Bug 1310814 (CVE-2016-0704)

Summary: CVE-2016-0704 openssl: SSLv2 Bleichenbacher protection overwrites wrong bytes for export ciphers
Product: [Other] Security Response Reporter: Adam Mariš <amaris>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: bbaranow, bmaxwell, cdewolf, csutherl, dandread, darran.lofthouse, harkanwal.johar, jason.greene, jawilson, jclere, jdoyle, lgao, mbabacek, myarboro, pslavice, rnetuka, rsvoboda, sardella, security-response-team, slawomir, twalsh, vtunka, weli
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: openssl 1.0.2a, openssl 1.0.1m, openssl 1.0.0r, openssl 0.9.8zf Doc Type: Bug Fix
Doc Text:
It was discovered that the SSLv2 protocol implementation in OpenSSL did not properly implement the Bleichenbacher protection for export cipher suites. An attacker could use a SSLv2 server using OpenSSL as a Bleichenbacher oracle.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2021-10-21 00:50:50 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1301847    

Description Adam Mariš 2016-02-22 17:24:43 UTC 
Quoting upstream advisory:

This issue only affected versions of OpenSSL prior to March 19th 2015 at which
time the code was refactored to address the vulnerability CVE-2015-0293.

s2_srvr.c overwrite the wrong bytes in the master-key when applying
Bleichenbacher protection for export cipher suites.  This provides a
Bleichenbacher oracle, and could potentially allow more efficient variants of
the DROWN attack.

This issue affected OpenSSL versions 1.0.2, 1.0.1l, 1.0.0q, 0.9.8ze and all
earlier versions.  It was fixed in OpenSSL 1.0.2a, 1.0.1m, 1.0.0r and 0.9.8zf
(released March 19th 2015).

This issue was reported to OpenSSL on February 10th 2016 by David Adrian and J.
Alex Halderman of the University of Michigan.  The underlying defect had by
then already been fixed by Emilia Käsper of OpenSSL on March 4th 2015.  The fix
for this issue can be identified by commits ae50d827 (1.0.2a), cd56a08d
(1.0.1m), 1a08063 (1.0.0r) and 65c588c (0.9.8zf).
Comment 1 Tomas Hoger 2016-02-25 20:26:50 UTC 
CVE-2015-0293 is tracked via bug 1202404.  For upstream commit correcting this issue, see bug 1202404 comment 5.
Comment 2 Martin Prpič 2016-02-29 12:35:33 UTC 
Acknowledgments:

Name: the OpenSSL project
Upstream: David Adrian (University of Michigan), J. Alex Halderman (University of Michigan)
Comment 3 Huzaifa S. Sidhpurwala 2016-03-01 14:15:04 UTC 
External References:

https://www.openssl.org/news/secadv/20160301.txt
Comment 4 errata-xmlrpc 2016-03-01 14:47:28 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 4 Extended Lifecycle Support

Via RHSA-2016:0306 https://rhn.redhat.com/errata/RHSA-2016-0306.html
Comment 5 errata-xmlrpc 2016-03-01 14:49:05 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 5.6 Long Life
  Red Hat Enterprise Linux 5.9 Long Life

Via RHSA-2016:0304 https://rhn.redhat.com/errata/RHSA-2016-0304.html
Comment 6 errata-xmlrpc 2016-03-01 14:50:46 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6.2 Advanced Update Support
  Red Hat Enterprise Linux 6.5 Advanced Update Support
  Red Hat Enterprise Linux 6.4 Advanced Update Support

Via RHSA-2016:0303 https://rhn.redhat.com/errata/RHSA-2016-0303.html
Comment 7 errata-xmlrpc 2016-03-09 04:09:52 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6
  Red Hat Enterprise Linux 7

Via RHSA-2016:0372 https://rhn.redhat.com/errata/RHSA-2016-0372.html
Comment 8 Harkanwal 2016-06-13 06:24:38 UTC 
By any chance these fixes will be available for centos distribution (6). Any ETA for same.

Thanks
Comment 9 Harkanwal 2016-06-13 09:03:17 UTC 
 By any chance these fixes will be available for centos distribution (6). Any ETA for same.

Thanks
Comment 10 Tomas Mraz 2016-09-09 08:19:17 UTC 
The situation is exactly the same as in case of CVE-2016-0703 - please read the description.