The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Network Appliance Data ONTAP 7-Mode

vulnerability bulletin CVE-2016-7053 CVE-2016-7054 CVE-2016-7055

OpenSSL 1.1: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of OpenSSL 1.1.
Impacted products: Cisco ASR, Cisco Aironet, Cisco ATA, Cisco AnyConnect Secure Mobility Client, ASA, AsyncOS, Cisco ESA, IOS by Cisco, IOS XR Cisco, Nexus by Cisco, NX-OS, Cisco Prime LMS, Cisco Router, Secure ACS, Cisco CUCM, Cisco Unified CCX, Cisco IP Phone, Cisco MeetingPlace, Cisco Wireless IP Phone, Cisco Wireless Controller, NetWorker, VNX Operating Environment, VNX Series, FortiAnalyzer, FortiAnalyzer Virtual Appliance, FortiOS, IRAD, Tivoli Storage Manager, Junos OS, Juniper Network Connect, NSM Central Manager, NSMXpress, SRX-Series, MySQL Community, MySQL Enterprise, Data ONTAP 7-Mode, OpenSSL, openSUSE Leap, Oracle Communications, Oracle Directory Server, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle Identity Management, Oracle iPlanet Web Server, Oracle OIT, Solaris, Tuxedo, WebLogic, Oracle Web Tier, Percona Server, pfSense, Pulse Connect Secure, Pulse Secure Client.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 3.
Creation date: 10/11/2016.
Revision date: 13/12/2016.
Identifiers: 2004036, 2004940, 2011567, 492284, 492616, bulletinapr2017, CERTFR-2018-AVI-343, cisco-sa-20161114-openssl, cpuapr2019, cpujan2018, cpujul2017, CVE-2016-7053, CVE-2016-7054, CVE-2016-7055, ESA-2016-148, ESA-2016-149, FG-IR-17-019, JSA10775, NTAP-20170127-0001, NTAP-20170310-0002, NTAP-20180201-0001, openSUSE-SU-2017:0527-1, openSUSE-SU-2017:0941-1, openSUSE-SU-2018:0458-1, SA40423, VIGILANCE-VUL-21093.

Description of the vulnerability

Several vulnerabilities were announced in OpenSSL 1.1.

An attacker can generate a buffer overflow via ChaCha20/Poly1305, in order to trigger a denial of service. [severity:2/4; CVE-2016-7054]

An attacker can force a NULL pointer to be dereferenced via CMS Structures, in order to trigger a denial of service. [severity:2/4; CVE-2016-7053]

An error occurs in the Broadwell-specific Montgomery Multiplication Procedure, but with no apparent impact. [severity:1/4; CVE-2016-7055]
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2016-7426 CVE-2016-7427 CVE-2016-7428

NTP.org: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of NTP.org.
Impacted products: Blue Coat CAS, Cisco ASR, Cisco Catalyst, IOS by Cisco, IOS XE Cisco, IOS XR Cisco, Nexus by Cisco, NX-OS, Prime Collaboration Assurance, Cisco Prime DCNM, Prime Infrastructure, Cisco Prime LMS, Cisco Router, Secure ACS, Cisco CUCM, Cisco Unified CCX, Cisco MeetingPlace, Cisco Unity ~ precise, BIG-IP Hardware, TMOS, Fedora, FreeBSD, HP Switch, HP-UX, AIX, Security Directory Server, Juniper J-Series, Junos OS, Junos Space, Meinberg NTP Server, Data ONTAP 7-Mode, NTP.org, openSUSE Leap, Solaris, pfSense, RHEL, Slackware, Synology DSM, Synology DS***, Synology RS***, Ubuntu.
Severity: 2/4.
Consequences: data reading, denial of service on service, denial of service on client.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 10.
Creation date: 21/11/2016.
Identifiers: 2009389, bulletinoct2016, CERTFR-2017-AVI-090, cisco-sa-20161123-ntpd, CVE-2016-7426, CVE-2016-7427, CVE-2016-7428, CVE-2016-7429, CVE-2016-7431, CVE-2016-7433, CVE-2016-7434, CVE-2016-9310, CVE-2016-9311, CVE-2016-9312, FEDORA-2016-7209ab4e02, FEDORA-2016-c198d15316, FEDORA-2016-e8a8561ee7, FreeBSD-SA-16:39.ntp, HPESBHF03883, HPESBUX03706, HPESBUX03885, JSA10776, JSA10796, K51444934, K55405388, K87922456, MBGSA-1605, NTAP-20170127-0001, NTAP-20170310-0002, NTAP-20180201-0001, openSUSE-SU-2016:3280-1, pfSense-SA-17_03.webgui, RHSA-2017:0252-01, SA139, SSA:2016-326-01, TALOS-2016-0130, TALOS-2016-0131, TALOS-2016-0203, TALOS-2016-0204, USN-3349-1, VIGILANCE-VUL-21170, VU#633847.

Description of the vulnerability

Several vulnerabilities were announced in NTP.org.

An attacker can force an assertion error, in order to trigger a denial of service. [severity:2/4; CVE-2016-9311, TALOS-2016-0204]

An attacker can bypass security features via Mode 6, in order to obtain sensitive information. [severity:2/4; CVE-2016-9310, TALOS-2016-0203]

An attacker can trigger a fatal error via Broadcast Mode Replay, in order to trigger a denial of service. [severity:2/4; CVE-2016-7427, TALOS-2016-0131]

An attacker can trigger a fatal error via Broadcast Mode Poll Interval, in order to trigger a denial of service. [severity:2/4; CVE-2016-7428, TALOS-2016-0130]

An attacker can send malicious UDP packets, in order to trigger a denial of service on Windows. [severity:2/4; CVE-2016-9312]

An unknown vulnerability was announced via Zero Origin Timestamp. [severity:2/4; CVE-2016-7431]

An attacker can force a NULL pointer to be dereferenced via _IO_str_init_static_internal(), in order to trigger a denial of service. [severity:2/4; CVE-2016-7434]

An unknown vulnerability was announced via Interface selection. [severity:2/4; CVE-2016-7429]

An attacker can trigger a fatal error via Client Rate Limiting, in order to trigger a denial of service. [severity:2/4; CVE-2016-7426]

An unknown vulnerability was announced via Reboot Sync. [severity:2/4; CVE-2016-7433]
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2016-8864

ISC BIND: assertion error via DNAME

Synthesis of the vulnerability

An attacker can force an assertion error via DNAME of ISC BIND, in order to trigger a denial of service.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, FreeBSD, HP-UX, AIX, BIND, Juniper J-Series, Junos OS, SRX-Series, Data ONTAP 7-Mode, openSUSE, openSUSE Leap, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: internet server.
Creation date: 02/11/2016.
Identifiers: bulletinjul2018, bulletinoct2016, c05381687, CERTFR-2017-AVI-111, CVE-2016-8864, DLA-696-1, DSA-3703-1, FEDORA-2016-605fd98c32, FEDORA-2016-8e39076950, FEDORA-2016-9417b4c1dc, FEDORA-2016-e38196b52a, FreeBSD-SA-16:34.bind, HPESBUX03699, JSA10785, K35322517, NTAP-20180926-0001, NTAP-20180926-0002, NTAP-20180926-0003, NTAP-20180926-0004, NTAP-20180926-0005, NTAP-20180927-0001, openSUSE-SU-2016:2738-1, openSUSE-SU-2016:2739-1, RHSA-2016:2141-01, RHSA-2016:2142-01, RHSA-2016:2615-01, RHSA-2016:2871-01, RHSA-2017:1583-01, SOL35322517, SSA:2016-308-02, SSRT110304, SUSE-SU-2016:2696-1, SUSE-SU-2016:2697-1, SUSE-SU-2016:2706-1, VIGILANCE-VUL-20991.

Description of the vulnerability

The ISC BIND product can be configured in recursive mode.

However, if a DNS reply contains a special DNAME entry, an assertion error occurs because developers did not except this case, which stops the process.

An attacker can therefore force an assertion error via DNAME of ISC BIND, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2016-2848

BIND: assertion error via Options

Synthesis of the vulnerability

An attacker can force an assertion error via DNS Options of BIND, in order to trigger a denial of service.
Impacted products: Debian, AIX, BIND, Data ONTAP 7-Mode, RHEL, Ubuntu.
Severity: 3/4.
Consequences: denial of service on service.
Provenance: internet client.
Creation date: 21/10/2016.
Identifiers: CVE-2016-2848, DLA-672-1, NTAP-20180926-0001, NTAP-20180926-0002, NTAP-20180926-0003, NTAP-20180926-0004, NTAP-20180926-0005, NTAP-20180927-0001, RHSA-2016:2093-01, RHSA-2016:2094-01, RHSA-2016:2099-01, USN-3108-1, VIGILANCE-VUL-20928.

Description of the vulnerability

The BIND product implements a DNS service.

However, if the Options section is malformed, an assertion error occurs because developers did not except this case, which stops the process.

An attacker can therefore force an assertion error via DNS Options of BIND, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2016-8858

OpenSSH: denial of service via kex_input_kexinit

Synthesis of the vulnerability

An unauthenticated attacker can send some SSH messages to OpenSSH, in order to trigger a denial of service.
Impacted products: ProxySG par Blue Coat, SGOS by Blue Coat, FreeBSD, AIX, Juniper J-Series, Junos OS, SRX-Series, Data ONTAP 7-Mode, OpenBSD, OpenSSH, openSUSE Leap, Solaris, pfSense.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: internet client.
Creation date: 11/10/2016.
Identifiers: bulletinoct2016, CVE-2016-8858, FreeBSD-SA-16:33.openssh, JSA10837, NTAP-20170127-0001, NTAP-20170310-0002, NTAP-20180201-0001, openSUSE-SU-2017:0344-1, openSUSE-SU-2017:0674-1, pfSense-SA-17_03.webgui, SA136, VIGILANCE-VUL-20819.

Description of the vulnerability

The OpenSSH product uses the kex_input_kexinit() function during the initialization of the key exchange.

However, the ssh_dispatch_set() function is not called, which leads to the consumption of memory and CPU.

An unauthenticated attacker can therefore send some SSH messages to OpenSSH, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2016-2183 CVE-2016-6329

Blowfish, Triple-DES: algorithms too weak, SWEET32

Synthesis of the vulnerability

An attacker can create a TLS/VPN session with a Blowfish/Triple-DES algorithm, and perform a two days attack, in order to decrypt data.
Impacted products: Avaya Ethernet Routing Switch, Blue Coat CAS, ProxySG par Blue Coat, SGOS by Blue Coat, Cisco ASR, Cisco Aironet, Cisco ATA, Cisco AnyConnect Secure Mobility Client, Cisco ACE, ASA, AsyncOS, Cisco Catalyst, Cisco Content SMA, Cisco ESA, IOS by Cisco, IOS XE Cisco, IOS XR Cisco, Cisco IPS, Nexus by Cisco, NX-OS, Cisco Prime Access Registrar, Prime Collaboration Assurance, Cisco Prime DCNM, Prime Infrastructure, Cisco Prime LMS, Cisco Router, Secure ACS, Cisco CUCM, Cisco Manager Attendant Console, Cisco Unified CCX, Cisco IP Phone, Cisco MeetingPlace, Cisco Wireless IP Phone, Cisco WSA, Cisco Wireless Controller, Debian, Avamar, VNX Operating Environment, VNX Series, Black Diamond, ExtremeXOS, Summit, BIG-IP Hardware, TMOS, Fedora, FileZilla Server, FortiAnalyzer, FortiAnalyzer Virtual Appliance, FortiGate, FortiGate Virtual Appliance, FortiOS, FreeRADIUS, hMailServer, HPE BSM, LoadRunner, HP Operations, Performance Center, Real User Monitoring, SiteScope, HP Switch, HP-UX, AIX, DB2 UDB, Informix Server, IRAD, Security Directory Server, Tivoli Directory Server, Tivoli Storage Manager, Tivoli System Automation, WebSphere MQ, Junos Space, McAfee Email Gateway, ePO, Data ONTAP 7-Mode, Snap Creator Framework, Nodejs Core, OpenSSL, openSUSE, openSUSE Leap, Oracle Communications, Oracle DB, Oracle Directory Server, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Oracle iPlanet Web Server, Oracle OIT, Solaris, Tuxedo, Oracle Virtual Directory, WebLogic, Oracle Web Tier, SSL protocol, Pulse Connect Secure, Pulse Secure Client, Pulse Secure SBR, RHEL, JBoss EAP by Red Hat, SAS Add-in for Microsoft Office, SAS Analytics Pro, Base SAS Software, SAS Enterprise BI Server, SAS Enterprise Guide, SAS Management Console, SAS OLAP Server, SAS SAS/ACCESS, SAS SAS/AF, SAS SAS/CONNECT, SAS SAS/EIS, SAS SAS/ETS, SAS SAS/FSP, SAS SAS/GRAPH, SAS SAS/IML, SAS SAS/OR, SAS SAS/STAT, SAS SAS/Web Report Studio, SIMATIC, Slackware, Splunk Enterprise, stunnel, SUSE Linux Enterprise Desktop, SLES, Synology DS***, Synology RS***, Nessus, Ubuntu, WinSCP.
Severity: 1/4.
Consequences: data reading.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 25/08/2016.
Identifiers: 1610582, 1991866, 1991867, 1991870, 1991871, 1991875, 1991876, 1991878, 1991880, 1991882, 1991884, 1991885, 1991886, 1991887, 1991889, 1991892, 1991894, 1991896, 1991902, 1991903, 1991951, 1991955, 1991959, 1991960, 1991961, 1992681, 1993777, 1994375, 1995099, 1995922, 1998797, 1999054, 1999421, 2000209, 2000212, 2000370, 2000544, 2001608, 2002021, 2002335, 2002336, 2002479, 2002537, 2002870, 2002897, 2002991, 2003145, 2003480, 2003620, 2003673, 2004036, 2008828, 523628, 9010102, bulletinapr2017, c05349499, c05369403, c05369415, c05390849, CERTFR-2017-AVI-012, CERTFR-2019-AVI-049, CERTFR-2019-AVI-311, cisco-sa-20160927-openssl, cpuapr2017, cpujan2018, cpujul2017, cpujul2019, cpuoct2017, CVE-2016-2183, CVE-2016-6329, DSA-2018-124, DSA-2019-131, DSA-3673-1, DSA-3673-2, FEDORA-2016-7810e24465, FEDORA-2016-dc2cb4ad6b, FG-IR-16-047, FG-IR-16-048, FG-IR-17-127, FG-IR-17-173, HPESBGN03697, HPESBGN03765, HPESBUX03725, HPSBGN03690, HPSBGN03694, HPSBHF03674, ibm10718843, java_jan2017_advisory, JSA10770, KM03060544, NTAP-20160915-0001, openSUSE-SU-2016:2199-1, openSUSE-SU-2016:2391-1, openSUSE-SU-2016:2407-1, openSUSE-SU-2016:2496-1, openSUSE-SU-2016:2537-1, openSUSE-SU-2017:1638-1, openSUSE-SU-2018:0458-1, RHSA-2017:0336-01, RHSA-2017:0337-01, RHSA-2017:0338-01, RHSA-2017:3113-01, RHSA-2017:3114-01, RHSA-2017:3239-01, RHSA-2017:3240-01, RHSA-2018:2123-01, SA133, SA40312, SB10171, SB10186, SB10197, SB10215, SOL13167034, SP-CAAAPUE, SPL-129207, SSA:2016-266-01, SSA:2016-363-01, SSA-556833, SUSE-SU-2016:2387-1, SUSE-SU-2016:2394-1, SUSE-SU-2016:2458-1, SUSE-SU-2016:2468-1, SUSE-SU-2016:2469-1, SUSE-SU-2016:2470-1, SUSE-SU-2016:2470-2, SUSE-SU-2017:1444-1, SUSE-SU-2017:2838-1, SUSE-SU-2017:3177-1, SWEET32, TNS-2016-16, USN-3087-1, USN-3087-2, USN-3270-1, USN-3339-1, USN-3339-2, USN-3372-1, VIGILANCE-VUL-20473.

Description of the vulnerability

The Blowfish and Triple-DES symetric encryption algorithms use 64 bit blocks.

However, if they are used in CBC mode, a collision occurs after 785 GB transferred, and it is then possible to decrypt blocks with an attack lasting two days.

An attacker can therefore create a TLS/VPN session with a Blowfish/Triple-DES algorithm, and perform a two days attack, in order to decrypt data.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2016-6515

OpenSSH: denial of service via crypt

Synthesis of the vulnerability

An attacker can send a long password, which is hashed by crypt() via OpenSSH, in order to trigger a denial of service.
Impacted products: ProxySG par Blue Coat, SGOS by Blue Coat, Brocade vTM, Debian, BIG-IP Hardware, TMOS, Fedora, FreeBSD, AIX, IBM System x Server, Juniper EX-Series, Juniper J-Series, Junos OS, Junos Space, SRX-Series, McAfee Email Gateway, Data ONTAP 7-Mode, OpenSSH, openSUSE Leap, RHEL, Ubuntu.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: internet client.
Creation date: 01/08/2016.
Identifiers: BSA-2016-204, BSA-2016-207, BSA-2016-210, BSA-2016-211, BSA-2016-212, BSA-2016-213, BSA-2016-216, BSA-2017-247, CERTFR-2017-AVI-012, CERTFR-2019-AVI-325, CVE-2016-6515, DLA-1500-1, DLA-1500-2, DLA-594-1, FEDORA-2016-4a3debc3a6, FreeBSD-SA-17:06.openssh, JSA10770, JSA10940, K31510510, MIGR-5099595, MIGR-5099597, NTAP-20171130-0003, openSUSE-SU-2016:2339-1, RHSA-2017:2029-01, SA136, SOL31510510, SSA-181018, USN-3061-1, VIGILANCE-VUL-20279.

Description of the vulnerability

The OpenSSH product uses the crypt() function to hash passwords provided by users.

However, if the sent password is too long, the crypt() function consumes numerous resources.

An attacker can therefore send a long password, which is hashed by crypt() via OpenSSH, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2016-6210

OpenSSH: user detection via BLOWFISH

Synthesis of the vulnerability

An attacker can use a long password on OpenSSH, in order to detect if a login name is valid.
Impacted products: ProxySG par Blue Coat, SGOS by Blue Coat, Debian, BIG-IP Hardware, TMOS, Fedora, AIX, Juniper EX-Series, Juniper J-Series, Junos OS, SRX-Series, Data ONTAP 7-Mode, OpenSSH, openSUSE Leap, Solaris, RHEL, Slackware, Ubuntu.
Severity: 1/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 18/07/2016.
Identifiers: bulletinoct2016, CERTFR-2016-AVI-279, CERTFR-2019-AVI-325, CVE-2016-6210, DLA-578-1, DSA-3626-1, FEDORA-2016-16e8d38f57, FEDORA-2016-341c83dbd3, FEDORA-2016-7440fa5ce2, JSA10940, K14845276, NTAP-20190206-0001, openSUSE-SU-2016:2339-1, RHSA-2017:2029-01, RHSA-2017:2563-01, SA136, SSA:2016-219-03, USN-3061-1, VIGILANCE-VUL-20133.

Description of the vulnerability

The OpenSSH product uses a workaround, so authentication trials with an invalid login last as long as a normal authentication. In order to do so, a fake password entry is created, with a hash based on the BLOWFISH algorithm.

However, BLOWFISH is faster than SHA256/SHA512 usually used. If the password to hash is long, the time difference can be measured.

An attacker can therefore use a long password on OpenSSH, in order to detect if a login name is valid.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2016-4953 CVE-2016-4954 CVE-2016-4955

NTP.org: five vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of NTP.org.
Impacted products: Cisco ACE, ASA, Cisco Catalyst, IOS by Cisco, IOS XE Cisco, IOS XR Cisco, Cisco IPS, IronPort Encryption, Nexus by Cisco, NX-OS, Prime Collaboration Assurance, Prime Infrastructure, Cisco Prime LMS, Cisco PRSM, Cisco Router, Secure ACS, Cisco CUCM, Cisco MeetingPlace, BIG-IP Hardware, TMOS, Fedora, FreeBSD, HP Switch, AIX, Meinberg NTP Server, Data ONTAP 7-Mode, NTP.org, openSUSE, openSUSE Leap, Solaris, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Ubuntu, VxWorks.
Severity: 3/4.
Consequences: denial of service on service.
Provenance: internet server.
Number of vulnerabilities in this bulletin: 5.
Creation date: 03/06/2016.
Identifiers: 9010095, bulletinapr2016, CERTFR-2016-AVI-209, cisco-sa-20160603-ntpd, CVE-2016-4953, CVE-2016-4954, CVE-2016-4955, CVE-2016-4956, CVE-2016-4957, FEDORA-2016-89e0874533, FEDORA-2016-c3bd6a3496, FreeBSD-SA-16:24.ntp, hpesbhf03757, ICSA-16-175-03, K03331206, K64505405, K82644737, NTAP-20160722-0001, openSUSE-SU-2016:1583-1, openSUSE-SU-2016:1636-1, SOL03331206, SSA:2016-155-01, SUSE-SU-2016:1563-1, SUSE-SU-2016:1568-1, SUSE-SU-2016:1584-1, SUSE-SU-2016:1602-1, SUSE-SU-2016:1912-1, SUSE-SU-2016:2094-1, USN-3096-1, VIGILANCE-VUL-19790, VU#321640.

Description of the vulnerability

Several vulnerabilities were announced in NTP.org.

An attacker can force ntpd to use "interleaved" mode, in order to trigger a denial of service. [severity:1/4; CVE-2016-4956, VU#321640]

An attacker can send a spoofed CRYPTO_NAK packet, in order to trigger a denial of service. [severity:1/4; CVE-2016-4955, VU#321640]

An attacker can send spoofed packets, in order to partially corrupt the state ot the target server. [severity:1/4; CVE-2016-4954, VU#321640]

An attacker can send a malicious CRYPTO-NAK packet, in order to invalidate the cryptographic protection layer. [severity:1/4; CVE-2016-4953, VU#321640]

An attacker can send a malicious CRYPTO-NAK packet, the validity of which is wrongly checked, in order to trigger a denial of service. [severity:3/4; CVE-2016-4957, VU#321640]
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2016-2105 CVE-2016-2106 CVE-2016-2107

OpenSSL: six vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of OpenSSL.
Impacted products: SDS, SES, SNS, Tomcat, Mac OS X, StormShield, Blue Coat CAS, ProxyAV, ProxySG par Blue Coat, Cisco ASR, Cisco Aironet, Cisco ATA, Cisco AnyConnect Secure Mobility Client, Cisco ACE, ASA, Cisco Catalyst, Cisco Content SMA, Cisco ESA, IOS by Cisco, IOS XE Cisco, IOS XR Cisco, Cisco IPS, IronPort Email, IronPort Encryption, Nexus by Cisco, NX-OS, Cisco Prime Access Registrar, Prime Collaboration Assurance, Cisco Prime DCNM, Prime Infrastructure, Cisco Prime LMS, Cisco PRSM, Cisco Router, Secure ACS, Cisco CUCM, Cisco IP Phone, Cisco MeetingPlace, Cisco Wireless IP Phone, Cisco WSA, Cisco Wireless Controller, XenServer, Debian, PowerPath, Black Diamond, ExtremeXOS, Summit, BIG-IP Hardware, TMOS, Fedora, FileZilla Server, FortiAnalyzer, FortiAnalyzer Virtual Appliance, FortiOS, FreeBSD, Android OS, HP Operations, HP Switch, AIX, IRAD, QRadar SIEM, IBM System x Server, Tivoli Storage Manager, Tivoli Workload Scheduler, WebSphere MQ, Juniper J-Series, Junos OS, Junos Space, NSM Central Manager, NSMXpress, MariaDB ~ precise, McAfee NSM, Meinberg NTP Server, MySQL Community, MySQL Enterprise, Data ONTAP 7-Mode, NETASQ, NetScreen Firewall, ScreenOS, Nodejs Core, OpenBSD, OpenSSL, openSUSE, openSUSE Leap, Oracle Communications, Oracle Directory Server, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Oracle iPlanet Web Proxy Server, Oracle iPlanet Web Server, Solaris, Tuxedo, VirtualBox, WebLogic, Oracle Web Tier, Palo Alto Firewall PA***, PAN-OS, Percona Server, pfSense, Pulse Connect Secure, Puppet, Python, RHEL, JBoss EAP by Red Hat, SAS Management Console, Shibboleth SP, Slackware, Splunk Enterprise, stunnel, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Nessus, Ubuntu, VxWorks, X2GoClient.
Severity: 3/4.
Consequences: user access/rights, data reading, data creation/edition, denial of service on service, denial of service on client.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 6.
Creation date: 03/05/2016.
Identifiers: 1982949, 1985850, 1987779, 1993215, 1995099, 1998797, 2003480, 2003620, 2003673, 510853, 9010083, bulletinapr2016, bulletinapr2017, CERTFR-2016-AVI-151, CERTFR-2016-AVI-153, CERTFR-2018-AVI-160, cisco-sa-20160504-openssl, cpuapr2017, cpujan2018, cpujul2016, cpujul2017, cpujul2018, cpuoct2016, cpuoct2017, cpuoct2018, CTX212736, CTX233832, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, CVE-2016-2176, DLA-456-1, DSA-3566-1, ESA-2017-142, FEDORA-2016-05c567df1a, FEDORA-2016-1e39d934ed, FEDORA-2016-e1234b65a2, FG-IR-16-026, FreeBSD-SA-16:17.openssl, HPESBGN03728, HPESBHF03756, HT206903, JSA10759, K23230229, K36488941, K51920288, K75152412, K93600123, MBGSA-1603, MIGR-5099595, MIGR-5099597, NTAP-20160504-0001, openSUSE-SU-2016:1237-1, openSUSE-SU-2016:1238-1, openSUSE-SU-2016:1239-1, openSUSE-SU-2016:1240-1, openSUSE-SU-2016:1241-1, openSUSE-SU-2016:1242-1, openSUSE-SU-2016:1243-1, openSUSE-SU-2016:1273-1, openSUSE-SU-2016:1566-1, openSUSE-SU-2017:0487-1, PAN-SA-2016-0020, PAN-SA-2016-0028, RHSA-2016:0722-01, RHSA-2016:0996-01, RHSA-2016:1137-01, RHSA-2016:1648-01, RHSA-2016:1649-01, RHSA-2016:1650-01, RHSA-2016:2054-01, RHSA-2016:2055-01, RHSA-2016:2056-01, RHSA-2016:2073-01, SA123, SA40202, SB10160, SOL23230229, SOL36488941, SOL51920288, SOL75152412, SP-CAAAPPQ, SPL-119440, SPL-121159, SPL-123095, SSA:2016-124-01, STORM-2016-002, SUSE-SU-2016:1206-1, SUSE-SU-2016:1228-1, SUSE-SU-2016:1231-1, SUSE-SU-2016:1233-1, SUSE-SU-2016:1267-1, SUSE-SU-2016:1290-1, SUSE-SU-2016:1360-1, SUSE-SU-2018:0112-1, TNS-2016-10, USN-2959-1, VIGILANCE-VUL-19512, VN-2016-006, VN-2016-007.

Description of the vulnerability

Several vulnerabilities were announced in OpenSSL.

An attacker can act as a Man-in-the-Middle and use the AES CBC algorithm with a server supporting AES-NI, in order to read or write data in the session. This vulnerability was initially fixed in versions 1.0.1o and 1.0.2c, but it was not disclosed at that time. [severity:3/4; CVE-2016-2108]

An attacker can act as a Man-in-the-Middle and use the AES CBC algorithm with a server supporting AES-NI, in order to read or write data in the session. [severity:3/4; CVE-2016-2107]

An attacker can generate a buffer overflow in EVP_EncodeUpdate(), which is mainly used by command line applications, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-2105]

An attacker can generate a buffer overflow in EVP_EncryptUpdate(), which is difficult to reach, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-2106]

An attacker can trigger an excessive memory usage in d2i_CMS_bio(), in order to trigger a denial of service. [severity:2/4; CVE-2016-2109]

An attacker can force a read at an invalid address in applications using X509_NAME_oneline(), in order to trigger a denial of service, or to obtain sensitive information. [severity:2/4; CVE-2016-2176]
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Network Appliance Data ONTAP 7-Mode: