Lucene search

AmazonALAS-2016-682

HistoryApr 06, 2016 - 2:40 p.m.

Important: openssl098e

2016-04-0614:40:00

alas.aws.amazon.com

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.952

Percentile

99.4%

JSON

Issue Overview:

A denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled. (CVE-2015-0293)

It was discovered that the SSLv2 servers using OpenSSL accepted SSLv2 connection handshakes that indicated non-zero clear key length for non-export cipher suites. An attacker could use this flaw to decrypt recorded SSLv2 sessions with the server by using it as a decryption oracle. (CVE-2016-0703)

It was discovered that the SSLv2 protocol implementation in OpenSSL did not properly implement the Bleichenbacher protection for export cipher suites. An attacker could use a SSLv2 server using OpenSSL as a Bleichenbacher oracle. (CVE-2016-0704)

A padding oracle flaw was found in the Secure Sockets Layer version 2.0 (SSLv2) protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN. (CVE-2016-0800)

A flaw was found in the way malicious SSLv2 clients could negotiate SSLv2 ciphers that have been disabled on the server. This could result in weak SSLv2 ciphers being used for SSLv2 connections, making them vulnerable to man-in-the-middle attacks. (CVE-2015-3197)

Affected Packages:

openssl098e

Issue Correction:
Run yum update openssl098e to update your system.

New Packages:

i686:  
    openssl098e-0.9.8e-29.19.amzn1.i686  
    openssl098e-debuginfo-0.9.8e-29.19.amzn1.i686  
  
src:  
    openssl098e-0.9.8e-29.19.amzn1.src  
  
x86_64:  
    openssl098e-0.9.8e-29.19.amzn1.x86_64  
    openssl098e-debuginfo-0.9.8e-29.19.amzn1.x86_64

Additional References

Red Hat: CVE-2015-0293, CVE-2015-3197, CVE-2016-0703, CVE-2016-0704, CVE-2016-0800

Mitre: CVE-2015-0293, CVE-2015-3197, CVE-2016-0703, CVE-2016-0704, CVE-2016-0800

OSVersionArchitecturePackageVersionFilename
Amazon Linux1i686openssl098e< 0.9.8e-29.19.amzn1openssl098e-0.9.8e-29.19.amzn1.i686.rpm
Amazon Linux1i686openssl098e-debuginfo< 0.9.8e-29.19.amzn1openssl098e-debuginfo-0.9.8e-29.19.amzn1.i686.rpm
Amazon Linux1x86_64openssl098e< 0.9.8e-29.19.amzn1openssl098e-0.9.8e-29.19.amzn1.x86_64.rpm
Amazon Linux1x86_64openssl098e-debuginfo< 0.9.8e-29.19.amzn1openssl098e-debuginfo-0.9.8e-29.19.amzn1.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
Amazon Linux	1	i686	openssl098e	< 0.9.8e-29.19.amzn1	openssl098e-0.9.8e-29.19.amzn1.i686.rpm
Amazon Linux	1	i686	openssl098e-debuginfo	< 0.9.8e-29.19.amzn1	openssl098e-debuginfo-0.9.8e-29.19.amzn1.i686.rpm
Amazon Linux	1	x86_64	openssl098e	< 0.9.8e-29.19.amzn1	openssl098e-0.9.8e-29.19.amzn1.x86_64.rpm
Amazon Linux	1	x86_64	openssl098e-debuginfo	< 0.9.8e-29.19.amzn1	openssl098e-debuginfo-0.9.8e-29.19.amzn1.x86_64.rpm