CVE-2016-2178

LOW

Description

The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack.

ID	Name	Product	Family	Severity
119982	SUSE SLES12 Security Update : nodejs4 (SUSE-SU-2016:2470-1)	Nessus	SuSE Local Security Checks	high
107067	Arista Networks EOS 4.17 Multiple Vulnerabilities (SA0024) (SWEET32)	Nessus	Misc.	high
107066	Arista Networks EOS Multiple Vulnerabilities (SA0024) (SWEET32)	Nessus	Misc.	medium
106863	openSUSE Security Update : openssl-steam (openSUSE-2018-168)	Nessus	SuSE Local Security Checks	high
101845	Oracle E-Business Multiple Vulnerabilities (July 2017 CPU) (SWEET32)	Nessus	Misc.	critical
101141	RHEL 6 / 7 : JBoss EAP (RHSA-2017:1658)	Nessus	Red Hat Local Security Checks	high
101045	Tenable SecurityCenter OpenSSL 1.0.1 < 1.0.1u Multiple Vulnerabilities (SWEET32)	Nessus	Misc.	critical
100704	F5 Networks BIG-IP : OpenSSL vulnerability (K53084033)	Nessus	F5 Networks Local Security Checks	low
99930	Oracle Secure Global Desktop Multiple Vulnerabilities (April 2017 CPU) (SWEET32)	Nessus	Misc.	critical
99810	EulerOS 2.0 SP1 : openssl (EulerOS-SA-2016-1047)	Nessus	Huawei Local Security Checks	high
99594	Oracle Enterprise Manager Grid Control Multiple Vulnerabilities (April 2017 CPU) (SWEET32)	Nessus	Misc.	critical
97192	Tenable Nessus 6.x < 6.9 Multiple Vulnerabilities (TNS-2016-16) (SWEET32)	Nessus	CGI abuses : XSS	critical
96867	RHEL 7 : JBoss Core Services (RHSA-2017:0194)	Nessus	Red Hat Local Security Checks	critical
96824	RHEL 6 : JBoss Core Services (RHSA-2017:0193)	Nessus	Red Hat Local Security Checks	critical
96771	MySQL Enterprise Monitor 3.3.x < 3.3.1.1112 Multiple Vulnerabilities (SWEET32) (January 2017 CPU)	Nessus	CGI abuses	critical
96770	MySQL Enterprise Monitor 3.2.x < 3.2.5.1141 Multiple Vulnerabilities (SWEET32) (January 2017 CPU)	Nessus	CGI abuses	high
96767	MySQL Enterprise Monitor 3.1.x < 3.1.5.7958 Multiple Vulnerabilities (SWEET32) (January 2017 CPU)	Nessus	CGI abuses	high
96337	Tenable Passive Vulnerability Scanner 5.x < 5.2.0 Multiple Vulnerabilities (SWEET32)	Nessus	Misc.	critical
96316	Juniper Junos Multiple OpenSSL Vulnerabilities (JSA10759) (SWEET32)	Nessus	Junos Local Security Checks	critical
96145	IBM BigFix Remote Control < 9.1.3 Multiple Vulnerabilities (SWEET32)	Nessus	CGI abuses	high
95602	GLSA-201612-16 : OpenSSL: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	critical
95255	AIX OpenSSL Advisory : openssl_advisory21.asc (SWEET32)	Nessus	AIX Local Security Checks	critical
94811	Fedora 25 : 1:openssl (2016-64e0743e16)	Nessus	Fedora Local Security Checks	high
94198	MySQL 5.7.x < 5.7.16 Multiple Vulnerabilities (October 2016 CPU) (SWEET32)	Nessus	Databases	high
94197	MySQL 5.6.x < 5.6.34 Multiple Vulnerabilities (October 2016 CPU) (SWEET32)	Nessus	Databases	high
94167	MySQL 5.7.x < 5.7.16 Multiple Vulnerabilities (October 2016 CPU) (SWEET32)	Nessus	Databases	high
94166	MySQL 5.6.x < 5.6.34 Multiple Vulnerabilities (October 2016 CPU) (SWEET32)	Nessus	Databases	high
94095	OracleVM 3.2 : openssl (OVMSA-2016-0141)	Nessus	OracleVM Local Security Checks	high
94094	Oracle Linux 5 : openssl (ELSA-2016-3627)	Nessus	Oracle Linux Local Security Checks	high
94086	openSUSE Security Update : compat-openssl098 (openSUSE-2016-1189)	Nessus	SuSE Local Security Checks	high
94021	Amazon Linux AMI : openssl (ALAS-2016-755)	Nessus	Amazon Linux Local Security Checks	high
94002	openSUSE Security Update : nodejs (openSUSE-2016-1172)	Nessus	SuSE Local Security Checks	high
93978	Fedora 23 : 1:openssl (2016-97454404fe)	Nessus	Fedora Local Security Checks	high
93909	SUSE SLED12 / SLES12 Security Update : compat-openssl098 (SUSE-SU-2016:2468-1)	Nessus	SuSE Local Security Checks	high
93893	SUSE SLES11 Security Update : openssl (SUSE-SU-2016:2458-1)	Nessus	SuSE Local Security Checks	high
9625	OpenSSL 1.0.1 < 1.0.1u / 1.0.2 < 1.0.2i Multiple Vulnerabilities	Nessus Network Monitor	Web Servers	high
93815	OpenSSL 1.0.2 < 1.0.2i Multiple Vulnerabilities (SWEET32)	Nessus	Web Servers	critical
93814	OpenSSL 1.0.1 < 1.0.1u Multiple Vulnerabilities (SWEET32)	Nessus	Web Servers	critical
93795	Scientific Linux Security Update : openssl on SL6.x, SL7.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	high
93783	openSUSE Security Update : openssl (openSUSE-2016-1134)	Nessus	SuSE Local Security Checks	high
93777	CentOS 6 / 7 : openssl (CESA-2016:1940)	Nessus	CentOS Local Security Checks	high
93765	SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2016:2394-1)	Nessus	SuSE Local Security Checks	high
93763	RHEL 6 / 7 : openssl (RHSA-2016:1940)	Nessus	Red Hat Local Security Checks	high
93761	OracleVM 3.3 / 3.4 : openssl (OVMSA-2016-0135)	Nessus	OracleVM Local Security Checks	critical
93759	Oracle Linux 6 / 7 : openssl (ELSA-2016-1940)	Nessus	Oracle Linux Local Security Checks	high
93756	openSUSE Security Update : openssl (openSUSE-2016-1130)	Nessus	SuSE Local Security Checks	high
93752	Fedora 24 : 1:openssl (2016-a555159613)	Nessus	Fedora Local Security Checks	high
93734	SUSE SLES12 Security Update : openssl (SUSE-SU-2016:2387-1)	Nessus	SuSE Local Security Checks	high
93715	Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS : openssl regression (USN-3087-2)	Nessus	Ubuntu Local Security Checks	high
93690	Debian DLA-637-1 : openssl security update	Nessus	Debian Local Security Checks	high
93684	Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS : openssl vulnerabilities (USN-3087-1)	Nessus	Ubuntu Local Security Checks	high
93674	FreeBSD : OpenSSL -- multiple vulnerabilities (43eaa656-80bc-11e6-bf52-b499baebfeaf)	Nessus	FreeBSD Local Security Checks	high
93668	Debian DSA-3673-1 : openssl - security update	Nessus	Debian Local Security Checks	high
93663	Slackware 14.0 / 14.1 / 14.2 / current : openssl (SSA:2016-266-01)	Nessus	Slackware Local Security Checks	high
91553	FreeBSD : OpenSSL -- vulnerability in DSA signing (6f0529e2-2e82-11e6-b2ec-b499baebfeaf)	Nessus	FreeBSD Local Security Checks	low

CVE-2016-2178

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0