wid-sec-w-2024-0208
Vulnerability from csaf_certbund
Published
2016-11-10 23:00
Modified
2024-01-29 23:00
Summary
OpenSSL: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
OpenSSL ist eine im Quelltext frei verfügbare Bibliothek, die Secure Sockets Layer (SSL) und Transport Layer Security (TLS) implementiert.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in OpenSSL ausnutzen, um einen Denial of Service Angriff oder einen Angriff mit nicht spezifizierten Auswirkungen durchzuführen.
Betroffene Betriebssysteme
- UNIX
- Linux
- Windows
- CISCO Appliance
- Juniper Appliance
- Appliance
{ "document": { "aggregate_severity": { "text": "mittel" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "OpenSSL ist eine im Quelltext frei verf\u00fcgbare Bibliothek, die Secure Sockets Layer (SSL) und Transport Layer Security (TLS) implementiert.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in OpenSSL ausnutzen, um einen Denial of Service Angriff oder einen Angriff mit nicht spezifizierten Auswirkungen durchzuf\u00fchren.", "title": "Angriff" }, { "category": "general", "text": "- UNIX\n- Linux\n- Windows\n- CISCO Appliance\n- Juniper Appliance\n- Appliance", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2024-0208 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2016/wid-sec-w-2024-0208.json" }, { "category": "self", "summary": "WID-SEC-2024-0208 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0208" }, { "category": "external", "summary": "OpenSSL Security Advisory vom 2016-11-10", "url": "http://www.openssl.org/news/secadv/20161110.txt" }, { "category": "external", "summary": "Cisco Security Advisory cisco-sa-20161114-openssl vom 2016-11-20", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161114-openssl" }, { "category": "external", "summary": "BLUECOAT Security Advisory SA135 vom 2016-12-01", "url": "https://bto.bluecoat.com/security-advisory/sa135" }, { "category": "external", "summary": "Ubuntu Security Notice USN-3181-1 vom 2017-01-31", "url": "http://www.ubuntu.com/usn/usn-3181-1/" }, { "category": "external", "summary": "Tenable Advisory ID: TNS-2017-03", "url": "https://www.tenable.com/security/tns-2017-03" }, { "category": "external", "summary": "F5 Security Advisory K43570545 vom 2017-02-03", "url": "https://support.f5.com/csp/article/K43570545" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2017:0431-1 vom 2017-02-09", "url": "https://www.suse.com/support/update/announcement/2017/suse-su-20170431-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2017:0441-1 vom 2017-02-11", "url": "https://www.suse.com/support/update/announcement/2017/suse-su-20170441-1.html" }, { "category": "external", "summary": "NetApp Advisory NTAP-20170127-0001", "url": "https://kb.netapp.com/support/s/article/ka51A00000007AWQAY/NTAP-20170127-0001?language=en_US" }, { "category": "external", "summary": "FreeBSD Security Advisory: FreeBSD-SA-17:02.openssl", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-17:02.openssl.asc" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2017:0855-1 vom 2017-03-29", "url": "https://www.suse.com/support/update/announcement/2017/suse-su-20170855-1.html" }, { "category": "external", "summary": "Brocade Security Advisory BSA-2016-206 vom 2017-04-03", "url": "http://www.brocade.com/content/dam/common/documents/content-types/security-bulletin/brocade-security-advisory-2016-206.htm" }, { "category": "external", "summary": "Brocade Security Advisory BSA-2016-205 vom 2017-04-03", "url": "http://www.brocade.com/content/dam/common/documents/content-types/security-bulletin/brocade-security-advisory-2016-205.htm" }, { "category": "external", "summary": "Brocade Security Advisory BSA-2016-207 vom 2017-04-03", "url": "http://www.brocade.com/content/dam/common/documents/content-types/security-bulletin/brocade-security-advisory-2016-207.htm" }, { "category": "external", "summary": "HPE Security Bulletin HPESBHF03744", "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03744en_us" }, { "category": "external", "summary": "Juniper Security Bulletin JSA10775 vom 2017-07-12", "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10775" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2018:2185 vom 2018-07-13", "url": "https://access.redhat.com/errata/RHSA-2018:2185" }, { "category": "external", "summary": "FortiGuard Labs OpenSSL Security Advisory", "url": "https://fortiguard.com/psirt/FG-IR-17-019" }, { "category": "external", "summary": "Juniper Security Advisory JSA10990 vom 2020-01-08", "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10990\u0026actp=RSS" }, { "category": "external", "summary": "Dell Knowledge Base Article", "url": "https://www.dell.com/support/kbdoc/en-us/000221474/dsa-2024-059-security-update-for-dell-networker-multiple-components-vulnerabilities" } ], "source_lang": "en-US", "title": "OpenSSL: Mehrere Schwachstellen", "tracking": { "current_release_date": "2024-01-29T23:00:00.000+00:00", "generator": { "date": "2024-02-15T17:58:03.466+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2024-0208", "initial_release_date": "2016-11-10T23:00:00.000+00:00", "revision_history": [ { "date": "2016-11-10T23:00:00.000+00:00", "number": "1", "summary": "Initial Release" }, { "date": "2016-11-10T23:00:00.000+00:00", "number": "2", "summary": "Version nicht vorhanden" }, { "date": "2016-11-10T23:00:00.000+00:00", "number": "3", "summary": "Version nicht vorhanden" }, { "date": "2016-11-10T23:00:00.000+00:00", "number": "4", "summary": "Version nicht vorhanden" }, { "date": "2016-11-10T23:00:00.000+00:00", "number": "5", "summary": "Version nicht vorhanden" }, { "date": "2016-11-10T23:00:00.000+00:00", "number": "6", "summary": "Version nicht vorhanden" }, { "date": "2016-11-10T23:00:00.000+00:00", "number": "7", "summary": "Version nicht vorhanden" }, { "date": "2016-11-30T23:00:00.000+00:00", "number": "8", "summary": "New remediations available" }, { "date": "2017-01-31T23:00:00.000+00:00", "number": "9", "summary": "New remediations available" }, { "date": "2017-02-02T23:00:00.000+00:00", "number": "10", "summary": "New remediations available" }, { "date": "2017-02-05T23:00:00.000+00:00", "number": "11", "summary": "New remediations available" }, { "date": "2017-02-09T23:00:00.000+00:00", "number": "12", "summary": "New remediations available" }, { "date": "2017-02-12T23:00:00.000+00:00", "number": "13", "summary": "New remediations available" }, { "date": "2017-02-19T23:00:00.000+00:00", "number": "14", "summary": "New remediations available" }, { "date": "2017-02-19T23:00:00.000+00:00", "number": "15", "summary": "Version nicht vorhanden" }, { "date": "2017-02-22T23:00:00.000+00:00", "number": "16", "summary": "New remediations available" }, { "date": "2017-03-30T22:00:00.000+00:00", "number": "17", "summary": "New remediations available" }, { "date": "2017-04-03T22:00:00.000+00:00", "number": "18", "summary": "New remediations available" }, { "date": "2017-05-22T22:00:00.000+00:00", "number": "19", "summary": "New remediations available" }, { "date": "2017-05-22T22:00:00.000+00:00", "number": "20", "summary": "Version nicht vorhanden" }, { "date": "2017-07-12T22:00:00.000+00:00", "number": "21", "summary": "New remediations available" }, { "date": "2017-07-12T22:00:00.000+00:00", "number": "22", "summary": "Version nicht vorhanden" }, { "date": "2018-07-12T22:00:00.000+00:00", "number": "23", "summary": "New remediations available" }, { "date": "2018-07-15T22:00:00.000+00:00", "number": "24", "summary": "New remediations available" }, { "date": "2018-07-15T22:00:00.000+00:00", "number": "25", "summary": "Version nicht vorhanden" }, { "date": "2020-01-08T23:00:00.000+00:00", "number": "26", "summary": "Neue Updates von Juniper aufgenommen" }, { "date": "2020-01-08T23:00:00.000+00:00", "number": "27", "summary": "Version nicht vorhanden" }, { "date": "2020-01-08T23:00:00.000+00:00", "number": "28", "summary": "Added references" }, { "date": "2024-01-25T23:00:00.000+00:00", "number": "29", "summary": "Neue Updates von Dell aufgenommen" }, { "date": "2024-01-29T23:00:00.000+00:00", "number": "30", "summary": "Schreibfehler korrigiert" } ], "status": "final", "version": "30" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_name", "name": "Cisco IOS XR", "product": { "name": "Cisco IOS XR", "product_id": "2062", "product_identification_helper": { "cpe": "cpe:/o:cisco:ios_xr:-" } } }, { "category": "product_name", "name": "Cisco Network Analysis Module", "product": { "name": "Cisco Network Analysis Module", "product_id": "2084", "product_identification_helper": { "cpe": "cpe:/h:cisco:network_analysis_module:-" } } }, { "category": "product_name", "name": "Cisco Security Manager (CSM)", "product": { "name": "Cisco Security Manager (CSM)", "product_id": "95918", "product_identification_helper": { "cpe": "cpe:/a:cisco:security_manager:-" } } }, { "category": "product_name", "name": "Cisco Unified Communications Manager (CUCM)", "product": { "name": "Cisco Unified Communications Manager (CUCM)", "product_id": "2142", "product_identification_helper": { "cpe": "cpe:/a:cisco:unified_communications_manager:-" } } }, { "category": "product_name", "name": "Cisco Unified Contact Center Enterprise", "product": { "name": "Cisco Unified Contact Center Enterprise", "product_id": "2143", "product_identification_helper": { "cpe": "cpe:/a:cisco:unified_contact_center_enterprise:-" } } }, { "category": "product_name", "name": "Cisco Unified IP Phone", "product": { "name": "Cisco Unified IP Phone", "product_id": "T001530", "product_identification_helper": { "cpe": "cpe:/h:cisco:unified_ip_phones:::9900_series" } } }, { "category": "product_name", "name": "Cisco Unity Connection", "product": { "name": "Cisco Unity Connection", "product_id": "161504", "product_identification_helper": { "cpe": "cpe:/a:cisco:unity_connection:1.1" } } }, { "category": "product_name", "name": "Cisco WebEx Meetings Server", "product": { "name": "Cisco WebEx Meetings Server", "product_id": "T001160", "product_identification_helper": { "cpe": "cpe:/a:cisco:webex_meetings_server:-" } } }, { "category": "product_name", "name": "Cisco Wide Area Application Services", "product": { "name": "Cisco Wide Area Application Services", "product_id": "2186", "product_identification_helper": { "cpe": "cpe:/a:cisco:wide_area_application_services:-" } } } ], "category": "vendor", "name": "Cisco" }, { "branches": [ { "category": "product_name", "name": "Dell NetWorker \u003c 19.10", "product": { "name": "Dell NetWorker \u003c 19.10", "product_id": "T032354", "product_identification_helper": { "cpe": "cpe:/a:dell:networker:19.10" } } } ], "category": "vendor", "name": "Dell" }, { "branches": [ { "branches": [ { "category": "product_name", "name": "Fortinet FortiOS \u003c 5.6.0", "product": { "name": "Fortinet FortiOS \u003c 5.6.0", "product_id": "T010101", "product_identification_helper": { "cpe": "cpe:/o:fortinet:fortios:5.6.0" } } }, { "category": "product_name", "name": "Fortinet FortiOS \u003c 5.4.6", "product": { "name": "Fortinet FortiOS \u003c 5.4.6", "product_id": "T011155", "product_identification_helper": { "cpe": "cpe:/o:fortinet:fortios:5.4.6" } } } ], "category": "product_name", "name": "FortiOS" } ], "category": "vendor", "name": "Fortinet" }, { "branches": [ { "category": "product_name", "name": "FreeBSD Project FreeBSD OS", "product": { "name": "FreeBSD Project FreeBSD OS", "product_id": "4035", "product_identification_helper": { "cpe": "cpe:/o:freebsd:freebsd:-" } } } ], "category": "vendor", "name": "FreeBSD Project" }, { "branches": [ { "category": "product_name", "name": "HPE Intelligent Management Center (IMC) \u003c 7.3 E0504P04", "product": { "name": "HPE Intelligent Management Center (IMC) \u003c 7.3 E0504P04", "product_id": "T009902", "product_identification_helper": { "cpe": "cpe:/a:hp:intelligent_management_center:7.3e0504p04" } } } ], "category": "vendor", "name": "HPE" }, { "branches": [ { "category": "product_name", "name": "Juniper JUNOS", "product": { "name": "Juniper JUNOS", "product_id": "5930", "product_identification_helper": { "cpe": "cpe:/o:juniper:junos:-" } } } ], "category": "vendor", "name": "Juniper" }, { "branches": [ { "category": "product_name", "name": "NetApp OnCommand Unified Manager", "product": { "name": "NetApp OnCommand Unified Manager", "product_id": "T009408", "product_identification_helper": { "cpe": "cpe:/a:netapp:oncommand_unified_manager:-" } } } ], "category": "vendor", "name": "NetApp" }, { "branches": [ { "category": "product_name", "name": "Open Source OpenSSL \u003c 1.1.0c", "product": { "name": "Open Source OpenSSL \u003c 1.1.0c", "product_id": "T008912", "product_identification_helper": { "cpe": "cpe:/a:openssl:openssl:1.1.0c" } } } ], "category": "vendor", "name": "Open Source" }, { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux", "product": { "name": "Red Hat Enterprise Linux", "product_id": "67646", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:-" } } } ], "category": "vendor", "name": "Red Hat" }, { "branches": [ { "category": "product_name", "name": "SUSE Linux", "product": { "name": "SUSE Linux", "product_id": "T002207", "product_identification_helper": { "cpe": "cpe:/o:suse:suse_linux:-" } } } ], "category": "vendor", "name": "SUSE" }, { "branches": [ { "category": "product_name", "name": "Ubuntu Linux", "product": { "name": "Ubuntu Linux", "product_id": "T000126", "product_identification_helper": { "cpe": "cpe:/o:canonical:ubuntu_linux:-" } } } ], "category": "vendor", "name": "Ubuntu" }, { "branches": [ { "category": "product_name", "name": "Cisco TelePresence Server", "product": { "name": "Cisco TelePresence Server", "product_id": "T001033", "product_identification_helper": { "cpe": "cpe:/a:cisco:telepresence_server:2.2" } } }, { "category": "product_name", "name": "Cisco TelePresence SX20", "product": { "name": "Cisco TelePresence SX20", "product_id": "T000641", "product_identification_helper": { "cpe": "cpe:/h:cisco:telepresence_sx20:-" } } }, { "category": "product_name", "name": "Cisco TelePresence System EX Series", "product": { "name": "Cisco TelePresence System EX Series", "product_id": "T000640", "product_identification_helper": { "cpe": "cpe:/h:cisco:telepresence_system_ex_series:-" } } }, { "category": "product_name", "name": "Cisco Video Surveillance", "product": { "name": "Cisco Video Surveillance", "product_id": "64489", "product_identification_helper": { "cpe": "cpe:/a:cisco:video_surveillance_ip_gateway_encoder_decoder:-" } } } ], "category": "vendor", "name": "cisco" } ] }, "vulnerabilities": [ { "cve": "CVE-2016-7053", "notes": [ { "category": "description", "text": "Es existiert eine Schwachstelle in OpenSSL. Die Schwachstelle beruht auf einem Fehler bei der Verarbeitung von ASN.1 CHOICE Typen. Ein Angreifer kann dies durch \u00dcbermittlung geeignet gestalteter Daten f\u00fcr einen Denial of Service Angriff nutzen." } ], "product_status": { "known_affected": [ "161504", "T001160", "T009408", "67646", "64489", "4035", "2143", "2142", "2186", "2084", "2062", "T032354", "T002207", "T000126", "95918", "T000641", "5930", "T000640", "T001530", "T001033" ] }, "release_date": "2016-11-10T23:00:00Z", "title": "CVE-2016-7053" }, { "cve": "CVE-2016-7054", "notes": [ { "category": "description", "text": "Es existiert eine Schwachstelle in OpenSSL. Die Schwachstelle betrifft TSL Verbindungen, welche die *-CHACHA20-POLY1305 Ciphersuites nutzen. Ein Angreifer kann durch \u00dcbermitteln geeignet gestalteter Daten einen Denial of Service hervorrufen." } ], "product_status": { "known_affected": [ "161504", "T001160", "67646", "64489", "2143", "2142", "2186", "2084", "2062", "T032354", "T002207", "T000126", "95918", "T000641", "T000640", "T001530", "T001033" ] }, "release_date": "2016-11-10T23:00:00Z", "title": "CVE-2016-7054" }, { "cve": "CVE-2016-7055", "notes": [ { "category": "description", "text": "Es existiert eine Schwachstelle in OpenSSL. Die Schwachstelle beruht auf einem Fehler in der Broadwell-spezifischen Montgomery Multiplikations Prozedur. Ein Angreifer kann dieses zu einem Angriff mit unbekannten Answirkungen nutzen." } ], "product_status": { "known_affected": [ "161504", "T001160", "T009408", "67646", "64489", "4035", "2143", "2142", "2186", "2084", "2062", "T032354", "T002207", "T000126", "95918", "T000641", "5930", "T000640", "T001530", "T001033" ] }, "release_date": "2016-11-10T23:00:00Z", "title": "CVE-2016-7055" } ] }
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.