Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

None

Privileges Required

Low

Attack Vector

Local

0

CVE-2016-2178

Disclosure Date: June 20, 2016 •

CVE-2016-2178 CVSS v3 Base Score: 5.5

Description

The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

5.5 Medium

Impact Score:

3.6

Exploitability Score:

1.8

Vector:

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector (AV):

Local

Attack Complexity (AC):

Low

Privileges Required (PR):

Low

User Interaction (UI):

None

Scope (S):

Unchanged

Confidentiality (C):

High

Integrity (I):

None

Availability (A):

None

References

Canonical

CVE-2016-2178 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2178)

BID-91081 (http://www.securityfocus.com/bid/91081)

Advisory

https://www.tenable.com/security/tns-2016-20

http://www.splunk.com/view/SP-CAAAPUE

http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

http://rhn.redhat.com/errata/RHSA-2017-1659.html

[oss-security] 20160609 Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations (http://www.openwall.com/lists/oss-security/2016/06/09/8)

https://access.redhat.com/errata/RHSA-2017:1658

http://rhn.redhat.com/errata/RHSA-2016-1940.html

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html

GLSA-201612-16 (https://security.gentoo.org/glsa/201612-16)

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us

http://www.splunk.com/view/SP-CAAAPSV

http://www-01.ibm.com/support/docview.wss?uid=swg21995039

http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

https://nodejs.org/en/blog/vulnerability/september-2016-security-releases

https://www.tenable.com/security/tns-2016-16

https://www.tenable.com/security/tns-2016-21

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

https://git.openssl.org?p=openssl.git;a=commit;h=399944622df7bd81af62e67ea967c470534090e2

http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

https://access.redhat.com/errata/RHSA-2017:0194

[oss-security] 20160608 CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations (http://www.openwall.com/lists/oss-security/2016/06/08/2)

https://access.redhat.com/errata/RHSA-2017:0193

https://bugzilla.redhat.com/show_bug.cgi?id=1343400

http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html

http://rhn.redhat.com/errata/RHSA-2016-2957.html

https://bto.bluecoat.com/security-advisory/sa132

http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448

SECTRACK-1036054 (http://www.securitytracker.com/id/1036054)

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759

https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/

https://git.openssl.org/?p=openssl.git;a=commit;h=399944622df7bd81af62e67ea967c470534090e2

https://kc.mcafee.com/corporate/index?page=content&id=SB10215

SUSE-SU-2017:2700 (http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html)

USN-3087-1 (http://www.ubuntu.com/usn/USN-3087-1)

SUSE-SU-2016:2469 (http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html)

20160927 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016 (http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160927-openssl)

[oss-security] 20160608 Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations (http://www.openwall.com/lists/oss-security/2016/06/08/8)

[oss-security] 20160608 Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations (http://www.openwall.com/lists/oss-security/2016/06/08/4)

openSUSE-SU-2016:2537 (http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html)

[oss-security] 20160608 Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations (http://www.openwall.com/lists/oss-security/2016/06/08/6)

https://support.f5.com/csp/article/K53084033

USN-3087-2 (http://www.ubuntu.com/usn/USN-3087-2)

SUSE-SU-2017:2699 (http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html)

openSUSE-SU-2016:2407 (http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html)

20170717 Orion Elite Hidden IP Browser Pro - All Versions - Multiple Known Vulnerabilities (http://seclists.org/fulldisclosure/2017/Jul/31)

SUSE-SU-2016:2458 (http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html)

https://support.hpe.com/hpsc/doc/public/display?docLocale=en&docId=emr_na-hpesbhf03856en_us

[oss-security] 20160608 Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations (http://www.openwall.com/lists/oss-security/2016/06/08/10)

[oss-security] 20160608 Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations (http://www.openwall.com/lists/oss-security/2016/06/08/11)

[oss-security] 20160608 Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations (http://www.openwall.com/lists/oss-security/2016/06/08/5)

DSA-3673 (http://www.debian.org/security/2016/dsa-3673)

openSUSE-SU-2016:2391 (http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html)

openSUSE-SU-2018:0458 (http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html)

[oss-security] 20160608 Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations (http://www.openwall.com/lists/oss-security/2016/06/08/12)

SUSE-SU-2016:2387 (http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html)

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05302448

SUSE-SU-2016:2468 (http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html)

openSUSE-SU-2016:2496 (http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html)

[oss-security] 20160608 Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations (http://www.openwall.com/lists/oss-security/2016/06/08/7)

[oss-security] 20160609 Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations (http://www.openwall.com/lists/oss-security/2016/06/09/2)

SUSE-SU-2016:2394 (http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html)

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en

Miscellaneous

https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc

http://eprint.iacr.org/2016/594.pdf

https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24

Rapid7

Technical Analysis