Scientific Linux Security Update : openssl on SL6.x, SL7.x i386/x86_64

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote Scientific Linux host is missing one or more security
updates.

Description :

Security Fix(es) :

- A memory leak flaw was found in the way OpenSSL handled
TLS status request extension data during session
renegotiation. A remote attacker could cause a TLS
server using OpenSSL to consume an excessive amount of
memory and, possibly, exit unexpectedly after exhausting
all available memory, if it enabled OCSP stapling
support. (CVE-2016-6304)

- It was discovered that OpenSSL did not always use
constant time operations when computing Digital
Signature Algorithm (DSA) signatures. A local attacker
could possibly use this flaw to obtain a private DSA key
belonging to another user or service running on the same
system. (CVE-2016-2178)

- It was discovered that the Datagram TLS (DTLS)
implementation could fail to release memory in certain
cases. A malicious DTLS client could cause a DTLS server
using OpenSSL to consume an excessive amount of memory
and, possibly, exit unexpectedly after exhausting all
available memory. (CVE-2016-2179)

- A flaw was found in the Datagram TLS (DTLS) replay
protection implementation in OpenSSL. A remote attacker
could possibly use this flaw to make a DTLS server using
OpenSSL to reject further packets sent from a DTLS
client over an established DTLS connection.
(CVE-2016-2181)

- An out of bounds write flaw was discovered in the
OpenSSL BN_bn2dec() function. An attacker able to make
an application using OpenSSL to process a large BIGNUM
could cause the application to crash or, possibly,
execute arbitrary code. (CVE-2016-2182)

- A flaw was found in the DES/3DES cipher was used as part
of the TLS/SSL protocol. A man-in-the-middle attacker
could use this flaw to recover some plaintext data by
capturing large amounts of encrypted traffic between
TLS/SSL server and client if the communication used a
DES/3DES based ciphersuite. (CVE-2016-2183)

This update mitigates the CVE-2016-2183 issue by lowering priority of
DES cipher suites so they are not preferred over cipher suites using
AES. For compatibility reasons, DES cipher suites remain enabled by
default and included in the set of cipher suites identified by the
HIGH cipher string. Future updates may move them to MEDIUM or not
enable them by default.

- An integer underflow flaw leading to a buffer over-read
was found in the way OpenSSL parsed TLS session tickets.
A remote attacker could use this flaw to crash a TLS
server using OpenSSL if it used SHA-512 as HMAC for
session tickets. (CVE-2016-6302)

- Multiple integer overflow flaws were found in the way
OpenSSL performed pointer arithmetic. A remote attacker
could possibly use these flaws to cause a TLS/SSL server
or client using OpenSSL to crash. (CVE-2016-2177)

- An out of bounds read flaw was found in the way OpenSSL
formatted Public Key Infrastructure Time-Stamp Protocol
data for printing. An attacker could possibly cause an
application using OpenSSL to crash if it printed time
stamp data from the attacker. (CVE-2016-2180)

- Multiple out of bounds read flaws were found in the way
OpenSSL handled certain TLS/SSL protocol handshake
messages. A remote attacker could possibly use these
flaws to crash a TLS/SSL server or client using OpenSSL.
(CVE-2016-6306)

See also :

http://www.nessus.org/u?7dfe070f

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)

Family: Scientific Linux Local Security Checks

Nessus Plugin ID: 93795 ()

Bugtraq ID:

CVE ID: CVE-2016-2177
CVE-2016-2178
CVE-2016-2179
CVE-2016-2180
CVE-2016-2181
CVE-2016-2182
CVE-2016-2183
CVE-2016-6302
CVE-2016-6304
CVE-2016-6306

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now