Re: OpenSSL Security Advisory [3rd May 2016]

[Gsunde Orangen <gsunde.orangen () gmail com>]

My current view on three of the issues:

* Padding oracle in AES-NI CBC MAC check (CVE-2016-2107)
The advisory says: "This issue was introduced as part of the fix for
Lucky 13 padding attack (CVE-2013-0169)".
So the following versions should be affected (ref.
https://openssl.org/news/vulnerabilities.html#y2013):
 - 1.0.2 through 1.02g
 - 1.0.1d through 1.0.1s
 - 1.0.0k and all later versions
 - 0.9.8y and all later versions

* ASN.1 BIO excessive memory allocation (CVE-2016-2109)
The OpenSSL code history tells that the vulnerable code is also in the
0.9.8 and 1.0.0 lines --> affected

* EBCDIC overread (CVE-2016-2176)
The OpenSS code history tells that the vulnerable code is also in the
0.9.8 and 1.0.0 lines --> affected
(btw: curious about where there are still EBCDIC systems that use
OpenSSL and are interested in fixing vulnerabilities...?)

Gsunde



On 03.05.2016, 17:21 Solar Designer wrote:
> Now we need to figure out which of these affect latest OpenSSL 1.0.0,
> even if unsupported.  I guess "Memory corruption in the ASN.1 encoder
> (CVE-2016-2108)" was fixed in 1.0.0 branch in 2015 as well?  I guess
> "Padding oracle in AES-NI CBC MAC check (CVE-2016-2107)" doesn't affect
> 1.0.0 since it lacks AES-NI support?  (I haven't confirmed either yet.)
>
> ----- Forwarded message from OpenSSL <openssl () openssl org> -----
>
> Date: Tue, 3 May 2016 14:04:55 +0000
> From: OpenSSL <openssl () openssl org>
> To: OpenSSL Developer ML <openssl-dev () openssl org>,
>  OpenSSL User Support ML <openssl-users () openssl org>,
>  OpenSSL Announce ML <openssl-announce () openssl org>
> Subject: [openssl-announce] OpenSSL Security Advisory
>
>
> OpenSSL Security Advisory [3rd May 2016]
> ========================================