The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

vulnerability note CVE-2016-6309

OpenSSL 1.1.0a: use after free via TLS

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via TLS on an application linked to OpenSSL 1.1.0a, in order to trigger a denial of service, and possibly to run code.
Severity of this weakness: 3/4.
Creation date: 26/09/2016.
Références of this bulletin: 1996096, 2000095, 2000209, 2003480, 2003620, 2003673, 2008828, CERTFR-2016-AVI-333, cisco-sa-20160927-openssl, cpuapr2017, cpujan2018, CVE-2016-6309, HPESBHF03856, JSA10759, SA132, TNS-2016-16, VIGILANCE-VUL-20700.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The OpenSSL version 1.1.0a product fixed the CVE-2016-6307 vulnerability.

However, the reception of a TLS message of 16kb frees a memory area before reusing it.

An attacker can therefore force the usage of a freed memory area via TLS on an application linked to OpenSSL 1.1.0a, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

This cybersecurity vulnerability impacts software or systems such as Blue Coat CAS, ProxyAV, ProxySG par Blue Coat, SGOS by Blue Coat, Cisco ASR, Cisco Aironet, Cisco ATA, Cisco AnyConnect Secure Mobility Client, Cisco ACE, ASA, AsyncOS, Cisco Catalyst, Cisco Content SMA, Cisco ESA, IOS by Cisco, IOS XE Cisco, IOS XR Cisco, Cisco IPS, Nexus by Cisco, NX-OS, Cisco Prime Access Registrar, Prime Collaboration Assurance, Cisco Prime DCNM, Prime Infrastructure, Cisco Prime LMS, Cisco Router, Secure ACS, Cisco CUCM, Cisco Manager Attendant Console, Cisco Unified CCX, Cisco IP Phone, Cisco MeetingPlace, Cisco Wireless IP Phone, Cisco WSA, Cisco Wireless Controller, FreeRADIUS, HP Switch, DB2 UDB, Tivoli Storage Manager, Tivoli Workload Scheduler, Juniper J-Series, Junos OS, Junos Space, NSM Central Manager, NSMXpress, NetScreen Firewall, ScreenOS, OpenSSL, Oracle Directory Server, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Oracle iPlanet Web Server, Tuxedo, WebLogic, Oracle Web Tier, Base SAS Software, Nessus.

Our Vigil@nce team determined that the severity of this vulnerability is important.

The trust level is of type confirmed by the editor, with an origin of internet client.

An attacker with a expert ability can exploit this weakness alert.

Solutions for this threat

OpenSSL: version 1.1.0b.
The version 1.1.0b is fixed:
  https://www.openssl.org/

Blue Coat: solution for OpenSSL.
The solution is indicated in information sources.

Cisco: solution for OpenSSL.
The solution is indicated in information sources.

Comware: solution for OpenSSL.
The solution is indicated in information sources.

FreeRADIUS: version 3.0.13.
The version 3.0.13 is fixed:
  ftp://ftp.freeradius.org/pub/freeradius/freeradius-server-3.0.13.tar.bz2

IBM Cognos Analytics: solution.
The solution is indicated in information sources.

IBM DB2: solution for FCM.
The solution is indicated in information sources.

IBM Spectrum Protect: versions 7.1.6.5 and 8.1.0.2.
Versions 7.1.6.5 and 8.1.0.2 are fixed:
  Version 7.1.6.5 : http://www-01.ibm.com/support/docview.wss?uid=swg24042496
  Version 8.1.0.2: http://www.ibm.com/support/docview.wss?uid=swg24043351

IBM Tivoli Workload Scheduler: patch for OpenSSL.
A patch reference is provided in the information sources for each supported version of Workload Scheduler.

Juniper: solution for OpenSSL.
The solution is indicated in information sources.

Oracle Fusion Middleware: CPU of April 2017.
A Critical Patch Update is available:
  https://support.oracle.com/rs?type=doc&id=2228898.1

Oracle Fusion Middleware: CPU of January 2018.
A Critical Patch Update is available:
  https://support.oracle.com/rs?type=doc&id=2325393.1

SAS Base SAS Software: fixed versions for OpenSSL.
URLs of fixed versions are indicated in information sources.

Tenable Nessus: version 6.9.0.
The version 6.9.0 is fixed:
  http://www.tenable.com/

Wind River Linux: solution for OpenSSL.
The solution is indicated in information sources.
Full Vigil@nce bulletin... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides cybersecurity announces. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system. Each administrator can customize the list of products for which he wants to receive vulnerability alerts. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.