Oracle Solaris 11: CVE-2015-1788: Vulnerability in OpenSSL
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:N/I:N/A:P) | June 12, 2015 | May 29, 2017 | May 29, 2017 |
Description
The BN_GF2m_mod_inv function in crypto/bn/bn_gf2m.c in OpenSSL before 0.9.8s, 1.0.0 before 1.0.0e, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b does not properly handle ECParameters structures in which the curve is over a malformed binary polynomial field, which allows remote attackers to cause a denial of service (infinite loop) via a session that uses an Elliptic Curve algorithm, as demonstrated by an attack against a server that supports client authentication.
Free Nexpose Download
Discover, prioritize, and remediate security risks today!
References
Solution
oracle-solaris-11-2-upgrade-library-security-openssl-1-0-1-16-0-175-2-12-0-6-0Related Vulnerabilities
- Gentoo Linux: CVE-2015-7183: Mozilla Products: Multiple vulnerabilities
- Ubuntu: (Multiple Advisories) (CVE-2016-3606): OpenJDK 6 vulnerabilities
- Java CPU July 2016 Java SE, Java SE Embedded Libraries vulnerability (CVE-2016-3598)
- Red Hat: CVE-2016-2108: Important: openssl security update ((Multiple Advisories))
- HP-UX: CVE-2015-1793: OpenSSL Vulnerability (Alternative Chain Certificate Forgery)
- Ubuntu: USN-2959-1 (CVE-2016-2105): OpenSSL vulnerabilities
- Oracle Linux: (CVE-2016-3587) ELSA-2016-1458: java-1.8.0-openjdk security update
- Red Hat: CVE-2016-3521: Important: mariadb security update (RHSA-2016:1602)
- CentOS: (CVE-2016-3521) CESA-2016:1602: mariadb
- SUSE: CVE-2016-1978: SUSE Linux Security Advisory
- OS X update for Admin Framework (CVE-2015-4000)
- Amazon Linux AMI: CVE-2016-5440: Security patch for mysql55 ((Multiple Advisories))
- MFSA2015-70 SeaMonkey: NSS accepts export-length DHE keys with regular DHE cipher suites (CVE-2015-4000)
- Ubuntu: USN-2883-1 (CVE-2016-0701): OpenSSL vulnerability
- OS X update for apache (CVE-2015-1790)
- F5 Networks: K16864 (CVE-2015-2808): SSL/TLS RC4 vulnerability CVE-2015-2808
- Palo Alto Networks (Multiple Advisories) (CVE-2015-1792): OpenSSL Vulnerabilities
- Gentoo Linux: CVE-2015-3237: cURL: Multiple vulnerabilities
- SUSE: CVE-2015-5600: SUSE Linux Security Advisory
- Gentoo Linux: CVE-2016-1978: Mozilla Products: Multiple vulnerabilities
- HP Systems Insight Manager - HPSBMU03394 (CVE-2015-1791): Linux and Windows, Multiple Vulnerabilities
- CentOS: (CVE-2016-0800) (Multiple Advisories): openssl098e
- SUSE: CVE-2016-3458: SUSE Linux Security Advisory
- Debian: CVE-2016-3521: mariadb-10.0 -- security update
- F5 Networks: K25075696 (CVE-2016-3500): Oracle Java vulnerability CVE-2016-3500
- Alpine Linux: CVE-2016-2106: openssl Multiple vulnerabilities
- OpenSSL Memory corruption in the ASN.1 encoder (CVE-2016-2108)
- Java CPU July 2016 Java SE, Java SE Embedded Hotspot vulnerability (CVE-2016-3550)
- SUSE: CVE-2016-3501: SUSE Linux Security Advisory
- Oracle Solaris 11: CVE-2015-3236: Vulnerability in libcurl
- Amazon Linux AMI: CVE-2016-3459: Security patch for mysql56 (ALAS-2016-737)
- F5 Networks: K31026324 (CVE-2015-8104): Linux kernel vulnerabilities CVE-2015-2925, CVE-2015-5307, and CVE-2015-8104
- IBM AIX: java_april2015_advisory, rc4_advisory (CVE-2015-2808): Vulnerability in IBM Java SDK affects AIX
- Debian: CVE-2016-0797: openssl -- security update
- Debian: CVE-2015-7182: nss -- security update
- Huawei EulerOS: CVE-2016-4052: squid security update
- Huawei EulerOS: CVE-2016-3521: mariadb security update
- CentOS: (CVE-2016-3606) (Multiple Advisories): java-1.6.0-openjdk
- FreeBSD: FreeBSD -- Multiple OpenSSL vulnerabilities (FreeBSD-SA-16:12.openssl) (Multiple CVEs)
- Huawei EulerOS: CVE-2016-3610: java-1.7.0-openjdk security update
- MFSA2015-133 Firefox: NSS and NSPR memory corruption issues (CVE-2015-7182)
- Gentoo Linux: CVE-2015-0204: OpenSSL: Multiple vulnerabilities
- FreeBSD: node -- multiple vulnerabilities (Multiple CVEs)
- Apache HTTPD: mod_lua: Crash in websockets PING handling (CVE-2015-0228)
- Oracle Linux: (CVE-2016-2109) (Multiple Advisories): openssl security update
- Oracle Solaris 11: CVE-2016-5444: Vulnerability in MySQL
- Ubuntu: USN-3040-1 (CVE-2016-5437): MySQL vulnerabilities
- Amazon Linux AMI: CVE-2016-4051: Security patch for squid ((Multiple Advisories))
- Amazon Linux AMI: CVE-2016-4052: Security patch for squid (ALAS-2016-713)
- FreeBSD: openssl -- multiple vulnerabilities (FreeBSD-SA-15:26.openssl) (Multiple CVEs)
- FreeBSD: apache22 -- chunk header parsing defect (CVE-2015-3183)
- Ubuntu: USN-2830-1 (CVE-2015-3193): OpenSSL vulnerabilities
- Ubuntu: USN-2959-1 (CVE-2016-2106): OpenSSL vulnerabilities
- HP-UX: CVE-2015-1790: OpenSSL Vulnerability (PKCS7 crash with missing EnvelopedContent)
- Amazon Linux AMI: CVE-2016-3458: Security patch for java-1.6.0-openjdk ((Multiple Advisories))
- Oracle Linux: (CVE-2016-3550) (Multiple Advisories): java-1.6.0-openjdk security update
- Ubuntu: (Multiple Advisories) (CVE-2015-7181): Thunderbird vulnerabilities
- Gentoo Linux: CVE-2016-0799: OpenSSL: Multiple vulnerabilities
- SUSE: CVE-2016-3511: SUSE Linux Security Advisory
- Cisco SAN-OS: Multiple Vulnerabilities in OpenSSL (January 2016) Affecting Cisco Products (CVE-2016-0701)
- Oracle Solaris 11: CVE-2015-7183: Vulnerability in Firefox, Thunderbird
- SUSE: CVE-2015-0228: SUSE Linux Security Advisory
- SUSE: CVE-2015-7182: SUSE Linux Security Advisory
- HP-UX: CVE-2015-1791: OpenSSL Vulnerability (Race condition handling NewSessionTicket)
- IBM AIX: openssl_advisory20 (CVE-2016-2108): Vulnerabilities in OpenSSL affects AIX
- Gentoo Linux: CVE-2016-3598: Oracle JRE/JDK: Multiple vulnerabilities
- Oracle Solaris 11: CVE-2016-5469: Vulnerability in Kernel
- Apache Struts: CVE-2016-1182: XSS and denial of service
- F5 Networks: K16915 (CVE-2015-1792): OpenSSL vulnerability CVE-2015-1792
- SUSE: CVE-2016-0799: SUSE Linux Security Advisory
- Huawei EulerOS: CVE-2016-3452: mariadb security update
- Cisco ASA: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products March 2016 (cisco-sa-20160302-openssl) (CVE-2016-0799)
- Oracle Linux: (CVE-2016-3615) ELSA-2016-1602: mariadb security update
- Juniper Junos OS: 2015-05 Out of Cycle Security Bulletin: "Logjam" passive attack on sub-1024 DH groups, and active downgrade attack of TLS to DHE_EXPORT (JSA10681) (CVE-2015-4000)
- Red Hat: CVE-2016-2105: Important: openssl security update ((Multiple Advisories))
- F5 Networks: K16124 (CVE-2015-0206): OpenSSL vulnerability CVE-2015-0206
- Red Hat: CVE-2016-5440: Important: mariadb security update (RHSA-2016:1602)
- CentOS: (CVE-2016-4053) (Multiple Advisories): squid34
- Alpine Linux: CVE-2016-2105: openssl Multiple vulnerabilities
- OpenSSL PKCS7 crash with missing EnvelopedContent (CVE-2015-1790)
- MFSA2015-150 Thunderbird: MD5 signatures accepted within TLS 1.2 ServerKeyExchange in server signature (CVE-2015-7575)
- HP Systems Insight Manager - HPSBMU03394 (CVE-2015-1789): Linux and Windows, Multiple Vulnerabilities
- Red Hat: CVE-2016-2106: Important: openssl security update ((Multiple Advisories))
- Oracle MySQL Vulnerability: CVE-2016-3614
- Amazon Linux AMI: CVE-2016-3452: Security patch for mysql55 (ALAS-2016-738)
- Sun Patch: SunOS 5.10: OpenSSL 0.9.7 patch
- OS X update for OpenSSL (CVE-2015-1791)
- Gentoo Linux: CVE-2016-2108: OpenSSL: Multiple vulnerabilities
- Oracle Solaris 11: CVE-2016-5437: Vulnerability in MySQL
- Debian: CVE-2016-0798: openssl -- security update
- Oracle Linux: (CVE-2016-4052) (Multiple Advisories): squid security, bug fix, and enhancement update
- CentOS: (CVE-2015-7575) (Multiple Advisories): java-1.7.0-openjdk
- Gentoo Linux: CVE-2016-3511: Oracle JRE/JDK: Multiple vulnerabilities
- HP-UX: CVE-2015-0204: Potential security vulnerabilities have been identified with HP-UX running OpenSSL. These vulnerabilities could be exploited remotely to create a remote Denial of Service (DoS) and other vulnerabilites.
- OS X update for LibreSSL (CVE-2016-2109)
- Oracle Solaris 11: CVE-2016-3614: Vulnerability in MySQL
- Gentoo Linux: CVE-2015-3236: cURL: Multiple vulnerabilities
- Cisco SAN-OS: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2016 (Multiple CVEs)
- Java CPU July 2016 Java SE, Java SE Embedded Hotspot vulnerability (CVE-2016-3606)
- MFSA2015-71 Firefox: NSS incorrectly permits skipping of ServerKeyExchange (CVE-2015-2721)