CVE编号
CVE-2016-0701利用情况
暂无补丁情况
官方补丁披露时间
2016-02-15漏洞描述
OpenSSL是一个实现安全套接层和安全传输层协议的通用开源加密库,可支持多种加密算法,包括对称密码、哈希算法、安全散列算法等。OpenSSL存在一处加密算法破解漏洞,当满足一定条件,攻击者可以通过服务器发送大量的握手请求,当有足够多的计算数据完成后,攻击者可以获取部分密钥值,并结合其结果与中国剩余定理最终推导出解密密钥。
解决建议
厂商已发布了新版本修复该漏洞,请关注厂商主页下载:https://www.openssl.org/source
https://www.openssl.org/news/vulnerabilities.html#y2016
参考链接 |
|
|---|---|
| http://intothesymmetry.blogspot.com/2016/01/openssl-key-recovery-attack-on-dh... | |
| http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 | |
| http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176373.html | |
| http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html | |
| http://www.openssl.org/news/secadv/20160128.txt | |
| http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | |
| http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | |
| http://www.securityfocus.com/bid/82233 | |
| http://www.securityfocus.com/bid/91787 | |
| http://www.securitytracker.com/id/1034849 | |
| http://www.ubuntu.com/usn/USN-2883-1 | |
| https://git.openssl.org/?p=openssl.git;a=commit;h=878e2c5b13010329c203f309ed0... | |
| https://git.openssl.org/?p=openssl.git;a=commit;h=c5b831f21d0d29d1e517d139d9d... | |
| https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr... | |
| https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n... | |
| https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n... | |
| https://security.gentoo.org/glsa/201601-05 | |
| https://www.kb.cert.org/vuls/id/257823 | |
| https://www.oracle.com/security-alerts/cpuapr2020.html | |
| https://www.oracle.com/security-alerts/cpujan2020.html | |
| https://www.oracle.com/security-alerts/cpujul2020.html | |
| https://www.oracle.com/security-alerts/cpuoct2020.html | |
| https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html |
受影响软件情况
| # | 类型 | 厂商 | 产品 | 版本 | 影响面 | ||||
| 1 | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| 运行在以下环境 | |||||||||
| 应用 | openssl | openssl | 1.0.2 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | openssl | openssl | 1.0.2a | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | openssl | openssl | 1.0.2b | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | openssl | openssl | 1.0.2c | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | openssl | openssl | 1.0.2d | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | openssl | openssl | 1.0.2e | - | |||||
| 运行在以下环境 | |||||||||
| 系统 | fedora_23 | openssl | * |
Up to (excluding) 1.0.2f-1.fc23 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | fedora_23 | openssl-debuginfo | * |
Up to (excluding) 1.0.2f-1.fc23 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | fedora_23 | openssl-devel | * |
Up to (excluding) 1.0.2f-1.fc23 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | fedora_23 | openssl-libs | * |
Up to (excluding) 1.0.2f-1.fc23 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | fedora_23 | openssl-perl | * |
Up to (excluding) 1.0.2f-1.fc23 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | fedora_23 | openssl-static | * |
Up to (excluding) 1.0.2f-1.fc23 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | opensuse_11.4 | openssl | * |
Up to (excluding) 1.0.1p-71.1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | opensuse_11.4 | openssl-debuginfo | * |
Up to (excluding) 1.0.1p-71.1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | opensuse_11.4 | openssl-devel | * |
Up to (excluding) 1.0.1p-71.1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | opensuse_11.4 | openssl-libs | * |
Up to (excluding) 1.0.1p-71.1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | opensuse_11.4 | openssl-perl | * |
Up to (excluding) 1.0.1p-71.1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | opensuse_11.4 | openssl-static | * |
Up to (excluding) 1.0.1p-71.1 |
|||||
- 攻击路径 远程
- 攻击复杂度 困难
- 权限要求 无需权限
- 影响范围 有限影响
- EXP成熟度 未验证
- 补丁情况 官方补丁
- 数据保密性 无影响
- 数据完整性 无影响
- 服务器危害 无影响
- 全网数量 100
还没有评论,来说两句吧...