CVE-2016-0703Sensitive Information Exposure in Openssl

CWE-200Sensitive Information ExposureCWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-310CWE-39923 documents15 sources
Severity
5.9MEDIUMNVD
EPSS
4.9%
top 10.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
OpensslPaloalto Pan-os
Timeline
PublishedMar 2
Latest updateDec 29

Description

The get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a accepts a nonzero CLIENT-MASTER-KEY CLEAR-KEY-LENGTH value for an arbitrary cipher, which allows man-in-the-middle attackers to determine the MASTER-KEY value and decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a related issue to CVE-2016-0800.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages3 packages

Debianopenssl/openssl< 1.0.0c-2+3
NVDopenssl/openssl0.9.8ze+32
Palo Altopaloalto/pan-os

🔴Vulnerability Details

3
GHSA
GHSA-jqfv-c9gp-wf8f: The get_client_master_key function in s2_srvr2022-05-13
CVEList
CVE-2016-0703: The get_client_master_key function in s2_srvr2016-03-02
OSV
CVE-2016-0703: The get_client_master_key function in s2_srvr2016-03-02

📋Vendor Advisories

6
CISA ICS
Siemens SCALANCE X-200RNA Switch Devices2022-12-19
Palo Alto
PAN-SA-2016-0030 OpenSSL Vulnerabilities2016-10-18
BSD
FreeBSD-SA-16:12.openssl: Multiple OpenSSL vulnerabilities2016-03-10
Cisco
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 20162016-03-02
Red Hat
openssl: Divide-and-conquer session key recovery in SSLv22016-03-01

🕵️Threat Intelligence

6
Tenable
[R3] LCE 5.0.0 Fixes Multiple Third-party Library Vulnerabilities2017-01-31
Tenable
New Scan Policies, Plugins and Dashboard for CVE-2016-0800: DROWN2016-03-07
Tenable
New Scan Policies, Plugins and Dashboard for CVE-2016-0800: DROWN2016-03-07
Qualys
SSL Labs DROWN Test Implementation Details | Qualys2016-03-04
Qualys
SSL Labs DROWN Test Implementation Details | Qualys2016-03-04

📄Research Papers

2
arXiv
One Bad Apple Spoils the Barrel: Understanding the Security Risks Introduced by Third-Party Components in IoT Firmware2022-12-29
arXiv
Secure by default - the case of TLS2017-08-24

💬Community

5
HackerOne
Cross-protocol attack on TLS using SSLv2 (DROWN) (CVE-2016-0800)2016-09-21
HackerOne
Divide-and-conquer session key recovery in SSLv2 (CVE-2016-0703)2016-06-01
Bugzilla
CVE-2016-0704 openssl: SSLv2 Bleichenbacher protection overwrites wrong bytes for export ciphers2016-02-22
Bugzilla
CVE-2016-0800 SSL/TLS: Cross-protocol attack on TLS using SSLv2 (DROWN)2016-02-22
Bugzilla
CVE-2016-0703 openssl: Divide-and-conquer session key recovery in SSLv22016-02-22
CVE-2016-0703 — Sensitive Information Exposure | cvebase