SB2017013102 - Ubuntu update for OpenSSL

Description

This security bulletin contains information about 6 secuirty vulnerabilities.

1) Integer overflow in ssl3_get_client_hello() (CVE-ID: CVE-2016-2177)

The vulnerability allows a remote attacker to cause denial of service conditions on the target system.
The vulnerability exists due to a boundary error in ssl3_get_client_hello() function. A remote attacker can cause integer overflow by sending specially crafted data and crash the service.
Successful exploitation of this vulnerability may cause the target service to crash.

2) Information disclosure (CVE-ID: CVE-2016-7055)

The vulnerability allows a remote attacker to decrypt certain data.

The vulnerability exists in OpenSSL implementation due to propagating bug in the Broadwell-specific Montgomery multiplication procedure that handles input lengths divisible by, but longer than 256 bits. A remote attacker can launch attacks against RSA, DSA and DH private keys and decrypt information, passed over encrypted channels. Among EC algorithms only Brainpool P-512 curves are affected and one presumably can attack ECDH key negotiation.

Successful exploitation of the vulnerability may allow an attacker in certain conditions to launch attacks against OpenSSL clients.

3) Information disclosure (CVE-ID: CVE-2016-7056)

The vulnerability allows a local user obtain potentially sensitive information.

The vulnerability exists due the OpenSSL does not properly set the BN_FLG_CONSTTIME for nonces when signing with the P-256 elliptic curve in ecdsa_sign_setup() function in crypto/ec/ecdsa_ossl.c. A local attacker can conduct a cache-timing attack and recover ECDSA P-256 private keys

Successful exploitation of this vulnerability may allow an attacker to obtain potentially sensitive information.

The vulnerability is discovered in OpenSSL 1.0.1u. Other versions may also be affected.

4) Denial of service (CVE-ID: CVE-2016-8610)

The vulnerability allows a remote unauthenticated user to exhaust memory on the target system.
The weakness is due to improper handling of certain packets by the ssl3_read_bytes() function in 'ssl/s3_pkt.c.
By sending a flood of SSL3_AL_WARNING alerts during the SSL handshake, a remote attacker can consume excessive CPU resources that may lead to OpenSSL library being unavailable.
Successful exploitation of the vulnerability results in denial of service on the vulnerable system.

5) Out-of-bounds read (CVE-ID: CVE-2017-3731)

The vulnerability allows a remote attacker to cause denial of service conditions.

The vulnerability exists due to out-of-bounds read in OpenSSL when processing truncated packets on 32-bit system using certain ciphers. A remote attacker can send a specially crafted truncated packet using CHACHA20/POLY1305 cipher for OpenSSL 1.1.0 or RC4-MD5 for 1.0.2 and trigger denial of service.

Successful exploitation of the vulnerability may allow an attacker to perform denial of service (DoS) attack against vulnerable system.

6) Information disclosure (CVE-ID: CVE-2017-3732)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to propagating error in the x86_64 Montgomery squaring procedure. A remote attacker with access to unpatched vulnerable system that uses a shared private key with Diffie-Hellman (DH) parameters set can gain unauthorized access to sensitive private key information.

According to vendor’s advisory, this vulnerability is unlikely to be exploited in real-world attacks, as it requires significant resources and online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients.

Vulnerability exploitation against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely.

Remediation

Install update from vendor's website.

References

• http://www.ubuntu.com/usn/usn-3181-1/