MiracleLinux 7 : openssl098e-0.9.8e-29.el7.3 (AXSA:2016-128:01)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2016-128:01 advisory. The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries...

MiracleLinux 4 : openssl098e-0.9.8e-20.AXS4.1 (AXSA:2016-127:01)

The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2016-127:01 advisory. The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries...

Linux Distros Unpatched Vulnerability : CVE-2016-0703

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The getclientmasterkey function in s2srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before...

Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM b-type SAN switches and directors and IBM Network Advisor (CVE-2016-0705, CVE-2016-0797, CVE-2016-0799, CVE-2016-0702, CVE-2016-0704, CVE-2016-0704, CVE-2016-2842).

Summary OpenSSL vulnerabilities were disclosed on March 1, 2016 by the OpenSSL Project. OpenSSL is used by IBM b-type SAN switches and directors and IBM Network Advisor. IBM has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-0705DESCRIPTION: OpenSSL is vulnerable to a denial...

SUSE: Security Advisory (SUSE-SU-2016:0748-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2016:0641-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2016:0786-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2016:0778-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2016:0621-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: Vulnerabilities in OpenSSL affect IBM SmartCloud Entry

Summary OpenSSL vulnerabilities were disclosed on 28th Jan 2016, March 1, 2016 ,May 3 2016 by the OpenSSL Project. OpenSSL is used by IBM SmartCloud Entry. IBM SmartCloud Entry has addressed the applicable CVEs - CVE-2016-2108 CVE-2016-2107 CVE-2016-2105 CVE-2016-2106 CVE-2016-2109 CVE-2016-2176...

Security Bulletin: Multiple vulnerabilities in OpenSSL affect WebSphere Message Broker and IBM Integration Bus

Summary Multiple vulnerabilities in OpenSSL affect WebSphere Message Broker and IBM Integration Bus. The DataDirect ODBC and Node.js Drivers used by WebSphere Message Broker and IBM Integration Bus have addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-2842 DESCRIPTION: OpenSSL...

Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM® SDK for Node.js™ in IBM Bluemix

Summary OpenSSL vulnerabilities were disclosed on March 1, 2016 by the OpenSSL Project. OpenSSL is used by IBM SDK for Node.js. IBM SDK for Node.js has addressed the applicable CVEs including the "DROWN: Decrypting RSA with Obsolete and Weakened eNcryption" vulnerability. Vulnerability Details...

Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Rational Application Developer for WebSphere Software included in Rational Developer for i and Rational Developer for AIX and Linux

Summary Portions of IBM Rational Application Developer for WebSphere Software are shipped as a component of Rational Developer for i RPG and COBOL + Modernization Tools, Java and EGL editions, and Rational Developer for AIX and Linux. OpenSSL vulnerabilities were disclosed on March 1, 2016 by the...

Palo Alto PAN-OS OpenSSL Vulnerabilities (PAN-SA-2016-0030)

The OpenSSL library has been found to contain vulnerabilities CVE-2016-0703, CVE-2016-0704, and CVE-2016-0800. Palo Alto Networks software makes use of the vulnerable library. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are...

OpenSSL Vulnerabilities

The OpenSSL library has been found to contain vulnerabilities CVE-2016-0703, CVE-2016-0704, and CVE-2016-0800. Palo Alto Networks software makes use of the vulnerable library. Ref PAN-55477/92481...

OpenSSL 0.9.8 < 0.9.8zf / 1.0.0 < 1.0.0r / 1.0.1 < 1.0.1m / 1.0.2 < 1.0.2a Information Disclosure (DROWN)

Binary data 9462.prm...

sslv2-drown NSE Script

Determines whether the server supports SSLv2, what ciphers it supports and tests for CVE-2015-3197, CVE-2016-0703 and CVE-2016-0800 DROWN Script Arguments tls.servername See the documentation for the tls library. smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername See the...

Internet Bug Bounty: Divide-and-conquer session key recovery in SSLv2 (CVE-2016-0703)

This is a retroactive submission of CVE-2016-0703, a.k.a. the "Extra Clear" bug, which can lead to the Special DROWN variant of the DROWN attack. After some discussion with the other DROWN authors, I'm submitting on behalf of myself David Adrian and J. Alex Halderman the vulnerability...

Amazon Linux: Security Advisory (ALAS-2016-682)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux AMI : openssl098e (ALAS-2016-682) (DROWN)

A denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled. CVE-2015-0293 It was...