Palo Alto Networks Security Advisories / PAN-SA-2016-0030

PAN-SA-2016-0030 OpenSSL Vulnerabilities


047910
Severity 5.9 · MEDIUM
Attack Vector NETWORK
Scope UNCHANGED
Attack Complexity HIGH
Confidentiality Impact HIGH
Privileges Required NONE
Integrity Impact NONE
User Interaction NONE
Availability Impact NONE
JSON CSAF
Published 2016-10-18
Updated 2016-10-18
Reference PAN-55477, 92481, PAN-SA-2016-0030

Description

The OpenSSL library has been found to contain vulnerabilities CVE-2016-0703, CVE-2016-0704, and CVE-2016-0800. Palo Alto Networks software makes use of the vulnerable library. (Ref # PAN-55477/92481)

The OpenSSL library in use by PAN-OS is patched on a regular basis. Severities of the CVEs listed under the summary section range from moderate to high but have not been shown to be exploitable at the time of this advisory.

This issue affects PAN-OS 5.0; PAN-OS 5.1; PAN-OS 6.0.14 and earlier; PAN-OS 6.1.11 and earlier

CVECVSSSummary
CVE-2016-07035.9 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)The get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a accepts a nonzero CLIENT-MASTER-KEY CLEAR-KEY-LENGTH value for an arbitrary cipher, which allows man-in-the-middle attackers to determine the MASTER-KEY value and decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a related issue to CVE-2016-0800.
CVE-2016-07045.9 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)An oracle protection mechanism in the get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a overwrites incorrect MASTER-KEY bytes during use of export cipher suites, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a related issue to CVE-2016-0800.
CVE-2016-08005.9 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a "DROWN" attack.

Product Status

VersionsAffectedUnaffected
PAN-OS 6.1<= 6.1.11>= 6.1.12
PAN-OS 6.0<= 6.0.14>= 6.0.15

Severity: MEDIUM

CVSSv3.0 Base Score: 5.9 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

Weakness Type

CWE-200 Information Exposure

Solution

PAN-OS 6.0.15 and later; PAN-OS 6.1.12 and later

Workarounds and Mitigations

N/A

Terms of usePrivacyProduct Security Assurance and Vulnerability Disclosure PolicyReport vulnerabilitiesManage subscriptions
© 2024 Palo Alto Networks, Inc. All rights reserved.