The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

weakness note CVE-2016-0703 CVE-2016-0704

OpenSSL: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of OpenSSL.
Severity of this alert: 2/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 01/03/2016.
Références of this alert: 046178, 046208, 1979498, 9010067, BSA-2016-004, bulletinapr2016, bulletinjan2016, CERTFR-2016-AVI-076, CERTFR-2016-AVI-080, cisco-sa-20160302-openssl, CVE-2016-0703, CVE-2016-0704, FreeBSD-SA-16:12.openssl, HPESBHF03741, JSA10759, NTAP-20160303-0001, openSUSE-SU-2016:0627-1, openSUSE-SU-2016:0628-1, openSUSE-SU-2016:0638-1, openSUSE-SU-2016:0720-1, PAN-SA-2016-0030, RHSA-2016:0372-01, SA117, SA40168, SOL95463126, SUSE-SU-2016:0617-1, SUSE-SU-2016:0620-1, SUSE-SU-2016:0621-1, SUSE-SU-2016:0624-1, SUSE-SU-2016:0631-1, SUSE-SU-2016:0641-1, SUSE-SU-2016:0678-1, TNS-2016-03, VIGILANCE-VUL-19061.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in OpenSSL.

The 2_srvr.c file did not enforce that clear-key-length is zero for non-export ciphers, so an attacker can act as a Man-in-the-Middle on SSLv2, in order to read or write data in the session. [severity:2/4; CVE-2016-0703]

The 2_srvr.c file overwrite some byte dur the Bleichenbacher protection, so an attacker can act as a Man-in-the-Middle on SSLv2, in order to read or write data in the session. [severity:2/4; CVE-2016-0704]
Full Vigil@nce bulletin... (Free trial)

This threat note impacts software or systems such as Blue Coat CAS, ProxyAV, ProxySG par Blue Coat, Brocade Network Advisor, Brocade vTM, Cisco ASR, Cisco ATA, Cisco AnyConnect Secure Mobility Client, Cisco ACE, ASA, IOS by Cisco, IOS XE Cisco, Nexus by Cisco, NX-OS, Cisco Prime Access Registrar, Prime Collaboration Assurance, Prime Collaboration Manager, Prime Infrastructure, Cisco Prime LMS, Cisco PRSM, Cisco CUCM, Cisco Unified CCX, Cisco IP Phone, Cisco MeetingPlace, Cisco Wireless IP Phone, Cisco WSA, Cisco Wireless Controller, BIG-IP Hardware, TMOS, FreeBSD, HP Switch, IRAD, Juniper J-Series, Junos OS, Junos Space, Juniper Network Connect, NSM Central Manager, NSMXpress, Data ONTAP 7-Mode, NetScreen Firewall, ScreenOS, OpenSSL, openSUSE, openSUSE Leap, Solaris, Palo Alto Firewall PA***, PAN-OS, Pulse Connect Secure, Pulse Secure Client, Pulse Secure SBR, RHEL, SUSE Linux Enterprise Desktop, SLES, Nessus, VxWorks.

Our Vigil@nce team determined that the severity of this cybersecurity note is medium.

The trust level is of type confirmed by the editor, with an origin of internet client.

This bulletin is about 2 vulnerabilities.

An attacker with a expert ability can exploit this vulnerability note.

Solutions for this threat

OpenSSL: version 1.0.2a.
The version 1.0.2a is fixed:
  https://www.openssl.org/

OpenSSL: version 1.0.1m.
The version 1.0.1m is fixed:
  https://www.openssl.org/

OpenSSL: version 1.0.0r.
The version 1.0.0r is fixed:
  https://www.openssl.org/

OpenSSL: version 0.9.8zf.
The version 0.9.8zf is fixed:
  https://www.openssl.org/

Blue Coat: solution for OpenSSL.
The solution is indicated in information sources.

Brocade: solution for multiple vulnerabilities (04/04/2016).
The following versions fix several vulnerabilities (but not CVE-2016-0705):
  Brocade Network Advisor : install version 12.4.2 or 14.0.1.
  Brocade vTM : install version 9.9r1 or 10.3r1.
The detailled solution is indicated in information sources.

Cisco: solution for OpenSSL.
The solution is indicated in information sources.

Copssh: version 5.5.1.
The version 5.5.1 is fixed:
  https://www.itefix.net/copssh

F5 BIG-IP: fixed versions for OpenSSL.
Fixed versions are indicated in information sources.

FreeBSD: patch for OpenSSL.
A patch is available:
  https://security.FreeBSD.org/patches/SA-16:12/openssl-9.3.patch.xz
  https://security.FreeBSD.org/patches/SA-16:12/openssl-9.3-fix.patch
  https://security.FreeBSD.org/patches/SA-16:12/openssl-10.1.patch.xz
  https://security.FreeBSD.org/patches/SA-16:12/openssl-10.2.patch

HP Switch, Comware: solution for OpenSSL.
The solution is indicated in information sources.

IBM Rational Application Developer for WebSphere Software: patch for OpenSSL.
A patch is indicated in information sources.

Juniper: solution for OpenSSL.
The solution is indicated in information sources.

Nessus: version 6.5.6.
The version 6.5.6 is fixed:
  https://support.tenable.com/support-center/index.php?x=&mod_id=200

NetApp Data ONTAP: patch for OpenSSL (30/03/2016).
A patch is available:
  Data ONTAP operating in 7-Mode: http://mysupport.netapp.com/NOW/cgi-bin/bol?Type=Detail&Display=991514

openSUSE 13.1: new openssl packages.
New packages are available:
  openSUSE 13.1: openssl 1.0.1k-11.84.1

openSUSE Leap 42.1: new compat-openssl098 packages.
New packages are available:
  openSUSE Leap 42.1: compat-openssl098 0.9.8j-9.1

openSUSE: new openssl packages (02/03/2016).
New packages are available:
  openSUSE 13.2: openssl 1.0.1k-2.33.1
  openSUSE Leap 42.1: openssl 1.0.1i-12.1

PAN-OS: versions 6.0.15 and 6.1.12.
Versions 6.0.15 and 6.1.12 are fixed:
  https://www.paloaltonetworks.com/

Pulse Secure Connect Secure: fixed versions for OpenSSL.
This bulletin is a duplicate of VIGILANCE-SOL-45345.

Pulse Secure: solution for OpenSSL.
The solution is indicated in information sources.

RHEL: new openssl098e packages.
New packages are available:
  RHEL 6: openssl098e 0.9.8e-20.el6_7.1
  RHEL 7: openssl098e 0.9.8e-29.el7_2.3

Solaris: patch for Third Party 03/2016.
A patch is available:
  https://support.oracle.com/rs?type=doc&id=1448883.1

Solaris: patch for Third Party software 04/2016.
A patch is available:
  https://support.oracle.com/rs?type=doc&id=1448883.1

SUSE LE 10 SP4: new openssl packages.
New packages are available:
  SUSE LE 10 SP4: openssl 0.9.8a-18.94.2

SUSE LE 11 SP4: new compat-openssl097g packages.
New packages are available:
  SUSE LE 11 SP4: compat-openssl097g 0.9.7g-146.22.41.1

SUSE LE 12: new libopenssl0_9_8 packages.
New packages are available:
  SUSE LE 12 RTM: libopenssl0_9_8 0.9.8j-94.1
  SUSE LE 12 SP1: libopenssl0_9_8 0.9.8j-94.1

SUSE LE: new openssl packages.
New packages are available:
  SUSE LE 11 RTM: openssl1 1.0.1g-0.40.1
  SUSE LE 11 SP2: openssl 0.9.8j-0.89.1
  SUSE LE 11 SP3: openssl 0.9.8j-0.89.1
  SUSE LE 11 SP4: openssl 0.9.8j-0.89.1
  SUSE LE 12 RTM: openssl 1.0.1i-27.13.1
  SUSE LE 12 SP1: openssl 1.0.1i-44.1

Wind River Linux: solution for OpenSSL.
The solution is indicated in information sources.

Wind River VxWorks: solution for OpenSSL.
The solution is indicated in information sources.
Full Vigil@nce bulletin... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides a networks vulnerabilities bulletin. The Vigil@nce vulnerability database contains several thousand vulnerabilities. Each administrator can customize the list of products for which he wants to receive vulnerability alerts. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system.