1038 matches found
SUSE-SU-2016:1233-1 Security update for openssl
This update for openssl fixes the following issues: - CVE-2016-2108: Memory corruption in the ASN.1 encoder bsc977617 - CVE-2016-2107: Padding oracle in AES-NI CBC MAC check bsc977616 - CVE-2016-2105: EVPEncodeUpdate overflow bsc977614 - CVE-2016-2106: EVPEncryptUpdate overflow bsc977615 -...
OpenSSL Cipher Stuffing Vulnerability
OpenSSL is a general-purpose open source cryptographic library that implements Secure Sockets Layer and Secure Transport Layer protocols and can support a variety of cryptographic algorithms, including symmetric ciphers, hashing algorithms, secure hashing algorithms, and so on. OpenSSL suffers fr...
Ubuntu: Security Advisory (USN-2959-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openssl: multiple issues
CVE-2016-2105 buffer overflow: An overflow can occur in the EVPEncodeUpdate function which is used for Base64 encoding of binary data. If an attacker is able to supply very large amounts of input data then a length check can overflow resulting in a heap corruption. Internally to OpenSSL the...
OpenSSL - Padding Oracle in AES-NI CBC MAC Check
OpenSSL - Padding Oracle in AES-NI CBC MAC Check Source: http://web-in-security.blogspot.ca/2016/05/curious-padding-oracle-in-openssl-cve.html TLS-Attacker: https://github.com/RUB-NDS/TLS-Attacker https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/39768.zip You can...
FreeBSD : OpenSSL -- multiple vulnerabilities (01d729ca-1143-11e6-b55e-b499baebfeaf)
OpenSSL reports : Memory corruption in the ASN.1 encoder Padding oracle in AES-NI CBC MAC check EVPEncodeUpdate overflow EVPEncryptUpdate overflow ASN.1 BIO excessive memory allocation EBCDIC overread OpenSSL only %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and packa...
Amazon Linux AMI : openssl (ALAS-2016-695)
A vulnerability was discovered that allows a man-in-the-middle attacker to use a padding oracle attack to decrypt traffic on a connection using an AES CBC cipher with a server supporting AES-NI. CVE-2016-2107 , Important It was discovered that the ASN.1 parser can misinterpret a large universal t...
OpenSSL - Padding Oracle in AES-NI CBC MAC Check
Source: http://web-in-security.blogspot.ca/2016/05/curious-padding-oracle-in-openssl-cve.html TLS-Attacker: https://github.com/RUB-NDS/TLS-Attacker https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/39768.zip You can use TLS-Attacker to build a proof of concept and...
lib32-openssl: multiple issues
CVE-2016-2105 buffer overflow: An overflow can occur in the EVPEncodeUpdate function which is used for Base64 encoding of binary data. If an attacker is able to supply very large amounts of input data then a length check can overflow resulting in a heap corruption. Internally to OpenSSL the...
OpenSSL Padding oracle in AES-NI CBC MAC check (CVE-2016-2107)
No description provided by source...
OpenSSL - Padding Oracle in AES-NI CBC MAC Check
Exploit for multiple platform in category dos / poc Source: http://web-in-security.blogspot.ca/2016/05/curious-padding-oracle-in-openssl-cve.html TLS-Attacker: https://github.com/RUB-NDS/TLS-Attacker https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/39768.zip Y...
Debian DLA-456-1 : openssl security update
Several vulnerabilities were discovered in OpenSSL, a Secure Socket Layer toolkit. CVE-2016-2105 Guido Vranken discovered that an overflow can occur in the function EVPEncodeUpdate, used for Base64 encoding, if an attacker can supply a large amount of data. This could lead to a heap corruption...
Ubuntu 14.04 LTS / 16.04 LTS : OpenSSL vulnerabilities (USN-2959-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2959-1 advisory. Huzaifa Sidhpurwala, Hanno Bck, and David Benjamin discovered that OpenSSL incorrectly handled memory when decoding ASN.1 structures. A remot...
OpenSSL 1.0.1 < 1.0.1t Multiple Vulnerabilities
The version of OpenSSL installed on the remote host is prior to 1.0.1t. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.0.1t advisory. - The X509NAMEoneline function in crypto/x509/x509obj.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to...
[SECURITY] [DSA 3566-1] openssl security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3566-1 [email protected] https://www.debian.org/security/ Alessandro Ghedini May 03, 2016 https://www.debian.org/security/faq -...
USN-2959-1 openssl vulnerabilities
Huzaifa Sidhpurwala, Hanno Böck, and David Benjamin discovered that OpenSSL incorrectly handled memory when decoding ASN.1 structures. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2016-2108 Juraj...
USN-2959-1: OpenSSL vulnerabilities
Huzaifa Sidhpurwala, Hanno Böck, and David Benjamin discovered that OpenSSL incorrectly handled memory when decoding ASN.1 structures. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2016-2108 Juraj...
CVE-2016-2107
It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when the connection used the AES CBC cipher suite and the server supported AES-NI. A remote attacker could possibly use this flaw to retrieve plain text from encrypted packets by...
OpenSSL Patches Padding Oracle Attack Bug
The latest batch of OpenSSL security patches were released today, with a pair of high-severity flaws and four low-severity issues addressed in OpenSSL 1.0.1t and OpenSSL 1.0.2h. One of the high-severity flaws, CVE-2016-2107, opens the door to a padding oracle attack that can allow for the...
OpenSSL -- multiple vulnerabilities
OpenSSL reports: Padding oracle in AES-NI CBC MAC check EVPEncodeUpdate overflow EVPEncryptUpdate overflow ASN.1 BIO excessive memory allocation EBCDIC overread...