Rapid7 Vulnerability & Exploit Database

RHSA-2016:0372: openssl098e security update

Back to Search

RHSA-2016:0372: openssl098e security update

Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Published
03/19/2015
Created
07/25/2018
Added
03/10/2016
Modified
03/21/2018

Description

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)and Transport Layer Security (TLS v1) protocols, as well as afull-strength, general purpose cryptography library.A padding oracle flaw was found in the Secure Sockets Layer version 2.0(SSLv2) protocol. An attacker can potentially use this flaw to decryptRSA-encrypted cipher text from a connection using a newer SSL/TLS protocolversion, allowing them to decrypt such connections. This cross-protocolattack is publicly referred to as DROWN. (CVE-2016-0800)Note: This issue was addressed by disabling the SSLv2 protocol by defaultwhen using the 'SSLv23' connection methods, and removing support for weakSSLv2 cipher suites. For more information, refer to the knowledge basearticle linked to in the References section.It was discovered that the SSLv2 servers using OpenSSL accepted SSLv2connection handshakes that indicated non-zero clear key length fornon-export cipher suites. An attacker could use this flaw to decryptrecorded SSLv2 sessions with the server by using it as a decryption oracle.(CVE-2016-0703)It was discovered that the SSLv2 protocol implementation in OpenSSL didnot properly implement the Bleichenbacher protection for export ciphersuites. An attacker could use a SSLv2 server using OpenSSL as aBleichenbacher oracle. (CVE-2016-0704)Note: The CVE-2016-0703 and CVE-2016-0704 issues could allow for moreefficient exploitation of the CVE-2016-0800 issue via the DROWN attack.A denial of service flaw was found in the way OpenSSL handled SSLv2handshake messages. A remote attacker could use this flaw to cause aTLS/SSL server using OpenSSL to exit on a failed assertion if it had boththe SSLv2 protocol and EXPORT-grade cipher suites enabled. (CVE-2015-0293)A flaw was found in the way malicious SSLv2 clients could negotiate SSLv2ciphers that have been disabled on the server. This could result in weakSSLv2 ciphers being used for SSLv2 connections, making them vulnerable toman-in-the-middle attacks. (CVE-2015-3197)Red Hat would like to thank the OpenSSL project for reporting these issues.Upstream acknowledges Nimrod Aviram and Sebastian Schinzel as the originalreporters of CVE-2016-0800 and CVE-2015-3197; David Adrian (University ofMichigan) and J. Alex Halderman (University of Michigan) as the originalreporters of CVE-2016-0703 and CVE-2016-0704; and Sean Burford (Google) andEmilia Käsper (OpenSSL development team) as the original reporters ofCVE-2015-0293.All openssl098e users are advised to upgrade to these updated packages,which contain backported patches to correct these issues. For the updateto take effect, all services linked to the openssl098e library must berestarted, or the system rebooted.

Solution(s)

  • redhat-upgrade-openssl098e
  • redhat-upgrade-openssl098e-debuginfo

References

  • redhat-upgrade-openssl098e
  • redhat-upgrade-openssl098e-debuginfo

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;