description": "**CentOS Errata and Security Advisory** CESA-2016:0996\n\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.\n\nSecurity Fix(es):\n\n* A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an application compiled against the OpenSSL library. (CVE-2016-2108)\n\n* Two integer overflow flaws, leading to buffer overflows, were found in the way the EVP_EncodeUpdate() and EVP_EncryptUpdate() functions of OpenSSL parsed very large amounts of input data. A remote attacker could use these flaws to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application. (CVE-2016-2105, CVE-2016-2106)\n\n* It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when the connection used the AES CBC cipher suite and the server supported AES-NI. A remote attacker could possibly use this flaw to retrieve plain text from encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2016-2107)\n\n* Several flaws were found in the way BIO_*printf functions were implemented in OpenSSL. Applications which passed large amounts of untrusted data through these functions could crash or potentially execute code with the permissions of the user running such an application. (CVE-2016-0799, CVE-2016-2842)\n\n* A denial of service flaw was found in the way OpenSSL parsed certain ASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An application using OpenSSL that accepts untrusted ASN.1 BIO input could be forced to allocate an excessive amount of data. (CVE-2016-2109)\n\nRed Hat would like to thank the OpenSSL project for reporting CVE-2016-2108, CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, and CVE-2016-0799. Upstream acknowledges Huzaifa Sidhpurwala (Red Hat), Hanno B\u00f6ck, and David Benjamin (Google) as the original reporters of CVE-2016-2108; Guido Vranken as the original reporter of CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, and CVE-2016-0799; and Juraj Somorovsky as the original reporter of CVE-2016-2107.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2016-May/009297.html\n\n**Affected packages:**\nopenssl\nopenssl-devel\nopenssl-perl\nopenssl-static\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2016-0996.html", "edition": 3, "modified": "2016-05-16T10:25:52", "published": "2016-05-16T10:25:52", "href": "http://lists.centos.org/pipermail/centos-cr-announce/2016-May/009297.html", "id": "CESA-2016:0996", "title": "openssl security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "f5": [{"lastseen": "2017-06-08T00:16:38", "bulletinFamily": "software", "cvelist": ["CVE-2016-0799", "CVE-2016-2842"], "edition": 1, "description": "\nF5 Product Development has assigned ID 580340 (BIG-IP), ID 580541 (BIG-IQ and iWorkflow), ID 580544 (Enterprise Manager), LRS-60657 (LineRate), and INSTALLER-2274 (Traffix SDC) to this vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H589577 on the **Diagnostics** > **Identified** > **Low** screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| 12.0.0 - 12.1.0 \n11.6.0 - 11.6.1 \n11.0.0 - 11.5.4 \n10.1.0 - 10.2.4| 13.0.0 \n12.1.1 - 12.1.2 \n11.6.1 HF1 \n11.5.4 HF2| Low| OpenSSL API \nBIG-IP AAM| 12.0.0 - 12.1.0 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4| 13.0.0 \n12.1.1 - 12.1.2 \n11.6.1 HF1 \n11.5.4 HF2| Low| OpenSSL API \nBIG-IP AFM| 12.0.0 - 12.1.0 \n11.6.0 - 11.6.1 \n11.3.0 - 11.5.4| 13.0.0 \n12.1.1 - 12.1.2 \n11.6.1 HF1 \n11.5.4 HF2| Low| OpenSSL API \nBIG-IP Analytics| 12.0.0 - 12.1.0 \n11.6.0 - 11.6.1 \n11.0.0 - 11.5.4| 13.0.0 \n12.1.1 - 12.1.2 \n11.6.1 HF1 \n11.5.4 HF2| Low| OpenSSL API \nBIG-IP APM| 12.0.0 - 12.1.0 \n11.6.0 - 11.6.1 \n11.0.0 - 11.5.4 \n10.1.0 - 10.2.4| 13.0.0 \n12.1.1 - 12.1.2 \n11.6.1 HF1 \n11.5.4 HF2| Low| OpenSSL API \nBIG-IP ASM| 12.0.0 - 12.1.0 \n11.6.0 - 11.6.1 \n11.0.0 - 11.5.4 \n10.1.0 - 10.2.4| 13.0.0 \n12.1.1 - 12.1.2 \n11.6.1 HF1 \n11.5.4 HF2| Low| OpenSSL API \nBIG-IP DNS| 12.0.0 - 12.1.0| 13.0.0 \n12.1.1 - 12.1.2| Low| OpenSSL API \nBIG-IP Edge Gateway| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Low| OpenSSL API \nBIG-IP GTM| 11.6.0 - 11.6.1 \n11.0.0 - 11.5.4 \n10.1.0 - 10.2.4| 11.6.1 HF1 \n11.5.4 HF2| Low| OpenSSL API \nBIG-IP Link Controller| 12.0.0 - 12.1.0 \n11.6.0 - 11.6.1 \n11.0.0 - 11.5.4 \n10.1.0 - 10.2.4| 13.0.0 \n12.1.1 - 12.1.2 \n11.6.1 HF1 \n11.5.4 HF2| Low| OpenSSL API \nBIG-IP PEM| 12.0.0 - 12.1.0 \n11.6.0 - 11.6.1 \n11.3.0 - 11.5.4| 13.0.0 \n12.1.1 - 12.1.2 \n11.6.1 HF1 \n11.5.4 HF2| Low| OpenSSL API \nBIG-IP PSM| 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| None| Low| OpenSSL API \nBIG-IP WebAccelerator| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Low| OpenSSL API \nBIG-IP WOM| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Low| OpenSSL API \nARX| None| 6.0.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| 3.0.0 - 3.1.1| None| Low| OpenSSL API \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| Not vulnerable| None \nBIG-IQ Cloud| 4.0.0 - 4.5.0| None| Low| OpenSSL API \nBIG-IQ Device| 4.2.0 - 4.5.0| None| Low| OpenSSL API \nBIG-IQ Security| 4.0.0 - 4.5.0| None| Low| OpenSSL API \nBIG-IQ ADC| 4.5.0| None| Low| OpenSSL API \nBIG-IQ Centralized Management| 5.0.0 \n4.6.0| 5.1.0| Low| OpenSSL API \nBIG-IQ Cloud and Orchestration| 1.0.0| None| Low| OpenSSL API \nF5 iWorkflow| 2.0.0| 2.0.1| Low| OpenSSL API \nLineRate| 2.5.0 - 2.6.1| None| Low| OpenSSL \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1| None| Low| OpenSSL\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nBIG-IP, BIG-IQ, iWorkflow, Enterprise Manager, LineRate, and Traffix SDC\n\nTo mitigate this vulnerability, you should ensure that any custom BIG-IP monitor or custom configurations that rely on OpenSSL utilities (which depend on the function specified in this vulnerability) are only interacting with trusted systems in your environment.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K22334603: OpenSSL vulnerability CVE-2016-0799](<https://support.f5.com/csp/article/K22334603>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K13123: Managing BIG-IP product hotfixes (11.x - 13.x)](<https://support.f5.com/csp/article/K13123>)\n", "modified": "2017-03-30T21:32:00", "published": "2016-04-27T20:54:00", "href": "https://support.f5.com/csp/article/K52349521", "id": "F5:K52349521", "title": "OpenSSL vulnerability CVE-2016-2842", "type": "f5", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-06-08T00:16:13", "bulletinFamily": "software", "cvelist": ["CVE-2016-0799", "CVE-2016-2842"], "edition": 1, "description": "\nF5 Product Development has assigned ID 580313 (BIG-IP), ID 580516 (BIG-IQ and iWorkflow), and ID 580518 (Enterprise Manager) to this vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth>) may list Heuristic H22334603 on the **Diagnostics** > **Identified** > **Low** screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| 12.0.0 - 12.1.0 \n11.6.0 - 11.6.1 \n11.0.0 - 11.5.4 \n10.1.0 - 10.2.4| 13.0.0 \n12.1.1 - 12.1.2 \n11.6.1 HF1 \n11.5.4 HF2| Low| OpenSSL API \nBIG-IP AAM| 12.0.0 - 12.1.0 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4| 13.0.0 \n12.1.1 - 12.1.2 \n11.6.1 HF1 \n11.5.4 HF2| Low| OpenSSL API \nBIG-IP AFM| 12.0.0 - 12.1.0 \n11.6.0 - 11.6.1 \n11.3.0 - 11.5.4| 13.0.0 \n12.1.1 - 12.1.2 \n11.6.1 HF1 \n11.5.4 HF2| Low| OpenSSL API \nBIG-IP Analytics| 12.0.0 - 12.1.0 \n11.6.0 - 11.6.1 \n11.0.0 - 11.5.4| 13.0.0 \n12.1.1 - 12.1.2 \n11.6.1 HF1 \n11.5.4 HF2| Low| OpenSSL API \nBIG-IP APM| 12.0.0 - 12.1.0 \n11.6.0 - 11.6.1 \n11.0.0 - 11.5.4 \n10.1.0 - 10.2.4| 13.0.0 \n12.1.1 - 12.1.2 \n11.6.1 HF1 \n11.5.4 HF2| Low| OpenSSL API \nBIG-IP ASM| 12.0.0 - 12.1.0 \n11.6.0 - 11.6.1 \n11.0.0 - 11.5.4 \n10.1.0 - 10.2.4| 13.0.0 \n12.1.1 - 12.1.2 \n11.6.1 HF1 \n11.5.4 HF2| Low| OpenSSL API \nBIG-IP DNS| 12.0.0 - 12.1.0| 13.0.0 \n12.1.1 - 12.1.2| Low| OpenSSL API \nBIG-IP Edge Gateway| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Low| OpenSSL API \nBIG-IP GTM| 11.6.0 - 11.6.1 \n11.0.0 - 11.5.4 \n10.1.0 - 10.2.4| 11.6.1 HF1 \n11.5.4 HF2| Low| OpenSSL API \nBIG-IP Link Controller| 12.0.0 - 12.1.0 \n11.6.0 - 11.6.1 \n11.0.0 - 11.5.4 \n10.1.0 - 10.2.4| 13.0.0 \n12.1.1 - 12.1.2 \n11.6.1 HF1 \n11.5.4 HF2| Low| OpenSSL API \nBIG-IP PEM| 12.0.0 - 12.1.0 \n11.6.0 - 11.6.1 \n11.3.0 - 11.5.4| 13.0.0 \n12.1.1 - 12.1.2 \n11.6.1 HF1 \n11.5.4 HF2| Low| OpenSSL API \nBIG-IP PSM| 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| None| Low| OpenSSL API \nBIG-IP WebAccelerator| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Low| OpenSSL API \nBIG-IP WOM| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Low| OpenSSL API \nARX| None| 6.2.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| 3.1.1| None| Low| OpenSSL API \nFirePass| None| 7.0.0| Not vulnerable| None \nBIG-IQ Cloud| 4.0.0 - 4.5.0| None| Low| OpenSSL API \nBIG-IQ Device| 4.2.0 - 4.5.0| None| Low| OpenSSL API \nBIG-IQ Security| 4.0.0 - 4.5.0| None| Low| OpenSSL API \nBIG-IQ ADC| 4.5.0| None| Low| OpenSSL API \nBIG-IQ Centralized Management| 5.0.0 \n4.6.0| 5.1.0| Low| OpenSSL API \nBIG-IQ Cloud and Orchestration| 1.0.0| None| Low| OpenSSL API \nF5 iWorkflow| 2.0.0| 2.0.1| Low| OpenSSL API \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| None| 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1| Not vulnerable| None\n\nIf you are running a version listed in the **Versions known to be vulnerable **column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable **column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\n**BIG-IP, BIG-IQ, iWorkflow, and Enterprise Manager**\n\nTo mitigate this vulnerability, ensure that any custom BIG-IP monitors or custom configurations relying on OpenSSL command line utilities which depend on the function specified in this vulnerability, are only interacting with trusted systems in your environment.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "modified": "2017-03-30T21:36:00", "published": "2016-03-26T00:38:00", "id": "F5:K22334603", "href": "https://support.f5.com/csp/article/K22334603", "title": "OpenSSL vulnerability CVE-2016-0799", "type": "f5", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-26T17:23:14", "bulletinFamily": "software", "cvelist": ["CVE-2016-0799", "CVE-2016-2842"], "edition": 1, "description": "Vulnerability Recommended Actions\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nBIG-IP, BIG-IQ, Enterprise Manager, LineRate, and Traffix SDC\n\nTo mitigate this vulnerability, you should ensure that any custom BIG-IP monitor or custom configurations that rely on OpenSSL utilities (which depend on the function specified in this vulnerability) are only interacting with trusted systems in your environment.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL22334603: OpenSSL vulnerability CVE-2016-0799\n", "modified": "2016-09-01T00:00:00", "published": "2016-04-27T00:00:00", "id": "SOL52349521", "href": "http://support.f5.com/kb/en-us/solutions/public/k/52/sol52349521.html", "type": "f5", "title": "SOL52349521 - OpenSSL vulnerability CVE-2016-2842", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-11-09T00:09:49", "bulletinFamily": "software", "cvelist": ["CVE-2016-0799", "CVE-2016-2842"], "edition": 1, "description": "Vulnerability Recommended Actions\n\nIf you are running a version listed in the **Versions known to be vulnerable **column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable **column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\n**BIG-IP, BIG-IQ, and Enterprise Manager**\n\nTo mitigate this vulnerability, ensure that any custom BIG-IP monitors or custom configurations relying on OpenSSL command line utilities which depend on the function specified in this vulnerability, are only interacting with trusted systems in your environment.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n", "modified": "2016-09-01T00:00:00", "published": "2016-03-25T00:00:00", "id": "SOL22334603", "href": "http://support.f5.com/kb/en-us/solutions/public/k/22/sol22334603.html", "type": "f5", "title": "SOL22334603 - OpenSSL vulnerability CVE-2016-0799", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-06-08T10:18:53", "bulletinFamily": "software", "cvelist": ["CVE-2016-2108", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2176", "CVE-2016-2106"], "edition": 1, "description": "\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "modified": "2017-03-14T22:07:00", "published": "2016-05-04T03:23:00", "href": "https://support.f5.com/csp/article/K07538415", "id": "F5:K07538415", "title": "Multiple OpenSSL vulnerabilities", "type": "f5", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-11-09T00:10:02", "bulletinFamily": "software", "cvelist": ["CVE-2016-2108", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2176", "CVE-2016-2106"], "edition": 1, "description": "Supplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n", "modified": "2016-06-02T00:00:00", "published": "2016-05-03T00:00:00", "id": "SOL07538415", "href": "http://support.f5.com/kb/en-us/solutions/public/k/07/sol07538415.html", "type": "f5", "title": "SOL07538415 - Multiple OpenSSL vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-11-14T23:22:44", "bulletinFamily": "software", "cvelist": ["CVE-2016-2109"], "description": "\nF5 Product Development has assigned IDs 591042, 591325, 591327, 591328, and 591329 (BIG-IP), ID 594024 (BIG-IQ and iWorkflow), ID 594030 (Enterprise Manager), ID 500324 (ARX), and LRS-60729 (LineRate) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth>) may list Heuristic H591062-4 and H591062-6 on the **Diagnostics** > **Identified** > **Low** screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | 12.0.0 - 12.1.1 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 \n11.2.1 \n10.2.1 - 10.2.4 | 13.0.0 \n12.1.2 \n11.6.1 HF1 \n11.5.4 HF3 | Low | OpenSSL and TMM \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.5.0 - 11.5.4 | 13.0.0 \n12.1.2 HF1 \n11.6.1 HF1 \n11.5.4 HF3 | Low | f5-rest-node \nBIG-IP AAM | 12.0.0 - 12.1.1 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 | 13.0.0 \n12.1.2 \n11.6.1 HF1 \n11.5.4 HF3 | Low | OpenSSL and TMM \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.5.0 - 11.5.4 | 13.0.0 \n12.1.2 HF1 \n11.6.1 HF1 \n11.5.4 HF3 | Low | f5-rest-node \nBIG-IP AFM | 12.0.0 - 12.1.1 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 | 13.0.0 \n12.1.2 \n11.6.1 HF1 \n11.5.4 HF3 | Low | OpenSSL and TMM \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.5.0 - 11.5.4 | 13.0.0 \n12.1.2 HF1 \n11.6.1 HF1 \n11.5.4 HF3 | Low | f5-rest-node \nBIG-IP Analytics | 12.0.0 - 12.1.1 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 \n11.2.1 | 13.0.0 \n12.1.2 \n11.6.1 HF1 \n11.5.4 HF3 | Low | OpenSSL and TMM \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.5.0 - 11.5.4 | 13.0.0 \n12.1.2 HF1 \n11.6.1 HF1 \n11.5.4 HF3 | Low | f5-rest-node \nBIG-IP APM | 12.0.0 - 12.1.1 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 \n11.2.1 \n10.2.1 - 10.2.4 | 13.0.0 \n12.1.2 \n11.6.1 HF1 \n11.5.4 HF3 | Low | OpenSSL and TMM \n12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4 | 13.0.0 \n12.1.2 \n11.6.1 HF2 | Low | Oracle SDK for OAM \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.5.0 - 11.5.4 | 13.0.0 \n12.1.2 HF1 \n11.6.1 HF1 \n11.5.4 HF3 | Low | f5-rest-node \nBIG-IP ASM | 12.0.0 - 12.1.1 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 \n11.2.1 \n10.2.1 - 10.2.4 | 13.0.0 \n12.1.2 \n11.6.1 HF1 \n11.5.4 HF3 | Low | OpenSSL and TMM \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.5.0 - 11.5.4 | 13.0.0 \n12.1.2 HF1 \n11.6.1 HF1 \n11.5.4 HF3 | Low | f5-rest-node \nBIG-IP DNS | 12.0.0 - 12.1.1 | 13.0.0 \n12.1.2 | Low | OpenSSL and TMM \n | 12.0.0 - 12.1.2 | 13.0.0 \n12.1.2 HF1 | Low | f5-rest-node \nBIG-IP Edge Gateway | 11.2.1 \n10.2.1 - 10.2.4 | None | Low | OpenSSL, TMM, and f5-rest-node \nBIG-IP GTM | 11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 \n11.2.1 \n10.2.1 - 10.2.4 | 11.6.1 HF1 \n11.5.4 HF3 | Low | OpenSSL, TMM, and f5-rest-node \nBIG-IP Link Controller | 12.0.0 - 12.1.1 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 \n11.2.1 \n10.2.1 - 10.2.4 | 13.0.0 \n12.1.2 \n11.6.1 HF1 \n11.5.4 HF3 | Low | OpenSSL and TMM \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.5.0 - 11.5.4 | 13.0.0 \n12.1.2 HF1 \n11.6.1 HF1 \n11.5.4 HF3 | Low | f5-rest-node \nBIG-IP PEM | 12.0.0 - 12.1.1 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 | 13.0.0 \n12.1.2 \n11.6.1 HF1 \n11.5.4 HF3 | Low | OpenSSL and TMM \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.5.0 - 11.5.4 | 13.0.0 \n12.1.2 HF1 \n11.6.1 HF1 \n11.5.4 HF3 | Low | f5-rest-node \nBIG-IP PSM | 11.4.0 - 11.4.1 \n10.2.1 - 10.2.4 | None | Low | OpenSSL, TMM, and f5-rest-node \nBIG-IP WebAccelerator | 10.2.1 - 10.2.4 | None | Low | OpenSSL, TMM, and f5-rest-node \nBIG-IP WOM | 10.2.1 - 10.2.4 | None | Low | OpenSSL, TMM, and f5-rest-node \nARX | 6.2.0 - 6.4.0 | None | Low | OpenSSL (when accessing the management IP) \nEnterprise Manager | 3.1.1 | None | Low | OpenSSL \nFirePass | None | 7.0.0 | Not vulnerable | None \nBIG-IQ Cloud | 4.0.0 - 4.5.0 | None | Low | OpenSSL \nBIG-IQ Device | 4.2.0 - 4.5.0 | None | Low | OpenSSL \nBIG-IQ Security | 4.0.0 - 4.5.0 | None | Low | OpenSSL \nBIG-IQ ADC | 4.5.0 | None | Low | OpenSSL \nBIG-IQ Centralized Management | 5.0.0 \n4.6.0 | 5.1.0 | Low | OpenSSL \nBIG-IQ Cloud and Orchestration | 1.0.0 | None | Low | OpenSSL \nF5 iWorkflow | 2.0.0 | 2.0.1 | Low | OpenSSL \nLineRate | 2.4.0 - 2.6.1 | None | Low | OpenSSL \nF5 WebSafe | None | 1.0.0 | Not vulnerable | None \nTraffix SDC | None | 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1 | Not vulnerable | None\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable **column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nARX\n\nTo mitigate this vulnerability, you should permit access to the ARX GUI only over a secure network.\n\nLineRate\n\nTo mitigate this vulnerability, you can avoid using the Node.js loadPKCS12 function on untrusted input.\n\n**Impact of action:** Changing the design of your Node.js code may have additional traffic processing effects. Ensure any modification is compatible with your environment.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K13123: Managing BIG-IP product hotfixes (11.x - 13.x)](<https://support.f5.com/csp/article/K13123>)\n * [K9502: BIG-IP hotfix matrix](<https://support.f5.com/csp/article/K9502>)\n", "edition": 1, "modified": "2018-04-20T21:33:00", "published": "2016-05-07T03:39:00", "id": "F5:K23230229", "href": "https://support.f5.com/csp/article/K23230229", "title": "OpenSSL vulnerability CVE-2016-2109", "type": "f5", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-11-15T09:22:11", "bulletinFamily": "software", "cvelist": ["CVE-2016-2106"], "description": "\nF5 Product Development has assigned IDs 591042, 591325, 591327, 591328, and 591329 (BIG-IP), ID 594024 (BIG-IQ and iWorkflow), ID 594030 (Enterprise Manager), and ID 500324 (ARX) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth>) may list Heuristic H591062-1 on the **Diagnostics** > **Identified** > **Low** screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | 12.0.0 - 12.1.1 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 \n11.2.1 \n10.2.1 - 10.2.4 | 13.0.0 \n12.1.2 \n11.6.1 HF1 \n11.5.4 HF3 | Low | iControl REST, OpenSSL, OpenSSH, Advanced Routing, IPsec, TMM, and the **mcpd** process \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.5.0 - 11.5.4 | 13.0.0 \n12.1.2 HF1 \n11.6.1 HF1 \n11.5.4 HF3 | Low | iAppsLX (f5-rest-node) \nBIG-IP AAM | 12.0.0 - 12.1.1 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 | 13.0.0 \n12.1.2 \n11.6.1 HF1 \n11.5.4 HF3 | Low | iControl REST, OpenSSL, OpenSSH, Advanced Routing, IPsec, TMM, and the **mcpd** process \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.5.0 - 11.5.4 | 13.0.0 \n12.1.2 HF1 \n11.6.1 HF1 \n11.5.4 HF3 | Low | iAppsLX (f5-rest-node) \nBIG-IP AFM | 12.0.0 - 12.1.1 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 | 13.0.0 \n12.1.2 \n11.6.1 HF1 \n11.5.4 HF3 | Low | iControl REST, OpenSSL, OpenSSH, Advanced Routing, IPsec, TMM, and the **mcpd** process \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.5.0 - 11.5.4 | 13.0.0 \n12.1.2 HF1 \n11.6.1 HF1 \n11.5.4 HF3 | Low | iAppsLX (f5-rest-node) \nBIG-IP Analytics | 12.0.0 - 12.1.1 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 \n11.2.1 | 13.0.0 \n12.1.2 \n11.6.1 HF1 \n11.5.4 HF3 | Low | iControl REST, OpenSSL, OpenSSH, Advanced Routing, IPsec, TMM, and the **mcpd** process \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.5.0 - 11.5.4 | 13.0.0 \n12.1.2 HF1 \n11.6.1 HF1 \n11.5.4 HF3 | Low | iAppsLX (f5-rest-node) \nBIG-IP APM | 12.0.0 - 12.1.1 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 \n11.2.1 \n10.2.1 - 10.2.4 | 13.0.0 \n12.1.2 \n11.6.1 HF1 \n11.5.4 HF3 | Low | iControl REST, OpenSSL, OpenSSH, Advanced Routing, IPsec, TMM, and the **mcpd** process \n12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4 | 13.0.0 \n12.1.2 \n11.6.1 HF2 | Low | Oracle SDK for OAM \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.5.0 - 11.5.4 | 13.0.0 \n12.1.2 HF1 \n11.6.1 HF1 \n11.5.4 HF3 | Low | iAppsLX (f5-rest-node) \nBIG-IP ASM | 12.0.0 - 12.1.1 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 \n11.2.1 \n10.2.1 - 10.2.4 | 13.0.0 \n12.1.2 \n11.6.1 HF1 \n11.5.4 HF3 | Low | iControl REST, OpenSSL, OpenSSH, Advanced Routing, IPsec, TMM, and the **mcpd** process \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.5.0 - 11.5.4 | 13.0.0 \n12.1.2 HF1 \n11.6.1 HF1 \n11.5.4 HF3 | Low | iAppsLX (f5-rest-node) \nBIG-IP DNS | 12.0.0 - 12.1.1 | 13.0.0 \n12.1.2 | Low | iControl REST, OpenSSL, OpenSSH, Advanced Routing, IPsec, TMM, and the **mcpd** process \n12.0.0 - 12.1.2 | 13.0.0 \n12.1.2 HF1 | Low | iAppsLX (f5-rest-node) \nBIG-IP Edge Gateway | 11.2.1 \n10.2.1 - 10.2.4 | None | Low | iControl REST, OpenSSL, OpenSSH, Advanced Routing, IPsec, TMM, and the **mcpd** process \nBIG-IP GTM | 11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 \n11.2.1 \n10.2.1 - 10.2.4 | 11.6.1 HF1 \n11.5.4 HF3 | Low | iControl REST, OpenSSL, OpenSSH, Advanced Routing, IPsec, TMM, and the **mcpd** process \nBIG-IP Link Controller | 12.0.0 - 12.1.1 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 \n11.2.1 \n10.2.1 - 10.2.4 | 13.0.0 \n12.1.2 \n11.6.1 HF1 \n11.5.4 HF3 | Low | iControl REST, OpenSSL, OpenSSH, Advanced Routing, IPsec, TMM, and the **mcpd** process \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.5.0 - 11.5.4 | 13.0.0 \n12.1.2 HF1 \n11.6.1 HF1 \n11.5.4 HF3 | Low | iAppsLX (f5-rest-node) \nBIG-IP PEM | 12.0.0 - 12.1.1 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 | 13.0.0 \n12.1.2 \n11.6.1 HF1 \n11.5.4 HF3 | Low | iControl REST, OpenSSL, OpenSSH, Advanced Routing, IPsec, TMM, and the **mcpd** process \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.5.0 - 11.5.4 | 13.0.0 \n12.1.2 HF1 \n11.6.1 HF1 \n11.5.4 HF3 | Low | iAppsLX (f5-rest-node) \nBIG-IP PSM | 11.4.0 - 11.4.1 \n11.2.1 \n10.2.1 - 10.2.4 | None | Low | iControl REST, OpenSSL, OpenSSH, Advanced Routing, IPsec, TMM, and the **mcpd** process \nBIG-IP WebAccelerator | 11.2.1 \n10.2.1 - 10.2.4 | None | Low | iControl REST, OpenSSL, OpenSSH, Advanced Routing, IPsec, TMM, and the **mcpd** process \nBIG-IP WOM | 11.2.1 \n10.2.1 - 10.2.4 | None | Low | iControl REST, OpenSSL, OpenSSH, Advanced Routing, IPsec, TMM, and the **mcpd** process \nARX | 6.2.0 - 6.4.0 | None | Low | OpenSSL (when accessing the management IP) \nEnterprise Manager | 3.1.1 | None | Low | OpenSSL \nFirePass | None | 7.0.0 | Not vulnerable | None \nBIG-IQ Cloud | 4.0.0 - 4.5.0 | None | Low | OpenSSL \nBIG-IQ Device | 4.2.0 - 4.5.0 | None | Low | OpenSSL \nBIG-IQ Security | 4.0.0 - 4.5.0 | None | Low | OpenSSL \nBIG-IQ ADC | 4.5.0 | None | Low | OpenSSL \nBIG-IQ Centralized Management | 5.0.0 \n4.6.0 | 5.1.0 | Low | OpenSSL \nBIG-IQ Cloud and Orchestration | 1.0.0 | None | Low | OpenSSL \nF5 iWorkflow | 2.0.0 | 2.0.1 | Low | OpenSSL \nLineRate | None | 2.5.0 - 2.6.1 | Not vulnerable | None \nF5 WebSafe | None | 1.0.0 | Not vulnerable | None \nTraffix SDC | None | 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1 | Not vulnerable | None\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable **column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nARX\n\nTo mitigate this vulnerability, you should permit access to the ARX GUI only over a secure network.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K13123: Managing BIG-IP product hotfixes (11.x - 13.x)](<https://support.f5.com/csp/article/K13123>)\n * [K9502: BIG-IP hotfix matrix](<https://support.f5.com/csp/article/K9502>)\n", "edition": 1, "modified": "2018-04-20T21:49:00", "published": "2016-05-20T00:59:00", "id": "F5:K36488941", "href": "https://support.f5.com/csp/article/K36488941", "title": "OpenSSL vulnerability CVE-2016-2106", "type": "f5", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-11-19T09:29:41", "bulletinFamily": "software", "cvelist": ["CVE-2016-2105"], "description": "\nF5 Product Development has assigned IDs 591042, 591325, 591327, 591328, and 591329 (BIG-IP), ID 594024 (BIG-IQ and F5 iWorkflow), ID 594030 (Enterprise Manager), and ID 500324 (ARX) to this vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth>) may list Heuristic H591062 on the **Diagnostics** > **Identified** > **Low** screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | 12.0.0 - 12.1.1 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 \n11.2.1 \n10.2.1 - 10.2.4 | 13.0.0 \n12.1.2 \n11.6.1 HF1 \n11.5.4 HF3 | Low | iControl REST, OpenSSL \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.5.0 - 11.5.4 | 13.0.0 \n12.1.2 HF1 \n11.6.1 HF1 \n11.5.4 HF3 | Low | iAppsLX (f5-rest-node) \nBIG-IP AAM | 12.0.0 - 12.1.1 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 | 13.0.0 \n12.1.2 \n11.6.1 HF1 \n11.5.4 HF3 | Low | iControl REST, OpenSSL \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.5.0 - 11.5.4 | 13.0.0 \n12.1.2 HF1 \n11.6.1 HF1 \n11.5.4 HF3 | Low | iAppsLX (f5-rest-node) \n \nBIG-IP AFM | 12.0.0 - 12.1.1 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 | 13.0.0 \n12.1.2 \n11.6.1 HF1 \n11.5.4 HF3 | Low | iControl REST, OpenSSL \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.5.0 - 11.5.4 | 13.0.0 \n12.1.2 HF1 \n11.6.1 HF1 \n11.5.4 HF3 | Low | iAppsLX (f5-rest-node) \nBIG-IP Analytics | 12.0.0 - 12.1.1 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 \n11.2.1 | 13.0.0 \n12.1.2 \n11.6.1 HF1 \n11.5.4 HF3 | Low | iControl REST, OpenSSL \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.5.0 - 11.5.4 | 13.0.0 \n12.1.2 HF1 \n11.6.1 HF1 \n11.5.4 HF3 | Low | iAppsLX (f5-rest-node) \n \nBIG-IP APM | 12.0.0 - 12.1.1 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 \n11.2.1 \n10.2.1 - 10.2.4 | 13.0.0 \n12.1.2 \n11.6.1 HF1 \n11.5.4 HF3 | Low | iControl REST, OpenSSL \n12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4 | 13.0.0 \n12.1.2 \n11.6.1 HF2 | Low | Oracle SDK for OAM \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.5.0 - 11.5.4 | 13.0.0 \n12.1.2 HF1 \n11.6.1 HF1 \n11.5.4 HF3 | Low | iAppsLX (f5-rest-node) \n \nBIG-IP ASM | 12.0.0 - 12.1.1 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 \n11.2.1 \n10.2.1 - 10.2.4 | 13.0.0 \n12.1.2 \n11.6.1 HF1 \n11.5.4 HF3 | Low | iControl REST, OpenSSL \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.5.0 - 11.5.4 | 13.0.0 \n12.1.2 HF1 \n11.6.1 HF1 \n11.5.4 HF3 | Low | iAppsLX (f5-rest-node) \n \nBIG-IP DNS | 12.0.0 - 12.1.1 | 13.0.0 \n12.1.2 | Low | iControl REST, OpenSSL \n12.0.0 - 12.1.2 | 13.0.0 \n12.1.2 HF1 | Low | iAppsLX (f5-rest-node) \n \nBIG-IP Edge Gateway | 11.2.1 \n10.2.1 - 10.2.4 | None | Low | iControl REST, OpenSSL \nBIG-IP GTM | 11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 \n11.2.1 \n10.2.1 - 10.2.4 | 11.6.1 HF1 \n11.5.4 HF3 | Low | iControl REST, OpenSSL \nBIG-IP Link Controller | 12.0.0 - 12.1.1 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 \n11.2.1 \n10.2.1 - 10.2.4 | 13.0.0 \n12.1.2 \n11.6.1 HF1 \n11.5.4 HF3 | Low | iControl REST, OpenSSL \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.5.0 - 11.5.4 | 13.0.0 \n12.1.2 HF1 \n11.6.1 HF1 \n11.5.4 HF3 | Low | iAppsLX (f5-rest-node) \n \nBIG-IP PEM | 12.0.0 - 12.1.1 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 | 13.0.0 \n12.1.2 \n11.6.1 HF1 \n11.5.4 HF3 | Low | iControl REST, OpenSSL \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.5.0 - 11.5.4 | 13.0.0 \n12.1.2 HF1 \n11.6.1 HF1 \n11.5.4 HF3 | Low | iAppsLX (f5-rest-node) \n \nBIG-IP PSM | 11.4.0 - 11.4.1 \n11.2.1 \n10.2.1 - 10.2.4 | None | Low | iControl REST, OpenSSL \nBIG-IP WebAccelerator | 11.2.1 \n10.2.1 - 10.2.4 | None | Low | iControl REST, OpenSSL \nBIG-IP WOM | 11.2.1 \n10.2.1 - 10.2.4 | None | Low | iControl REST, OpenSSL \nARX | 6.2.0 - 6.4.0 | None | Low | OpenSSL (when accessing the management IP) \nEnterprise Manager | 3.1.1 | None | Low | OpenSSL \nFirePass | None | 7.0.0 | Not vulnerable | None \nBIG-IQ Cloud | 4.0.0 - 4.5.0 | None | Low | OpenSSL \nBIG-IQ Device | 4.2.0 - 4.5.0 | None | Low | OpenSSL \nBIG-IQ Security | 4.0.0 - 4.5.0 | None | Low | OpenSSL \nBIG-IQ ADC | 4.5.0 | None | Low | OpenSSL \nBIG-IQ Centralized Management | 5.0.0 \n4.6.0 | 5.1.0 | Low | OpenSSL \nBIG-IQ Cloud and Orchestration | 1.0.0 | None | Low | OpenSSL \nF5 iWorkflow | 2.0.0 | 2.0.1 | Low | OpenSSL \nLineRate | None | 2.5.0 - 2.6.1 | Not vulnerable | None \nF5 WebSafe | None | 1.0.0 | Not vulnerable | None \nTraffix SDC | None | 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1 | Not vulnerable | None\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable **column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nARX\n\nTo mitigate this vulnerability, you should permit access to the ARX GUI only over a secure network.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K13123: Managing BIG-IP product hotfixes (11.x - 13.x)](<https://support.f5.com/csp/article/K13123>)\n", "edition": 1, "modified": "2018-04-20T19:03:00", "published": "2016-05-20T01:06:00", "id": "F5:K51920288", "href": "https://support.f5.com/csp/article/K51920288", "title": "OpenSSL vulnerability CVE-2016-2105", "type": "f5", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2017-09-15T01:19:23", "bulletinFamily": "software", "cvelist": ["CVE-2016-2108"], "edition": 1, "description": "\nF5 Product Development has assigned IDs 591042, 591325, 591327, 591328, and 591329 (BIG-IP), ID 594024 (BIG-IQ and iWorkflow), ID 594030 (Enterprise Manager), ID 500324 (ARX), and LRS-60730 (LineRate) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth>) may list Heuristic H591062-3 on the **Diagnostics** > **Identified** > **High** screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4 | 13.0.0 \n12.1.2 \n11.6.1 HF1 \n11.5.4 HF3 | High | OpenSSL*, ConfigSync, f5-rest-node \nBIG-IP AAM | 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 | 13.0.0 \n12.1.2 \n11.6.1 HF1 \n11.5.4 HF3 | High | OpenSSL*, ConfigSync, f5-rest-node \nBIG-IP AFM | 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 | 13.0.0 \n12.1.2 \n11.6.1 HF1 \n11.5.4 HF3 | High | OpenSSL*, ConfigSync, f5-rest-node \nBIG-IP Analytics | 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 | 13.0.0 \n12.1.2 \n11.6.1 HF1 \n11.5.4 HF3 | High | OpenSSL*, ConfigSync, f5-rest-node \nBIG-IP APM | 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4 | 13.0.0 \n12.1.2 \n11.6.1 HF1 \n11.5.4 HF3 | High | OpenSSL*, ConfigSync, f5-rest-node \n12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4 | 13.0.0 \n12.1.2 \n11.6.1 HF2 | High | Oracle SDK for OAM \nBIG-IP ASM | 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4 | 13.0.0 \n12.1.2 \n11.6.1 HF1 \n11.5.4 HF3 | High | OpenSSL*, ConfigSync, f5-rest-node \nBIG-IP DNS | 12.0.0 - 12.1.1 | 13.0.0 \n12.1.2 | High | OpenSSL*, ConfigSync, f5-rest-node \nBIG-IP Edge Gateway | 11.2.1 \n10.2.1 - 10.2.4 | None | High | OpenSSL*, ConfigSync \nBIG-IP GTM | 11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4 | 11.6.1 HF1 \n11.5.4 HF3 | High | OpenSSL*, ConfigSync, f5-rest-node \nBIG-IP Link Controller | 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4 | 13.0.0 \n12.1.2 \n11.6.1 HF1 \n11.5.4 HF3 | High | OpenSSL*, ConfigSync, f5-rest-node \nBIG-IP PEM | 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 | 13.0.0 \n12.1.2 \n11.6.1 HF1 \n11.5.4 HF3 | High | OpenSSL*, ConfigSync, f5-rest-node \nBIG-IP PSM | 11.4.0 - 11.4.1 \n11.2.1 \n10.2.1 - 10.2.4 | None | High | OpenSSL*, ConfigSync \nBIG-IP WebAccelerator | 11.2.1 \n10.2.1 - 10.2.4 | None | High | OpenSSL*, ConfigSync \nBIG-IP WOM | 11.2.1 \n10.2.1 - 10.2.4 | None | High | OpenSSL*, ConfigSync \nARX | 6.2.0 - 6.4.0 | None | Low | OpenSSL (when accessing the management IP) \nEnterprise Manager | 3.1.1 | None | High | OpenSSL \nFirePass | None | 7.0.0 | Not vulnerable | None \nBIG-IQ Cloud | 4.0.0 - 4.5.0 | None | High | OpenSSL \nBIG-IQ Device | 4.2.0 - 4.5.0 | None | High | OpenSSL \nBIG-IQ Security | 4.0.0 - 4.5.0 | None | High | OpenSSL \nBIG-IQ ADC | 4.5.0 | None | High | OpenSSL \nBIG-IQ Centralized Management | 5.0.0 \n4.6.0 | 5.1.0 | High | OpenSSL \nBIG-IQ Cloud and Orchestration | 1.0.0 | None | High | OpenSSL \nF5 iWorkflow | 2.0.0 | 2.0.1 | High | OpenSSL \nLineRate | 2.6.0 - 2.6.1 \n2.5.0 - 2.5.2 | 2.6.2 \n2.5.3 | High | OpenSSL \nF5 WebSafe | None | 1.0.0 | Not vulnerable | None \nTraffix SDC | None | 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1 | Not vulnerable | None \n \n* BIG-IP products are vulnerable through SSL certification validation when validating both client certificates (such as an SSL client profile) or server certificates (such as an SSL forward proxy).\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable **column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nBIG-IP, BIG-IQ, iWorkflow, and Enterprise Manager\n\nTo minimize risk, ensure that certificates accepted from clients or servers are configured to validate against a known-secure Certificate Authority (CA).\n\nARX\n\nTo mitigate this vulnerability, you should permit access to the ARX GUI only over a secure network.\n\nLineRate\n\nTo mitigate this vulnerability, you should avoid configuring certificate bundles on the SSL profile from an untrusted source.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K13123: Managing BIG-IP product hotfixes (11.x - 13.x)](<https://support.f5.com/csp/article/K13123>)\n", "modified": "2017-09-15T00:09:00", "published": "2016-05-20T01:01:00", "id": "F5:K75152412", "href": "https://support.f5.com/csp/article/K75152412", "title": "OpenSSL vulnerability CVE-2016-2108", "type": "f5", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "amazon": [{"lastseen": "2020-11-10T12:37:13", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2108", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2106"], "description": "**Issue Overview:**\n\nA vulnerability was discovered that allows a man-in-the-middle attacker to use a padding oracle attack to decrypt traffic on a connection using an AES CBC cipher with a server supporting AES-NI. ([CVE-2016-2107 __](<https://access.redhat.com/security/cve/CVE-2016-2107>), Important)\n\nIt was discovered that the ASN.1 parser can misinterpret a large universal tag as a negative value. If an application deserializes and later reserializes untrusted ASN.1 structures containing an ANY field, an attacker may be able to trigger an out-of-bounds write, which can cause potentially exploitable memory corruption. ([CVE-2016-2108 __](<https://access.redhat.com/security/cve/CVE-2016-2108>), Important)\n\nAn overflow bug was discovered in the EVP_EncodeUpdate() function. An attacker could supply very large amounts of input data to overflow a length check, resulting in heap corruption. ([CVE-2016-2105 __](<https://access.redhat.com/security/cve/CVE-2016-2105>), Low)\n\nAn overflow bug was discovered in the EVP_EncryptUpdate() function. An attacker could supply very large amounts of input data to overflow a length check, resulting in heap corruption. ([CVE-2016-2106 __](<https://access.redhat.com/security/cve/CVE-2016-2106>), Low)\n\nAn issue was discovered in the BIO functions, such as d2i_CMS_bio(), where a short invalid encoding in ASN.1 data can cause allocation of large amounts of memory, potentially resulting in a denial of service. ([CVE-2016-2109 __](<https://access.redhat.com/security/cve/CVE-2016-2109>), Low)\n\n \n**Affected Packages:** \n\n\nopenssl\n\n \n**Issue Correction:** \nRun _yum update openssl_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n openssl-static-1.0.1k-14.91.amzn1.i686 \n openssl-1.0.1k-14.91.amzn1.i686 \n openssl-perl-1.0.1k-14.91.amzn1.i686 \n openssl-devel-1.0.1k-14.91.amzn1.i686 \n openssl-debuginfo-1.0.1k-14.91.amzn1.i686 \n \n src: \n openssl-1.0.1k-14.91.amzn1.src \n \n x86_64: \n openssl-perl-1.0.1k-14.91.amzn1.x86_64 \n openssl-devel-1.0.1k-14.91.amzn1.x86_64 \n openssl-debuginfo-1.0.1k-14.91.amzn1.x86_64 \n openssl-static-1.0.1k-14.91.amzn1.x86_64 \n openssl-1.0.1k-14.91.amzn1.x86_64 \n \n \n", "edition": 3, "modified": "2016-05-03T10:30:00", "published": "2016-05-03T10:30:00", "id": "ALAS-2016-695", "href": "https://alas.aws.amazon.com/ALAS-2016-695.html", "title": "Important: openssl", "type": "amazon", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2020-07-02T11:34:54", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2108", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2106"], "description": "Huzaifa Sidhpurwala, Hanno B\u00f6ck, and David Benjamin discovered that OpenSSL \nincorrectly handled memory when decoding ASN.1 structures. A remote \nattacker could use this issue to cause OpenSSL to crash, resulting in a \ndenial of service, or possibly execute arbitrary code. (CVE-2016-2108)\n\nJuraj Somorovsky discovered that OpenSSL incorrectly performed padding when \nthe connection uses the AES CBC cipher and the server supports AES-NI. A \nremote attacker could possibly use this issue to perform a padding oracle \nattack and decrypt traffic. (CVE-2016-2107)\n\nGuido Vranken discovered that OpenSSL incorrectly handled large amounts of \ninput data to the EVP_EncodeUpdate() function. A remote attacker could use \nthis issue to cause OpenSSL to crash, resulting in a denial of service, or \npossibly execute arbitrary code. (CVE-2016-2105)\n\nGuido Vranken discovered that OpenSSL incorrectly handled large amounts of \ninput data to the EVP_EncryptUpdate() function. A remote attacker could use \nthis issue to cause OpenSSL to crash, resulting in a denial of service, or \npossibly execute arbitrary code. (CVE-2016-2106)\n\nBrian Carpenter discovered that OpenSSL incorrectly handled memory when \nASN.1 data is read from a BIO. A remote attacker could possibly use this \nissue to cause memory consumption, resulting in a denial of service. \n(CVE-2016-2109)\n\nAs a security improvement, this update also modifies OpenSSL behaviour to \nreject DH key sizes below 1024 bits, preventing a possible downgrade \nattack.", "edition": 5, "modified": "2016-05-03T00:00:00", "published": "2016-05-03T00:00:00", "id": "USN-2959-1", "href": "https://ubuntu.com/security/notices/USN-2959-1", "title": "OpenSSL vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2016-09-04T12:45:45", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2108", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2106"], "description": "This update for openssl fixes the following issues:\n\n - CVE-2016-2108: Memory corruption in the ASN.1 encoder (boo#977617)\n - CVE-2016-2107: Padding oracle in AES-NI CBC MAC check (boo#977616)\n - CVE-2016-2105: EVP_EncodeUpdate overflow (boo#977614)\n - CVE-2016-2106: EVP_EncryptUpdate overflow (boo#977615)\n - CVE-2016-2109: ASN.1 BIO excessive memory allocation (boo#976942)\n - boo#976943: Buffer overrun in ASN1_parse\n - boo#977621: Preserve digests for SNI\n - boo#958501: Fix openssl enc -non-fips-allow option in FIPS mode\n\n", "edition": 1, "modified": "2016-05-05T13:08:31", "published": "2016-05-05T13:08:31", "id": "OPENSUSE-SU-2016:1238-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html", "title": "Security update for openssl (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:41:56", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2108", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2106"], "description": "This update for openssl fixes the following issues:\n\n - CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614)\n - CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615)\n - CVE-2016-2107: Padding oracle in AES-NI CBC MAC check (bsc#977616)\n - CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617)\n - CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942)\n - bsc#976943: Buffer overrun in ASN1_parse\n\n", "edition": 1, "modified": "2016-05-05T13:11:19", "published": "2016-05-05T13:11:19", "id": "OPENSUSE-SU-2016:1240-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html", "title": "Security update for openssl (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:42:03", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2108", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2106"], "description": "This update for openssl fixes the following issues:\n\n - CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617)\n - CVE-2016-2107: Padding oracle in AES-NI CBC MAC check (bsc#977616)\n - CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614)\n - CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615)\n - CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942)\n - bsc#976943: Buffer overrun in ASN1_parse\n - bsc#977621: Preserve negotiated digests for SNI (bsc#977621)\n - bsc#958501: Fix openssl enc -non-fips-allow option in FIPS mode\n (bsc#958501)\n\n", "edition": 1, "modified": "2016-05-04T16:14:12", "published": "2016-05-04T16:14:12", "id": "SUSE-SU-2016:1228-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html", "title": "Security update for openssl (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:45:08", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2108", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2106"], "edition": 1, "description": "This update for openssl fixes the following issues:\n\n - CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617)\n - CVE-2016-2107: Padding oracle in AES-NI CBC MAC check (bsc#977616)\n - CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614)\n - CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615)\n - CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942)\n - bsc#976943: Buffer overrun in ASN1_parse\n - bsc#977621: Preserve negotiated digests for SNI (bsc#977621)\n - bsc#958501: Fix openssl enc -non-fips-allow option in FIPS mode\n (bsc#958501)\n\n", "modified": "2016-05-04T18:09:44", "published": "2016-05-04T18:09:44", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html", "id": "SUSE-SU-2016:1233-1", "title": "Security update for openssl (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:19:41", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2108", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2106"], "description": "This update for openssl1 fixes the following issues:\n\n Security issues fixed:\n - CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617)\n - CVE-2016-2107: Padding oracle in AES-NI CBC MAC check (bsc#977616)\n - CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614)\n - CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615)\n - CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942)\n\n Bugs fixed:\n - bsc#971354: libopenssl1_0_0 now Recommends: openssl1 to get correct SSL\n Root Certificate hashes\n - bsc#889013: Rename README.SuSE to the new spelling README.SUSE\n - bsc#976943: Fixed a buffer overrun in ASN1_parse.\n - bsc#977621: Preserve negotiated digests for SNI (bsc#977621)\n\n", "edition": 1, "modified": "2016-05-03T22:08:22", "published": "2016-05-03T22:08:22", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html", "id": "SUSE-SU-2016:1206-1", "title": "Security update for openssl1 (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:27:16", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2108", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2106"], "description": "This update for openssl fixes the following issues:\n\n - CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617)\n - CVE-2016-2107: Padding oracle in AES-NI CBC MAC check (bsc#977616)\n - CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614)\n - CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615)\n - CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942)\n - bsc#976943: Buffer overrun in ASN1_parse\n - bsc#977621: Preserve negotiated digests for SNI (bsc#977621)\n - bsc#958501: Fix openssl enc -non-fips-allow option in FIPS mode\n (bsc#958501)\n\n This update was imported from the SUSE:SLE-12-SP1:Update update project.\n\n", "edition": 1, "modified": "2016-05-05T18:08:51", "published": "2016-05-05T18:08:51", "id": "OPENSUSE-SU-2016:1243-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html", "title": "Security update for openssl (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:08:02", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2108", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2106"], "description": "This update for openssl fixes the following issues:\n\n - CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614)\n - CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615)\n - CVE-2016-2107: Padding oracle in AES-NI CBC MAC check (bsc#977616)\n - CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617)\n - CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942)\n - bsc#976943: Buffer overrun in ASN1_parse\n\n", "edition": 1, "modified": "2016-05-05T13:07:36", "published": "2016-05-05T13:07:36", "id": "OPENSUSE-SU-2016:1237-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html", "title": "Security update for openssl (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:42:10", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2108", "CVE-2016-2105", "CVE-2016-2109", "CVE-2016-2106"], "description": "This update for compat-openssl097g fixes the following issues:\n\n Security issues fixed:\n - CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617)\n - CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614)\n - CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615)\n - CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942)\n\n Bugs fixed:\n - bsc#976943: Fix buffer overrun in ASN1_parse\n\n", "edition": 1, "modified": "2016-05-04T18:08:19", "published": "2016-05-04T18:08:19", "id": "SUSE-SU-2016:1231-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.html", "title": "Security update for compat-openssl097g (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cloudfoundry": [{"lastseen": "2019-05-29T18:32:55", "bulletinFamily": "software", "cvelist": ["CVE-2016-2108", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2106"], "description": "USN-2959-1 OpenSSL vulnerabilities\n\n# \n\nHigh\n\n# Vendor\n\nCanonical Ubuntu, OpenSSL\n\n# Versions Affected\n\n * Canonical Ubuntu 14.04 LTS, OpenSSLv1 \n\n# Description\n\nHuzaifa Sidhpurwala, Hanno B\u00f6ck, and David Benjamin discovered that OpenSSL incorrectly handled memory when decoding ASN.1 structures. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. ([CVE-2016-2108](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-2108/>))\n\nJuraj Somorovsky discovered that OpenSSL incorrectly performed padding when the connection uses the AES CBC cipher and the server supports AES-NI. A remote attacker could possibly use this issue to perform a padding oracle attack and decrypt traffic. ([CVE-2016-2107](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-2107>))\n\nGuido Vranken discovered that OpenSSL incorrectly handled large amounts of input data to the EVP_EncodeUpdate() function. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. ([CVE-2016-2105](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-2105>))\n\nGuido Vranken discovered that OpenSSL incorrectly handled large amounts of input data to the EVP_EncryptUpdate() function. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. ([CVE-2016-2106](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-2106>))\n\nBrian Carpenter discovered that OpenSSL incorrectly handled memory when ASN.1 data is read from a BIO. A remote attacker could possibly use this issue to cause memory consumption, resulting in a denial of service. ([CVE-2016-2109](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-2109>))\n\nAs a security improvement, this update also modifies OpenSSL behaviour to reject DH key sizes below 1024 bits, preventing a possible downgrade attack.\n\n# Affected Products and Versions\n\n_Severity is high unless otherwise noted. \n_\n\n * Cloud Foundry BOSH stemcells 3146.x versions prior to 3146.11 AND other versions prior to 3232.2 are vulnerable \n\n# Mitigation\n\nUsers of affected versions should apply the following mitigation:\n\n * The Cloud Foundry project recommends that Cloud Foundry upgrade BOSH stemcell 3146.x versions to 3146.11 OR other versions to 3232.2 \n\n# Credit\n\nHuzaifa Sidhpurwala, Hanno B\u00f6ck, and David Benjamin, Juraj Somorovsky, Guido Vranken, Brian Carpenter\n\n# References\n\n * <http://www.ubuntu.com/usn/usn-2959-1/>\n", "edition": 5, "modified": "2016-05-06T00:00:00", "published": "2016-05-06T00:00:00", "id": "CFOUNDRY:F006390335E44CFEC69607A8E9BE3B62", "href": "https://www.cloudfoundry.org/blog/usn-2959-1/", "title": "USN-2959-1 OpenSSL vulnerabilities | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2021-02-02T06:28:05", "description": "The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-0799.", "edition": 4, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-03-03T20:59:00", "title": "CVE-2016-2842", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2842"], "modified": "2018-01-05T02:30:00", "cpe": ["cpe:/a:openssl:openssl:1.0.1a", "cpe:/a:openssl:openssl:1.0.1", "cpe:/a:openssl:openssl:1.0.1e", "cpe:/a:openssl:openssl:1.0.1d", "cpe:/a:openssl:openssl:1.0.1o", "cpe:/a:openssl:openssl:1.0.1g", "cpe:/a:openssl:openssl:1.0.1r", "cpe:/a:openssl:openssl:1.0.2", "cpe:/a:openssl:openssl:1.0.1q", "cpe:/a:openssl:openssl:1.0.2a", "cpe:/a:openssl:openssl:1.0.1b", "cpe:/a:openssl:openssl:1.0.1h", "cpe:/a:openssl:openssl:1.0.2c", "cpe:/a:openssl:openssl:1.0.2b", "cpe:/a:openssl:openssl:1.0.2f", "cpe:/a:openssl:openssl:1.0.1c", "cpe:/a:openssl:openssl:1.0.1i", "cpe:/a:openssl:openssl:1.0.1m", "cpe:/a:openssl:openssl:1.0.1n", "cpe:/a:openssl:openssl:1.0.2d", "cpe:/a:openssl:openssl:1.0.1j", "cpe:/a:openssl:openssl:1.0.1f", "cpe:/a:openssl:openssl:1.0.1p", "cpe:/a:openssl:openssl:1.0.2e", "cpe:/a:openssl:openssl:1.0.1l", "cpe:/a:openssl:openssl:1.0.1k"], "id": "CVE-2016-2842", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2842", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1p:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1r:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1q:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:28:04", "description": "The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding.", "edition": 6, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-05-05T01:59:00", "title": "CVE-2016-2109", "type": "cve", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2109"], "modified": "2018-07-19T01:29:00", "cpe": ["cpe:/o:redhat:enterprise_linux_desktop:6.0", "cpe:/a:openssl:openssl:1.0.2", "cpe:/a:openssl:openssl:1.0.2a", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/a:openssl:openssl:1.0.2c", "cpe:/a:openssl:openssl:1.0.2b", "cpe:/a:openssl:openssl:1.0.2f", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/o:redhat:enterprise_linux_hpc_node:7.0", "cpe:/a:openssl:openssl:1.0.2d", "cpe:/o:redhat:enterprise_linux_server_aus:7.2", "cpe:/o:redhat:enterprise_linux_hpc_node:6.0", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/o:redhat:enterprise_linux_workstation:6.0", "cpe:/o:redhat:enterprise_linux_server_eus:7.2", "cpe:/o:redhat:enterprise_linux_server:6.0", "cpe:/a:openssl:openssl:1.0.2e", "cpe:/a:openssl:openssl:1.0.1s", "cpe:/o:redhat:enterprise_linux_hpc_node_eus:7.2", "cpe:/a:openssl:openssl:1.0.2g"], "id": "CVE-2016-2109", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2109", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:a:openssl:openssl:1.0.2g:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1s:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:28:00", "description": "The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842.", "edition": 4, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-03-03T20:59:00", "title": "CVE-2016-0799", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0799"], "modified": "2018-01-05T02:30:00", "cpe": ["cpe:/a:openssl:openssl:1.0.1a", "cpe:/a:openssl:openssl:1.0.1", "cpe:/a:openssl:openssl:1.0.1e", "cpe:/a:openssl:openssl:1.0.1d", "cpe:/a:openssl:openssl:1.0.1o", "cpe:/a:openssl:openssl:1.0.1g", "cpe:/a:openssl:openssl:1.0.1r", "cpe:/a:openssl:openssl:1.0.2", "cpe:/a:openssl:openssl:1.0.1q", "cpe:/a:openssl:openssl:1.0.2a", "cpe:/a:openssl:openssl:1.0.1b", "cpe:/a:openssl:openssl:1.0.1h", "cpe:/a:openssl:openssl:1.0.2c", "cpe:/a:pulsesecure:client:-", "cpe:/a:pulsesecure:steel_belted_radius:-", "cpe:/a:openssl:openssl:1.0.2b", "cpe:/a:openssl:openssl:1.0.2f", "cpe:/a:openssl:openssl:1.0.1c", "cpe:/a:openssl:openssl:1.0.1i", "cpe:/a:openssl:openssl:1.0.1m", "cpe:/a:openssl:openssl:1.0.1n", "cpe:/a:openssl:openssl:1.0.2d", "cpe:/a:openssl:openssl:1.0.1j", "cpe:/a:openssl:openssl:1.0.1f", "cpe:/a:openssl:openssl:1.0.1p", "cpe:/a:openssl:openssl:1.0.2e", "cpe:/a:openssl:openssl:1.0.1l", "cpe:/a:openssl:openssl:1.0.1k"], "id": "CVE-2016-0799", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0799", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1p:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:client:-:*:*:*:*:iphone_os:*:*", "cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:steel_belted_radius:-:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1r:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1q:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:client:-:*:*:*:*:android:*:*"]}, {"lastseen": "2021-02-02T06:28:04", "description": "Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data.", "edition": 7, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-05-05T01:59:00", "title": "CVE-2016-2105", "type": "cve", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2105"], "modified": "2019-02-21T15:09:00", "cpe": ["cpe:/a:openssl:openssl:1.0.1a", "cpe:/a:oracle:mysql:5.7.12", "cpe:/a:openssl:openssl:1.0.1", "cpe:/a:openssl:openssl:1.0.1e", "cpe:/a:openssl:openssl:1.0.1d", "cpe:/a:openssl:openssl:1.0.1o", "cpe:/o:redhat:enterprise_linux_desktop:6.0", "cpe:/a:openssl:openssl:1.0.1g", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/a:openssl:openssl:1.0.1r", "cpe:/a:openssl:openssl:1.0.2", "cpe:/a:openssl:openssl:1.0.1q", "cpe:/a:openssl:openssl:1.0.2a", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/a:openssl:openssl:1.0.1b", "cpe:/a:openssl:openssl:1.0.1h", "cpe:/a:openssl:openssl:1.0.2c", "cpe:/o:canonical:ubuntu_linux:15.10", "cpe:/o:opensuse:opensuse:13.2", "cpe:/a:openssl:openssl:1.0.2b", "cpe:/a:openssl:openssl:1.0.2f", "cpe:/a:openssl:openssl:1.0.1c", "cpe:/o:opensuse:leap:42.1", "cpe:/a:openssl:openssl:1.0.1i", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/a:openssl:openssl:1.0.1m", "cpe:/a:openssl:openssl:1.0.1n", "cpe:/o:redhat:enterprise_linux_hpc_node:7.0", "cpe:/a:openssl:openssl:1.0.2d", "cpe:/o:redhat:enterprise_linux_server_aus:7.2", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/o:redhat:enterprise_linux_hpc_node:6", "cpe:/a:openssl:openssl:1.0.1j", "cpe:/a:openssl:openssl:1.0.1f", "cpe:/a:openssl:openssl:1.0.1p", "cpe:/o:redhat:enterprise_linux_workstation:6.0", "cpe:/o:redhat:enterprise_linux_server_eus:7.2", "cpe:/o:redhat:enterprise_linux_server:6.0", "cpe:/a:openssl:openssl:1.0.2e", "cpe:/a:openssl:openssl:1.0.1s", "cpe:/o:apple:mac_os_x:10.11.5", "cpe:/a:oracle:mysql:5.6.30", "cpe:/o:redhat:enterprise_linux_hpc_node_eus:7.2", "cpe:/a:openssl:openssl:1.0.2g", "cpe:/a:openssl:openssl:1.0.1l", "cpe:/a:openssl:openssl:1.0.1k", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2016-2105", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2105", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:redhat:enterprise_linux_hpc_node:6:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2g:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1p:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.7.12:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1r:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.6.30:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1q:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1s:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.11.5:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:28:04", "description": "Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data.", "edition": 6, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-05-05T01:59:00", "title": "CVE-2016-2106", "type": "cve", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2106"], "modified": "2018-07-19T01:29:00", "cpe": ["cpe:/o:redhat:enterprise_linux_desktop:6.0", "cpe:/a:openssl:openssl:1.0.2", "cpe:/a:openssl:openssl:1.0.2a", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/a:openssl:openssl:1.0.2c", "cpe:/a:openssl:openssl:1.0.2b", "cpe:/a:openssl:openssl:1.0.2f", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/o:redhat:enterprise_linux_hpc_node:7.0", "cpe:/a:openssl:openssl:1.0.2d", "cpe:/o:redhat:enterprise_linux_server_aus:7.2", "cpe:/o:redhat:enterprise_linux_hpc_node:6.0", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/o:redhat:enterprise_linux_workstation:6.0", "cpe:/o:redhat:enterprise_linux_server_eus:7.2", "cpe:/o:redhat:enterprise_linux_server:6.0", "cpe:/a:openssl:openssl:1.0.2e", "cpe:/a:openssl:openssl:1.0.1s", "cpe:/o:redhat:enterprise_linux_hpc_node_eus:7.2", "cpe:/a:openssl:openssl:1.0.2g"], "id": "CVE-2016-2106", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2106", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:openssl:openssl:1.0.2g:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1s:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:28:04", "description": "The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169.", "edition": 6, "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.9, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-05-05T01:59:00", "title": "CVE-2016-2107", "type": "cve", "cwe": ["CWE-310", "CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.6, "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2107"], "modified": "2018-10-30T16:27:00", "cpe": ["cpe:/o:google:android:5.1.0", "cpe:/o:google:android:4.2", "cpe:/o:google:android:4.1", "cpe:/o:redhat:enterprise_linux_desktop:6.0", "cpe:/o:google:android:4.4.2", "cpe:/o:google:android:4.0", "cpe:/o:google:android:4.4.1", "cpe:/a:hp:helion_openstack:2.1.4", "cpe:/o:google:android:4.0.3", "cpe:/a:openssl:openssl:1.0.2", "cpe:/o:google:android:4.3", "cpe:/o:google:android:4.0.4", "cpe:/a:openssl:openssl:1.0.2a", "cpe:/o:google:android:5.0", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/a:hp:helion_openstack:2.0", "cpe:/a:hp:helion_openstack:2.1.2", "cpe:/a:openssl:openssl:1.0.2c", "cpe:/a:hp:helion_openstack:2.1", "cpe:/o:opensuse:opensuse:13.2", "cpe:/o:google:android:4.2.1", "cpe:/a:openssl:openssl:1.0.2b", "cpe:/a:openssl:openssl:1.0.2f", "cpe:/o:opensuse:leap:42.1", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/o:redhat:enterprise_linux_hpc_node:7.0", "cpe:/a:openssl:openssl:1.0.2d", "cpe:/o:google:android:4.2.2", "cpe:/o:redhat:enterprise_linux_server_aus:7.2", "cpe:/o:redhat:enterprise_linux_hpc_node:6.0", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/o:google:android:5.1", "cpe:/o:google:android:4.3.1", "cpe:/o:redhat:enterprise_linux_workstation:6.0", "cpe:/o:google:android:4.1.2", "cpe:/o:google:android:4.0.2", "cpe:/o:redhat:enterprise_linux_server_eus:7.2", "cpe:/o:redhat:enterprise_linux_server:6.0", "cpe:/a:openssl:openssl:1.0.2e", "cpe:/o:google:android:4.4.3", "cpe:/a:openssl:openssl:1.0.1s", "cpe:/o:google:android:5.0.1", "cpe:/o:redhat:enterprise_linux_hpc_node_eus:7.2", "cpe:/a:openssl:openssl:1.0.2g", "cpe:/o:google:android:4.0.1", "cpe:/o:google:android:4.4"], "id": "CVE-2016-2107", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2107", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:openssl:openssl:1.0.2g:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*", "cpe:2.3:o:google:android:5.1.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:4.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:4.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:hp:helion_openstack:2.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:4.1:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:hp:helion_openstack:2.1.2:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:4.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:4.4:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:4.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:4.3:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:4.2:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:4.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:4.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:4.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:5.1:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1s:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "cpe:2.3:a:hp:helion_openstack:2.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:4.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*", "cpe:2.3:o:google:android:4.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:hp:helion_openstack:2.1:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:4.1.2:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:4.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:4.0.2:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:28:04", "description": "The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the \"negative zero\" issue.", "edition": 6, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-05-05T01:59:00", "title": "CVE-2016-2108", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2108"], "modified": "2018-01-05T02:30:00", "cpe": ["cpe:/o:google:android:6.0", "cpe:/o:google:android:5.1.0", "cpe:/o:google:android:4.2", "cpe:/o:google:android:4.1", "cpe:/o:redhat:enterprise_linux_desktop:6.0", "cpe:/o:google:android:4.4.2", "cpe:/o:google:android:4.0", "cpe:/o:google:android:4.4.1", "cpe:/o:google:android:4.0.3", "cpe:/a:openssl:openssl:1.0.2", "cpe:/o:google:android:4.3", "cpe:/o:google:android:4.0.4", "cpe:/a:openssl:openssl:1.0.2a", "cpe:/o:google:android:5.0", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/o:google:android:4.2.1", "cpe:/a:openssl:openssl:1.0.2b", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/a:openssl:openssl:1.0.1n", "cpe:/o:redhat:enterprise_linux_hpc_node:7.0", "cpe:/o:google:android:4.2.2", "cpe:/o:redhat:enterprise_linux_server_aus:7.2", "cpe:/o:redhat:enterprise_linux_hpc_node:6.0", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/o:google:android:5.1", "cpe:/o:google:android:4.3.1", "cpe:/o:google:android:6.0.1", "cpe:/o:redhat:enterprise_linux_workstation:6.0", "cpe:/o:google:android:4.1.2", "cpe:/o:google:android:4.0.2", "cpe:/o:redhat:enterprise_linux_server_eus:7.2", "cpe:/o:redhat:enterprise_linux_server:6.0", "cpe:/o:google:android:4.4.3", "cpe:/o:google:android:5.0.1", "cpe:/o:redhat:enterprise_linux_hpc_node_eus:7.2", "cpe:/o:google:android:4.0.1", "cpe:/o:google:android:4.4"], "id": "CVE-2016-2108", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2108", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*", "cpe:2.3:o:google:android:5.1.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:4.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:4.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:4.1:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:4.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:4.4:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:4.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:4.3:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:4.2:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:4.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:4.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:4.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:5.1:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:4.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*", "cpe:2.3:o:google:android:4.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:4.1.2:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:4.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:4.0.2:*:*:*:*:*:*:*"]}], "slackware": [{"lastseen": "2020-10-25T16:36:28", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2105", "CVE-2016-2106", "CVE-2016-2107", "CVE-2016-2108", "CVE-2016-2109", "CVE-2016-2176"], "description": "New openssl packages are available for Slackware 14.0, 14.1, and -current to\nfix security issues.\n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n\npatches/packages/openssl-1.0.1t-i486-1_slack14.1.txz: Upgraded.\n This update fixes the following security issues:\n Memory corruption in the ASN.1 encoder (CVE-2016-2108)\n Padding oracle in AES-NI CBC MAC check (CVE-2016-2107)\n EVP_EncodeUpdate overflow (CVE-2016-2105)\n EVP_EncryptUpdate overflow (CVE-2016-2106)\n ASN.1 BIO excessive memory allocation (CVE-2016-2109)\n EBCDIC overread (CVE-2016-2176)\n For more information, see:\n https://www.openssl.org/news/secadv/20160503.txt\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2108\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2107\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2105\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2106\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2109\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2176\n (* Security fix *)\npatches/packages/openssl-solibs-1.0.1t-i486-1_slack14.1.txz: Upgraded.\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated packages for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1t-i486-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1t-i486-1_slack14.0.txz\n\nUpdated packages for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1t-x86_64-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1t-x86_64-1_slack14.0.txz\n\nUpdated packages for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1t-i486-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1t-i486-1_slack14.1.txz\n\nUpdated packages for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1t-x86_64-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1t-x86_64-1_slack14.1.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.2h-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.2h-i586-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.2h-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.2h-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 14.0 packages:\n033bd9509aeb07712e6bb3adf89c18e4 openssl-1.0.1t-i486-1_slack14.0.txz\n9e91d781e33f7af80cbad08b245e84ed openssl-solibs-1.0.1t-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 packages:\ne5c77ec16e3f2fcb2f1d53d84a6ba951 openssl-1.0.1t-x86_64-1_slack14.0.txz\n2de7b6196a905233036d7f38008984bd openssl-solibs-1.0.1t-x86_64-1_slack14.0.txz\n\nSlackware 14.1 packages:\n96dcae05ae2f585c30de852a55eb870f openssl-1.0.1t-i486-1_slack14.1.txz\n59618b061e62fd9d73ba17df7626b2e7 openssl-solibs-1.0.1t-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 packages:\n3d5ebfce099917703d537ab603e58a9b openssl-1.0.1t-x86_64-1_slack14.1.txz\nbf3a6bbdbe835dd2ce73333822cc9f06 openssl-solibs-1.0.1t-x86_64-1_slack14.1.txz\n\nSlackware -current packages:\n4889a10c5f3aa7104167c7d50eedf7ea a/openssl-solibs-1.0.2h-i586-1.txz\n8e3439f35c3cb4e11ca64eebb238a52f n/openssl-1.0.2h-i586-1.txz\n\nSlackware x86_64 -current packages:\nb4a852bb7e86389ec228288ccb7e79bb a/openssl-solibs-1.0.2h-x86_64-1.txz\nbcf9dc7bb04173f002644e3ce33ab4ab n/openssl-1.0.2h-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the packages as root:\n > upgradepkg openssl-1.0.1t-i486-1_slack14.1.txz openssl-solibs-1.0.1t-i486-1_slack14.1.txz \n\nThen, reboot the machine or restart any network services that use OpenSSL.", "modified": "2016-05-03T21:05:31", "published": "2016-05-03T21:05:31", "id": "SSA-2016-124-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.542103", "type": "slackware", "title": "[slackware-security] openssl", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "freebsd": [{"lastseen": "2019-05-29T18:32:43", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2108", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2176", "CVE-2016-2106"], "description": "\nOpenSSL reports:\n\nMemory corruption in the ASN.1 encoder\nPadding oracle in AES-NI CBC MAC check\nEVP_EncodeUpdate overflow\nEVP_EncryptUpdate overflow\nASN.1 BIO excessive memory allocation\nEBCDIC overread (OpenSSL only)\n\n", "edition": 4, "modified": "2016-08-09T00:00:00", "published": "2016-05-03T00:00:00", "id": "01D729CA-1143-11E6-B55E-B499BAEBFEAF", "href": "https://vuxml.freebsd.org/freebsd/01d729ca-1143-11e6-b55e-b499baebfeaf.html", "title": "OpenSSL -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "cisco": [{"lastseen": "2020-12-24T11:41:16", "bulletinFamily": "software", "cvelist": ["CVE-2016-2105", "CVE-2016-2106", "CVE-2016-2107", "CVE-2016-2108", "CVE-2016-2109", "CVE-2016-2176"], "description": "A vulnerability in OpenSSL could allow a local attacker to cause a denial of service (DoS) condition on a targeted system.\n\nThe vulnerability is due to memory exhaustion while processing certain data. An attacker could exploit this vulnerability by sending crafted ASN.1 data to a targeted system. An exploit could cause the consumption of excessive memory resources, resulting in a DoS condition.\n\nA vulnerability in OpenSSL could allow an unauthenticated, remote\nattacker to gain access to sensitive information on a targeted system.\n\nThe vulnerability is due to improper memory processes by the affected software. An attacker could exploit this vulnerability by sending a crafted ASN.1 string greater than 1004 bytes to the X509_NAME_oneline() function of the affected software. A successful exploit could allow an attacker to cause a memory overread condition and gain access to sensitive information on a targeted system.\n\nA vulnerability in OpenSSL could allow an unauthenticated, remote attacker to decrypt and access sensitive information.\n\nThe vulnerability is due to insufficient padding checks by the affected software. An attacker could exploit this vulnerability by conducting a padding oracle attack if the attacker is in a man-in-the-middle position between a targeted system and a Transport Layer Security/Secure Sockets Layer (TLS/SSL) or Datagram Transport Layer Security (DTLS) server supporting Advanced Encryption Standards New Instructions (AES-NI) and the connection uses an AES Cipher Block Chaining (CBC) cipher. A successful exploit could allow the attacker to decrypt sensitive information in encrypted packets, which could be leveraged to conduct further attacks.\n\nA vulnerability in OpenSSL could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on a targeted system.\n\nThe vulnerability is due to improper validation of user-supplied input by the affected software. An attacker could exploit this vulnerability by submitting large amounts of specially crafted data to the EVP_EncryptUpdate() function of the affected software. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the user or cause a DoS condition on a targeted system.\n\nA vulnerability in the ASN.1 encoder in OpenSSL could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition.\n\nThe vulnerability is due to the way the affected software encodes certain ASN.1 data structures. An attacker could exploit this vulnerability by sending a crafted certificate to the targeted system. An exploit could cause the affected software to crash or allow the attacker to execute arbitrary code with the privileges of a targeted user running an application that is using the OpenSSL library. If the user has elevated privileges, a successful exploit could result in a complete system compromise.\n\nA vulnerability in the EVP_EncodeUpdate() function in OpenSSL could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition.\n\nThe vulnerability is due to insufficient bounds checks by the affected software. An attacker could exploit this vulnerability by submitting large amounts of data to an application that uses the OpenSSL library on a targeted system. A successful exploit could trigger an overflow condition that results in heap corruption. The attacker could use the heap corruption to cause the application to crash or to execute arbitrary code in the security context of the user who is running the application. If the user is running the application with elevated privileges, the attacker could execute arbitrary code with those privileges and compromise the system completely.\n\nOn May 3, 2016, the OpenSSL Software Foundation released a security advisory that included six vulnerabilities. Of the six vulnerabilities disclosed, four of them may cause memory corruption or excessive memory usage, one could allow a padding oracle attack to decrypt traffic when the connection uses an AES CBC cipher and the server supports AES-NI, and, lastly, one is specific to a product performing an operation with Extended Binary Coded Decimal Interchange Code (EBCDIC) encoding.\n\nMultiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities. \n\nThis advisory will be updated as additional information becomes available.\n\nThis advisory is available at the following link:\n\nhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl[\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl\"]", "modified": "2016-12-05T16:10:21", "published": "2016-05-04T19:30:00", "id": "CISCO-SA-20160504-OPENSSL", "href": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl", "type": "cisco", "title": "Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 ", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2020-08-12T01:02:59", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2108", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2176", "CVE-2016-2106"], "description": "Package : openssl\nVersion : 1.0.1e-2+deb7u21\nCVE ID : CVE-2016-2105 CVE-2016-2106 CVE-2016-2107 CVE-2016-2108 \n CVE-2016-2109 CVE-2016-2176\n\nSeveral vulnerabilities were discovered in OpenSSL, a Secure Socket Layer\ntoolkit.\n\nCVE-2016-2105\n\n Guido Vranken discovered that an overflow can occur in the function\n EVP_EncodeUpdate(), used for Base64 encoding, if an attacker can\n supply a large amount of data. This could lead to a heap corruption.\n\nCVE-2016-2106\n\n Guido Vranken discovered that an overflow can occur in the function\n EVP_EncryptUpdate() if an attacker can supply a large amount of data.\n This could lead to a heap corruption.\n\nCVE-2016-2107\n\n Juraj Somorovsky discovered a padding oracle in the AES CBC cipher\n implementation based on the AES-NI instruction set. This could allow\n an attacker to decrypt TLS traffic encrypted with one of the cipher\n suites based on AES CBC.\n\nCVE-2016-2108\n\n David Benjamin from Google discovered that two separate bugs in the\n ASN.1 encoder, related to handling of negative zero integer values\n and large universal tags, could lead to an out-of-bounds write.\n\nCVE-2016-2109\n\n Brian Carpenter discovered that when ASN.1 data is read from a BIO\n using functions such as d2i_CMS_bio(), a short invalid encoding can\n casuse allocation of large amounts of memory potentially consuming\n excessive resources or exhausting memory.\n\nCVE-2016-2176\n\n Guido Vranken discovered that ASN.1 Strings that are over 1024 bytes\n can cause an overread in applications using the X509_NAME_oneline()\n function on EBCDIC systems. This could result in arbitrary stack data\n being returned in the buffer.\n\nAdditional information about these issues can be found in the OpenSSL\nsecurity advisory at https://www.openssl.org/news/secadv/20160503.txt\n", "edition": 7, "modified": "2016-05-03T20:54:05", "published": "2016-05-03T20:54:05", "id": "DEBIAN:DLA-456-1:BB65D", "href": "https://lists.debian.org/debian-lts-announce/2016/debian-lts-announce-201605/msg00006.html", "title": "[SECURITY] [DLA 456-1] openssl security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-12T01:06:04", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2108", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2176", "CVE-2016-2106"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3566-1 security@debian.org\nhttps://www.debian.org/security/ Alessandro Ghedini\nMay 03, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : openssl\nCVE ID : CVE-2016-2105 CVE-2016-2106 CVE-2016-2107 CVE-2016-2108 \n CVE-2016-2109 CVE-2016-2176\n\nSeveral vulnerabilities were discovered in OpenSSL, a Secure Socket Layer\ntoolkit.\n\nCVE-2016-2105\n\n Guido Vranken discovered that an overflow can occur in the function\n EVP_EncodeUpdate(), used for Base64 encoding, if an attacker can\n supply a large amount of data. This could lead to a heap corruption.\n\nCVE-2016-2106\n\n Guido Vranken discovered that an overflow can occur in the function\n EVP_EncryptUpdate() if an attacker can supply a large amount of data.\n This could lead to a heap corruption.\n\nCVE-2016-2107\n\n Juraj Somorovsky discovered a padding oracle in the AES CBC cipher\n implementation based on the AES-NI instruction set. This could allow\n an attacker to decrypt TLS traffic encrypted with one of the cipher\n suites based on AES CBC.\n\nCVE-2016-2108\n\n David Benjamin from Google discovered that two separate bugs in the\n ASN.1 encoder, related to handling of negative zero integer values\n and large universal tags, could lead to an out-of-bounds write.\n\nCVE-2016-2109\n\n Brian Carpenter discovered that when ASN.1 data is read from a BIO\n using functions such as d2i_CMS_bio(), a short invalid encoding can\n casuse allocation of large amounts of memory potentially consuming\n excessive resources or exhausting memory.\n\nCVE-2016-2176\n\n Guido Vranken discovered that ASN.1 Strings that are over 1024 bytes\n can cause an overread in applications using the X509_NAME_oneline()\n function on EBCDIC systems. This could result in arbitrary stack data\n being returned in the buffer.\n\nAdditional information about these issues can be found in the OpenSSL\nsecurity advisory at https://www.openssl.org/news/secadv/20160503.txt\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1.0.1k-3+deb8u5.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.0.2h-1.\n\nWe recommend that you upgrade your openssl packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 8, "modified": "2016-05-03T18:24:41", "published": "2016-05-03T18:24:41", "id": "DEBIAN:DSA-3566-1:D74F5", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2016/msg00142.html", "title": "[SECURITY] [DSA 3566-1] openssl security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "huawei": [{"lastseen": "2019-02-01T18:02:18", "bulletinFamily": "software", "cvelist": ["CVE-2016-2108", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2176", "CVE-2016-2106"], "description": "Products\n\nSwitches\nRouters\nWLAN\nServers\nSee All\n\n\n\nSolutions\n\nCloud Data Center\nEnterprise Networking\nWireless Private Network\nSolutions by Industry\nSee All\n\n\n\nServices\n\nTraining and Certification\nICT Lifecycle Services\nTechnology Services\nIndustry Solution Services\nSee All\n\n\n\nSee all offerings at e.huawei.com\n\n\n\nNeed Support ?\n\nProduct Support\nSoftware Download\nCommunity\nTools\n\nGo to Full Support", "edition": 1, "modified": "2017-01-11T00:00:00", "published": "2016-07-06T00:00:00", "id": "HUAWEI-SA-20160706-01-OPENSSL", "href": "https://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20160706-01-openssl-en", "title": "Security Advisory - Multiple Vulnerabilities in OpenSSL in May 2016", "type": "huawei", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "fedora": [{"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2105", "CVE-2016-2106", "CVE-2016-2107", "CVE-2016-2108"], "description": "The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. ", "modified": "2016-05-04T18:54:36", "published": "2016-05-04T18:54:36", "id": "FEDORA:44719604F0C3", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 23 Update: openssl-1.0.2h-1.fc23", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2105", "CVE-2016-2106", "CVE-2016-2107", "CVE-2016-2108"], "description": "The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. ", "modified": "2016-05-10T17:58:11", "published": "2016-05-10T17:58:11", "id": "FEDORA:A3C8D604C8B1", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 22 Update: openssl-1.0.1k-15.fc22", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2105", "CVE-2016-2106", "CVE-2016-2107", "CVE-2016-2108"], "description": "The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. ", "modified": "2016-05-07T12:15:14", "published": "2016-05-07T12:15:14", "id": "FEDORA:6DCC66067328", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 24 Update: openssl-1.0.2h-1.fc24", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2015-3197", "CVE-2016-0705", "CVE-2016-0799", "CVE-2016-2105", "CVE-2016-2106", "CVE-2016-2107", "CVE-2016-2109"], "description": "The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. This package contains Windows (MinGW) libraries and development tools. ", "modified": "2016-05-16T17:21:44", "published": "2016-05-16T17:21:44", "id": "FEDORA:58BAF60A0C7C", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 24 Update: mingw-openssl-1.0.2h-1.fc24", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2015-3197", "CVE-2016-0705", "CVE-2016-0799", "CVE-2016-2105", "CVE-2016-2106", "CVE-2016-2107", "CVE-2016-2109"], "description": "The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. This package contains Windows (MinGW) libraries and development tools. ", "modified": "2016-05-21T00:02:56", "published": "2016-05-21T00:02:56", "id": "FEDORA:56D376268FDB", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 23 Update: mingw-openssl-1.0.2h-1.fc23", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "android": [{"lastseen": "2020-06-22T14:42:09", "bulletinFamily": "software", "cvelist": ["CVE-2016-2108"], "description": "The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the \"negative zero\" issue.", "edition": 1, "modified": "2019-07-25T00:00:00", "published": "2018-07-01T00:00:00", "id": "ANDROID:CVE-2016-2108", "href": "http://www.androidvulnerabilities.org/vulnerabilities/CVE-2016-2108.html", "title": "CVE-2016-2108", "type": "android", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "symantec": [{"lastseen": "2020-12-24T10:41:35", "bulletinFamily": "software", "cvelist": ["CVE-2013-0169", "CVE-2016-2105", "CVE-2016-2106", "CVE-2016-2107", "CVE-2016-2108", "CVE-2016-2109", "CVE-2016-2176"], "description": "### SUMMARY\n\nBlue Coat products using affected versions of OpenSSL are susceptible to multiple vulnerabilities. A remote attacker can exploit these vulnerabilities to intercept and decrypt TLS sessions, obtain arbitrary data from the target's memory stack, or execute arbitrary code through buffer underflow and overflow. The attacker can also cause denial of service through memory corruption and depletion. \n \n\n\n### AFFECTED PRODUCTS\n\nThe following products are vulnerable:\n\n**Advanced Secure Gateway (ASG)** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2016-2105, CVE-2016-2106 \nCVE-2016-2107, CVE-2016-2108, \nCVE-2016-2109 | 6.7 and later | Not vulnerable, fixed in 6.7.2.1 \n6.6 | Upgrade to 6.6.5.1. \n \n \n\n**Android Mobile Agent** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2016-2105, CVE-2016-2106, \nCVE-2016-2107, CVE-2016-2108, \nCVE-2016-2109 | 1.3 | Upgrade to 1.3.8. \n \n \n\n**BCAAA** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2016-2105, CVE-2016-2106, \nCVE-2016-2107, CVE-2016-2108, \nCVE-2016-2109, CVE-2016-2176 | 6.1 (only when a Novell SSO realm is used) | An updated Novell SSO SDK is no longer available. Please, contact Novell for more information. \n \n \n\n**CacheFlow** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2016-2108, CVE-2016-2109 | 3.4 | Upgrade to 3.4.2.7. \n \n \n\n**Client Connector** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2016-2105, CVE-2016-2106, \nCVE-2016-2107, CVE-2016-2108, \nCVE-2016-2109 | 1.6 | Upgrade to latest release of Unified Agent with fixes. \n \n \n\n**Content Analysis System (CAS)** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2016-2105, CVE-2016-2106, \nCVE-2016-2107, CVE-2016-2108, \nCVE-2016-2109 | 2.1 and later | Not vulnerable, fixed in 2.1.1.1 \n1.3 | Upgrade to 1.3.7.1. \n1.2 | Upgrade to later release with fixes. \n \n \n\n**Director** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2016-2105, CVE-2016-2106, \nCVE-2016-2108, CVE-2016-2109, \nCVE-2016-2176 | 6.1 | Upgrade to 6.1.23.1. \n \n \n\n**Mail Threat Defense (MTD)** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2016-2105, CVE-2016-2106, \nCVE-2016-2107, CVE-2016-2108, \nCVE-2016-2109 | 1.1 | Not available at this time \n \n \n\n**Malware Analysis Appliance (MAA)** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2016-2105, CVE-2016-2107, \nCVE-2016-2108 | 4.2 | Upgrade to 4.2.11. \n \n \n\n**Management Center (MC)** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2016-2105, CVE-2016-2106, \nCVE-2016-2108, CVE-2016-2109 | 1.6 and later | Not vulnerable, fixed in 1.6.1.1 \n1.5 | Upgrade to later release with fixes. \n \n \n\n**Norman Shark Industrial Control System Protection (ICSP)** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2016-2105, CVE-2016-2106, \nCVE-2016-2107 (only on certain hardware platforms), CVE-2016-2108, \nCVE-2016-2109 | 5.4 and later | Not vulnerable, fixed in 5.4.1 \n5.3 | Upgrade to 5.3.6. \n \n \n\n**Norman Shark Network Protection (NNP)** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2016-2105, CVE-2016-2106, \nCVE-2016-2107 (only on certain hardware platforms), CVE-2016-2108, \nCVE-2016-2109 | 5.3 | Upgrade to 5.3.6. \n \n \n\n**Norman Shark SCADA Protection (NSP)** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2016-2105, CVE-2016-2106, \nCVE-2016-2107 (only on certain hardware platforms), CVE-2016-2108, \nCVE-2016-2109 | 5.3 | Upgrade to 5.3.6. \n \n \n\n**PacketShaper (PS)** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2016-2106, CVE-2016-2109 | 9.2 | Upgrade to 9.2.13p2. \nCVE-2016-2108 | 9.2 | Upgrade to 9.2.13p1. \n \n \n\n**PacketShaper (PS) S-Series** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2016-2106, CVE-2016-2107, \nCVE-2016-2108 | 11.6 and later | Not vulnerable, fixed in 11.6.1.1 \n11.5 | Upgrade to 11.5.3.2. \n11.2, 11.3, 11.4 | Upgrade to later release with fixes. \n \n \n\n**PolicyCenter (PC)** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2016-2106, CVE-2016-2109 | 9.2 | Upgrade to 9.2.13p2. \nCVE-2016-2108 | 9.2 | Upgrade to 9.2.13p1. \n \n \n\n**PolicyCenter (PC) S-Series** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2016-2106, CVE-2016-2107, \nCVE-2016-2108. | 1.1 | Upgrade to 1.1.2.2. \n \n \n\n**ProxyAV** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2016-2105, CVE-2016-2106, \nCVE-2016-2108, CVE-2016-2109, \nCVE-2016-2176 | 3.5 | Upgrade to 3.5.4.2. \n \n \n\n**ProxyClient** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2016-2105, CVE-2016-2106, \nCVE-2016-2107, CVE-2016-2108, \nCVE-2016-2109 | 3.4 | Upgrade to latest release of Unified Agent with fixes. \n \n \n\n**ProxySG** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2016-2107 (only on certain hardware platforms), CVE-2016-2108, \nCVE-2016-2109 | 6.7 and later | Not vulnerable, fixed in 6.7.1.1. \n6.6 | Upgrade to 6.6.4.1. \n6.5 | Upgrade to 6.5.9.8. \n \n \n\n**Reporter** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2016-2105, CVE-2016-2106, \nCVE-2016-2107, CVE-2016-2108, \nCVE-2016-2109 | 10.2 and later | Not vulnerable, fixed in 10.2.1.1 \n10.1 | Upgrade to 10.1.4.2. \n9.5 | Upgrade to 9.5.4.1. \nCVE-2016-2105, CVE-2016-2106, \nCVE-2016-2108, CVE-2016-2109 | 9.4 | Upgrade to later release with fixes. \n \n \n\n**Security Analytics** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nAll CVEs except CVE-2016-2176 | 7.2 and later | Not vulnerable, fixed in 7.2.1 \nCVE-2016-2105, CVE-2016-2106, \nCVE-2016-2108, CVE-2016-2109 | 7.1 | Apply RPM patch from customer support. \n7.0 | Not available at this time \n6.6 | Apply RPM patch from customer support. \nCVE-2016-2107 | 7.1 | Apply RPM patch from customer support. \n6.6 | Apply RPM patch from customer support. \n \n \n\n**SSL Visibility (SSLV)** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2016-2105, CVE-2016-2106, \nCVE-2016-2107 (only on certain hardware platforms), CVE-2016-2108, \nCVE-2016-2109. | 3.10 and later | Not vulnerable, fixed in 3.10.1.1 \n3.9 | Upgrade to 3.9.3.6. \n3.8.4FC | Upgrade to 3.8.4FC-55. \n3.8 | Upgrade to later release with fixes. \n \n \n\n**Unified Agent** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nAll CVEs except CVE-2016-2176 | 4.7 and later | Not vulnerable, fixed in 4.7.1 \nCVE-2016-2105, CVE-2016-2106, \nCVE-2016-2107, CVE-2016-2109 | 4.6 | Upgrade to later release with fixes. \nAll CVEs except CVE-2016-2176 | 4.1 | Upgrade to later release with fixes. \n \n \n\n**X-Series XOS** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2016-2105, CVE-2016-2106, \nCVE-2016-2107 (only on certain hardware platforms), CVE-2016-2108, \nCVE-2016-2109 | 11.0 | Not available at this time \n10.0 | Not available at this time \n9.7 | Upgrade to later release with fixes. \n \n \n\n### ADDITIONAL PRODUCT INFORMATION\n\nBlue Coat products may act as both client and server in SSL/TLS connections, and may use application functionality for cryptographic operations. Blue Coat products act as a client when connecting to Blue Coat services such as WebPulse, DRTR, and licensing and subscription services. Products should be considered vulnerable in all interfaces that provide SSL/TLS connections for data and management interfaces unless the CVE is specific to SSL/TLS client or server functionality (as noted in the descriptions above) or unless otherwise stated below:\n\n * **CacheFlow:** All CVEs affect only management connections.\n * **ProxySG:** CVE-2016-2109 affects only management connections.\n\nBlue Coat products that use a native installation of OpenSSL but do not install or maintain that implementation are not vulnerable to any of these CVEs. However, the underlying platform or application that installs and maintains OpenSSL may be vulnerable. Blue Coat urges our customers to update the versions of OpenSSL that are natively installed for Client Connector for OS X, Proxy Client for OS X, and Reporter 9.x for Linux.\n\nSome Blue Coat products do not enable or use all functionality within OpenSSL. The products listed below do not utilize the functionality described in the CVEs below and are thus not known to be vulnerable to them. However, fixes for these CVEs will be included in the patches that are provided.\n\n * **CacheFlow:** CVE-2016-2105, CVE-2016-2106, and CVE-2016-2107\n * **MAA:** CVE-2016-2106 and CVE-2016-2109\n * **MC:** CVE-2016-2107\n * **PacketShaper:** CVE-2016-2105\n * **PacketShaper S-Series:** CVE-2016-2105 and CVE-2016-2109\n * **PolicyCenter:** CVE-2016-2105\n * **PolicyCenter S-Series:** CVE-2016-2105 and CVE-2016-2109\n * **ProxyAV:** CVE-2016-2107\n * **ProxySG:** CVE-2016-2105 and CVE-2016-2106\n\nSome Blue Coat hardware platforms do not support the AESNI instruction set in their CPU architectures. The products and hardware platforms listed below do not support AESNI, do not use the AESNI-based AES implementation in OpenSSL, and are thus not vulnerable to CVE-2016-2107. However, a fix for this CVE will be included in the software patches that are provided.\n\n * **ICSP:** AFL2-12A-D525, customer-provided hardware platforms that do not support AESNI\n * **NNP:** customer-provided hardware platforms that do not support AESNI\n * **NSP:** customer-provided hardware platforms that do not support AESNI\n * **ProxySG:** SG300, SG600, SG900, SG9000\n * **Security Analytics:** customer-provided hardware platforms that do not support AESNI\n * **SSLV:** SV1800\n * **XOS:** APM-8650, CPM-8600, CPM-9600\n\nThe following products are not vulnerable: \n**AuthConnector \nBlue Coat HSM Agent for the Luna SP \nCloud Data Protection for Salesforce \nCloud Data Protection for Salesforce Analytics \nCloud Data Protection for ServiceNow \nCloud Data Protection for Oracle CRM On Demand \nCloud Data Protection for Oracle Field Service Cloud \nCloud Data Protection for Oracle Sales Cloud \nCloud Data Protection Integration Server \nCloud Data Protection Communication Server \nCloud Data Protection Policy Builder \nGeneral Auth Connector Login Application \nK9 \nProxyAV ConLog and ConLogXP \nWeb Isolation** \n \nInformation for the following products is not available. NetDialog NetX is a replacement product for IntelligenceCenter. \n**IntelligenceCenter \nIntelligenceCenter Data Collector** \n \nBlue Coat no longer provides vulnerability information for the following products: \n \n**DLP** \nPlease, contact Digital Guardian technical support regarding vulnerability information for DLP. \n \n\n\n### ISSUES\n\n**CVE-2016-2105** \n--- \n**Severity / CVSSv2** | Medium / 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n**References** | SecurityFocus: [BID 89757](<https://www.securityfocus.com/bid/89757>) / NVD: [CVE-2016-2105](<https://nvd.nist.gov/vuln/detail/CVE-2016-2105>) \n**Impact** | Denial of service, code execution \n**Description** | A flaw in the Base64 encoding module allows a remote attacker to supply large input data and trigger a heap overflow, resulting in denial of service and possibly arbitrary code execution. \n \n \n\n**CVE-2016-2106** \n--- \n**Severity / CVSSv2** | Medium / 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n**References** | SecurityFocus: [BID 89744](<https://www.securityfocus.com/bid/89744>) / NVD: [CVE-2016-2106](<https://nvd.nist.gov/vuln/detail/CVE-2016-2106>) \n**Impact** | Denial of service, code execution \n**Description** | A flaw in the generic symmetric encryption/decryption module allows a remote attacker to supply large input data and trigger a heap overflow, resulting in denial of service and possibly arbitrary code execution. \n \n \n\n**CVE-2016-2107** \n--- \n**Severity / CVSSv2** | Low / 2.6 (AV:N/AC:H/Au:N/C:P/I:N/A:N) \n**References** | SecurityFocus: [BID 89760](<https://www.securityfocus.com/bid/89760>) / NVD: [CVE-2016-2107](<https://nvd.nist.gov/vuln/detail/CVE-2016-2107>) \n**Impact** | Information disclosure \n**Description** | A flaw introduced as part of the fix for CVE-2013-0169 (Lucky13) allows a remote man-in-the-middle (MITM) attacker to perform a padding oracle attack and decrypt intercepted TLS traffic when the TLS sessions use AES CBC cipher suites and the server supports AESNI. The CVSS v2 score for CVE-2016-2107 listed in this Security Advisory is published by the National Vulnerability Database (NVD). The effective CVSS v2 score my be higher for Blue Coat products if the decrypted plaintext contains cookie or password information. \n \n \n\n**CVE-2016-2108** \n--- \n**Severity / CVSSv2** | High / 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n**References** | SecurityFocus: [BID 89752](<https://www.securityfocus.com/bid/89752>) / NVD: [CVE-2016-2108](<https://nvd.nist.gov/vuln/detail/CVE-2016-2108>) \n**Impact** | Denial of service, code execution \n**Description** | A flaw in the ASN.1 encoder allows a remote attacker to send a crafted X.509 certificate and trigger a buffer underflow on the target if it parses and re-encodes the certificate. Parsing and re-encoding occurs only if the target successfully verifies that certificate signature. Exploiting this vulnerability can result in denial of service through memory corruption and possible arbitrary code execution. \n \n \n\n**CVE-2016-2109** \n--- \n**Severity / CVSSv2** | High / 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C) \n**References** | SecurityFocus: [BID 87940](<https://www.securityfocus.com/bid/87940>) / NVD: [CVE-2016-2109](<https://nvd.nist.gov/vuln/detail/CVE-2016-2109>) \n**Impact** | Denial of service \n**Description** | A flaw in the ASN.1 decoder allows a remote attacker to send crafted ASN.1 data and trigger excessive memory allocation on the target. This can result in denial of service through memory depletion. \n \n \n\n**CVE-2016-2176** \n--- \n**Severity / CVSSv2** | Medium / 6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P) \n**References** | SecurityFocus: [BID 89746](<https://www.securityfocus.com/bid/89746>) / NVD: [CVE-2016-2176](<https://nvd.nist.gov/vuln/detail/CVE-2016-2176>) \n**Impact** | Information disclosure \n**Description** | An overread flaw in X.509 certificate ASN.1 string parsing on EBCDIC systems allows a remote attacker to send crafted X.509 certificates and obtain arbitrary data from the target's memory stack. \n \n \n\n### MITIGATION\n\nThese vulnerabilities can be exploited in CacheFlow only through the management interface. Allowing only machines, IP addresses and subnets from a trusted network to access the CacheFlow management interface reduces the threat of exploiting the vulnerabilities. \n \n\n\n### REFERENCES\n\nOpenSSL Security Advisory - <https://www.openssl.org/news/secadv/20160503.txt> \nCVE-2013-0169 (Lucky13) - <https://nvd.nist.gov/vuln/detail/CVE-2013-0169> \n \n\n\n### REVISION\n\n2020-04-22 Advisory status moved to Closed. \n2019-10-02 Web Isolation is not vulnerable. \n2019-01-10 A fix for Director 6.1 is available in 6.1.23.1. \n2018-04-25 A fix for XOS 9.7 will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2018-04-22 PacketShaper S-Series 11.10 is not vulnerable. \n2018-04-06 A fix for Reporter 9.5 is available in 9.5.4.1. \n2017-11-06 ASG 6.7 is not vulnerable because a fix is available in 6.7.2.1. \n2017-08-02 SSLV 4.1 is not vulnerable. \n2017-07-24 PacketShaper S-Series 11.9 is not vulnerable. \n2017-07-21 Reporter 9.4, 9.5, and 10.1 are vulnerable to CVE-2016-2105, CVE-2016-2106, CVE-2016-2108, and CVE-2016-2109. Reporter 9.5 and 10.1 are also vulnerable to CVE-2016-2107. A fix for Reporter 10.1 is available in 10.1.4.2. \n2017-07-20 MC 1.10 is not vulnerable. \n2016-06-30 A fix for ProxyAV 3.5 is available in 3.5.4.2. \n2017-06-22 Security Analytics 7.3 is not vulnerable. \n2017-06-05 PacketShaper S-Series 11.8 is not vulnerable. \n2017-05-18 CAS 2.1 is not vulnerable. \n2017-03-30 MC 1.9 is not vulnerable. \n2017-03-06 MC 1.8 is not vulnerable. ProxySG 6.7 is not vulnerable. SSLV 4.0 is not vulnerable. \n2017-02-07 A fix for Android Mobile Agent is available in 1.3.8. Vulnerability inquiries for DLP should be addressed to Digital Guardian technical support. \n2016-12-19 A fix for MAA is available in 4.2.11. \n2016-12-04 PacketShaper S-Series 11.7 is not vulnerable. \n2016-12-04 SSLV 3.11 is not vulnerable. \n2016-11-17 Cloud Data Protection for Oracle Field Service Cloud is not vulnerable. \n2016-11-11 SSLV 3.10 is not vulnerable. \n2016-11-03 A fix for all CVEs in PacketShaper 9.2 is available in 9.2.13p2. A fix for all CVEs in PolicyCenter 9.2 is available in 9.2.13p2. \n2016-11-02 Further investigation in the MAA fixes has shown that all MAA 4.2 releases are vulnerable. A fix is not available at this time. \n2016-10-26 A fix for ASG is available in 6.6.5.1. A fix for MC 1.6 is available in 1.6.1.1. MC 1.7 is not vulnerable. A fix for MC 1.5 will not be provided. MAA 4.2.10 accidentally re-introduced the vulnerabilities and is vulnerable to CVE-2016-2105, CVE-2016-2107 (all supported hardware platforms) and CVE-2016-2108. \n2016-09-01 A fix for SSLV 3.8.4FC is available in 3.8.4FC-55. \n2016-08-19 A fix for CacheFlow is available in 3.4.2.7. \n2016-08-12 A fix for CAS 1.3 is availabe in 1.3.7.1. Security Analytics 7.2 is not vulnerable. \n2016-08-10 A fix for Unified Agent is available in 4.7.1. \n2016-07-19 ProxySG is not vulnerable to CVE-2016-2107 when running on the SG300 and SG600 hardware platforms. CVE-2016-2109 on ProxySG only affects management connections. CVE-2016-2108 can be exploited through a crafted X.509 certificate only if the target successfully verifies the certificate signature. \n2016-06-30 PacketShaper S-Series 11.6 is not vulnerable. \n2016-06-27 Fixes will not be provided for PacketShaper S-Series 11.2, 11.3, and 11.4. Please upgrade to a later version with the vulnerability fixes. \n2016-06-25 Security Analytics 7.0 is vulnerable to CVE-2016-2105, CVE-2016-2106, CVE-2016-2108, and CVE-2016-2109. A fix will not be provided. Please upgrade to the latest version with the vulnerability fixes. \n2016-06-24 A fix for PacketShaper S-Series 11.5 is available in 11.5.3.2. A fix for PolicyCenter S-Series is available in 1.1.2.2. \n2016-06-21 A fix for ProxySG 6.6 is available in 6.6.4.1. \n2016-06-13 Fixes for ICSP, NNP, and NSP are available in 5.3.6. \n2016-06-11 A fix for ProxySG 6.5 is available in 6.5.9.8. \n2016-06-07 A fix for SSLV 3.9 is available in 3.9.3.6. \n2016-06-03 A fix for MAA is available in 4.2.9. \n2016-05-26 Added hardware platform information. Clarified that Android Mobile Agent, Client Connector for Windows, ProxyClient for Windows, and Unified Agent are vulnerable to CVE-2016-2107. \n2016-05-25 Security Analytics 6.6 and 7.1 are vulnerable to CVE-2016-2107 on all hardware platforms. Security Analytics 7.0 is under investigation. Fixes are available for Security Analytics 6.6 and 7.1 through RPM patches available from customer support. \n2016-05-12 A fix for SSLV 3.8 will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2016-05-11 Fixes for CVE-2016-2108 are available in PacketShaper 9.2.13p1 and PolicyCenter 9.2.13p1. \n2016-05-09 initial public release\n", "modified": "2020-04-22T22:53:52", "published": "2016-05-09T08:00:00", "id": "SMNTC-1363", "href": "", "type": "symantec", "title": "SA123 : OpenSSL Vulnerabilities 3-May-2016", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "paloalto": [{"lastseen": "2019-05-29T23:19:22", "bulletinFamily": "software", "cvelist": ["CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2176", "CVE-2016-2106"], "description": "The OpenSSL library embedded in the GlobalProtect\u2122 agent, TerminalServer\u2122 agent and UserID\u2122 agent is affected by the following public vulnerabilities: CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2109, and CVE-2016-2176 (Ref # 100669, 100133, PAN-60833).\n", "edition": 4, "modified": "2016-10-12T00:00:00", "published": "2016-09-02T00:00:00", "id": "PAN-SA-2016-0023", "href": "https://securityadvisories.paloaltonetworks.com/Home/Detail/56", "title": "OpenSSL Vulnerabilities", "type": "paloalto", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}]}
