#VU642 Buffer Over-read in Apple Inc. Other software


Published: 2016-09-23 | Updated: 2017-01-13

Vulnerability identifier: #VU642

Vulnerability risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-2176

CWE-ID: CWE-126

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
OpenSSL
Server applications / Encryption software
Oracle Solaris
Operating systems & Components / Operating system
macOS
Operating systems & Components / Operating system
Oracle Access Manager
Server applications / Directory software, identity management
Oracle Exalogic Infrastructure
Server applications / Remote management servers, RDP, SSH
PeopleSoft Enterprise PeopleTools
Client/Desktop applications / Office applications
Oracle VM VirtualBox
Server applications / Virtualization software
Oracle E-Business Suite
Web applications / E-Commerce systems
Oracle Commerce Guided Search
Web applications / E-Commerce systems
Oracle Agile Engineering Data Management
Other software / Other software solutions
Primavera P6 Professional Project Management
Other software / Other software solutions

Vendor: OpenSSL Software Foundation
Oracle
Apple Inc.

Description
The vulnerability allows a remote to cause buffer over-read on the target system.

The weakness exists due to overread in applications using the X509_NAME_oneline() function on EBCDIC systems. The vulnerability leads to arbitrary stack data return to the buffer.

Successful exploitation of the weakness results in buffer over-read on the vulnerable system.

Mitigation
Update 1.0.1 to 1.0.1t.
Update 1.0.2 to 1.0.2h.

Vulnerable software versions

OpenSSL: 1.0.1, 1.0.2

Oracle Solaris: 10 - 11.3

Oracle Access Manager: 10.1.4.2 - 11.1.1.7

Oracle Exalogic Infrastructure: 1.0 - 2.0

PeopleSoft Enterprise PeopleTools: 8.53 - 8.55

Oracle VM VirtualBox: 5.0.20

Oracle E-Business Suite: 12.1.3

Oracle Agile Engineering Data Management: 6.1.3.0 - 6.2.0.0

Oracle Commerce Guided Search: 6.2.2 - 6.5.2

Primavera P6 Professional Project Management: 8.3 - 16.0

macOS: 10.11 - 10.11.5

External links
http://www.openssl.org/news/secadv/20160503.txt
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
http://support.apple.com/cs-cz/HT206903

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in Multiple N series Products
Buffer Over-read in openssl (Alpine package)
Buffer Over-read in OpenSSL
Slackware Linux update for openssl