5.5

CVE-2016-2178

The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpenSSLOpenSSL Version1.0.1
OpenSSLOpenSSL Version1.0.1a
OpenSSLOpenSSL Version1.0.1b
OpenSSLOpenSSL Version1.0.1c
OpenSSLOpenSSL Version1.0.1d
OpenSSLOpenSSL Version1.0.1e
OpenSSLOpenSSL Version1.0.1f
OpenSSLOpenSSL Version1.0.1g
OpenSSLOpenSSL Version1.0.1h
OpenSSLOpenSSL Version1.0.1i
OpenSSLOpenSSL Version1.0.1j
OpenSSLOpenSSL Version1.0.1k
OpenSSLOpenSSL Version1.0.1l
OpenSSLOpenSSL Version1.0.1m
OpenSSLOpenSSL Version1.0.1n
OpenSSLOpenSSL Version1.0.1o
OpenSSLOpenSSL Version1.0.1p
OpenSSLOpenSSL Version1.0.1q
OpenSSLOpenSSL Version1.0.1r
OpenSSLOpenSSL Version1.0.1s
OpenSSLOpenSSL Version1.0.1t
OpenSSLOpenSSL Version1.0.2
OpenSSLOpenSSL Version1.0.2a
OpenSSLOpenSSL Version1.0.2b
OpenSSLOpenSSL Version1.0.2c
OpenSSLOpenSSL Version1.0.2d
OpenSSLOpenSSL Version1.0.2e
OpenSSLOpenSSL Version1.0.2f
OpenSSLOpenSSL Version1.0.2g
OpenSSLOpenSSL Version1.0.2h
OracleLinux Version5
OracleLinux Version6
OracleLinux Version7
OracleSolaris Version10
OracleSolaris Version11.3
SuseLinux Enterprise Version12.0
NodejsNode.Js SwEdition- Version >= 0.10.0 < 0.10.47
NodejsNode.Js SwEdition- Version >= 0.12.0 < 0.12.16
NodejsNode.Js SwEdition- Version >= 4.0.0 <= 4.1.2
NodejsNode.Js SwEditionlts Version >= 4.2.0 < 4.6.0
NodejsNode.Js SwEdition- Version >= 5.0.0 < 6.7.0
DebianDebian Linux Version8.0
CanonicalUbuntu Linux Version12.04 SwEdition-
CanonicalUbuntu Linux Version14.04 SwEditionesm
CanonicalUbuntu Linux Version16.04 SwEditionesm
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.17% 0.634
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 2.1 3.9 2.9
AV:L/AC:L/Au:N/C:P/I:N/A:N
CWE-203 Observable Discrepancy

The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor.

https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
Patch
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
Patch
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-2957.html
Third Party Advisory
https://www.tenable.com/security/tns-2016-20
Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
Patch
Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
Patch
Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
Patch
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
Third Party Advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21995039
Third Party Advisory
https://security.gentoo.org/glsa/201612-16
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2017:0193
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:0194
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html
Third Party Advisory
Mailing List
http://rhn.redhat.com/errata/RHSA-2016-1940.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-1659.html
Third Party Advisory
http://seclists.org/fulldisclosure/2017/Jul/31
Third Party Advisory
Mailing List
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160927-openssl
Third Party Advisory
http://www.debian.org/security/2016/dsa-3673
Third Party Advisory
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en
Third Party Advisory
http://www.splunk.com/view/SP-CAAAPSV
Third Party Advisory
http://www.splunk.com/view/SP-CAAAPUE
Third Party Advisory
http://www.ubuntu.com/usn/USN-3087-1
Third Party Advisory
http://www.ubuntu.com/usn/USN-3087-2
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1658
Third Party Advisory
https://bto.bluecoat.com/security-advisory/sa132
Third Party Advisory
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05302448
Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448
Third Party Advisory
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312
Third Party Advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10215
Third Party Advisory
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc
Third Party Advisory
https://support.hpe.com/hpsc/doc/public/display?docLocale=en&docId=emr_na-hpesbhf03856en_us
Third Party Advisory
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us
Third Party Advisory
https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24
Third Party Advisory
https://www.tenable.com/security/tns-2016-16
Third Party Advisory
https://www.tenable.com/security/tns-2016-21
Third Party Advisory
http://eprint.iacr.org/2016/594.pdf
Third Party Advisory
Technical Description
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2016/06/08/10
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2016/06/08/11
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2016/06/08/12
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2016/06/08/2
Patch
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2016/06/08/4
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2016/06/08/5
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2016/06/08/6
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2016/06/08/7
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2016/06/08/8
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2016/06/09/2
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2016/06/09/8
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/91081
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1036054
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1343400
Patch
Issue Tracking
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=399944622df7bd81af62e67ea967c470534090e2
https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/
Third Party Advisory
https://support.f5.com/csp/article/K53084033
Third Party Advisory