Executive Summary

Informations
NameCVE-2016-7056First vendor Publication2018-09-10
VendorCveLast vendor Modification2019-04-22

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:P/I:N/A:N)
Cvss Base Score2.1Attack RangeLocal
Cvss Impact Score2.9Attack ComplexityLow
Cvss Expoit Score3.9AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with local access to recover ECDSA P-256 private keys.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7056

CWE : Common Weakness Enumeration

%idName
100 %CWE-320Key Management Errors

CPE : Common Platform Enumeration

TypeDescriptionCount
Application236
Os2
Os2
Os2

Nessus® Vulnerability Scanner

DateDescription
2017-05-09Name : The remote openSUSE host is missing a security update.
File : openSUSE-2017-560.nasl - Type : ACT_GATHER_INFO
2017-05-09Name : The remote openSUSE host is missing a security update.
File : openSUSE-2017-561.nasl - Type : ACT_GATHER_INFO
2017-03-31Name : The remote host is missing a macOS update that fixes multiple security vulner...
File : macos_10_12_4.nasl - Type : ACT_GATHER_INFO
2017-03-31Name : The remote host is missing a Mac OS X update that fixes multiple security vul...
File : macosx_SecUpd2017-001.nasl - Type : ACT_GATHER_INFO
2017-03-06Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2017-0605-1.nasl - Type : ACT_GATHER_INFO
2017-03-02Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2017-0585-1.nasl - Type : ACT_GATHER_INFO
2017-02-21Name : The remote openSUSE host is missing a security update.
File : openSUSE-2017-255.nasl - Type : ACT_GATHER_INFO
2017-02-15Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2017-0461-1.nasl - Type : ACT_GATHER_INFO
2017-02-09Name : The remote openSUSE host is missing a security update.
File : openSUSE-2017-222.nasl - Type : ACT_GATHER_INFO
2017-02-02Name : The remote Debian host is missing a security update.
File : debian_DLA-814.nasl - Type : ACT_GATHER_INFO
2017-02-01Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-3181-1.nasl - Type : ACT_GATHER_INFO
2017-01-30Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3773.nasl - Type : ACT_GATHER_INFO
2017-01-12Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_7caebe30d7f111e6a9a5b499baebfeaf.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

SourceUrl
BID http://www.securityfocus.com/bid/95375
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7056
https://ftp.openbsd.org/pub/OpenBSD/patches/5.9/common/033_libcrypto.patch.sig
https://ftp.openbsd.org/pub/OpenBSD/patches/6.0/common/016_libcrypto.patch.sig
https://git.openssl.org/?p=openssl.git;a=commit;h=8aed2a7548362e88e84a7feb795...
https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7056.html
https://security-tracker.debian.org/tracker/CVE-2016-7056
DEBIAN https://www.debian.org/security/2017/dsa-3773
MISC https://eprint.iacr.org/2016/1195
MLIST https://seclists.org/oss-sec/2017/q1/52
REDHAT http://rhn.redhat.com/errata/RHSA-2017-1415.html
https://access.redhat.com/errata/RHSA-2017:1413
https://access.redhat.com/errata/RHSA-2017:1414
https://access.redhat.com/errata/RHSA-2017:1801
https://access.redhat.com/errata/RHSA-2017:1802
SECTRACK http://www.securitytracker.com/id/1037575

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
DateInformations
2019-04-22 21:19:14
  • Multiple Updates
2019-01-17 21:19:15
  • Multiple Updates
2018-09-12 00:19:36
  • Multiple Updates
2018-09-11 17:19:44
  • Multiple Updates
2018-09-10 21:22:22
  • First insertion