Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2016-2178

The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack.

Published

2016-06-20T01:59:03.023

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv3.1: 5.5 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

3.9

Impact Score

2.9

Weaknesses

Type: Primary
CWE-203

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	openssl	openssl	1.0.1	Yes
Application	openssl	openssl	1.0.1a	Yes
Application	openssl	openssl	1.0.1b	Yes
Application	openssl	openssl	1.0.1c	Yes
Application	openssl	openssl	1.0.1d	Yes
Application	openssl	openssl	1.0.1e	Yes
Application	openssl	openssl	1.0.1f	Yes
Application	openssl	openssl	1.0.1g	Yes
Application	openssl	openssl	1.0.1h	Yes
Application	openssl	openssl	1.0.1i	Yes
Application	openssl	openssl	1.0.1j	Yes
Application	openssl	openssl	1.0.1k	Yes
Application	openssl	openssl	1.0.1l	Yes
Application	openssl	openssl	1.0.1m	Yes
Application	openssl	openssl	1.0.1n	Yes
Application	openssl	openssl	1.0.1o	Yes
Application	openssl	openssl	1.0.1p	Yes
Application	openssl	openssl	1.0.1q	Yes
Application	openssl	openssl	1.0.1r	Yes
Application	openssl	openssl	1.0.1s	Yes
Application	openssl	openssl	1.0.1t	Yes
Application	openssl	openssl	1.0.2	Yes
Application	openssl	openssl	1.0.2a	Yes
Application	openssl	openssl	1.0.2b	Yes
Application	openssl	openssl	1.0.2c	Yes
Application	openssl	openssl	1.0.2d	Yes
Application	openssl	openssl	1.0.2e	Yes
Application	openssl	openssl	1.0.2f	Yes
Application	openssl	openssl	1.0.2g	Yes
Application	openssl	openssl	1.0.2h	Yes
Operating System	oracle	linux	5	Yes
Operating System	oracle	linux	6	Yes
Operating System	oracle	linux	7	Yes
Operating System	oracle	solaris	10	Yes
Operating System	oracle	solaris	11.3	Yes
Operating System	suse	linux_enterprise	12.0	Yes
Application	nodejs	node.js	< 0.10.47	Yes
Application	nodejs	node.js	< 0.12.16	Yes
Application	nodejs	node.js	≤ 4.1.2	Yes
Application	nodejs	node.js	< 4.6.0	Yes
Application	nodejs	node.js	< 6.7.0	Yes
Operating System	debian	debian_linux	8.0	Yes
Operating System	canonical	ubuntu_linux	12.04	Yes
Operating System	canonical	ubuntu_linux	14.04	Yes
Operating System	canonical	ubuntu_linux	16.04	Yes

References

http://eprint.iacr.org/2016/594.pdf Technical Description, Third Party Advisory ([email protected])
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html Mailing List, Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html Mailing List, Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html Mailing List, Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html Mailing List, Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html Mailing List, Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html Mailing List, Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html Mailing List, Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html Mailing List, Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html Mailing List, Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html Mailing List, Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html Mailing List, Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html Mailing List, Third Party Advisory ([email protected])
http://rhn.redhat.com/errata/RHSA-2016-1940.html Third Party Advisory ([email protected])
http://rhn.redhat.com/errata/RHSA-2016-2957.html Third Party Advisory ([email protected])
http://rhn.redhat.com/errata/RHSA-2017-1659.html Third Party Advisory ([email protected])
http://seclists.org/fulldisclosure/2017/Jul/31 Mailing List, Third Party Advisory ([email protected])
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160927-openssl Third Party Advisory ([email protected])
http://www-01.ibm.com/support/docview.wss?uid=swg21995039 Third Party Advisory ([email protected])
http://www.debian.org/security/2016/dsa-3673 Third Party Advisory ([email protected])
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en Third Party Advisory ([email protected])
http://www.openwall.com/lists/oss-security/2016/06/08/10 Mailing List, Third Party Advisory ([email protected])
http://www.openwall.com/lists/oss-security/2016/06/08/11 Mailing List, Third Party Advisory ([email protected])
http://www.openwall.com/lists/oss-security/2016/06/08/12 Mailing List, Third Party Advisory ([email protected])
http://www.openwall.com/lists/oss-security/2016/06/08/2 Mailing List, Patch, Third Party Advisory ([email protected])
http://www.openwall.com/lists/oss-security/2016/06/08/4 Mailing List, Third Party Advisory ([email protected])
http://www.openwall.com/lists/oss-security/2016/06/08/5 Mailing List, Third Party Advisory ([email protected])
http://www.openwall.com/lists/oss-security/2016/06/08/6 Mailing List, Third Party Advisory ([email protected])
http://www.openwall.com/lists/oss-security/2016/06/08/7 Mailing List, Third Party Advisory ([email protected])
http://www.openwall.com/lists/oss-security/2016/06/08/8 Mailing List, Third Party Advisory ([email protected])
http://www.openwall.com/lists/oss-security/2016/06/09/2 Mailing List, Third Party Advisory ([email protected])
http://www.openwall.com/lists/oss-security/2016/06/09/8 Mailing List, Third Party Advisory ([email protected])
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html Patch, Third Party Advisory ([email protected])
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html Patch, Third Party Advisory ([email protected])
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html Patch, Third Party Advisory ([email protected])
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html Patch, Third Party Advisory ([email protected])
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html Patch, Third Party Advisory ([email protected])
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html Third Party Advisory ([email protected])
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html Third Party Advisory ([email protected])
http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html Third Party Advisory ([email protected])
http://www.securityfocus.com/bid/91081 Third Party Advisory, VDB Entry ([email protected])
http://www.securitytracker.com/id/1036054 Third Party Advisory, VDB Entry ([email protected])
http://www.splunk.com/view/SP-CAAAPSV Third Party Advisory ([email protected])
http://www.splunk.com/view/SP-CAAAPUE Third Party Advisory ([email protected])
http://www.ubuntu.com/usn/USN-3087-1 Third Party Advisory ([email protected])
http://www.ubuntu.com/usn/USN-3087-2 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2017:0193 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2017:0194 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2017:1658 Third Party Advisory ([email protected])
https://bto.bluecoat.com/security-advisory/sa132 Third Party Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=1343400 Issue Tracking, Patch ([email protected])
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf ([email protected])
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=399944622df7bd81af62e67ea967c470534090e2 ([email protected])
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05302448 Third Party Advisory ([email protected])
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448 Third Party Advisory ([email protected])
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312 Third Party Advisory ([email protected])
https://kc.mcafee.com/corporate/index?page=content&id=SB10215 Third Party Advisory ([email protected])
https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/ Third Party Advisory ([email protected])
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc Third Party Advisory ([email protected])
https://security.gentoo.org/glsa/201612-16 Third Party Advisory, VDB Entry ([email protected])
https://support.f5.com/csp/article/K53084033 Third Party Advisory ([email protected])
https://support.hpe.com/hpsc/doc/public/display?docLocale=en&docId=emr_na-hpesbhf03856en_us Third Party Advisory ([email protected])
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us Third Party Advisory ([email protected])
https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24 Third Party Advisory ([email protected])
https://www.tenable.com/security/tns-2016-16 Third Party Advisory ([email protected])
https://www.tenable.com/security/tns-2016-20 Third Party Advisory ([email protected])
https://www.tenable.com/security/tns-2016-21 Third Party Advisory ([email protected])
http://eprint.iacr.org/2016/594.pdf Technical Description, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2016-1940.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2016-2957.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2017-1659.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/fulldisclosure/2017/Jul/31 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160927-openssl Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www-01.ibm.com/support/docview.wss?uid=swg21995039 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2016/dsa-3673 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2016/06/08/10 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2016/06/08/11 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2016/06/08/12 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2016/06/08/2 Mailing List, Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2016/06/08/4 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2016/06/08/5 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2016/06/08/6 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2016/06/08/7 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2016/06/08/8 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2016/06/09/2 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2016/06/09/8 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/91081 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1036054 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.splunk.com/view/SP-CAAAPSV Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.splunk.com/view/SP-CAAAPUE Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/USN-3087-1 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/USN-3087-2 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2017:0193 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2017:0194 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2017:1658 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bto.bluecoat.com/security-advisory/sa132 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=1343400 Issue Tracking, Patch (af854a3a-2127-422b-91ae-364da2661108)
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf (af854a3a-2127-422b-91ae-364da2661108)
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=399944622df7bd81af62e67ea967c470534090e2 (af854a3a-2127-422b-91ae-364da2661108)
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05302448 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://kc.mcafee.com/corporate/index?page=content&id=SB10215 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/201612-16 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://support.f5.com/csp/article/K53084033 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://support.hpe.com/hpsc/doc/public/display?docLocale=en&docId=emr_na-hpesbhf03856en_us Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.tenable.com/security/tns-2016-16 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.tenable.com/security/tns-2016-20 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.tenable.com/security/tns-2016-21 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)