Exploit the possiblities
Showing 1 - 7 of 7 RSS Feed

CVE-2017-3731

Status Candidate

Overview

If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305; users should upgrade to 1.1.0d. For Openssl 1.0.2, the crash can be triggered when using RC4-MD5; users who have not disabled that algorithm should update to 1.0.2k.

Related Files

FreeBSD Security Advisory - FreeBSD-SA-17:02.openssl
Posted Feb 23, 2017
Site security.freebsd.org

FreeBSD Security Advisory - If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. There is a carry propagating bug in the x86_64 Montgomery squaring procedure. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. Various other issues have also been identified.

tags | advisory
systems | freebsd, bsd
advisories | CVE-2016-7055, CVE-2017-3731, CVE-2017-3732
MD5 | 61e028674e75cf79a6ef2b0daf4f97e0
Red Hat Security Advisory 2017-0286-01
Posted Feb 20, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0286-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: An integer underflow leading to an out of bounds read flaw was found in OpenSSL. A remote attacker could possibly use this flaw to crash a 32-bit TLS/SSL server or client using OpenSSL if it used the RC4-MD5 cipher suite.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2016-8610, CVE-2017-3731
MD5 | e3555d3da74a6f2c169653d44010e34c
Gentoo Linux Security Advisory 201702-07
Posted Feb 14, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201702-7 - Multiple vulnerabilities have been found in OpenSSL, the worst of which might allow attackers to access sensitive information. Versions less than 1.0.2k are affected.

tags | advisory, vulnerability
systems | linux, gentoo
advisories | CVE-2016-7055, CVE-2017-3730, CVE-2017-3731, CVE-2017-3732
MD5 | c6bf4dc6a719248f0294007cdff98ed7
Slackware Security Advisory - openssl Updates
Posted Feb 13, 2017
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New openssl packages are available for Slackware 14.2 and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2016-7055, CVE-2017-3731, CVE-2017-3732
MD5 | 443590d470a124a7e37f1eb84463977d
Ubuntu Security Notice USN-3181-1
Posted Feb 1, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3181-1 - Guido Vranken discovered that OpenSSL used undefined behaviour when performing pointer arithmetic. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS as other releases were fixed in a previous security update. It was discovered that OpenSSL did not properly handle Montgomery multiplication, resulting in incorrect results leading to transient failures. This issue only applied to Ubuntu 16.04 LTS, and Ubuntu 16.10. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2016-2177, CVE-2016-7055, CVE-2016-7056, CVE-2016-8610, CVE-2017-3731, CVE-2017-3732
MD5 | 0f9680e2f4dbf5ff74ebda76238f5372
Debian Security Advisory 3773-1
Posted Jan 30, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3773-1 - Several vulnerabilities were discovered in OpenSSL.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2016-7056, CVE-2016-8610, CVE-2017-3731
MD5 | 55059b83323f9dfe13d608a6fd08a273
OpenSSL Toolkit 1.0.2k
Posted Jan 26, 2017
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.

Changes: Bug fixes for an out-of-bounds read, a carry propagating bug, and multiple other issues.
tags | tool, encryption, protocol
systems | unix
advisories | CVE-2016-7055, CVE-2017-3731, CVE-2017-3732
MD5 | f965fc0bf01bf882b31314b61391ae65
Page 1 of 1
Back1Next

File Archive:

December 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    15 Files
  • 2
    Dec 2nd
    2 Files
  • 3
    Dec 3rd
    1 Files
  • 4
    Dec 4th
    15 Files
  • 5
    Dec 5th
    15 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    17 Files
  • 8
    Dec 8th
    15 Files
  • 9
    Dec 9th
    13 Files
  • 10
    Dec 10th
    4 Files
  • 11
    Dec 11th
    41 Files
  • 12
    Dec 12th
    44 Files
  • 13
    Dec 13th
    25 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close