Fedora EPEL 5 update for openssl101e
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 8 |
| CVE-ID | CVE-2016-2108 CVE-2016-2105 CVE-2016-2106 CVE-2016-2107 CVE-2016-0799 CVE-2016-2842 CVE-2016-2109 CVE-2016-0800 |
| CWE-ID | CWE-120 CWE-20 CWE-284 CWE-119 CWE-327 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #4 is available. Public exploit code for vulnerability #8 is available. |
| Vulnerable software |
Fedora Operating systems & Components / Operating system openssl101e Operating systems & Components / Operating system package or component |
| Vendor | Fedoraproject |
Security Bulletin
This security bulletin contains information about 8 vulnerabilities.
1) Memory corruption
EUVDB-ID: #VU638
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2016-2108
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote user to cause memory corruption on the target system.
The weakness exists due to buffer underflow with an out-of-bounds write in i2c_ASN1_INTEGER. As ASN.1 parser (specifically, d2i_ASN1_TYPE) can misinterpret a large universal tag as a negative zero value, attacker may easily corrupt memory.
Successful exploitation of the vulnerability will allow a malicious user to trigger memory corruption on the vulnerable system.
Install updates from vendor's repository.
Vulnerable software versionsFedora: 5
openssl101e: before 1.0.1e-8.el5
CPE2.3- cpe:2.3:o:fedoraproject:fedora:5:*:*:*:*:*:*:*
- cpe:2.3:a:fedoraproject:openssl101e:*:*:*:*:*:fedora:*:*
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-92e8b90065
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Heap overflow
EUVDB-ID: #VU640
Risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2016-2105
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote user to cause heap overflow on the target system.
The weakness is caused by insufficient input validation. By sending a great deal of input data attackers are able to cause overflow of the EVP_EncodeUpdate() function used for binary data encoding.
Successful exploitation of the vulnerability may result in heap overflow on the vulnerable system.
Install updates from vendor's repository.
Vulnerable software versionsFedora: 5
openssl101e: before 1.0.1e-8.el5
CPE2.3- cpe:2.3:o:fedoraproject:fedora:5:*:*:*:*:*:*:*
- cpe:2.3:a:fedoraproject:openssl101e:*:*:*:*:*:fedora:*:*
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-92e8b90065
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Input validation error
EUVDB-ID: #VU33809
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2016-2106
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 5
openssl101e: before 1.0.1e-8.el5
CPE2.3- cpe:2.3:o:fedoraproject:fedora:5:*:*:*:*:*:*:*
- cpe:2.3:a:fedoraproject:openssl101e:*:*:*:*:*:fedora:*:*
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-92e8b90065
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Traffic decryption
EUVDB-ID: #VU639
Risk: High
CVSSv4.0: 7.8 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/U:Amber]
CVE-ID: CVE-2016-2107
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: Yes
DescriptionThe vulnerability allows a remote user to decrypt traffic on the target system.
The weakness is due to access control error.If the connection uses an AES CBC cipher and the server support AES-NI attackers can perform padding oracle attack.
Successful exploitation of the vulnerability leads to traffic decryption on the vulnerable system.
Install updates from vendor's repository.
Vulnerable software versionsFedora: 5
openssl101e: before 1.0.1e-8.el5
CPE2.3- cpe:2.3:o:fedoraproject:fedora:5:*:*:*:*:*:*:*
- cpe:2.3:a:fedoraproject:openssl101e:*:*:*:*:*:fedora:*:*
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-92e8b90065
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
5) Buffer overflow
EUVDB-ID: #VU82376
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2016-0799
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to fmtstr function in crypto/bio/b_print.c in OpenSSL improperly calculates string lengths. A remote attacker can cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 5
openssl101e: before 1.0.1e-8.el5
CPE2.3- cpe:2.3:o:fedoraproject:fedora:5:*:*:*:*:*:*:*
- cpe:2.3:a:fedoraproject:openssl101e:*:*:*:*:*:fedora:*:*
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-92e8b90065
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Buffer overflow
EUVDB-ID: #VU89734
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2016-2842
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to a doapr_outch function in crypto/bio/b_print.c in OpenSSL does not verify that a certain memory allocation succeeds. A remote attacker can cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 5
openssl101e: before 1.0.1e-8.el5
CPE2.3- cpe:2.3:o:fedoraproject:fedora:5:*:*:*:*:*:*:*
- cpe:2.3:a:fedoraproject:openssl101e:*:*:*:*:*:fedora:*:*
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-92e8b90065
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Excessive memory allocation
EUVDB-ID: #VU641
Risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2016-2109
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote user to cause excessive memory allocation on the target system.
The weakness exists during reading ASN.1 data by d2i_CMS_bio() function. A short invalid encoding leads to distribution of large amounts of memory for excessive resources or exhausting memory.
Successful exploitation of the vulnerability may result in excessive memory allocation.
Install updates from vendor's repository.
Vulnerable software versionsFedora: 5
openssl101e: before 1.0.1e-8.el5
CPE2.3- cpe:2.3:o:fedoraproject:fedora:5:*:*:*:*:*:*:*
- cpe:2.3:a:fedoraproject:openssl101e:*:*:*:*:*:fedora:*:*
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-92e8b90065
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Information disclosure
EUVDB-ID: #VU1914
Risk: Medium
CVSSv4.0: 9.1 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:A/U:Green]
CVE-ID: CVE-2016-0800
CWE-ID:
CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to decrypt sensitive information.
The vulnerability exists due to usage of weak SSLv2 protocol, which requires to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data. A remote attacker can decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle.
The vulnerability is dubbed "DROWN" attack.
Install updates from vendor's repository.
Vulnerable software versionsFedora: 5
openssl101e: before 1.0.1e-8.el5
CPE2.3- cpe:2.3:o:fedoraproject:fedora:5:*:*:*:*:*:*:*
- cpe:2.3:a:fedoraproject:openssl101e:*:*:*:*:*:fedora:*:*
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-92e8b90065
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.
