CVE-2016-0703

CVE-2016-0703 concerns OpenSSL SSLv2: the get_client_master_key function in s2_srvr.c accepts a nonzero CLIENT-MASTER-KEY CLEAR-KEY-LENGTH for arbitrary ciphers, enabling Bleichenbacher-style padding oracle exploitation to recover the MASTER-KEY and decrypt TLS traffic. Public sources attribute t...

Scientific Linux Security Update : openssl on SL5.x i386/x86_64 (20160301) (DROWN)

A padding oracle flaw was found in the Secure Sockets Layer version 2.0 SSLv2 protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is...

RHEL 6 / 7 : openssl (RHSA-2016:0301) (DROWN)

Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

Oracle Linux 5 : openssl (ELSA-2016-0302)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2016-0302 advisory. - fix CVE-2014-3570 - Bignum squaring may produce incorrect results - fix CVE-2014-3571 - DTLS segmentation fault in dtls1getrecord - fix CVE-2014-3572...

Code injection

The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by...

openssl security update

CentOS Errata and Security Advisory CESA-2016:0301 Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base...

SSL/TLS: Cross-protocol attack on TLS using SSLv2 (DROWN)

A padding oracle flaw was found in the Secure Sockets Layer version 2.0 SSLv2 protocol. An attacker could potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack ...

SSL/TLS: Cross-protocol attack on TLS using SSLv2 (DROWN)

A padding oracle flaw was found in the Secure Sockets Layer version 2.0 SSLv2 protocol. An attacker could potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack ...

Important: Red Hat Security Advisory: openssl security update

Updated openssl packages that fix three security issues are now available for Red Hat Enterprise Linux 5 Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available fo...

SSL/TLS: Cross-protocol attack on TLS using SSLv2 (DROWN)

A padding oracle flaw was found in the Secure Sockets Layer version 2.0 SSLv2 protocol. An attacker could potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack ...

SSL/TLS: Cross-protocol attack on TLS using SSLv2 (DROWN)

A padding oracle flaw was found in the Secure Sockets Layer version 2.0 SSLv2 protocol. An attacker could potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack ...

SSL/TLS: Cross-protocol attack on TLS using SSLv2 (DROWN)

A padding oracle flaw was found in the Secure Sockets Layer version 2.0 SSLv2 protocol. An attacker could potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack ...

CVE-2016-0800

The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by...

SSLv2 Cross-Protocol Session Decryption Vulnerability (DROWN)

Binary data 9127.prm...

SSL DROWN Attack Vulnerability (Decrypting RSA with Obsolete and Weakened eNcryption)

The remote host supports SSLv2 and therefore may be affected by a vulnerability that allows a cross-protocol Bleichenbacher padding oracle attack known as DROWN Decrypting RSA with Obsolete and Weakened eNcryption. This vulnerability exists due to a flaw in the Secure Sockets Layer Version 2 SSLv...

Vulnerability in OpenSSL - Cross-protocol attack on TLS using SSLv2 (DROWN)

A cross-protocol attack was discovered that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA padding oracle. Note that traffic between clients and non-vulnerable servers can be decrypted provided another server supporting...

Debian DLA-400-1 : pound security update (BEAST) (POODLE)

This update fixes certain known vulnerabilities in pound in squeeze-lts by backporting the version in wheezy. CVE-2009-3555 The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services IIS 7.0, modssl in the Apache HTTP Server 2.2.14 and...

Apache Httpd < 2.4.25 : Padding Oracle in Apache mod_session_crypto

Prior to Apache HTTP release 2.4.25, modsessioncrypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation AES256-CBC by default, hence no selectable or builtin authenticated encryption. This made it vulnerable to padding oracle attacks,...

GnuTLS Padding Oracle Information Disclosure Vulnerability

GnuTLS is a free secure communications library for implementing the SSL, TLS and DTLS protocols developed by Nikos Mavrogiannopoulos of Belgium and Simon Josefsson of Sweden, software developers. An information disclosure vulnerability exists in GnuTLS. An attacker could exploit this vulnerabilit...

Debian DLA-364-1 : gnutls26 security update

Hanno Bck discovered that GnuTLS, a library implementing the TLS and SSL protocols, incorrectly validated the first padding byte in CBC modes. A remote attacker can possibly take advantage of this flaw to perform a padding oracle attack. For Debian 6 'Squeeze', this issue has been fixed in gnutls...