exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 14 of 14 RSS Feed

CVE-2016-0797

Status Candidate

Overview

Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c.

Related Files

HPE Security Bulletin HPESBHF03741 1
Posted May 4, 2017
Authored by Hewlett Packard Enterprise | Site hpe.com

HPE Security Bulletin HPESBHF03741 1 - Potential security vulnerabilities with OpenSSL have been addressed for HPE Network products including Comware 7, IMC, and VCX. The vulnerabilities could be remotely exploited resulting in Denial of Service (DoS) or disclosure of sensitive information, or locally exploited resulting in unauthorized disclosure of information. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
advisories | CVE-2016-0702, CVE-2016-0703, CVE-2016-0704, CVE-2016-0705, CVE-2016-0797, CVE-2016-0798, CVE-2016-0799, CVE-2016-0800, CVE-2016-2842
SHA-256 | 273a8e07f2cfd72d286f3067512289a13cef04a30487bc2abfabe81687e89a5e
HP Security Bulletin HPSBMU03685 1
Posted Jan 19, 2017
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03685 1 - Multiple potential security vulnerabilities have been identified in HPE Insight Control server provisioning (ICsp) software. The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS), arbitrary code execution, arbitrary command execution, unauthorized access to files or disclosure of sensitive information. Revision 1 of this advisory.

tags | advisory, denial of service, arbitrary, vulnerability, code execution
advisories | CVE-2014-0050, CVE-2014-4877, CVE-2015-6420, CVE-2015-7547, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0799, CVE-2016-2842
SHA-256 | 7c572b3e24df1d149872d9d6f48b13a5c0031cc58055e6a8a1c95b1c448324e2
Red Hat Security Advisory 2016-2957-01
Posted Dec 16, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2957-01 - This release of Red Hat JBoss Core Services httpd 2.4.23 serves as a replacement for JBoss Core Services Apache HTTP Server 2.4.6. Security Fix: This update fixes several flaws in OpenSSL.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2012-1148, CVE-2014-3523, CVE-2014-8176, CVE-2015-0209, CVE-2015-0286, CVE-2015-3185, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196, CVE-2015-3216, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0799, CVE-2016-1762, CVE-2016-1833, CVE-2016-1834, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, CVE-2016-1840, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109
SHA-256 | 74baff33a674c45e41ccf55a650db1510528f79d7721465b4047850b17a58f49
Apple Security Advisory 2016-10-27-1
Posted Oct 28, 2016
Authored by Apple | Site apple.com

Apple Security Advisory 2016-10-27-1 - Xcode 8.1 is now available and addresses code execution vulnerabilities.

tags | advisory, vulnerability, code execution
systems | apple
advisories | CVE-2015-3193, CVE-2015-3194, CVE-2015-6764, CVE-2015-8027, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-1669, CVE-2016-2086, CVE-2016-2216
SHA-256 | df4e9e18d07031af03162429c5cf5f429609a92fcbc73263b3a265198afd9ef3
HP Security Bulletin HPSBGN03563 1
Posted Mar 25, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03563 1 - Security vulnerabilities in the OpenSSL library could potentially impact HPE IceWall products resulting in local or remote Denial of Service (DoS) and local disclosure of sensitive information. Revision 1 of this advisory.

tags | advisory, remote, denial of service, local, vulnerability
advisories | CVE-2016-0702, CVE-2016-0705, CVE-2016-0797
SHA-256 | 57d02e5956b8e30e3dcc52080b4967e3e1c4122e0888e933cc4d3579340a64cc
Gentoo Linux Security Advisory 201603-15
Posted Mar 21, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201603-15 - Multiple vulnerabilities have been found in OpenSSL, the worst allowing remote attackers to decrypt TLS sessions. Versions less than 1.0.2g-r2 are affected.

tags | advisory, remote, vulnerability
systems | linux, gentoo
advisories | CVE-2016-0702, CVE-2016-0703, CVE-2016-0704, CVE-2016-0705, CVE-2016-0797, CVE-2016-0798, CVE-2016-0799, CVE-2016-0800
SHA-256 | 6f0722d9e284f07b269abf7998e9e52da12fdf8dcb8e32ab4f709a7b253f0481
Red Hat Security Advisory 2016-0379-01
Posted Mar 10, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0379-01 - The rhev-hypervisor package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2015-3197, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0800
SHA-256 | 1cc214b641b5bda32f5dc10666b2a6b70654295af330c0b73323cea0e135646c
Slackware Security Advisory - openssl Updates
Posted Mar 3, 2016
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0798, CVE-2016-0799, CVE-2016-0800
SHA-256 | 264c7d3a0be7e52080a43814d32ce36c6ea5a6fb431cee874379e6cfa549c6e4
Red Hat Security Advisory 2016-0302-01
Posted Mar 2, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0302-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2015-3197, CVE-2016-0797, CVE-2016-0800
SHA-256 | 7f307653c8a35db568106e61a7b17d8070ee4b40d776118f84222053ea23e83c
Red Hat Security Advisory 2016-0301-01
Posted Mar 2, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0301-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2015-3197, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0800
SHA-256 | 2355a22eadd6bc95f2b7051a23cb14934b794d9459acfd366d78f256e320c291
Ubuntu Security Notice USN-2914-1
Posted Mar 2, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2914-1 - Yuval Yarom, Daniel Genkin, and Nadia Heninger discovered that OpenSSL was vulnerable to a side-channel attack on modular exponentiation. On certain CPUs, a local attacker could possibly use this issue to recover RSA keys. This flaw is known as CacheBleed. Adam Langley discovered that OpenSSL incorrectly handled memory when parsing DSA private keys. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0798, CVE-2016-0799
SHA-256 | b41695e06cd41d2e76d57c53c67028225e7af5f7b366b2f6f536e19119d0ae4b
Debian Security Advisory 3500-1
Posted Mar 2, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3500-1 - Several vulnerabilities were discovered in OpenSSL, a Secure Socket Layer toolkit.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0798, CVE-2016-0799
SHA-256 | 3f9c70f25ffb5429b54fefdf73340747e4caeeb652fd96453dd3848535c499db
OpenSSL Toolkit 1.0.2g
Posted Mar 1, 2016
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.

Changes: Disabled weak ciphers in SSLv3 and up in default builds of OpenSSL. Disabled SSLv2 default build, default negotiation and weak ciphers. Fixed a double-free in DSA code. Various other security issues addressed.
tags | tool, encryption, protocol
systems | unix
advisories | CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0798, CVE-2016-0799
SHA-256 | b784b1b3907ce39abf4098702dade6365522a253ad1552e267a9a0e89594aa33
OpenSSL Security Advisory 20160301
Posted Mar 1, 2016
Site openssl.org

OpenSSL Security Advisory 20160301 - A cross-protocol attack was discovered that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA padding oracle. Note that traffic between clients and non-vulnerable servers can be decrypted provided another server supporting SSLv2 and EXPORT ciphers (even with a different protocol such as SMTP, IMAP or POP) shares the RSA keys of the non-vulnerable server. This vulnerability is known as DROWN (CVE-2016-0800). Other issues were also addressed.

tags | advisory, imap, protocol
advisories | CVE-2015-0293, CVE-2015-3197, CVE-2016-0702, CVE-2016-0703, CVE-2016-0704, CVE-2016-0705, CVE-2016-0797, CVE-2016-0798, CVE-2016-0799, CVE-2016-0800
SHA-256 | 01a1884d87908b83b7d1ea8457725884e3808b62f9b3c4b5d54e2a07a55e9dd8
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close