Traffic decryption in openssl (Alpine package)

1) Traffic decryption

EUVDB-ID: #VU639

Risk: High

CVSSv4.0: 7.8 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/U:Amber]

CVE-ID: CVE-2016-2107

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: Yes

Description

The vulnerability allows a remote user to decrypt traffic on the target system.

The weakness is due to access control error.If the connection uses an AES CBC cipher and the server support AES-NI attackers can perform padding oracle attack.

Successful exploitation of the vulnerability leads to traffic decryption on the vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

openssl (Alpine package): 1.0.1c-r0 - 1.0.2h-r2

CPE2.3

• cpe:2.3:o:alpine:openssl_alpine_package:1.0.1c-r0:*:*:*:*:alpine_linux:*:2.3
• cpe:2.3:o:alpine:openssl_alpine_package:1.0.1f-r0:*:*:*:*:alpine_linux:*:2.3
• cpe:2.3:o:alpine:openssl_alpine_package:1.0.1d-r0:*:*:*:*:alpine_linux:*:2.3

External links

https://git.alpinelinux.org/aports/commit/?id=033f9730873ed7526ced21e72ba16a2937bab220
https://git.alpinelinux.org/aports/commit/?id=c5a3b0b6d1ecd85d52e16f330be9478aca853348
https://git.alpinelinux.org/aports/commit/?id=346532027d2b8b8d5cac13a2b7d86820dfaf34b7
https://git.alpinelinux.org/aports/commit/?id=6ea715958d6486933e7cc3ca163e3d0691c9629d
https://git.alpinelinux.org/aports/commit/?id=70b8770d37d514044077c7258c0e6e81aeeee5fe
https://git.alpinelinux.org/aports/commit/?id=7b3b75b5c977b3a6fa91c6a48349d55fc7e31663

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.