#VU82376 Buffer overflow in OpenSSL - CVE-2016-0799

Cybersecurity Help s.r.o.

Published: 2023-10-25

Vulnerability identifier: #VU82376

Vulnerability risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2016-0799

CWE-ID: CWE-119

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
OpenSSL
Server applications / Encryption software

Vendor: OpenSSL Software Foundation

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to fmtstr function in crypto/bio/b_print.c in OpenSSL improperly calculates string lengths. A remote attacker can cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

OpenSSL: 1.0.0t - 1.0.0p, 1.0.1i - 1.0.1p

External links
https://git.openssl.org/?p=openssl.git;a=commit;h=578b956fe741bf8e84055547b1e83c28dd902c73
https://openssl.org/news/secadv/20160301.txt
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168
https://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05068681
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131085
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150800
https://rhn.redhat.com/errata/RHSA-2016-0722.html
https://rhn.redhat.com/errata/RHSA-2016-0996.html
https://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
https://www.securityfocus.com/bid/91787
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05086877
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05141441
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150736
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05135617
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05126404
https://marc.info/?l=bugtraq&m=146108058503441&w=2
https://marc.info/?l=bugtraq&m=145983526810210&w=2
https://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
https://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
https://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
https://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
https://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
https://www.securityfocus.com/bid/83755
https://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html
https://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html
https://www.openssl.org/news/secadv/20160301.txt
https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html
https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.html
https://www.debian.org/security/2016/dsa-3500
https://security.gentoo.org/glsa/201603-15
https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00025.html
https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html
https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html
https://lists.fedoraproject.org/pipermail/package-announce/2016-March/178358.html
https://www.ubuntu.com/usn/USN-2914-1
https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl
https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html
https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html
https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00017.html
https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html
https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
https://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.html
https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00012.html
https://lists.fedoraproject.org/pipermail/package-announce/2016-March/178817.html
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03741en_us
https://www.securitytracker.com/id/1035133
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.asc
https://rhn.redhat.com/errata/RHSA-2016-2957.html
https://rhn.redhat.com/errata/RHSA-2016-2073.html
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in IBM Integrated Management Module (IMM)

Multiple vulnerabilities in IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter systems