OpenSUSE Linux update for nodejs



Published: 2016-06-14
Risk High
Patch available YES
Number of vulnerabilities 5
CVE-ID CVE-2016-0702
CVE-2016-0705
CVE-2016-0797
CVE-2016-2105
CVE-2016-2107
CWE-ID CWE-200
CWE-415
CWE-20
CWE-284
Exploitation vector Network
Public exploit Public exploit code for vulnerability #5 is available.
Vulnerable software
Subscribe
Opensuse
Operating systems & Components / Operating system

Vendor SUSE

Security Bulletin

This security bulletin contains information about 5 vulnerabilities.

1) Information disclosure

EUVDB-ID: #VU1962

Risk: Low

CVSSv3.1: 4.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-0702

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local attacker to decrypt data passed via encrypted SSL connection.

The vulnerability exists in the MOD_EXP_CTIME_COPY_FROM_PREBUF() function in crypto/bn/bn_exp.c. The application does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts.

The vulnerability was dubbed "CacheBleed".

Mitigation

Update the affected packages.

Vulnerable software versions

Opensuse: 42.1

External links

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Double free error

EUVDB-ID: #VU1622

Risk: Low

CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-0705

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.

The weakness exists due to double-free error when parsing DSA private keys. A remote attacker can trigger memory corruption and cause the service to crash.

Mitigation

Update the affected packages.

Vulnerable software versions

Opensuse: 42.1

External links

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Input validation error

EUVDB-ID: #VU32244

Risk: Medium

CVSSv3.1: 6.5 [AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-0797

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows remote attackers to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c.

Mitigation

Update the affected packages.

Vulnerable software versions

Opensuse: 42.1

External links

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Heap overflow

EUVDB-ID: #VU640

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-2105

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote user to cause heap overflow on the target system.

The weakness is caused by insufficient input validation. By sending a great deal of input data attackers are able to cause overflow of the EVP_EncodeUpdate() function used for binary data encoding.

Successful exploitation of the vulnerability may result in heap overflow on the vulnerable system.

Mitigation

Update the affected packages.

Vulnerable software versions

Opensuse: 42.1

External links

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Traffic decryption

EUVDB-ID: #VU639

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L/E:P/RL:O/RC:C]

CVE-ID: CVE-2016-2107

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: Yes

Description

The vulnerability allows a remote user to decrypt traffic on the target system.

The weakness is due to access control error.If the connection uses an AES CBC cipher and the server support AES-NI attackers can perform padding oracle attack.

Successful exploitation of the vulnerability leads to traffic decryption on the vulnerable system.

Mitigation

Update the affected packages.

Vulnerable software versions

Opensuse: 42.1

External links

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.



###SIDEBAR###