Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce - OpenSSL: seven vulnerabilities

May 2016 by Vigil@nce

This bulletin was written by Vigil@nce : https://vigilance.fr/offer

SYNTHESIS OF THE VULNERABILITY

An attacker can use several vulnerabilities of OpenSSL.

Impacted products: Blue Coat CAS, ProxyAV, ProxySG, Brocade
Network Advisor, Brocade vTM, Cisco ASR, Cisco ATA, Cisco
AnyConnect Secure Mobility Client, Cisco ACE, ASA, IOS Cisco, IOS
XE Cisco, Cisco Nexus, NX-OS, Cisco Prime Access Registrar, Prime
Collaboration Assurance, Prime Collaboration Manager, Prime
Infrastructure, Cisco Prime LMS, Cisco PRSM, Cisco CUCM, Cisco
Unified CCX, Cisco IP Phone, Cisco MeetingPlace, Cisco Wireless IP
Phone, Cisco WSA, Cisco Wireless Controller, XenServer, Debian,
ExtremeXOS, BIG-IP Hardware, TMOS, Fedora, FileZilla Server,
FreeBSD, AIX, IRAD, Tivoli Workload Scheduler, Copssh, McAfee Web
Gateway, Meinberg NTP Server, Data ONTAP, Snap Creator Framework,
ScreenOS, OpenSSL, openSUSE, openSUSE Leap, Solaris, Pulse Connect
Secure, Pulse Secure SBR, Puppet, RHEL, Red Hat JBoss EAP, ROX,
SAS Add-in for Microsoft Office, SAS Analytics Pro, Base SAS
Software, SAS Enterprise BI Server, SAS Enterprise Guide, SAS Grid
Manager, SAS Management Console, SAS OLAP Server, SAS SAS/ACCESS,
SAS SAS/AF, SAS SAS/CONNECT, SAS SAS/EIS, SAS SAS/ETS, SAS
SAS/FSP, SAS SAS/GRAPH, SAS SAS/IML, SAS SAS/OR, SAS SAS/STAT, SAS
SAS/Web Report Studio, Slackware, Splunk Enterprise, stunnel, SUSE
Linux Enterprise Desktop, SLES, Nessus, Ubuntu, Wind River Linux,
VxWorks.

Severity: 2/4.

Creation date: 01/03/2016.

Revision date: 07/03/2016.

DESCRIPTION OF THE VULNERABILITY

Several vulnerabilities were announced in OpenSSL.

An attacker can act as a Man-in-the-Middle on a server supporting
SSLv2 and EXPORT ciphers (this configuration is considered as weak
since several years), in order to read or write data in the
session. [severity:2/4; CVE-2016-0800, VU#583776]

An attacker can force the usage of a freed memory area when
OpenSSL processes a DSA private key (this scenario is rare), in
order to trigger a denial of service, and possibly to run code.
[severity:2/4; CVE-2016-0705]

An attacker can read a memory fragment via SRP_VBASE_get_by_user,
in order to obtain sensitive information. [severity:1/4;
CVE-2016-0798]

An attacker can force a NULL pointer to be dereferenced in
BN_hex2bn(), in order to trigger a denial of service.
[severity:1/4; CVE-2016-0797]

An attacker can use a very large string (size INT_MAX), to
generate a memory corruption in the BIO_*printf() functions, in
order to trigger a denial of service, and possibly to run code.
[severity:2/4; CVE-2016-0799]

An attacker can use cache conflicts on Intel Sandy-Bridge, in
order to obtain RSA keys. [severity:1/4; CVE-2016-0702]

An attacker can use a very large string (size INT_MAX), to
generate a memory corruption in the internal doapr_outch()
function, in order to trigger a denial of service, and possibly to
run code. [severity:2/4; CVE-2016-2842]

ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN

https://vigilance.fr/vulnerability/OpenSSL-seven-vulnerabilities-19060


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts