openssl: SSLv2 Bleichenbacher protection overwrites wrong bytes for export ciphers

🗓️ 01 Mar 2016 14:44:56Reported by RedHatType

redhat

redhat🔗 access.redhat.com👁 2 Views

OpenSSL SSLv2 Bleichenbacher protection fails for export ciphers, enabling a Bleichenbacher oracle.

Reporter	Title	Published	Views	Family All 165
IBM Security Bulletins	Security Bulletin: March 2016 OpenSSL Vulnerabilities affect Multiple N series Products	15 Dec 202118:05	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Rational Application Developer for WebSphere Software included in Rational Developer for i and Rational Developer for AIX and Linux	3 Aug 201804:23	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in OpenSSL affects IBM Sterling Connect:Express for Unix (CVE-2016-2842).	24 Jul 202022:49	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM i	18 Dec 201914:26	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in OpenSSL affect Rational Software Architect and Rational Software Architect for WebSphere Software	10 Sep 202017:03	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance	17 Jun 201822:33	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilitiy in OpenSSL affect IBM Storwize V7000 Unified	18 Jun 201800:28	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in OpenSSL affect IBM Image Construction and Composition Tool. (CVE-2016-0705, CVE-2016-0798, CVE-2016-0797, CVE-2016-0799, CVE-2016-0702, and CVE-2016-0704)	15 Jun 201807:05	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM® SDK for Node.js™ in IBM Bluemix	9 Aug 201804:20	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in OpenSSL affect WebSphere Message Broker and IBM Integration Bus	23 Mar 202020:41	–	ibm

OS	OS Version	Architecture	Package	Package Version	Filename
Red Hat Enterprise Linux	4	i386	openssl	0:0.9.7a-43.23.el4	openssl-0:0.9.7a-43.23.el4.i386.rpm
Red Hat Enterprise Linux	4	ia64	openssl	0:0.9.7a-43.23.el4	openssl-0:0.9.7a-43.23.el4.ia64.rpm
Red Hat Enterprise Linux	4	x86_64	openssl	0:0.9.7a-43.23.el4	openssl-0:0.9.7a-43.23.el4.x86_64.rpm
Red Hat Enterprise Linux	4	any	openssl	0:0.9.7a-43.23.el4.i686	openssl-0:0.9.7a-43.23.el4.i686.noarch.rpm
Red Hat Enterprise Linux	4	i386	openssl-debuginfo	0:0.9.7a-43.23.el4	openssl-debuginfo-0:0.9.7a-43.23.el4.i386.rpm
Red Hat Enterprise Linux	4	ia64	openssl-debuginfo	0:0.9.7a-43.23.el4	openssl-debuginfo-0:0.9.7a-43.23.el4.ia64.rpm
Red Hat Enterprise Linux	4	x86_64	openssl-debuginfo	0:0.9.7a-43.23.el4	openssl-debuginfo-0:0.9.7a-43.23.el4.x86_64.rpm
Red Hat Enterprise Linux	4	any	openssl-debuginfo	0:0.9.7a-43.23.el4.i686	openssl-debuginfo-0:0.9.7a-43.23.el4.i686.noarch.rpm
Red Hat Enterprise Linux	4	i386	openssl-devel	0:0.9.7a-43.23.el4	openssl-devel-0:0.9.7a-43.23.el4.i386.rpm
Red Hat Enterprise Linux	4	ia64	openssl-devel	0:0.9.7a-43.23.el4	openssl-devel-0:0.9.7a-43.23.el4.ia64.rpm

Source	Link
access	www.access.redhat.com/security/cve/CVE-2016-0704
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
nvd	www.nvd.nist.gov/vuln/detail/CVE-2016-0704
cve	www.cve.org/CVERecord
openssl	www.openssl.org/news/secadv/20160301.txt

14 May 2026 22:23Current

6.8Medium risk

Vulners AI Score6.8

CVSS 24.3

CVSS 35.9

EPSS0.06911

OpenSSL sslv2 protocol bleichenbacher protection export ciphers oracle vulnerability