The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of FortiGate

vulnerability announce CVE-2016-6909

FortiOS: buffer overflow via Cookie Parser, EGREGIOUS BLUNDER

Synthesis of the vulnerability

An attacker can generate a buffer overflow via the Cookie Parser of FortiOS, in order to trigger a denial of service, and possibly to run code.
Impacted products: FortiGate, FortiGate Virtual Appliance, FortiOS.
Severity: 4/4.
Consequences: user access/rights, denial of service on service.
Provenance: internet client.
Creation date: 18/08/2016.
Revision date: 18/08/2016.
Identifiers: CERTFR-2016-AVI-283, CVE-2016-6909, EGBL, EGREGIOUSBLUNDER, EGREGIOUS BLUNDER, FG-IR-16-023, VIGILANCE-VUL-20422.

Description of the vulnerability

The FortiOS product offers a web service.

However, if the size of data in HTTP Cookies is greater than the size of the storage array, an overflow occurs.

An attacker can therefore generate a buffer overflow via the Cookie Parser of FortiOS, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2016-2180

OpenSSL: out-of-bounds memory reading via TS_OBJ_print_bio

Synthesis of the vulnerability

An attacker can force a read at an invalid address via TS_OBJ_print_bio() of OpenSSL, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: Blue Coat CAS, ProxyAV, ProxySG par Blue Coat, SGOS by Blue Coat, Cisco ASR, Cisco Aironet, Cisco ATA, Cisco AnyConnect Secure Mobility Client, Cisco ACE, ASA, AsyncOS, Cisco Catalyst, Cisco Content SMA, Cisco ESA, IOS by Cisco, IOS XE Cisco, IOS XR Cisco, Cisco IPS, Nexus by Cisco, NX-OS, Cisco Prime Access Registrar, Prime Collaboration Assurance, Cisco Prime DCNM, Prime Infrastructure, Cisco Prime LMS, Cisco Router, Secure ACS, Cisco CUCM, Cisco Manager Attendant Console, Cisco Unified CCX, Cisco IP Phone, Cisco MeetingPlace, Cisco Wireless IP Phone, Cisco WSA, Cisco Wireless Controller, Debian, BIG-IP Hardware, TMOS, Fedora, FileZilla Server, FortiAnalyzer, FortiAnalyzer Virtual Appliance, FortiGate, FortiGate Virtual Appliance, FortiOS, FreeBSD, FreeRADIUS, hMailServer, HP Switch, AIX, Tivoli Storage Manager, Tivoli Workload Scheduler, Juniper J-Series, Junos OS, Junos Space, NSM Central Manager, NSMXpress, McAfee Email Gateway, NetScreen Firewall, ScreenOS, Nodejs Core, OpenSSL, openSUSE, openSUSE Leap, Oracle Communications, Oracle Directory Server, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Oracle iPlanet Web Server, Solaris, Tuxedo, WebLogic, Oracle Web Tier, pfSense, Pulse Connect Secure, Pulse Secure Client, Pulse Secure SBR, RHEL, SAS Add-in for Microsoft Office, SAS Analytics Pro, Base SAS Software, SAS Enterprise BI Server, SAS Enterprise Guide, SAS Management Console, SAS OLAP Server, SAS SAS/ACCESS, SAS SAS/AF, SAS SAS/CONNECT, SAS SAS/EIS, SAS SAS/ETS, SAS SAS/FSP, SAS SAS/GRAPH, SAS SAS/IML, SAS SAS/OR, SAS SAS/STAT, SAS SAS/Web Report Studio, Slackware, Splunk Enterprise, stunnel, SUSE Linux Enterprise Desktop, SLES, Synology DS***, Synology RS***, Nessus, Ubuntu, WinSCP.
Severity: 1/4.
Consequences: data reading, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 02/08/2016.
Identifiers: 1359615, 1996096, 2000095, 2003480, 2003620, 2003673, bulletinapr2017, bulletinjul2016, CERTFR-2016-AVI-333, cisco-sa-20160927-openssl, cpuapr2017, cpujan2018, cpuoct2017, CVE-2016-2180, DLA-637-1, DSA-3673-1, DSA-3673-2, FEDORA-2016-97454404fe, FEDORA-2016-a555159613, FG-IR-16-047, FG-IR-16-048, FG-IR-17-127, FreeBSD-SA-16:26.openssl, HPESBHF03856, JSA10759, openSUSE-SU-2016:2391-1, openSUSE-SU-2016:2407-1, openSUSE-SU-2018:0458-1, RHSA-2016:1940-01, SA132, SA40312, SB10215, SOL02652550, SP-CAAAPUE, SPL-129207, SSA:2016-266-01, SUSE-SU-2016:2387-1, SUSE-SU-2016:2394-1, SUSE-SU-2016:2469-1, TNS-2016-16, USN-3087-1, USN-3087-2, VIGILANCE-VUL-20286.

Description of the vulnerability

The OpenSSL product implements the RFC 3161 Public Key Infrastructure Time-Stamp Protocol.

However, the TS_OBJ_print_bio() function tries to read a memory area located outside the expected range, which triggers a fatal error, or leads to the disclosure of a memory fragment.

An attacker can therefore force a read at an invalid address via TS_OBJ_print_bio() of OpenSSL, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2016-6207

libgd2: integer overflow via _gdContributionsAlloc

Synthesis of the vulnerability

An attacker can generate an integer overflow via _gdContributionsAlloc of libgd2, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, FortiAnalyzer, FortiAnalyzer Virtual Appliance, FortiGate, FortiGate Virtual Appliance, FortiOS, openSUSE, openSUSE Leap, PHP, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 27/07/2016.
Identifiers: CERTFR-2017-AVI-237, CVE-2016-6207, DSA-3630-1, FEDORA-2016-0de0e0ee0c, FG-IR-17-051, openSUSE-SU-2016:2117-1, openSUSE-SU-2016:2363-1, openSUSE-SU-2016:2451-1, RHSA-2016:2750-01, SSA:2016-203-02, SUSE-SU-2016:2408-1, SUSE-SU-2016:2460-1, SUSE-SU-2016:2460-2, SUSE-SU-2016:2683-1, SUSE-SU-2016:2683-2, USN-3060-1, VIGILANCE-VUL-20227.

Description of the vulnerability

An attacker can generate an integer overflow via _gdContributionsAlloc of libgd2, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2016-6214

libgd: out-of-bounds memory reading via TGA bpp/alphabit

Synthesis of the vulnerability

An attacker can force a read at an invalid address via TGA bpp/alphabit of libgd, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: Debian, Fedora, FortiAnalyzer, FortiAnalyzer Virtual Appliance, FortiGate, FortiGate Virtual Appliance, FortiOS, openSUSE, openSUSE Leap, Ubuntu.
Severity: 2/4.
Consequences: data reading, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 18/07/2016.
Identifiers: CERTFR-2017-AVI-237, CVE-2016-6214, DSA-3619-1, FEDORA-2016-615f3bf06e, FG-IR-17-051, openSUSE-SU-2016:2117-1, openSUSE-SU-2016:2363-1, USN-3060-1, VIGILANCE-VUL-20131.

Description of the vulnerability

An attacker can force a read at an invalid address via TGA bpp/alphabit of libgd, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2016-6132

libgd: out-of-bounds memory reading via read_image_tga

Synthesis of the vulnerability

An attacker can force a read at an invalid address via read_image_tga() of libgd, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: Debian, Fedora, FortiAnalyzer, FortiAnalyzer Virtual Appliance, FortiGate, FortiGate Virtual Appliance, FortiOS, openSUSE, openSUSE Leap, Ubuntu.
Severity: 2/4.
Consequences: data reading, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 18/07/2016.
Identifiers: CERTFR-2017-AVI-237, CVE-2016-6132, DSA-3619-1, FEDORA-2016-615f3bf06e, FG-IR-17-051, openSUSE-SU-2016:2117-1, openSUSE-SU-2016:2363-1, USN-3060-1, VIGILANCE-VUL-20130.

Description of the vulnerability

An attacker can force a read at an invalid address via read_image_tga() of libgd, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2016-5696

Linux kernel: injecting TCP packets via Challenge ACK

Synthesis of the vulnerability

An attacker can predict the sequence of a TCP session performed to a Linux server, in order to inject a TCP packet, which can interact with the session if it is not encrypted.
Impacted products: Blue Coat CAS, Debian, BIG-IP Hardware, TMOS, Fedora, FortiAnalyzer, FortiAnalyzer Virtual Appliance, FortiGate, FortiGate Virtual Appliance, FortiOS, Android OS, NSM Central Manager, NSMXpress, Linux, McAfee Web Gateway, openSUSE, openSUSE Leap, PAN-OS, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Consequences: data creation/edition, data flow.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 12/07/2016.
Identifiers: CERTFR-2016-AVI-287, CERTFR-2016-AVI-289, CERTFR-2017-AVI-001, CERTFR-2017-AVI-044, CERTFR-2017-AVI-053, CERTFR-2017-AVI-131, CVE-2016-5389-REJECT, CVE-2016-5696, DLA-609-1, DSA-3659-1, FEDORA-2016-784d5526d8, FEDORA-2016-9a16b2e14e, FG-IR-16-047, FG-IR-16-048, FG-IR-17-127, JSA10853, openSUSE-SU-2016:2290-1, openSUSE-SU-2016:2625-1, openSUSE-SU-2016:3021-1, PAN-SA-2017-0015, RHSA-2016:1631-01, RHSA-2016:1632-01, RHSA-2016:1633-01, RHSA-2016:1657-01, RHSA-2016:1664-01, RHSA-2016:1814-01, RHSA-2016:1815-01, RHSA-2016:1939-01, SA131, SB10167, SOL46514822, SSA:2016-236-03, SSA:2016-242-01, SUSE-SU-2016:2245-1, SUSE-SU-2016:2912-1, SUSE-SU-2016:2976-1, SUSE-SU-2016:3069-1, SUSE-SU-2016:3304-1, SUSE-SU-2017:0437-1, SUSE-SU-2017:0471-1, SUSE-SU-2017:1102-1, USN-3070-1, USN-3070-2, USN-3070-3, USN-3070-4, USN-3071-1, USN-3071-2, USN-3072-1, USN-3072-2, VIGILANCE-VUL-20066.

Description of the vulnerability

The Linux kernel implements the RFC 5961 (Improving TCP's Robustness to Blind In-Window Attacks).

However, this implementation provides information which can be used to inject a TCP packet in an active session, but without receiving the TCP reply.

In order to do so, the attacker has to know,
 - the IP address and the TCP port number of the server
 - the IP address of a client with an active session

An attacker can therefore predict the sequence of a TCP session performed to a Linux server, in order to inject a TCP packet, which can interact with the session if it is not encrypted.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2016-6128

libgd: integer overflow via Color Indexes

Synthesis of the vulnerability

An attacker can generate an integer overflow via Color Indexes of libgd, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, FortiAnalyzer, FortiAnalyzer Virtual Appliance, FortiGate, FortiGate Virtual Appliance, FortiOS, openSUSE, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 12/07/2016.
Identifiers: CERTFR-2017-AVI-237, CVE-2016-6128, DSA-3619-1, FEDORA-2016-615f3bf06e, FG-IR-17-051, openSUSE-SU-2016:2117-1, openSUSE-SU-2016:2363-1, openSUSE-SU-2016:2451-1, RHSA-2016:2750-01, SUSE-SU-2016:2408-1, SUSE-SU-2016:2460-1, SUSE-SU-2016:2460-2, SUSE-SU-2016:2683-1, SUSE-SU-2016:2683-2, USN-3030-1, VIGILANCE-VUL-20061.

Description of the vulnerability

An attacker can generate an integer overflow via Color Indexes of libgd, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2016-5766 CVE-2016-5767

libgd: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of libgd.
Impacted products: Debian, Fedora, FortiAnalyzer, FortiAnalyzer Virtual Appliance, FortiGate, FortiGate Virtual Appliance, FortiOS, openSUSE, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 28/06/2016.
Identifiers: CERTFR-2017-AVI-237, CVE-2016-5766, CVE-2016-5767, DLA-534-1, DSA-3619-1, FEDORA-2016-a4d48d6fd6, FEDORA-2016-d126bb1b74, FG-IR-17-051, openSUSE-SU-2016:1761-1, openSUSE-SU-2016:1922-1, openSUSE-SU-2017:2366-1, RHSA-2016:2750-01, SUSE-SU-2017:2303-1, USN-3030-1, VIGILANCE-VUL-19982.

Description of the vulnerability

Several vulnerabilities were announced in libgd.

An attacker can generate an integer overflow via _gd2GetHeader, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-5766]

An attacker can generate an integer overflow via gdImagePaletteToTrueColor(), in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-5767]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2016-2177

OpenSSL: out-of-bounds memory reading

Synthesis of the vulnerability

An attacker can force a memory access at an invalid address in OpenSSL, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: Blue Coat CAS, ProxyAV, ProxySG par Blue Coat, SGOS by Blue Coat, Cisco ASR, Cisco Aironet, Cisco ATA, Cisco AnyConnect Secure Mobility Client, Cisco ACE, ASA, AsyncOS, Cisco Catalyst, Cisco Content SMA, Cisco ESA, IOS by Cisco, IOS XE Cisco, IOS XR Cisco, Cisco IPS, Nexus by Cisco, NX-OS, Cisco Prime Access Registrar, Prime Collaboration Assurance, Cisco Prime DCNM, Prime Infrastructure, Cisco Prime LMS, Cisco Router, Secure ACS, Cisco CUCM, Cisco Manager Attendant Console, Cisco Unified CCX, Cisco IP Phone, Cisco MeetingPlace, Cisco Wireless IP Phone, Cisco WSA, Cisco Wireless Controller, Debian, BIG-IP Hardware, TMOS, Fedora, FileZilla Server, FortiAnalyzer, FortiAnalyzer Virtual Appliance, FortiGate, FortiGate Virtual Appliance, FortiOS, FreeBSD, FreeRADIUS, hMailServer, HP Switch, AIX, DB2 UDB, QRadar SIEM, Tivoli Storage Manager, Tivoli Workload Scheduler, WebSphere MQ, Juniper J-Series, Junos OS, Junos Space, NSM Central Manager, NSMXpress, McAfee Email Gateway, ePO, NetScreen Firewall, ScreenOS, Nodejs Core, OpenSSL, openSUSE, openSUSE Leap, Oracle Communications, Oracle Directory Server, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Oracle iPlanet Web Server, Solaris, Tuxedo, WebLogic, Oracle Web Tier, pfSense, Pulse Connect Secure, Pulse Secure Client, Pulse Secure SBR, RHEL, JBoss EAP by Red Hat, SAS Add-in for Microsoft Office, SAS Analytics Pro, Base SAS Software, SAS Enterprise BI Server, SAS Enterprise Guide, SAS Management Console, SAS OLAP Server, SAS SAS/ACCESS, SAS SAS/AF, SAS SAS/CONNECT, SAS SAS/EIS, SAS SAS/ETS, SAS SAS/FSP, SAS SAS/GRAPH, SAS SAS/IML, SAS SAS/OR, SAS SAS/STAT, SAS SAS/Web Report Studio, Slackware, Splunk Enterprise, stunnel, SUSE Linux Enterprise Desktop, SLES, Synology DS***, Synology RS***, Nessus, Ubuntu, WinSCP.
Severity: 1/4.
Consequences: data reading, denial of service on server, denial of service on service, denial of service on client.
Provenance: internet client.
Creation date: 09/06/2016.
Identifiers: 1991866, 1991867, 1991870, 1991871, 1991875, 1991876, 1991878, 1991880, 1991882, 1991884, 1991885, 1991886, 1991887, 1991889, 1991892, 1991894, 1991896, 1991902, 1991903, 1991951, 1991955, 1991959, 1991960, 1991961, 1996096, 1999395, 1999421, 1999474, 1999478, 1999479, 1999488, 1999532, 1999724, 2000095, 2000209, 2000544, 2001805, 2002770, 2002870, 2003480, 2003620, 2003673, 2008828, bulletinapr2016, bulletinapr2017, bulletinjul2016, CERTFR-2016-AVI-333, cisco-sa-20160927-openssl, cpuapr2017, cpujan2018, cpuoct2017, CVE-2016-2177, DLA-637-1, DSA-3673-1, DSA-3673-2, FEDORA-2016-97454404fe, FEDORA-2016-a555159613, FG-IR-16-047, FG-IR-16-048, FG-IR-17-127, FreeBSD-SA-16:26.openssl, HPESBHF03763, HPESBHF03856, JSA10759, openSUSE-SU-2016:2391-1, openSUSE-SU-2016:2407-1, openSUSE-SU-2016:2537-1, openSUSE-SU-2018:0458-1, RHSA-2016:1940-01, RHSA-2017:1548-01, RHSA-2017:1549-01, RHSA-2017:1550-01, RHSA-2017:1551-01, RHSA-2017:1552-01, RHSA-2017:1658-01, RHSA-2017:1659-01, SA132, SA40312, SB10165, SB10215, SOL23873366, SP-CAAAPUE, SPL-129207, SSA:2016-266-01, SUSE-SU-2016:2387-1, SUSE-SU-2016:2394-1, SUSE-SU-2016:2458-1, SUSE-SU-2016:2468-1, SUSE-SU-2016:2469-1, TNS-2016-16, USN-3087-1, USN-3087-2, USN-3181-1, VIGILANCE-VUL-19855.

Description of the vulnerability

The source code of OpenSSL includes many loops where a pointer is used to go through a buffer.

The definition of the C language allows a pointer to be off by one byte after the buffer, but the behavior of any further access is undefined. Several end of loop tests follows the forme "pointer + current data length > end pointer" in such a way that these 2 expressions are not always defined according to the language specification. An attacker which can control dynamic memory allocations can trigger evaluation of undefined conditions and perhaps invalid memory access.

An attacker can therefore force a memory access at an invalid address in OpenSSL, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2016-2178

OpenSSL: DSA signature not running in constant time

Synthesis of the vulnerability

An attacker can monitor a process performing a DSA signature with OpenSSL, in order to potentially obtain information about the secret key.
Impacted products: Blue Coat CAS, ProxyAV, ProxySG par Blue Coat, SGOS by Blue Coat, Cisco ASR, Cisco Aironet, Cisco ATA, Cisco AnyConnect Secure Mobility Client, Cisco ACE, ASA, AsyncOS, Cisco Catalyst, Cisco Content SMA, Cisco ESA, IOS by Cisco, IOS XE Cisco, IOS XR Cisco, Cisco IPS, Nexus by Cisco, NX-OS, Cisco Prime Access Registrar, Prime Collaboration Assurance, Cisco Prime DCNM, Prime Infrastructure, Cisco Prime LMS, Cisco Router, Secure ACS, Cisco CUCM, Cisco Manager Attendant Console, Cisco Unified CCX, Cisco IP Phone, Cisco MeetingPlace, Cisco Wireless IP Phone, Cisco WSA, Cisco Wireless Controller, Debian, BIG-IP Hardware, TMOS, Fedora, FileZilla Server, FortiAnalyzer, FortiAnalyzer Virtual Appliance, FortiGate, FortiGate Virtual Appliance, FortiOS, FreeBSD, FreeRADIUS, hMailServer, HP Switch, AIX, IRAD, QRadar SIEM, Tivoli Storage Manager, Tivoli Workload Scheduler, WebSphere MQ, Juniper J-Series, Junos OS, Junos Space, NSM Central Manager, NSMXpress, McAfee Email Gateway, NetScreen Firewall, ScreenOS, Nodejs Core, OpenBSD, OpenSSL, openSUSE, openSUSE Leap, Oracle Communications, Oracle Directory Server, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Oracle iPlanet Web Server, Solaris, Tuxedo, WebLogic, Oracle Web Tier, pfSense, Pulse Connect Secure, Pulse Secure Client, Pulse Secure SBR, RHEL, JBoss EAP by Red Hat, SAS Add-in for Microsoft Office, SAS Analytics Pro, Base SAS Software, SAS Enterprise BI Server, SAS Enterprise Guide, SAS Management Console, SAS OLAP Server, SAS SAS/ACCESS, SAS SAS/AF, SAS SAS/CONNECT, SAS SAS/EIS, SAS SAS/ETS, SAS SAS/FSP, SAS SAS/GRAPH, SAS SAS/IML, SAS SAS/OR, SAS SAS/STAT, SAS SAS/Web Report Studio, Slackware, Splunk Enterprise, stunnel, SUSE Linux Enterprise Desktop, SLES, Synology DS***, Synology RS***, Nessus, Ubuntu, WinSCP.
Severity: 2/4.
Consequences: data reading.
Provenance: document.
Creation date: 07/06/2016.
Revision date: 08/06/2016.
Identifiers: 1991866, 1991867, 1991870, 1991871, 1991875, 1991876, 1991878, 1991880, 1991882, 1991884, 1991885, 1991886, 1991887, 1991889, 1991892, 1991894, 1991896, 1991902, 1991903, 1991951, 1991955, 1991959, 1991960, 1991961, 1992681, 1993777, 1996096, 1999395, 1999474, 1999478, 1999479, 1999488, 1999532, 1999724, 2000095, 2000544, 2003480, 2003620, 2003673, bulletinapr2016, bulletinapr2017, CERTFR-2016-AVI-333, cisco-sa-20160927-openssl, cpuapr2017, cpujan2018, cpuoct2017, CVE-2016-2178, DLA-637-1, DSA-3673-1, DSA-3673-2, FEDORA-2016-97454404fe, FEDORA-2016-a555159613, FG-IR-16-047, FG-IR-16-048, FG-IR-17-127, FreeBSD-SA-16:26.openssl, HPESBHF03856, JSA10759, openSUSE-SU-2016:2391-1, openSUSE-SU-2016:2407-1, openSUSE-SU-2016:2496-1, openSUSE-SU-2016:2537-1, openSUSE-SU-2018:0458-1, RHSA-2016:1940-01, RHSA-2017:1548-01, RHSA-2017:1549-01, RHSA-2017:1550-01, RHSA-2017:1551-01, RHSA-2017:1552-01, RHSA-2017:1658-01, RHSA-2017:1659-01, SA132, SA40312, SB10215, SOL53084033, SP-CAAAPUE, SPL-129207, SSA:2016-266-01, SUSE-SU-2016:2387-1, SUSE-SU-2016:2394-1, SUSE-SU-2016:2458-1, SUSE-SU-2016:2468-1, SUSE-SU-2016:2469-1, SUSE-SU-2016:2470-1, SUSE-SU-2016:2470-2, TNS-2016-16, USN-3087-1, USN-3087-2, VIGILANCE-VUL-19820.

Description of the vulnerability

OpenSSL includes an implementation of the DSA algorithm.

The BN_FLG_CONSTTIME flag requires this operation to be performed in constant time, in order to block attacks watching the process. However, the dsa_sign_setup() function of the lib/libssl/src/crypto/dsa/dsa_ossl.c file does not correctly initialize the BN_FLG_CONSTTIME flag.

An attacker can therefore monitor a process performing a DSA signature with OpenSSL, in order to potentially obtain information about the secret key.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about FortiGate: