#VU5894 Information disclosure in OpenSSL


Published: 2017-02-23 | Updated: 2018-03-30

Vulnerability identifier: #VU5894

Vulnerability risk: Low

CVSSv3.1: 3.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-7055

CWE-ID: CWE-310

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
OpenSSL
Server applications / Encryption software

Vendor: OpenSSL Software Foundation

Description

The vulnerability allows a remote attacker to decrypt certain data.

The vulnerability exists in OpenSSL implementation due to propagating bug in the Broadwell-specific Montgomery multiplication procedure that handles input lengths divisible by, but longer than 256 bits. A remote attacker can launch attacks against RSA, DSA and DH private keys and decrypt information, passed over encrypted channels. Among EC algorithms only Brainpool P-512 curves are affected and one presumably can attack ECDH key negotiation.

Successful exploitation of the vulnerability may allow an attacker in certain conditions to launch attacks against OpenSSL clients.

Mitigation
Update OpenSSL to version  1.0.2 or 1.1.0c.

Vulnerable software versions

OpenSSL: 1.1.0 - 1.1.0b, 1.0.1 - 1.0.1u

External links
http://www.openssl.org/news/secadv/20161110.txt

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in Dell Networker
Juniper Networks Steel-Belted Radius (SBR) Carrier update for OpenSSL
Multiple vulnerabilities in N series Products
openSUSE update for openssl-steam
Multiple vulnerabilities in Oracle MySQL Server
FreeBSD update for OpenSSL
Gentoo update for OpenSSL
Slackware Linux update for openssl
Ubuntu update for OpenSSL
Arch Linux update for openssl