All Vulnerability Reports

CVE-2016-0800 & CVE-2016-0703 OpenSSL vulnerabilities


Severity

High

Vendor

OpenSSL

Versions Affected

  • SSLv2

Description

The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a "DROWN" attack.

The get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a accepts a nonzero CLIENT-MASTER-KEY CLEAR-KEY-LENGTH value for an arbitrary cipher, which allows man-in-the-middle attackers to determine the MASTER-KEY value and decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a related issue to CVE-2016-0800.

The Cloud Foundry team is aware of vulnerable versions of the Linux kernel but has determined that the project is not affected by this vulnerability.

Pivotal is aware of vulnerable versions of the Linux kernel but has determined that Pivotal Cloud Foundry products are not affected by this vulnerability.

Affected VMware Products and Versions

Severity is high unless otherwise noted.

  • The Cloud Foundry team has determined that the project is not exposed to this vulnerability and therefore do not require any upgrades.
  • The Pivotal CF team has determined that Pivotal CF products, such as Pivotal Operations Manager and Pivotal Elastic Runtime, are not exposed to this vulnerability and therefore do not require any upgrades.

Mitigation

Users of affected versions should apply the following mitigation:

  • The Cloud Foundry team has determined that the project is not exposed to this vulnerability and therefore do not require any upgrades.
  • The Pivotal CF team has determined that Pivotal CF products, such as Pivotal Operations Manager and Pivotal Elastic Runtime, are not exposed to this vulnerability and therefore do not require any upgrades.

Credit

N/A

References