Multiple vulnerabilities in OpenSSL
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2016-2177 CVE-2016-2180 |
| CWE-ID | CWE-119 CWE-494 CWE-125 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
OpenSSL Server applications / Encryption software Oracle Solaris Operating systems & Components / Operating system Oracle Linux Operating systems & Components / Operating system Oracle VM VirtualBox Server applications / Virtualization software Oracle VM Server for x86 Server applications / Other server solutions |
| Vendor |
OpenSSL Software Foundation Oracle |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Integer overflow in ssl3_get_client_hello()
EUVDB-ID: #VU24
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2016-2177
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause denial of service conditions on the target system.
The vulnerability exists due to a boundary error in ssl3_get_client_hello() function. A remote attacker can cause integer overflow by sending specially crafted data and crash the service.
Successful exploitation of this vulnerability may cause the target service to crash.
The vendor has issued a source code fix, available at:
https://github.com/openssl/openssl/commit/a004e72b95835136d3f1ea90517f706c24c03da7
OpenSSL: 1.0.2c - 1.0.2
Oracle Solaris: 10 - 11.3
Oracle VM VirtualBox: 5.0.25 - 5.1.7
Oracle VM Server for x86: 3.2 - 3.4
Oracle Linux: 5 - 7
CPE2.3- cpe:2.3:a:openssl_software_foundation:openssl:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*
- cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:vm_virtualbox:5.0.27:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:vm_virtualbox:5.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:oracle_vm_server_for_x86:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:oracle_vm_server_for_x86:3.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:oracle_vm_server_for_x86:3.4:*:*:*:*:*:*:*
- cpe:2.3:o:oracle:oracle_linux:5:*:*:*:*:*:*:*
- cpe:2.3:o:oracle:oracle_linux:6:*:*:*:*:*:*:*
https://github.com/openssl/openssl/commit/a004e72b95835136d3f1ea90517f706c24c03da7
https://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
https://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
https://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
https://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
https://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Out-of-bounds read
EUVDB-ID: #VU308
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2016-2180
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the TS_OBJ_print_bio() function in crypto/ts/ts_lib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation in OpenSSL. A remote attacker can perform a denial of service (DoS) attack via a crafted time-stamp file that is mishandled by the "openssl ts" command.
MitigationInstall update from vendor's website.
Vulnerable software versionsOpenSSL: 1.0.2c - 1.0.2
CPE2.3https://github.com/openssl/openssl/commit/0ed26acce328ec16a3aa635f1ca37365e8c7403a
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-2180
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
