Slackware Linux update for openssl
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 6 |
| CVE-ID | CVE-2016-0800 CVE-2016-0705 CVE-2016-0798 CVE-2016-0797 CVE-2016-0799 CVE-2016-0702 |
| CWE-ID | CWE-327 CWE-415 CWE-401 CWE-20 CWE-119 CWE-200 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #1 is available. |
| Vulnerable software |
Slackware Linux Operating systems & Components / Operating system openssl-solibs Operating systems & Components / Operating system package or component openssl Operating systems & Components / Operating system package or component |
| Vendor | Slackware |
Security Bulletin
This security bulletin contains information about 6 vulnerabilities.
1) Information disclosure
EUVDB-ID: #VU1914
Risk: Medium
CVSSv4.0: 9.1 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:A/U:Green]
CVE-ID: CVE-2016-0800
CWE-ID:
CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to decrypt sensitive information.
The vulnerability exists due to usage of weak SSLv2 protocol, which requires to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data. A remote attacker can decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle.
The vulnerability is dubbed "DROWN" attack.
Update the affected package openssl.
Vulnerable software versionsSlackware Linux: 13.0 - 14.1
openssl-solibs: before 0.9.8zh
openssl: before 0.9.8zh
CPE2.3- cpe:2.3:o:slackware:slackware_linux:13.0:*:*:*:*:*:*:*
- cpe:2.3:o:slackware:slackware_linux:13.1:*:*:*:*:*:*:*
- cpe:2.3:o:slackware:slackware_linux:13.37:*:*:*:*:*:*:*
- cpe:2.3:a:slackware:openssl-solibs:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:a:slackware:openssl:*:*:*:*:*:slackware_linux:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.
2) Double free error
EUVDB-ID: #VU1622
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2016-0705
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.
The weakness exists due to double-free error when parsing DSA private keys. A remote attacker can trigger memory corruption and cause the service to crash.
Update the affected package openssl.
Vulnerable software versionsSlackware Linux: 13.0 - 14.1
openssl-solibs: before 0.9.8zh
openssl: before 0.9.8zh
CPE2.3- cpe:2.3:o:slackware:slackware_linux:13.0:*:*:*:*:*:*:*
- cpe:2.3:o:slackware:slackware_linux:13.1:*:*:*:*:*:*:*
- cpe:2.3:o:slackware:slackware_linux:13.37:*:*:*:*:*:*:*
- cpe:2.3:a:slackware:openssl-solibs:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:a:slackware:openssl:*:*:*:*:*:slackware_linux:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Memory leak
EUVDB-ID: #VU82375
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2016-0798
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the SRP_VBASE_get_by_user implementation in OpenSSL. A remote attacker can perform a denial of service attack (memory consumption) by providing an invalid username in a connection attempt, related to apps/s_server.c and crypto/srp/srp_vfy.c
MitigationUpdate the affected package openssl.
Vulnerable software versionsSlackware Linux: 13.0 - 14.1
openssl-solibs: before 0.9.8zh
openssl: before 0.9.8zh
CPE2.3- cpe:2.3:o:slackware:slackware_linux:13.0:*:*:*:*:*:*:*
- cpe:2.3:o:slackware:slackware_linux:13.1:*:*:*:*:*:*:*
- cpe:2.3:o:slackware:slackware_linux:13.37:*:*:*:*:*:*:*
- cpe:2.3:a:slackware:openssl-solibs:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:a:slackware:openssl:*:*:*:*:*:slackware_linux:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Input validation error
EUVDB-ID: #VU32244
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2016-0797
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows remote attackers to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c.
MitigationUpdate the affected package openssl.
Vulnerable software versionsSlackware Linux: 13.0 - 14.1
openssl-solibs: before 0.9.8zh
openssl: before 0.9.8zh
CPE2.3- cpe:2.3:o:slackware:slackware_linux:13.0:*:*:*:*:*:*:*
- cpe:2.3:o:slackware:slackware_linux:13.1:*:*:*:*:*:*:*
- cpe:2.3:o:slackware:slackware_linux:13.37:*:*:*:*:*:*:*
- cpe:2.3:a:slackware:openssl-solibs:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:a:slackware:openssl:*:*:*:*:*:slackware_linux:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Buffer overflow
EUVDB-ID: #VU82376
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2016-0799
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to fmtstr function in crypto/bio/b_print.c in OpenSSL improperly calculates string lengths. A remote attacker can cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string.
MitigationUpdate the affected package openssl.
Vulnerable software versionsSlackware Linux: 13.0 - 14.1
openssl-solibs: before 0.9.8zh
openssl: before 0.9.8zh
CPE2.3- cpe:2.3:o:slackware:slackware_linux:13.0:*:*:*:*:*:*:*
- cpe:2.3:o:slackware:slackware_linux:13.1:*:*:*:*:*:*:*
- cpe:2.3:o:slackware:slackware_linux:13.37:*:*:*:*:*:*:*
- cpe:2.3:a:slackware:openssl-solibs:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:a:slackware:openssl:*:*:*:*:*:slackware_linux:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Information disclosure
EUVDB-ID: #VU1962
Risk: Low
CVSSv4.0: 1.9 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2016-0702
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to decrypt data passed via encrypted SSL connection.
The vulnerability exists in the MOD_EXP_CTIME_COPY_FROM_PREBUF() function in crypto/bn/bn_exp.c. The application does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts.
The vulnerability was dubbed "CacheBleed".
Update the affected package openssl.
Vulnerable software versionsSlackware Linux: 13.0 - 14.1
openssl-solibs: before 0.9.8zh
openssl: before 0.9.8zh
CPE2.3- cpe:2.3:o:slackware:slackware_linux:13.0:*:*:*:*:*:*:*
- cpe:2.3:o:slackware:slackware_linux:13.1:*:*:*:*:*:*:*
- cpe:2.3:o:slackware:slackware_linux:13.37:*:*:*:*:*:*:*
- cpe:2.3:a:slackware:openssl-solibs:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:a:slackware:openssl:*:*:*:*:*:slackware_linux:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
