Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

fstec логотип

BDU:2019-00985

Опубликовано: 27 фев. 2019
Источник: fstec
CVSS3: 5.9
CVSS2: 7.1
EPSS Низкий

Описание

Уязвимость функции SSL_shutdown() средства криптографической защиты OpenSSL связана с отсутствием защиты служебных данных. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, раскрыть защищаемую информацию

Вендор

ООО «РусБИТех-Астра»
Oracle Corp.
Red Hat Inc.
Canonical Ltd.
Сообщество свободного программного обеспечения
Novell Inc.
Siemens AG
OpenSSL Software Foundation
ООО «Ред Софт»
ООО «Открытая мобильная платформа»

Наименование ПО

Astra Linux Special Edition
API Gateway
Red Hat Enterprise Linux
Ubuntu
Debian GNU/Linux
OpenSUSE Leap
Enterprise Manager Ops Center
JD Edwards EnterpriseOne Tools
PeopleSoft Enterprise PeopleTools
SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP
OpenSSL
Suse Linux Enterprise Desktop
SUSE Enterprise Storage
SUSE Linux Enterprise Server for SAP Applications
SUSE Linux Enterprise Software Development Kit
SUSE OpenStack Cloud
SUSE Linux Enterprise Module for Open Buildservice Development Tools
Red Hat Virtualization
Suse Linux Enterprise Server
Business Intelligence Enterprise Edition
Oracle Secure Global Desktop
Enterprise Manager Base Platform
SUSE Linux Enterprise Module for Web Scripting
Endeca Server
Enterprise Communications Broker
JD Edwards World Security
SUSE Linux Enterprise Point of Sale
SUSE CaaS Platform
SUSE Linux Enterprise Module for Legacy Software
SUSE OpenStack Cloud Crowbar
MySQL Connectors
MySQL Server
MySQL Enterprise Monitor
OpenStack Cloud Magnum Orchestration
Jboss Web Server
Fujitsu M10-1
Fujitsu M10-4
Fujitsu M10-4S
Fujitsu M12-1
Fujitsu M12-2
Fujitsu M12-2S
РЕД ОС
Sun ZFS Storage Appliance Kit
Oracle Communications Session Border Controller
Oracle Enterprise Session Border Controller
Communications Unified Session Manager
Oracle Communications Session Router
Communications Diameter Signaling Router
MySQL Workbench
Services Tools Bundle
Communications Performance Intelligence Center (PIC) Software
ОС Аврора

Версия ПО

1.5 «Смоленск» (Astra Linux Special Edition)
11.1.2.4.0 (API Gateway)
6 (Red Hat Enterprise Linux)
7 (Red Hat Enterprise Linux)
16.04 LTS (Ubuntu)
9 (Debian GNU/Linux)
42.3 (OpenSUSE Leap)
18.04 LTS (Ubuntu)
12.3.3 (Enterprise Manager Ops Center)
9.2 (JD Edwards EnterpriseOne Tools)
18.10 (Ubuntu)
8.55 (PeopleSoft Enterprise PeopleTools)
8.56 (PeopleSoft Enterprise PeopleTools)
8.57 (PeopleSoft Enterprise PeopleTools)
V2.6.0 (SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP)
от 1.0.2 до 1.0.2q включительно (OpenSSL)
12 SP3 (Suse Linux Enterprise Desktop)
12 SP4 (Suse Linux Enterprise Desktop)
4 (SUSE Enterprise Storage)
12 SP2 (SUSE Linux Enterprise Server for SAP Applications)
12 SP2-BCL (SUSE Linux Enterprise Server for SAP Applications)
12 SP2-ESPOS (SUSE Linux Enterprise Server for SAP Applications)
12 SP2-LTSS (SUSE Linux Enterprise Server for SAP Applications)
12 SP3 (SUSE Linux Enterprise Server for SAP Applications)
12 SP4 (SUSE Linux Enterprise Server for SAP Applications)
12 SP3 (SUSE Linux Enterprise Software Development Kit)
12 SP4 (SUSE Linux Enterprise Software Development Kit)
7 (SUSE OpenStack Cloud)
8.0 (Debian GNU/Linux)
15 (SUSE Linux Enterprise Module for Open Buildservice Development Tools)
4 (Red Hat Virtualization)
12 SP3 (Suse Linux Enterprise Server)
12 SP4 (Suse Linux Enterprise Server)
11.1.1.9.0 (Business Intelligence Enterprise Edition)
12.2.1.3.0 (Business Intelligence Enterprise Edition)
12.2.1.4.0 (Business Intelligence Enterprise Edition)
5.4 (Oracle Secure Global Desktop)
13.2.0.0.0 (Enterprise Manager Base Platform)
13.3.0.0.0 (Enterprise Manager Base Platform)
12.1.0.5.0 (Enterprise Manager Base Platform)
12 (SUSE Linux Enterprise Module for Web Scripting)
7.7.0 (Endeca Server)
PCz3.0 (Enterprise Communications Broker)
A9.3 (JD Edwards World Security)
A9.3.1 (JD Edwards World Security)
A9.4 (JD Edwards World Security)
15.0 (OpenSUSE Leap)
12 SP2-CLIENT (SUSE Linux Enterprise Point of Sale)
12 SP2-BCL (Suse Linux Enterprise Server)
12 SP2-ESPOS (Suse Linux Enterprise Server)
- (SUSE CaaS Platform)
15 SP1 (SUSE Linux Enterprise Module for Legacy Software)
15 (SUSE Linux Enterprise Module for Legacy Software)
11 SP3 (SUSE Linux Enterprise Point of Sale)
12-LTSS (Suse Linux Enterprise Server)
12 SP1 (SUSE Linux Enterprise Server for SAP Applications)
12 SP1-LTSS (SUSE Linux Enterprise Server for SAP Applications)
12-LTSS (SUSE Linux Enterprise Server for SAP Applications)
15.1 (OpenSUSE Leap)
11 SP4-LTSS (Suse Linux Enterprise Server)
12 SP1-LTSS (Suse Linux Enterprise Server)
12 SP2-LTSS (Suse Linux Enterprise Server)
11 SP4-LTSS (SUSE Linux Enterprise Server for SAP Applications)
8 (SUSE OpenStack Cloud Crowbar)
до 5.3.12 включительно (MySQL Connectors)
до 8.0.15 включительно (MySQL Connectors)
до 5.6.43 включительно (MySQL Server)
до 5.7.25 включительно (MySQL Server)
до 8.0.15 включительно (MySQL Server)
до 4.0.8 включительно (MySQL Enterprise Monitor)
до 8.0.14 включительно (MySQL Enterprise Monitor)
12.4.0 (Enterprise Manager Ops Center)
7 (OpenStack Cloud Magnum Orchestration)
12 (SUSE Linux Enterprise Module for Legacy Software)
11-SECURITY (Suse Linux Enterprise Server)
11-SECURITY (SUSE Linux Enterprise Server for SAP Applications)
5.0 (Jboss Web Server)
до XCP2361 (Fujitsu M10-1)
до XCP3070 (Fujitsu M10-1)
до XCP2361 (Fujitsu M10-4)
до XCP3070 (Fujitsu M10-4)
до XCP2361 (Fujitsu M10-4S)
до XCP3070 (Fujitsu M10-4S)
до XCP2361 (Fujitsu M12-1)
до XCP3070 (Fujitsu M12-1)
до XCP3070 (Fujitsu M12-2)
до XCP2361 (Fujitsu M12-2)
до XCP2361 (Fujitsu M12-2S)
до XCP3070 (Fujitsu M12-2S)
до 7.2 Муром (РЕД ОС)
8.8.6 (Sun ZFS Storage Appliance Kit)
PCz3.1 (Enterprise Communications Broker)
PCz3.2 (Enterprise Communications Broker)
8.0 (Oracle Communications Session Border Controller)
8.1 (Oracle Communications Session Border Controller)
8.2 (Oracle Communications Session Border Controller)
8.3 (Oracle Communications Session Border Controller)
7.5 (Oracle Enterprise Session Border Controller)
8.0 (Oracle Enterprise Session Border Controller)
8.1 (Oracle Enterprise Session Border Controller)
8.2 (Oracle Enterprise Session Border Controller)
8.3 (Oracle Enterprise Session Border Controller)
7.3.5 (Communications Unified Session Manager)
8.2.5 (Communications Unified Session Manager)
7.4 (Oracle Communications Session Router)
8.0 (Oracle Communications Session Router)
8.1 (Oracle Communications Session Router)
8.2 (Oracle Communications Session Router)
8.3 (Oracle Communications Session Router)
7.4 (Oracle Communications Session Border Controller)
8.0 (Communications Diameter Signaling Router)
8.1 (Communications Diameter Signaling Router)
8.2 (Communications Diameter Signaling Router)
8.3 (Communications Diameter Signaling Router)
8.4 (Communications Diameter Signaling Router)
до 8.0.16 включительно (MySQL Workbench)
19.2 (Services Tools Bundle)
5.2 on RHEL 6 (Jboss Web Server)
5.2 on RHEL 7 (Jboss Web Server)
5.2 on RHEL 8 (Jboss Web Server)
10.4.0.2 (Communications Performance Intelligence Center (PIC) Software)
до 3.2.3.31 (ОС Аврора)
до 3.2.3.31 (ОС Аврора)
до 3.2.3.31 (ОС Аврора)
до 3.2.3.31 (ОС Аврора)

Тип ПО

Операционная система
ПО программно-аппаратных средств защиты
Сетевое программное средство
Прикладное ПО информационных систем
ПО программно-аппаратного средства АСУ ТП
Программное средство защиты
ПО виртуализации/ПО виртуального программно-аппаратного средства
СУБД
ПО сетевого программно-аппаратного средства

Операционные системы и аппаратные платформы

ООО «РусБИТех-Астра» Astra Linux Special Edition 1.5 «Смоленск»
Red Hat Inc. Red Hat Enterprise Linux 6
Red Hat Inc. Red Hat Enterprise Linux 7
Canonical Ltd. Ubuntu 16.04 LTS
Сообщество свободного программного обеспечения Debian GNU/Linux 9
Novell Inc. OpenSUSE Leap 42.3
Canonical Ltd. Ubuntu 18.04 LTS
Canonical Ltd. Ubuntu 18.10
Novell Inc. Suse Linux Enterprise Desktop 12 SP3
Novell Inc. Suse Linux Enterprise Desktop 12 SP4
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP2
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP2-BCL
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP2-ESPOS
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP2-LTSS
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP3
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP4
Сообщество свободного программного обеспечения Debian GNU/Linux 8.0
Novell Inc. Suse Linux Enterprise Server 12 SP3
Novell Inc. Suse Linux Enterprise Server 12 SP4
Novell Inc. OpenSUSE Leap 15.0
Novell Inc. Suse Linux Enterprise Server 12 SP2-BCL
Novell Inc. Suse Linux Enterprise Server 12 SP2-ESPOS
Novell Inc. Suse Linux Enterprise Server 12-LTSS
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP1
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP1-LTSS
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12-LTSS
Novell Inc. OpenSUSE Leap 15.1
Novell Inc. Suse Linux Enterprise Server 11 SP4-LTSS
Novell Inc. Suse Linux Enterprise Server 12 SP1-LTSS
Novell Inc. Suse Linux Enterprise Server 12 SP2-LTSS
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 11 SP4-LTSS
Novell Inc. Suse Linux Enterprise Server 11-SECURITY
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 11-SECURITY
ООО «Ред Софт» РЕД ОС до 7.2 Муром
ООО «Открытая мобильная платформа» ОС Аврора до 3.2.3.31
ООО «Открытая мобильная платформа» ОС Аврора до 3.2.3.31
ООО «Открытая мобильная платформа» ОС Аврора до 3.2.3.31
ООО «Открытая мобильная платформа» ОС Аврора до 3.2.3.31

Уровень опасности уязвимости

Высокий уровень опасности (базовая оценка CVSS 2.0 составляет 7,1)
Средний уровень опасности (базовая оценка CVSS 3.0 составляет 5,9)

Возможные меры по устранению уязвимости

Использование рекомендаций:
https://usn.ubuntu.com/3899-1/
https://www.openssl.org/news/secadv/20190226.txt
Для ОС Astra Linux 1.6 «Смоленск»:
обновить пакет openssl1.0 до 1.0.2s-1~deb9u1 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/pages/viewpage.action?pageId=57444186

Статус уязвимости

Подтверждена производителем

Наличие эксплойта

Данные уточняются

Информация об устранении

Уязвимость устранена

Ссылки на источники

Идентификаторы других систем описаний уязвимостей

EPSS

Процентиль: 89%
0.04426
Низкий

5.9 Medium

CVSS3

7.1 High

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2019-1559

CVSS3: 5.9
ubuntu
больше 6 лет назад

If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).

redhat логотип

CVE-2019-1559

CVSS3: 5.9
redhat
больше 6 лет назад

If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).

nvd логотип

CVE-2019-1559

CVSS3: 5.9
nvd
больше 6 лет назад

If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).

debian логотип

CVE-2019-1559

CVSS3: 5.9
debian
больше 6 лет назад

If an application encounters a fatal protocol error and then calls SSL ...

suse-cvrf логотип

openSUSE-SU-2019:1637-1

suse-cvrf
почти 6 лет назад

Security update for compat-openssl098

EPSS

Процентиль: 89%
0.04426
Низкий

5.9 Medium

CVSS3

7.1 High

CVSS2