You are here

OpenSSL Vulnerabilities fixed in Version 1.0.1t and 1.0.2h

CVE-2016-2108, CVE-2016-2107, CVE-2016-2105, CVE-2016-2106, CVE-2016-2109, CVE-2016-2176
OpenSSL, Padding

On Mai 3, 2016, OpenSSL announced the discovery of six vulnerabilities [1].

Airlock WAF is affected by CVE-2016-2107. A man-in-the-middle attacker can use a padding oracle attack to decrypt traffic when the connection uses an AES CBC cipher and the server supports AES-NI. According to TLS expert Filippo Valsorda, the bug allows to recover 16 bytes of cleartext traffic when sent repeatedly [2].

Details of the other vulnerabilities:

  • CVE-2016-2108: Another padding oracle attack to AES CBC ciphers on AES-NI systems. Airlock WAF with hotfix HF0008 or HF5020 is not affected, because OpenSSL version 1.0.1q is not affected.
  • CVE-2016-2105 and CVE-2016-2106: An overflow can occur in the EVP_EncodeUpdate() function which is used for Base64 encoding. Airlock WAF is not affected because all OpenSSL internal calls to the function seem to be safe (according to OpenSSL project) and no other components on Airlock WAF are using the function.
  • CVE-2016-2109: When ASN.1 data is read using functions such as d2i_CMS_bio() an invalid encoding can potentially exhaust the memory. Airlock WAF is not affected because no untrusted ASN.1 structures are parsed by the affected functions.
  • CVE-2016-2176: ASN1 Strings longer than 1024 bytes can cause an overread in applications using the X509_NAME_oneline() function on EBCDIC systems. Airlock WAF is not affected because EBCDIC is not used (mainly used on IBM mainframes).

Hotfixes are available for Airlock WAF 5.2, 5.3.1 and 6.0 to update OpenSSL to version 1.0.1t and 1.0.2h (for version 6.0), respectively. The criticality of the hotfixes is medium.

Airlock Vulnerability Status: 
Airlock vulnerable, see resolution
Back-end Vulnerability Status: 
No action required