Executive Summary
Summary | |
---|---|
Title | openssl security update |
Informations | |||
---|---|---|---|
Name | DSA-3566 | First vendor Publication | 2016-05-03 |
Vendor | Debian | Last vendor Modification | 2016-05-03 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Several vulnerabilities were discovered in OpenSSL, a Secure Socket Layer toolkit. CVE-2016-2105 Guido Vranken discovered that an overflow can occur in the function EVP_EncodeUpdate(), used for Base64 encoding, if an attacker can supply a large amount of data. This could lead to a heap corruption. CVE-2016-2106 Guido Vranken discovered that an overflow can occur in the function EVP_EncryptUpdate() if an attacker can supply a large amount of data. This could lead to a heap corruption. CVE-2016-2107 Juraj Somorovsky discovered a padding oracle in the AES CBC cipher implementation based on the AES-NI instruction set. This could allow an attacker to decrypt TLS traffic encrypted with one of the cipher suites based on AES CBC. CVE-2016-2108 David Benjamin from Google discovered that two separate bugs in the ASN.1 encoder, related to handling of negative zero integer values and large universal tags, could lead to an out-of-bounds write. CVE-2016-2109 Brian Carpenter discovered that when ASN.1 data is read from a BIO using functions such as d2i_CMS_bio(), a short invalid encoding can casuse allocation of large amounts of memory potentially consuming excessive resources or exhausting memory. CVE-2016-2176 Guido Vranken discovered that ASN.1 Strings that are over 1024 bytes can cause an overread in applications using the X509_NAME_oneline() function on EBCDIC systems. This could result in arbitrary stack data being returned in the buffer. Additional information about these issues can be found in the OpenSSL security advisory at https://www.openssl.org/news/secadv/20160503.txt For the stable distribution (jessie), these problems have been fixed in version 1.0.1k-3+deb8u5. For the unstable distribution (sid), these problems have been fixed in version 1.0.2h-1. We recommend that you upgrade your openssl packages. |
Original Source
Url : http://www.debian.org/security/2016/dsa-3566 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
29 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
14 % | CWE-399 | Resource Management Errors |
14 % | CWE-310 | Cryptographic Issues |
14 % | CWE-200 | Information Exposure |
14 % | CWE-190 | Integer Overflow or Wraparound (CWE/SANS Top 25) |
14 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
CPE : Common Platform Enumeration
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2018-02-28 | Name : The version of Arista Networks EOS running on the remote device is affected b... File : arista_eos_sa0020.nasl - Type : ACT_GATHER_INFO |
2017-03-22 | Name : A data aggregation application installed on the remote host is affected by mu... File : lce_4_8_1.nasl - Type : ACT_GATHER_INFO |
2017-03-06 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2017-0605-1.nasl - Type : ACT_GATHER_INFO |
2017-03-02 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2017-0585-1.nasl - Type : ACT_GATHER_INFO |
2017-02-21 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2017-255.nasl - Type : ACT_GATHER_INFO |
2017-02-15 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2017-0461-1.nasl - Type : ACT_GATHER_INFO |
2017-01-30 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2017-0194.nasl - Type : ACT_GATHER_INFO |
2017-01-27 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2017-0193.nasl - Type : ACT_GATHER_INFO |
2017-01-05 | Name : The remote device is missing a vendor-supplied security patch. File : juniper_jsa10759.nasl - Type : ACT_GATHER_INFO |
2016-12-07 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201612-16.nasl - Type : ACT_GATHER_INFO |
2016-11-21 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL93600123.nasl - Type : ACT_GATHER_INFO |
2016-11-21 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL36488941.nasl - Type : ACT_GATHER_INFO |
2016-11-21 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL23230229.nasl - Type : ACT_GATHER_INFO |
2016-11-15 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL51920288.nasl - Type : ACT_GATHER_INFO |
2016-11-14 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-1289.nasl - Type : ACT_GATHER_INFO |
2016-11-11 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-1283.nasl - Type : ACT_GATHER_INFO |
2016-11-10 | Name : The remote host is affected by multiple vulnerabilities. File : screenos_JSA10759.nasl - Type : ACT_GATHER_INFO |
2016-11-09 | Name : The remote web server is affected by multiple vulnerabilities. File : hpsmh_7_6.nasl - Type : ACT_GATHER_INFO |
2016-10-20 | Name : A web application installed on the remote host is affected by multiple vulner... File : oracle_e-business_cpu_oct_2016.nasl - Type : ACT_GATHER_INFO |
2016-10-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2016-2073.nasl - Type : ACT_GATHER_INFO |
2016-10-04 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL75152412.nasl - Type : ACT_GATHER_INFO |
2016-09-28 | Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2016-0135.nasl - Type : ACT_GATHER_INFO |
2016-09-08 | Name : The remote device is affected by multiple vulnerabilities. File : bluecoat_proxy_sg_6_5_9_8.nasl - Type : ACT_GATHER_INFO |
2016-08-26 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2016-1649.nasl - Type : ACT_GATHER_INFO |
2016-08-26 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2016-1648.nasl - Type : ACT_GATHER_INFO |
2016-08-08 | Name : An application running on the remote web server is affected by multiple vulne... File : splunk_642.nasl - Type : ACT_GATHER_INFO |
2016-07-27 | Name : An enterprise management application installed on the remote host is affected... File : oracle_enterprise_manager_jul_2016_cpu.nasl - Type : ACT_GATHER_INFO |
2016-07-25 | Name : An application installed on the remote host is affected by multiple vulnerabi... File : oracle_secure_global_desktop_jul_2016_cpu.nasl - Type : ACT_GATHER_INFO |
2016-07-22 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_ca5cb2024f5111e6b2ecb499baebfeaf.nasl - Type : ACT_GATHER_INFO |
2016-07-21 | Name : The remote host is missing a Mac OS X security update that fixes multiple vul... File : macosx_10_11_6.nasl - Type : ACT_GATHER_INFO |
2016-07-20 | Name : An application installed on the remote host is affected by multiple vulnerabi... File : virtualbox_5_0_22.nasl - Type : ACT_GATHER_INFO |
2016-07-20 | Name : The remote database server is affected by multiple vulnerabilities. File : mysql_5_6_31.nasl - Type : ACT_GATHER_INFO |
2016-07-20 | Name : The remote database server is affected by multiple vulnerabilities. File : mysql_5_7_13.nasl - Type : ACT_GATHER_INFO |
2016-07-15 | Name : The remote AIX host has a version of OpenSSL installed that is affected by mu... File : aix_openssl_advisory20.nasl - Type : ACT_GATHER_INFO |
2016-07-14 | Name : The remote Fedora host is missing a security update. File : fedora_2016-c558e58b21.nasl - Type : ACT_GATHER_INFO |
2016-07-14 | Name : A video conferencing application running on the remote host is affected by mu... File : cisco_telepresence_vcs_multiple_880.nasl - Type : ACT_GATHER_INFO |
2016-07-14 | Name : The remote Fedora host is missing a security update. File : fedora_2016-e1234b65a2.nasl - Type : ACT_GATHER_INFO |
2016-07-11 | Name : The remote database server is affected by multiple vulnerabilities. File : mysql_5_7_13_rpm.nasl - Type : ACT_GATHER_INFO |
2016-07-11 | Name : The remote database server is affected by multiple vulnerabilities. File : mysql_5_6_31_rpm.nasl - Type : ACT_GATHER_INFO |
2016-06-23 | Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2016-0086.nasl - Type : ACT_GATHER_INFO |
2016-06-22 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2016-3576.nasl - Type : ACT_GATHER_INFO |
2016-06-15 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-715.nasl - Type : ACT_GATHER_INFO |
2016-06-13 | Name : It was possible to obtain sensitive information from the remote host with TLS... File : openssl_AES_NI_padding_oracle.nasl - Type : ACT_GATHER_INFO |
2016-06-09 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20160510_openssl_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2016-06-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20160531_openssl_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2016-06-01 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2016-1137.nasl - Type : ACT_GATHER_INFO |
2016-06-01 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2016-1137.nasl - Type : ACT_GATHER_INFO |
2016-05-31 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2016-1137.nasl - Type : ACT_GATHER_INFO |
2016-05-27 | Name : The remote host is affected by multiple vulnerabilities. File : citrix_xenserver_CTX212736.nasl - Type : ACT_GATHER_INFO |
2016-05-20 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-1360-1.nasl - Type : ACT_GATHER_INFO |
2016-05-17 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2016-0996.nasl - Type : ACT_GATHER_INFO |
2016-05-16 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-1290-1.nasl - Type : ACT_GATHER_INFO |
2016-05-16 | Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2016-0049.nasl - Type : ACT_GATHER_INFO |
2016-05-16 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2016-0996.nasl - Type : ACT_GATHER_INFO |
2016-05-12 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-575.nasl - Type : ACT_GATHER_INFO |
2016-05-12 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-563.nasl - Type : ACT_GATHER_INFO |
2016-05-12 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-562.nasl - Type : ACT_GATHER_INFO |
2016-05-12 | Name : The remote Fedora host is missing a security update. File : fedora_2016-1e39d934ed.nasl - Type : ACT_GATHER_INFO |
2016-05-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2016-0996.nasl - Type : ACT_GATHER_INFO |
2016-05-11 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2016-0722.nasl - Type : ACT_GATHER_INFO |
2016-05-11 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2016-0722.nasl - Type : ACT_GATHER_INFO |
2016-05-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2016-0722.nasl - Type : ACT_GATHER_INFO |
2016-05-11 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20160509_openssl_on_SL7_x.nasl - Type : ACT_GATHER_INFO |
2016-05-11 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-1267-1.nasl - Type : ACT_GATHER_INFO |
2016-05-09 | Name : The remote Fedora host is missing a security update. File : fedora_2016-1411324654.nasl - Type : ACT_GATHER_INFO |
2016-05-06 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-565.nasl - Type : ACT_GATHER_INFO |
2016-05-06 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-564.nasl - Type : ACT_GATHER_INFO |
2016-05-06 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-561.nasl - Type : ACT_GATHER_INFO |
2016-05-05 | Name : The remote Fedora host is missing a security update. File : fedora_2016-05c567df1a.nasl - Type : ACT_GATHER_INFO |
2016-05-05 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-3566.nasl - Type : ACT_GATHER_INFO |
2016-05-05 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-1228-1.nasl - Type : ACT_GATHER_INFO |
2016-05-05 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-1233-1.nasl - Type : ACT_GATHER_INFO |
2016-05-04 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2016-124-01.nasl - Type : ACT_GATHER_INFO |
2016-05-04 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-2959-1.nasl - Type : ACT_GATHER_INFO |
2016-05-04 | Name : The remote service is affected by multiple vulnerabilities. File : openssl_1_0_2h.nasl - Type : ACT_GATHER_INFO |
2016-05-04 | Name : The remote service is affected by a remote code execution vulnerability. File : openssl_1_0_2c.nasl - Type : ACT_GATHER_INFO |
2016-05-04 | Name : The remote service is affected by multiple vulnerabilities. File : openssl_1_0_1t.nasl - Type : ACT_GATHER_INFO |
2016-05-04 | Name : The remote service is affected by a remote code execution vulnerability. File : openssl_1_0_1o.nasl - Type : ACT_GATHER_INFO |
2016-05-04 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_01d729ca114311e6b55eb499baebfeaf.nasl - Type : ACT_GATHER_INFO |
2016-05-04 | Name : The remote Debian host is missing a security update. File : debian_DLA-456.nasl - Type : ACT_GATHER_INFO |
2016-05-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2016-695.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2016-05-06 21:49:17 |
|
2016-05-06 17:33:45 |
|
2016-05-06 13:32:24 |
|
2016-05-05 09:40:33 |
|
2016-05-03 21:26:55 |
|