[Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems'
Notification of New Vulnerabilties to Windows Systems Fixlet Messages
winvulns-announcements at bigmail.bigfix.com
Tue Mar 14 05:21:06 PDT 2017
Fixlet Site - 'Vulnerabilities to Windows Systems'
Current Version: 542 Published: Mon, 13 Mar 2017 23:05:14 GMT
New Fixlets:
============
***************************************************************
Title: The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages - CVE-2016-2179
Severity: Medium
Fixlet ID: 190002
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1900
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2179
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial of service (memory consumption) by maintaining many crafted DTLS sessions simultaneously, related to d1_lib.c, statem_dtls.c, statem_lib.c, and statem_srvr.c.
***************************************************************
Title: The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results - CVE-2016-2182
Severity: High
Fixlet ID: 190102
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1901
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2182
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.
***************************************************************
Title: The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations - CVE-2016-2178
Severity: Low
Fixlet ID: 190202
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1902
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2178
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack.
***************************************************************
Title: The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length - CVE-2016-6302
Severity: Medium
Fixlet ID: 190302
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1903
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6302
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which allows remote attackers to cause a denial of service via a ticket that is too short.
***************************************************************
Title: Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service - CVE-2016-6303
Severity: High
Fixlet ID: 190402
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1904
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6303
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.
***************************************************************
Title: The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation in OpenSSL through 1.0.2h allows remote attackers to cause a denial of service - CVE-2016-2180
Severity: Medium
Fixlet ID: 190501
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1905
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2180
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation in OpenSSL through 1.0.2h allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted time-stamp file that is mishandled by the "openssl ts" command.
***************************************************************
Title: The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number - CVE-2016-2181
Severity: Medium
Fixlet ID: 190602
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1906
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2181
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number, which allows remote attackers to cause a denial of service (false-positive packet drops) via spoofed DTLS records, related to rec_layer_d1.c and ssl3_record.c.
***************************************************************
Title: OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks - CVE-2016-2177
Severity: High
Fixlet ID: 190702
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1907
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2177
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c.
***************************************************************
Title: Vulnerability in the ssl3_read_bytes function in record/rec_layer_s3.c in OpenSSL 1.1.0 before 1.1.0a - CVE-2016-6305
Severity: Medium
Fixlet ID: 192601
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1926
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6305
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The ssl3_read_bytes function in record/rec_layer_s3.c in OpenSSL 1.1.0 before 1.1.0a allows remote attackers to cause a denial of service (infinite loop) by triggering a zero-length record in an SSL_peek call.
***************************************************************
Title: Vulnerability in the state-machine implementation in OpenSSL 1.1.0 before 1.1.0a - CVE-2016-6307
Severity: Medium
Fixlet ID: 192702
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1927
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6307
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The state-machine implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consumption) via crafted TLS messages, related to statem/statem.c and statem/statem_lib.c.
***************************************************************
Title: Vulnerability in certificate parser in OpenSSL 1.0.1 before 1.0.1u, and 1.0.2 before 1.0.2i - CVE-2016-6306
Severity: Medium
Fixlet ID: 192802
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1928
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6306
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c.
***************************************************************
Title: Multiple memory leaks in OpenSSL 1.0.1 before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a - CVE-2016-6304
Severity: High
Fixlet ID: 192902
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1929
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6304
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions.
***************************************************************
Title: Vulnerability in statem/statem.c in OpenSSL 1.1.0a - CVE-2016-6309
Severity: High
Fixlet ID: 193001
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1930
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6309
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after a realloc call, which allows remote attackers to cause a denial of service (use-after-free) or possibly execute arbitrary code via a crafted TLS session.
***************************************************************
Title: Vulnerability in crypto/x509/x509_vfy.c in OpenSSL 1.0.2i - CVE-2016-7052
Severity: Medium
Fixlet ID: 193102
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1931
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7052
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: crypto/x509/x509_vfy.c in OpenSSL 1.0.2i allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by triggering a CRL operation.
***************************************************************
Title: statem/statem_dtls.c in the DTLS implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length - CVE-2016-6308
Severity: High
Fixlet ID: 194801
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1948
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6308
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: statem/statem_dtls.c in the DTLS implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consumption) via crafted DTLS messages.
More information about the WinVulns-Announcements
mailing list