SUSE Linux update for openssl
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 5 |
| CVE-ID | CVE-2016-2105 CVE-2016-2106 CVE-2016-2107 CVE-2016-2108 CVE-2016-2109 |
| CWE-ID | CWE-20 CWE-284 CWE-120 CWE-119 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #3 is available. |
| Vulnerable software |
SUSE Linux Operating systems & Components / Operating system |
| Vendor | SUSE |
Security Bulletin
This security bulletin contains information about 5 vulnerabilities.
1) Heap overflow
EUVDB-ID: #VU640
Risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2016-2105
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote user to cause heap overflow on the target system.
The weakness is caused by insufficient input validation. By sending a great deal of input data attackers are able to cause overflow of the EVP_EncodeUpdate() function used for binary data encoding.
Successful exploitation of the vulnerability may result in heap overflow on the vulnerable system.
Update the affected packages.
SUSE Linux: 12
CPE2.3 External linkshttps://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Input validation error
EUVDB-ID: #VU33809
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2016-2106
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data.
MitigationUpdate the affected packages.
SUSE Linux: 12
CPE2.3 External linkshttps://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Traffic decryption
EUVDB-ID: #VU639
Risk: High
CVSSv4.0: 7.8 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/U:Amber]
CVE-ID: CVE-2016-2107
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: Yes
DescriptionThe vulnerability allows a remote user to decrypt traffic on the target system.
The weakness is due to access control error.If the connection uses an AES CBC cipher and the server support AES-NI attackers can perform padding oracle attack.
Successful exploitation of the vulnerability leads to traffic decryption on the vulnerable system.
Update the affected packages.
SUSE Linux: 12
CPE2.3 External linkshttps://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
4) Memory corruption
EUVDB-ID: #VU638
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2016-2108
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote user to cause memory corruption on the target system.
The weakness exists due to buffer underflow with an out-of-bounds write in i2c_ASN1_INTEGER. As ASN.1 parser (specifically, d2i_ASN1_TYPE) can misinterpret a large universal tag as a negative zero value, attacker may easily corrupt memory.
Successful exploitation of the vulnerability will allow a malicious user to trigger memory corruption on the vulnerable system.
Update the affected packages.
SUSE Linux: 12
CPE2.3 External linkshttps://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Excessive memory allocation
EUVDB-ID: #VU641
Risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2016-2109
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote user to cause excessive memory allocation on the target system.
The weakness exists during reading ASN.1 data by d2i_CMS_bio() function. A short invalid encoding leads to distribution of large amounts of memory for excessive resources or exhausting memory.
Successful exploitation of the vulnerability may result in excessive memory allocation.
Update the affected packages.
SUSE Linux: 12
CPE2.3 External linkshttps://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
