The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of NetScreen Firewall

vulnerability announce CVE-2016-2105 CVE-2016-2106 CVE-2016-2107

OpenSSL: six vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of OpenSSL.
Impacted products: SDS, SES, SNS, Tomcat, Mac OS X, StormShield, Blue Coat CAS, ProxyAV, ProxySG par Blue Coat, Cisco ASR, Cisco Aironet, Cisco ATA, Cisco AnyConnect Secure Mobility Client, Cisco ACE, ASA, Cisco Catalyst, Cisco Content SMA, Cisco ESA, IOS by Cisco, IOS XE Cisco, IOS XR Cisco, Cisco IPS, IronPort Email, IronPort Encryption, Nexus by Cisco, NX-OS, Cisco Prime Access Registrar, Prime Collaboration Assurance, Cisco Prime DCNM, Prime Infrastructure, Cisco Prime LMS, Cisco PRSM, Cisco Router, Secure ACS, Cisco CUCM, Cisco IP Phone, Cisco MeetingPlace, Cisco Wireless IP Phone, Cisco WSA, Cisco Wireless Controller, XenServer, Debian, Black Diamond, ExtremeXOS, Summit, BIG-IP Hardware, TMOS, Fedora, FileZilla Server, FortiAnalyzer, FortiAnalyzer Virtual Appliance, FortiOS, FreeBSD, Android OS, HP Operations, HP Switch, AIX, IRAD, QRadar SIEM, IBM System x Server, Tivoli Storage Manager, Tivoli Workload Scheduler, WebSphere MQ, Copssh, Juniper J-Series, JUNOS, Junos Space, NSM Central Manager, NSMXpress, MariaDB ~ precise, McAfee NSM, Meinberg NTP Server, MySQL Community, MySQL Enterprise, Data ONTAP, NETASQ, NetScreen Firewall, ScreenOS, OpenBSD, OpenSSL, openSUSE, openSUSE Leap, Oracle Communications, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Oracle iPlanet Web Proxy Server, Oracle iPlanet Web Server, Solaris, VirtualBox, WebLogic, Oracle Web Tier, Palo Alto Firewall PA***, PAN-OS, Percona Server, XtraDB Cluster, pfSense, Pulse Connect Secure, Puppet, Python, RHEL, JBoss EAP by Red Hat, SAS Management Console, Shibboleth SP, Slackware, Splunk Enterprise, stunnel, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Nessus, Ubuntu, WindRiver Linux, VxWorks, WordPress Plugins ~ not comprehensive, X2GoClient.
Severity: 3/4.
Creation date: 03/05/2016.
Identifiers: 1982949, 1985850, 1987779, 1993215, 1995099, 1998797, 2003480, 2003620, 2003673, 9010083, bulletinapr2016, bulletinapr2017, CERTFR-2016-AVI-151, CERTFR-2016-AVI-153, cisco-sa-20160504-openssl, cpuapr2017, cpujul2016, cpujul2017, cpuoct2016, CTX212736, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, CVE-2016-2176, DLA-456-1, DSA-3566-1, FEDORA-2016-05c567df1a, FEDORA-2016-1e39d934ed, FEDORA-2016-e1234b65a2, FG-IR-16-026, FreeBSD-SA-16:17.openssl, HPESBGN03728, HPESBHF03756, HT206903, JSA10759, K23230229, K36488941, K51920288, K75152412, K93600123, MBGSA-1603, MIGR-5099595, MIGR-5099597, NTAP-20160504-0001, openSUSE-SU-2016:1237-1, openSUSE-SU-2016:1238-1, openSUSE-SU-2016:1239-1, openSUSE-SU-2016:1240-1, openSUSE-SU-2016:1241-1, openSUSE-SU-2016:1242-1, openSUSE-SU-2016:1243-1, openSUSE-SU-2016:1273-1, openSUSE-SU-2016:1566-1, openSUSE-SU-2017:0487-1, PAN-SA-2016-0020, PAN-SA-2016-0028, RHSA-2016:0722-01, RHSA-2016:0996-01, RHSA-2016:1137-01, RHSA-2016:1648-01, RHSA-2016:1649-01, RHSA-2016:1650-01, RHSA-2016:2054-01, RHSA-2016:2055-01, RHSA-2016:2056-01, RHSA-2016:2073-01, SA123, SA40202, SB10160, SOL23230229, SOL36488941, SOL51920288, SOL75152412, SP-CAAAPPQ, SPL-119440, SPL-121159, SPL-123095, SSA:2016-124-01, STORM-2016-002, SUSE-SU-2016:1206-1, SUSE-SU-2016:1228-1, SUSE-SU-2016:1231-1, SUSE-SU-2016:1233-1, SUSE-SU-2016:1267-1, SUSE-SU-2016:1290-1, SUSE-SU-2016:1360-1, TNS-2016-10, USN-2959-1, VIGILANCE-VUL-19512, VN-2016-006, VN-2016-007.

Description of the vulnerability

Several vulnerabilities were announced in OpenSSL.

An attacker can act as a Man-in-the-Middle and use the AES CBC algorithm with a server supporting AES-NI, in order to read or write data in the session. This vulnerability was initially fixed in versions 1.0.1o and 1.0.2c, but it was not disclosed at that time. [severity:3/4; CVE-2016-2108]

An attacker can act as a Man-in-the-Middle and use the AES CBC algorithm with a server supporting AES-NI, in order to read or write data in the session. [severity:3/4; CVE-2016-2107]

An attacker can generate a buffer overflow in EVP_EncodeUpdate(), which is mainly used by command line applications, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-2105]

An attacker can generate a buffer overflow in EVP_EncryptUpdate(), which is difficult to reach, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-2106]

An attacker can trigger an excessive memory usage in d2i_CMS_bio(), in order to trigger a denial of service. [severity:2/4; CVE-2016-2109]

An attacker can force a read at an invalid address in applications using X509_NAME_oneline(), in order to trigger a denial of service, or to obtain sensitive information. [severity:2/4; CVE-2016-2176]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce CVE-2016-1268

ScreenOS: denial of service via SSL/TLS

Synthesis of the vulnerability

An attacker can send a malicious SSL/TLS packet to ScreenOS, in order to trigger a denial of service.
Impacted products: NetScreen Firewall, ScreenOS.
Severity: 2/4.
Creation date: 14/04/2016.
Identifiers: CERTFR-2016-AVI-128, CVE-2016-1268, JSA10732, VIGILANCE-VUL-19377.

Description of the vulnerability

The ScreenOS product has a service to manage received SSL/TLS packets.

However, when a malicious packet is received, a fatal error occurs.

An attacker can therefore send a malicious SSL/TLS packet to ScreenOS, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability CVE-2016-0702 CVE-2016-0705 CVE-2016-0797

OpenSSL: seven vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of OpenSSL.
Impacted products: Blue Coat CAS, ProxyAV, ProxySG par Blue Coat, Brocade Network Advisor, Brocade vTM, Cisco ASR, Cisco ATA, Cisco AnyConnect Secure Mobility Client, Cisco ACE, ASA, IOS by Cisco, IOS XE Cisco, Nexus by Cisco, NX-OS, Cisco Prime Access Registrar, Prime Collaboration Assurance, Prime Collaboration Manager, Prime Infrastructure, Cisco Prime LMS, Cisco PRSM, Cisco CUCM, Cisco Unified CCX, Cisco IP Phone, Cisco MeetingPlace, Cisco Wireless IP Phone, Cisco WSA, Cisco Wireless Controller, XenServer, Debian, PowerPath, ExtremeXOS, BIG-IP Hardware, TMOS, Fedora, FileZilla Server, FreeBSD, HP Switch, AIX, IRAD, QRadar SIEM, Tivoli Storage Manager, Tivoli Workload Scheduler, WebSphere MQ, Copssh, Juniper J-Series, JUNOS, Junos Space, Juniper Network Connect, NSM Central Manager, NSMXpress, McAfee Web Gateway, Meinberg NTP Server, Data ONTAP, Snap Creator Framework, NetScreen Firewall, ScreenOS, OpenSSL, openSUSE, openSUSE Leap, Solaris, Palo Alto Firewall PA***, PAN-OS, Pulse Connect Secure, Pulse Secure Client, Pulse Secure SBR, Puppet, RHEL, JBoss EAP by Red Hat, ROX, SAS Add-in for Microsoft Office, SAS Analytics Pro, Base SAS Software, SAS Enterprise BI Server, SAS Enterprise Guide, SAS Grid Manager, SAS Management Console, SAS OLAP Server, SAS SAS/ACCESS, SAS SAS/AF, SAS SAS/CONNECT, SAS SAS/EIS, SAS SAS/ETS, SAS SAS/FSP, SAS SAS/GRAPH, SAS SAS/IML, SAS SAS/OR, SAS SAS/STAT, SAS SAS/Web Report Studio, Slackware, Splunk Enterprise, stunnel, SUSE Linux Enterprise Desktop, SLES, Nessus, Ubuntu, WindRiver Linux, VxWorks, X2GoClient.
Severity: 2/4.
Creation date: 01/03/2016.
Revision date: 07/03/2016.
Identifiers: 000008897, 046178, 046208, 1979498, 1979602, 1987779, 1993210, 2003480, 2003620, 2003673, 7043086, 9010066, 9010067, 9010072, BSA-2016-004, bulletinapr2016, bulletinjan2016, CERTFR-2016-AVI-076, CERTFR-2016-AVI-080, cisco-sa-20160302-openssl, CTX208403, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0798, CVE-2016-0799, CVE-2016-0800, CVE-2016-2842, DSA-3500-1, ESA-2016-080, FEDORA-2016-2802690366, FEDORA-2016-e1234b65a2, FEDORA-2016-e6807b3394, FreeBSD-SA-16:12.openssl, HPESBHF03741, JSA10722, JSA10759, K22334603, K52349521, K93122894, MBGSA-1602, NTAP-20160301-0001, NTAP-20160303-0001, NTAP-20160321-0001, openSUSE-SU-2016:0627-1, openSUSE-SU-2016:0628-1, openSUSE-SU-2016:0637-1, openSUSE-SU-2016:0638-1, openSUSE-SU-2016:0640-1, openSUSE-SU-2016:0720-1, openSUSE-SU-2016:1566-1, openSUSE-SU-2017:1211-1, openSUSE-SU-2017:1212-1, PAN-SA-2016-0020, PAN-SA-2016-0028, PAN-SA-2016-0030, RHSA-2016:0301-01, RHSA-2016:0302-01, RHSA-2016:0303-01, RHSA-2016:0304-01, RHSA-2016:0305-01, RHSA-2016:0306-01, RHSA-2016:0372-01, RHSA-2016:0445-01, RHSA-2016:0446-01, RHSA-2016:0490-01, RHSA-2016:1519-01, RHSA-2016:2073-01, SA117, SA40168, SB10156, SOL22334603, SOL40524634, SOL52349521, SOL79215841, SOL93122894, SSA:2016-062-02, SSA-623229, SUSE-SU-2016:0617-1, SUSE-SU-2016:0620-1, SUSE-SU-2016:0621-1, SUSE-SU-2016:0624-1, SUSE-SU-2016:0631-1, SUSE-SU-2016:0641-1, SUSE-SU-2016:0678-1, TNS-2016-03, USN-2914-1, VIGILANCE-VUL-19060, VN-2016-004, VU#583776.

Description of the vulnerability

Several vulnerabilities were announced in OpenSSL.

An attacker can act as a Man-in-the-Middle on a server supporting SSLv2 and EXPORT ciphers (this configuration is considered as weak since several years), in order to read or write data in the session. [severity:2/4; CVE-2016-0800, VU#583776]

An attacker can force the usage of a freed memory area when OpenSSL processes a DSA private key (this scenario is rare), in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-0705]

An attacker can read a memory fragment via SRP_VBASE_get_by_user, in order to obtain sensitive information. [severity:1/4; CVE-2016-0798]

An attacker can force a NULL pointer to be dereferenced in BN_hex2bn(), in order to trigger a denial of service. [severity:1/4; CVE-2016-0797]

An attacker can use a very large string (size INT_MAX), to generate a memory corruption in the BIO_*printf() functions, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-0799]

An attacker can use cache conflicts on Intel Sandy-Bridge, in order to obtain RSA keys. [severity:1/4; CVE-2016-0702]

An attacker can use a very large string (size INT_MAX), to generate a memory corruption in the internal doapr_outch() function, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-2842]
Complete Vigil@nce bulletin.... (Free trial)

vulnerability alert CVE-2016-0703 CVE-2016-0704

OpenSSL: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of OpenSSL.
Impacted products: Blue Coat CAS, ProxyAV, ProxySG par Blue Coat, Brocade Network Advisor, Brocade vTM, Cisco ASR, Cisco ATA, Cisco AnyConnect Secure Mobility Client, Cisco ACE, ASA, IOS by Cisco, IOS XE Cisco, Nexus by Cisco, NX-OS, Cisco Prime Access Registrar, Prime Collaboration Assurance, Prime Collaboration Manager, Prime Infrastructure, Cisco Prime LMS, Cisco PRSM, Cisco CUCM, Cisco Unified CCX, Cisco IP Phone, Cisco MeetingPlace, Cisco Wireless IP Phone, Cisco WSA, Cisco Wireless Controller, BIG-IP Hardware, TMOS, FreeBSD, HP Switch, IRAD, Copssh, Juniper J-Series, JUNOS, Junos Space, Juniper Network Connect, NSM Central Manager, NSMXpress, Data ONTAP, NetScreen Firewall, ScreenOS, OpenSSL, openSUSE, openSUSE Leap, Solaris, Palo Alto Firewall PA***, PAN-OS, Pulse Connect Secure, Pulse Secure Client, Pulse Secure SBR, RHEL, SUSE Linux Enterprise Desktop, SLES, Nessus, WindRiver Linux, VxWorks.
Severity: 2/4.
Creation date: 01/03/2016.
Identifiers: 046178, 046208, 1979498, 9010067, BSA-2016-004, bulletinapr2016, bulletinjan2016, CERTFR-2016-AVI-076, CERTFR-2016-AVI-080, cisco-sa-20160302-openssl, CVE-2016-0703, CVE-2016-0704, FreeBSD-SA-16:12.openssl, HPESBHF03741, JSA10759, NTAP-20160303-0001, openSUSE-SU-2016:0627-1, openSUSE-SU-2016:0628-1, openSUSE-SU-2016:0638-1, openSUSE-SU-2016:0720-1, PAN-SA-2016-0030, RHSA-2016:0372-01, SA117, SA40168, SOL95463126, SUSE-SU-2016:0617-1, SUSE-SU-2016:0620-1, SUSE-SU-2016:0621-1, SUSE-SU-2016:0624-1, SUSE-SU-2016:0631-1, SUSE-SU-2016:0641-1, SUSE-SU-2016:0678-1, TNS-2016-03, VIGILANCE-VUL-19061.

Description of the vulnerability

Several vulnerabilities were announced in OpenSSL.

The 2_srvr.c file did not enforce that clear-key-length is zero for non-export ciphers, so an attacker can act as a Man-in-the-Middle on SSLv2, in order to read or write data in the session. [severity:2/4; CVE-2016-0703]

The 2_srvr.c file overwrite some byte dur the Bleichenbacher protection, so an attacker can act as a Man-in-the-Middle on SSLv2, in order to read or write data in the session. [severity:2/4; CVE-2016-0704]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce CVE-2015-3197

OpenSSL: using disabled SSLv2 ciphers

Synthesis of the vulnerability

An attacker can connect to a SSLv2 server with disabled ciphers in OpenSSL, in order to create a TLS session which is not secure.
Impacted products: Blue Coat CAS, ProxyAV, ProxySG par Blue Coat, SGOS by Blue Coat, Brocade Network Advisor, Brocade vTM, ASA, AsyncOS, Cisco ESA, Cisco IPS, Nexus by Cisco, NX-OS, Cisco CUCM, Cisco Manager Attendant Console, Cisco IP Phone, Black Diamond, ExtremeXOS, Ridgeline, Summit, BIG-IP Hardware, TMOS, Fedora, FreeBSD, HP Switch, AIX, Tivoli Storage Manager, Copssh, Juniper J-Series, JUNOS, Junos Space, NSM Central Manager, NSMXpress, McAfee Email Gateway, Data ONTAP, NetScreen Firewall, ScreenOS, OpenSSL, openSUSE, openSUSE Leap, Oracle Communications, Solaris, Puppet, RHEL, JBoss EAP by Red Hat, Slackware, stunnel, SUSE Linux Enterprise Desktop, SLES, VxWorks, X2GoClient.
Severity: 1/4.
Creation date: 28/01/2016.
Identifiers: 2003480, 2003620, 2003673, 9010060, BSA-2016-004, bulletinjan2016, c05390893, CERTFR-2016-AVI-041, cisco-sa-20160129-openssl, cpuoct2016, CVE-2015-3197, FEDORA-2016-527018d2ff, FEDORA-2016-e1234b65a2, FreeBSD-SA-16:11.openssl, HPESBHF03703, JSA10759, NTAP-20160201-0001, openSUSE-SU-2016:0362-1, openSUSE-SU-2016:0442-1, openSUSE-SU-2016:0627-1, openSUSE-SU-2016:0628-1, openSUSE-SU-2016:0637-1, openSUSE-SU-2016:0638-1, openSUSE-SU-2016:0640-1, openSUSE-SU-2016:0720-1, RHSA-2016:0372-01, RHSA-2016:0445-01, RHSA-2016:0446-01, RHSA-2016:0490-01, SA111, SB10203, SOL33209124, SOL64009378, SSA:2016-034-03, SUSE-SU-2016:0617-1, SUSE-SU-2016:0620-1, SUSE-SU-2016:0621-1, SUSE-SU-2016:0624-1, SUSE-SU-2016:0631-1, SUSE-SU-2016:0641-1, SUSE-SU-2016:0678-1, VIGILANCE-VUL-18837, VN-2016-002.

Description of the vulnerability

The OpenSSL library disables by default SSLv2, excepted if the SSL_OP_NO_SSLv2 option is used.

SSLv2 cipher algorithms can be disabled on the server. However, a malicious client can still use these algorithms.

An attacker can therefore connect to a SSLv2 server with disabled ciphers in OpenSSL, in order to create a TLS session which is not secure.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert CVE-2016-0701

OpenSSL: obtaining private exponent via DH Small Subgroups

Synthesis of the vulnerability

In some special configurations, an attacker can find the private DH exponent of the OpenSSL peer, in order to decrypt other sessions.
Impacted products: Blue Coat CAS, ProxyAV, ProxySG par Blue Coat, SGOS by Blue Coat, FabricOS, Brocade Network Advisor, Brocade vTM, ASA, AsyncOS, Cisco ESA, Cisco IPS, Nexus by Cisco, NX-OS, Cisco CUCM, Cisco Manager Attendant Console, Cisco IP Phone, Black Diamond, ExtremeXOS, Ridgeline, Summit, BIG-IP Hardware, TMOS, Fedora, HP Switch, Tivoli Storage Manager, Tivoli Workload Scheduler, Copssh, Juniper J-Series, JUNOS, Junos Space, NSM Central Manager, NSMXpress, Data ONTAP, NetScreen Firewall, ScreenOS, OpenSSL, openSUSE, Puppet, stunnel, Ubuntu, VxWorks.
Severity: 2/4.
Creation date: 28/01/2016.
Identifiers: 1979602, 2003480, 2003620, 2003673, 9010060, BSA-2016-005, c05390893, CERTFR-2016-AVI-041, cisco-sa-20160129-openssl, CVE-2016-0701, FEDORA-2016-527018d2ff, HPESBHF03703, JSA10759, NTAP-20160201-0001, openSUSE-SU-2016:0637-1, SA111, SOL33209124, SOL64009378, USN-2883-1, VIGILANCE-VUL-18836, VN-2016-002, VU#257823.

Description of the vulnerability

Since version 1.0.2, the OpenSSL library can generate DH unsafe parameters of style X9.42 (subgroup size "q"), to support the RFC 5114.

In this case, an attacker can find the private DH exponent of the peer, if the DH key is reused. The DH key is reused in the following cases:
 - SSL_CTX_set_tmp_dh() or SSL_set_tmp_dh() is used without the option SSL_OP_SINGLE_DH_USE set, which is rare.
 - SSL_CTX_set_tmp_dh_callback() or SSL_set_tmp_dh_callback() is used in an undocumented mode.
 - Static DH ciphersuites are used.

In some special configurations, an attacker can therefore find the private DH exponent of the OpenSSL peer, in order to decrypt other sessions.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce CVE-2015-7755

ScreenOS: system access via SSH/Telnet

Synthesis of the vulnerability

An attacker can log in via SSH/Telnet, and authenticate as the "system" user, in order to obtain a full access to the system.
Impacted products: NetScreen Firewall, ScreenOS.
Severity: 4/4.
Creation date: 17/12/2015.
Revision date: 21/12/2015.
Identifiers: CERTFR-2015-ALE-014, CERTFR-2015-AVI-550, CERTFR-2016-AVI-117, CVE-2015-7755, JSA10713, VIGILANCE-VUL-18557, VU#640184.

Description of the vulnerability

The ScreenOS product can be administered via SSH/Telnet.

However, during a code audit, a backdoor was found in some versions of ScreenOS. It can be used to remotely authenticate as the "system" user.

An attacker can therefore log in via SSH/Telnet, and authenticate as the "system" user, in order to obtain a full access to the system.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce CVE-2015-7756

ScreenOS: decrypting a VPN session

Synthesis of the vulnerability

An attacker can decrypt the VPN traffic of ScreenOS, in order to obtain sensitive information.
Impacted products: NetScreen Firewall, ScreenOS.
Severity: 4/4.
Creation date: 21/12/2015.
Identifiers: CERTFR-2015-ALE-014, CERTFR-2015-AVI-550, CERTFR-2016-AVI-117, CVE-2015-7756, JSA10713, VIGILANCE-VUL-18572, VU#640184.

Description of the vulnerability

The ScreenOS product can be used to create VPN tunnels.

However, during a code audit, a backdoor was found in some versions of ScreenOS. It can be used to decrypt data of a captured VPN session.

An attacker can therefore decrypt the VPN traffic of ScreenOS, in order to obtain sensitive information.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert CVE-2015-7754

ScreenOS: memory corruption via SSH

Synthesis of the vulnerability

An attacker can send a malicious SSH packet to ScreenOS, in order to trigger a denial of service, and possibly to run code.
Impacted products: NetScreen Firewall, ScreenOS.
Severity: 4/4.
Creation date: 17/12/2015.
Identifiers: CERTFR-2015-AVI-550, CVE-2015-7754, JSA10712, VIGILANCE-VUL-18556.

Description of the vulnerability

The ScreenOS product has a service to manage received SSH packets.

However, if ssh-pka is enabled, when a malicious packet is received, a fatal error occurs.

An attacker can therefore send a malicious SSH packet to ScreenOS, in order to trigger a denial of service, and possibly to run code.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin CVE-2015-1794

OpenSSL: denial of service via ServerKeyExchange

Synthesis of the vulnerability

An attacker can send a malicious ServerKeyExchange message to a client compiled with OpenSSL, in order to trigger a denial of service.
Impacted products: Tomcat, Cisco ASR, Cisco ATA, Cisco AnyConnect Secure Mobility Client, ASA, AsyncOS, Cisco Content SMA, Cisco ESA, Nexus by Cisco, NX-OS, Cisco Prime Access Registrar, Prime Collaboration Assurance, Cisco Prime DCNM, Prime Infrastructure, Cisco PRSM, Secure ACS, Cisco CUCM, Cisco MeetingPlace, Cisco WSA, Cisco Wireless Controller, HP Switch, IRAD, Tivoli Storage Manager, Juniper J-Series, JUNOS, Junos Space, NSM Central Manager, NSMXpress, Data ONTAP, NetScreen Firewall, ScreenOS, OpenSSL, openSUSE, Palo Alto Firewall PA***, PAN-OS, Puppet, Slackware, Ubuntu.
Severity: 2/4.
Creation date: 04/12/2015.
Identifiers: 1972951, 2003480, 2003620, 2003673, 9010051, c05398322, cisco-sa-20151204-openssl, CVE-2015-1794, HPESBHF03709, JSA10759, NTAP-20151207-0001, openSUSE-SU-2016:0637-1, PAN-SA-2016-0020, PAN-SA-2016-0028, SSA:2015-349-04, USN-2830-1, VIGILANCE-VUL-18443.

Description of the vulnerability

The OpenSSL library implements TLS with the anonymous DH ciphersuite.

However, if the TLS server sends a ServerKeyExchange message with a value of p parameter set to zero, a fatal error occurs in the client linked to OpenSSL.

An attacker can therefore send a malicious ServerKeyExchange message to a client compiled with OpenSSL, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.