SB2017070501 - Multiple vulnerabilities in KoSIT OSCI-Transport Library
Published: July 5, 2017
Security Bulletin ID
SB2017070501
Severity
Low
Patch available
YES
Number of vulnerabilities
3
Exploitation vector
Remote access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 secuirty vulnerabilities.
1) Padding oracle attack (CVE-ID: CVE-2017-10668)
The vulnerability allows a remote attacker to conduct a padding oracle attack.The weakness exists in the encryption library due to a flaw in implementation of a number of deprecated encryption algorithms (Triple DES, AES 129, AES 192, and AES 256, all in CBC mode). A remote attacker can conduct man-in-the-middle attack to analyse the CBC mode padding and decrypt the transport encryption.
Successful exploitation of the vulnerability results in decryption of the transport encryption.
2) Signature wrapping attack (CVE-ID: CVE-2017-10669)
The vulnerability allows a remote attacker to conduct a signature wrapping attack.The weakness exists in the encryption library due to XML entity expansion. A remote attacker can move XML elements within the document tree and modify the contents of a signed message arbitrarily without invalidating the signature.
Successful exploitation of the vulnerability results in content modification.
3) XXE attack (CVE-ID: CVE-2017-10670)
The vulnerability allows a remote attacker to conduct XXE attack.The weakness exists in the encryption library due to improper handling of XML External Entity (XXE) entries when parsing an XML file. A remote attacker can send manipulated XML data to any communication partner and read arbitrary files from the file system of the victim host or cause DoS condition.
Successful exploitation of the vulnerability may result in information disclosure or denial of service.
Remediation
Install update from vendor's website.