Traffic decryption in openssl (Alpine package)

1) Traffic decryption

EUVDB-ID: #VU639

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L/E:P/RL:O/RC:C]

CVE-ID: CVE-2016-2107

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: Yes

Description

The vulnerability allows a remote user to decrypt traffic on the target system.

The weakness is due to access control error.If the connection uses an AES CBC cipher and the server support AES-NI attackers can perform padding oracle attack.

Successful exploitation of the vulnerability leads to traffic decryption on the vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

openssl (Alpine package): 1.0.1-r0 - 1.0.2h-r2-r0

External links

http://git.alpinelinux.org/aports/commit/?id=033f9730873ed7526ced21e72ba16a2937bab220
http://git.alpinelinux.org/aports/commit/?id=c5a3b0b6d1ecd85d52e16f330be9478aca853348
http://git.alpinelinux.org/aports/commit/?id=346532027d2b8b8d5cac13a2b7d86820dfaf34b7
http://git.alpinelinux.org/aports/commit/?id=6ea715958d6486933e7cc3ca163e3d0691c9629d
http://git.alpinelinux.org/aports/commit/?id=70b8770d37d514044077c7258c0e6e81aeeee5fe
http://git.alpinelinux.org/aports/commit/?id=7b3b75b5c977b3a6fa91c6a48349d55fc7e31663

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.