Bug 1310814 (CVE-2016-0704) - CVE-2016-0704 openssl: SSLv2 Bleichenbacher protection overwrites wrong bytes for export ciphers
Summary: CVE-2016-0704 openssl: SSLv2 Bleichenbacher protection overwrites wrong bytes...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2016-0704
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 1301847
TreeView+ depends on / blocked
 
Reported: 2016-02-22 17:24 UTC by Adam Mariš
Modified: 2021-10-21 00:50 UTC (History)
23 users (show)

Fixed In Version: openssl 1.0.2a, openssl 1.0.1m, openssl 1.0.0r, openssl 0.9.8zf
Doc Type: Bug Fix
Doc Text:
It was discovered that the SSLv2 protocol implementation in OpenSSL did not properly implement the Bleichenbacher protection for export cipher suites. An attacker could use a SSLv2 server using OpenSSL as a Bleichenbacher oracle.
Clone Of:
Environment:
Last Closed: 2021-10-21 00:50:50 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2016:0303 0 normal SHIPPED_LIVE Important: openssl security update 2016-03-01 19:45:41 UTC
Red Hat Product Errata RHSA-2016:0304 0 normal SHIPPED_LIVE Important: openssl security update 2016-03-01 19:45:06 UTC
Red Hat Product Errata RHSA-2016:0306 0 normal SHIPPED_LIVE Important: openssl security update 2016-03-01 19:44:56 UTC
Red Hat Product Errata RHSA-2016:0372 0 normal SHIPPED_LIVE Important: openssl098e security update 2016-03-09 09:08:29 UTC

Description Adam Mariš 2016-02-22 17:24:43 UTC 
Quoting upstream advisory:

This issue only affected versions of OpenSSL prior to March 19th 2015 at which
time the code was refactored to address the vulnerability CVE-2015-0293.

s2_srvr.c overwrite the wrong bytes in the master-key when applying
Bleichenbacher protection for export cipher suites.  This provides a
Bleichenbacher oracle, and could potentially allow more efficient variants of
the DROWN attack.

This issue affected OpenSSL versions 1.0.2, 1.0.1l, 1.0.0q, 0.9.8ze and all
earlier versions.  It was fixed in OpenSSL 1.0.2a, 1.0.1m, 1.0.0r and 0.9.8zf
(released March 19th 2015).

This issue was reported to OpenSSL on February 10th 2016 by David Adrian and J.
Alex Halderman of the University of Michigan.  The underlying defect had by
then already been fixed by Emilia Käsper of OpenSSL on March 4th 2015.  The fix
for this issue can be identified by commits ae50d827 (1.0.2a), cd56a08d
(1.0.1m), 1a08063 (1.0.0r) and 65c588c (0.9.8zf).
Comment 1 Tomas Hoger 2016-02-25 20:26:50 UTC 
CVE-2015-0293 is tracked via bug 1202404.  For upstream commit correcting this issue, see bug 1202404 comment 5.
Comment 2 Martin Prpič 2016-02-29 12:35:33 UTC 
Acknowledgments:

Name: the OpenSSL project
Upstream: David Adrian (University of Michigan), J. Alex Halderman (University of Michigan)
Comment 3 Huzaifa S. Sidhpurwala 2016-03-01 14:15:04 UTC 
External References:

https://www.openssl.org/news/secadv/20160301.txt
Comment 4 errata-xmlrpc 2016-03-01 14:47:28 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 4 Extended Lifecycle Support

Via RHSA-2016:0306 https://rhn.redhat.com/errata/RHSA-2016-0306.html
Comment 5 errata-xmlrpc 2016-03-01 14:49:05 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 5.6 Long Life
  Red Hat Enterprise Linux 5.9 Long Life

Via RHSA-2016:0304 https://rhn.redhat.com/errata/RHSA-2016-0304.html
Comment 6 errata-xmlrpc 2016-03-01 14:50:46 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6.2 Advanced Update Support
  Red Hat Enterprise Linux 6.5 Advanced Update Support
  Red Hat Enterprise Linux 6.4 Advanced Update Support

Via RHSA-2016:0303 https://rhn.redhat.com/errata/RHSA-2016-0303.html
Comment 7 errata-xmlrpc 2016-03-09 04:09:52 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6
  Red Hat Enterprise Linux 7

Via RHSA-2016:0372 https://rhn.redhat.com/errata/RHSA-2016-0372.html
Comment 8 Harkanwal 2016-06-13 06:24:38 UTC 
By any chance these fixes will be available for centos distribution (6). Any ETA for same.

Thanks
Comment 9 Harkanwal 2016-06-13 09:03:17 UTC 
 By any chance these fixes will be available for centos distribution (6). Any ETA for same.

Thanks
Comment 10 Tomas Mraz 2016-09-09 08:19:17 UTC 
The situation is exactly the same as in case of CVE-2016-0703 - please read the description.
Note You need to log in before you can comment on or make changes to this bug.