CVE-2016-0704

by Fred · 02/03/2016

An oracle protection mechanism in the get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a overwrites incorrect MASTER-KEY bytes during use of export cipher suites, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a related issue to CVE-2016-0800.

Date published : 2016-03-02

http://www.securityfocus.com/bid/83764

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl

CVE-2016-0704

Similar

Recent Posts

Categories

CVE-2016-0704

Share this:

Similar

Recent Posts

Categories

Tags