CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
97.8%
IBM SECURITY ADVISORY
First Issued: Mon Nov 14 13:29:26 CST 2016
The most recent version of this document is available here:
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory21.asc
https://aix.software.ibm.com/aix/efixes/security/openssl_advisory21.asc
ftp://aix.software.ibm.com/aix/efixes/security/openssl_advisory21.asc
Security Bulletin: Vulnerabilities in OpenSSL affect AIX
CVE-2016-2177, CVE-2016-2178, CVE-2016-2179, CVE-2016-2180, CVE-2016-2181,
CVE-2016-2182, CVE-2016-2183, CVE-2016-6302, CVE-2016-6303, CVE-2016-6304,
CVE-2016-6306, CVE-2016-7052
===============================================================================
SUMMARY:
OpenSSL vulnerabilities were disclosed on September 22 and 26, 2016 by the
OpenSSL Project. OpenSSL is used by AIX. AIX has addressed the applicable
CVEs.
===============================================================================
VULNERABILITY DETAILS:
CVEID: CVE-2016-2177
https://vulners.com/cve/CVE-2016-2177
https://vulners.com/cve/CVE-2016-2177
DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by the
incorrect use of pointer arithmetic for heap-buffer boundary checks.
By leveraging unexpected malloc behavior, a remote attacker could
exploit this vulnerability to trigger an integer overflow and cause
the application to crash.
CVSS Base Score: 5.9
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/113890 for the
current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2016-2178
https://vulners.com/cve/CVE-2016-2178
https://vulners.com/cve/CVE-2016-2178
DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive
information, caused by an error in the DSA implementation that
allows the following of a non-constant time codepath for certain
operations. An attacker could exploit this vulnerability using a
cache-timing attack to recover the private DSA key.
CVSS Base Score: 5.3
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/113889 for the
current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVEID: CVE-2016-2179
https://vulners.com/cve/CVE-2016-2179
https://vulners.com/cve/CVE-2016-2179
DESCRIPTION: OpenSSL is vulnerable to a denial of service. By sending
specially crafted DTLS record fragments to fill up buffer queues, a
remote attacker could exploit this vulnerability to open a large
number of simultaneous connections and consume all available memory
resources.
CVSS Base Score: 5.3
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/116343 for the
current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2016-2180
https://vulners.com/cve/CVE-2016-2180
https://vulners.com/cve/CVE-2016-2180
DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an
out-of-bounds read in the TS_OBJ_print_bio function. A remote attacker
could exploit this vulnerability using a specially crafted time-stamp
file to cause the application to crash.
CVSS Base Score: 7.5
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/115829 for the
current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2016-2181
https://vulners.com/cve/CVE-2016-2181
https://vulners.com/cve/CVE-2016-2181
DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an
error in the DTLS replay protection implementation. By sending a
specially crafted sequence number, a remote attacker could exploit
this vulnerability to cause valid packets to be dropped.
CVSS Base Score: 5.3
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/116344 for the
current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2016-2182
https://vulners.com/cve/CVE-2016-2182
https://vulners.com/cve/CVE-2016-2182
DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an
out-of-bounds write in the TS_OBJ_print_bio function in
crypto/bn/bn_print.c. A remote attacker could exploit this
vulnerability using a specially crafted value to cause the application
to crash.
CVSS Base Score: 4.3
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/116342 for the
current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID: CVE-2016-2183
https://vulners.com/cve/CVE-2016-2183
https://vulners.com/cve/CVE-2016-2183
DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive
information, caused by an error in the in the Triple-DES on 64-bit
block cipher, used as a part of the SSL/TLS protocol. By capturing
large amounts of encrypted traffic between the SSL/TLS server and the
client, a remote attacker able to conduct a man-in-the-middle attack
could exploit this vulnerability to recover the plaintext data and
obtain sensitive information. This vulnerability is known as the
SWEET32 Birthday attack.
CVSS Base Score: 3.7
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/116337 for the
current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVEID: CVE-2016-6302
https://vulners.com/cve/CVE-2016-6302
https://vulners.com/cve/CVE-2016-6302
DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by the
failure to consider the HMAC size during validation of the ticket
length by the tls_decrypt_ticket function A remote attacker could
exploit this vulnerability using a ticket that is too short to cause
a denial of service.
CVSS Base Score: 5.3
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/117024 for the
current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2016-6303
https://vulners.com/cve/CVE-2016-6303
https://vulners.com/cve/CVE-2016-6303
DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an
integer overflow in the MDC2_Update function. By using unknown
attack vectors, a remote attacker could exploit this vulnerability to
trigger an out-of-bounds write and cause the application to crash.
CVSS Base Score: 5.3
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/117023 for the
current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2016-6304
https://vulners.com/cve/CVE-2016-6304
https://vulners.com/cve/CVE-2016-6304
DESCRIPTION: OpenSSL is vulnerable to a denial of service. By repeatedly
requesting renegotiation, a remote authenticated attacker could send
an overly large OCSP Status Request extension to consume all available
memory resources.
CVSS Base Score: 7.5
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/117110 for the
current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2016-6306
https://vulners.com/cve/CVE-2016-6306
https://vulners.com/cve/CVE-2016-6306
DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by
missing message length checks when parsing certificates. A remote
authenticated attacker could exploit this vulnerability to trigger an
out-of-bounds read and cause a denial of service.
CVSS Base Score: 4.3
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/117112 for the
current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2016-7052
https://vulners.com/cve/CVE-2016-7052
https://vulners.com/cve/CVE-2016-7052
DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a
missing CRL sanity check. By attempting to use CRLs, a remote attacker
could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 5.3
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/117149 for the
current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
AFFECTED PRODUCTS AND VERSIONS:
AIX 5.3, 6.1, 7.1, 7.2
VIOS 2.2.x
The following fileset levels are vulnerable:
key_fileset = osrcaix
Fileset Lower Level Upper Level KEY
--------------------------------------------------
openssl.base 1.0.1.500 1.0.1.516 key_w_fs
openssl.base 1.0.2.500 1.0.2.800 key_w_fs
openssl.base 20.11.101.500 20.11.101.501 key_w_fs
Note: 0.9.8 openSSL version is out-of-support. Customers are advised
to upgrade to currently supported openSSL 1.0.2 version.
Note: To find out whether the affected filesets are installed
on your systems, refer to the lslpp command found in the AIX user's
guide.
Example: lslpp -L | grep -i openssl.base
REMEDIATION:
A. FIXES
A fix is available, and it can be downloaded from:
https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=aixbp
To extract the fixes from the tar file:
For Openssl 1.0.1 version -
zcat openssl-1.0.1.517.tar.Z | tar xvf -
For Openssl 1.0.2 version -
zcat openssl-1.0.2.1000.tar.Z | tar xvf -
For 1.0.1 FIPS capable openssl version -
zcat openssl-20.13.101.500.tar.Z | tar xvf -
For 1.0.2 FIPS capable openssl version -
zcat openssl-20.13.102.1000.tar.Z | tar xvf -
IMPORTANT: If possible, it is recommended that a mksysb backup
of the system be created. Verify it is both bootable and
readable before proceeding.
Note that all the previously reported security vulnerability fixes
are also included in above mentioned fileset level. Please refer to
the readme file (provided along with the fileset) for the complete
list of vulnerabilities fixed.
To preview the fix installation:
installp -apYd . openssl
To install the fix package:
installp -aXYd . openssl
openssl dgst -sha1 -verify <pubkey_file> -signature <advisory_file>.sig <advisory_file>
openssl dgst -sha1 -verify <pubkey_file> -signature <ifix_file>.sig <ifix_file>
Published advisory OpenSSL signature file location:
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory21.asc.sig
https://aix.software.ibm.com/aix/efixes/security/openssl_advisory21.asc.sig
ftp://aix.software.ibm.com/aix/efixes/security/openssl_advisory21.asc.sig
WORKAROUNDS AND MITIGATIONS:
None.
===============================================================================
CONTACT US:
Note: Keywords labeled as KEY in this document are used for parsing
purposes.
If you would like to receive AIX Security Advisories via email,
please visit "My Notifications":
http://www.ibm.com/support/mynotifications
https://www.ibm.com/support/mynotifications
To view previously issued advisories, please visit:
http://www14.software.ibm.com/webapp/set2/subscriptions/onvdq
https://www14.software.ibm.com/webapp/set2/subscriptions/onvdq
Comments regarding the content of this announcement can be
directed to:
[email protected]
To obtain the OpenSSL public key that can be used to verify the
signed advisories and ifixes:
Download the key from our web page:
http://www.ibm.com/systems/resources/systems_p_os_aix_security_pubkey.txt
https://www.ibm.com/systems/resources/systems_p_os_aix_security_pubkey.txt
To obtain the PGP public key that can be used to communicate
securely with the AIX Security Team via [email protected] you
can :
A. Download the key from our web page:
http://www.ibm.com/systems/resources/systems_p_os_aix_security_pgppubkey.txt
https://www.ibm.com/systems/resources/systems_p_os_aix_security_pgppubkey.txt
B. Download the key from a PGP Public Key Server. The key ID is:
0x28BFAA12
Please contact your local IBM AIX support center for any
assistance.
REFERENCES:
Note: Keywords labeled as KEY in this document are used for parsing
purposes.
eServer is a trademark of International Business Machines
Corporation. IBM, AIX and pSeries are registered trademarks of
International Business Machines Corporation. All other trademarks
are property of their respective holders.
Complete CVSS v2 Guide: http://www.first.org/cvss/v2/guide
https://www.first.org/cvss/v2/guide
On-line Calculator V2: http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2
https://nvd.nist.gov/cvss.cfm?calculator&adv&version=2
Complete CVSS v3 Guide: http://www.first.org/cvss/user-guide
https://www.first.org/cvss/user-guide
On-line Calculator v3:
http://www.first.org/cvss/calculator/3.0
https://www.first.org/cvss/calculator/3.0
ACKNOWLEDGEMENTS:
None.
CHANGE HISTORY:
First Issued: Mon Nov 14 13:29:26 CST 2016
===============================================================================
*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact
of this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.
Disclaimer
According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an “industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response.” IBM PROVIDES THE CVSS SCORES “AS IS” WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT
OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
97.8%