IM
IronMonkey Threat Research

CVE-2016-2178 MEDIUM

Published: 2016-06-20 | Last Modified: 2026-06-17 | Status: Modified

Description

The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack.

Additional Descriptions (1)

La función dsa_sign_setup en crypto/dsa/dsa_ossl.c en OpenSSL hasta la versión 1.0.2h no asegura correctamente la utilización de operaciones de tiempo constante, lo que facilita a usuarios locales descubrir una clave privada DSA a través de un ataque de sincronización de canal lateral.

CVSS Metrics

Base Score: 5.5 (MEDIUM)

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack VectorLOCAL
Attack ComplexityLOW
Privileges RequiredLOW
User InteractionNONE
ScopeUNCHANGED
Confidentiality ImpactHIGH
Integrity ImpactNONE
Availability ImpactNONE

Source: [email protected]

Type: Primary

Exploitability Score: 1.8

Impact Score: 3.6

Base Score: 2.1 (LOW)

AV:L/AC:L/Au:N/C:P/I:N/A:N

Access VectorLOCAL
Access ComplexityLOW
AuthenticationNONE
Confidentiality ImpactPARTIAL
Integrity ImpactNONE
Availability ImpactNONE

Source: [email protected]

Type: Primary

Exploitability Score: 3.9

Impact Score: 2.9

Weaknesses

Source Type Description
[email protected] Primary
en CWE-203

Affected Products

Vendor Product Version Update Type
openssl openssl 1.0.1 <built-in method update of dict object at 0x72a9b0c1b3c0> Application
openssl openssl 1.0.1a <built-in method update of dict object at 0x72a9b0c1bcc0> Application
openssl openssl 1.0.1b <built-in method update of dict object at 0x72a9cdc72700> Application
openssl openssl 1.0.1c <built-in method update of dict object at 0x72a9b0c19600> Application
openssl openssl 1.0.1d <built-in method update of dict object at 0x72a9b0c28bc0> Application
openssl openssl 1.0.1e <built-in method update of dict object at 0x72a9b0c2a6c0> Application
openssl openssl 1.0.1f <built-in method update of dict object at 0x72a9b0c1bc40> Application
openssl openssl 1.0.1g <built-in method update of dict object at 0x72a9b0c291c0> Application
openssl openssl 1.0.1h <built-in method update of dict object at 0x72a9cdc70d00> Application
openssl openssl 1.0.1i <built-in method update of dict object at 0x72a9b0c2b9c0> Application
openssl openssl 1.0.1j <built-in method update of dict object at 0x72a9cc7f5480> Application
openssl openssl 1.0.1k <built-in method update of dict object at 0x72a9b0c28340> Application
openssl openssl 1.0.1l <built-in method update of dict object at 0x72a9cdc71900> Application
openssl openssl 1.0.1m <built-in method update of dict object at 0x72a9cc82bf00> Application
openssl openssl 1.0.1n <built-in method update of dict object at 0x72a9cc7f60c0> Application
openssl openssl 1.0.1o <built-in method update of dict object at 0x72a9cdc71580> Application
openssl openssl 1.0.1p <built-in method update of dict object at 0x72a9b0c2b0c0> Application
openssl openssl 1.0.1q <built-in method update of dict object at 0x72a9cdc71180> Application
openssl openssl 1.0.1r <built-in method update of dict object at 0x72a9cc82bdc0> Application
openssl openssl 1.0.1s <built-in method update of dict object at 0x72a9cdc719c0> Application
openssl openssl 1.0.1t <built-in method update of dict object at 0x72ab5932ed80> Application
openssl openssl 1.0.2 <built-in method update of dict object at 0x72a9b0c29540> Application
openssl openssl 1.0.2a <built-in method update of dict object at 0x72a9cdc70c40> Application
openssl openssl 1.0.2b <built-in method update of dict object at 0x72a9b0c19fc0> Application
openssl openssl 1.0.2c <built-in method update of dict object at 0x72a9b0c1a6c0> Application
openssl openssl 1.0.2d <built-in method update of dict object at 0x72a9cc82af40> Application
openssl openssl 1.0.2e <built-in method update of dict object at 0x72a9cc82b140> Application
openssl openssl 1.0.2f <built-in method update of dict object at 0x72a9b0c19bc0> Application
openssl openssl 1.0.2g <built-in method update of dict object at 0x72a9b0c1af80> Application
openssl openssl 1.0.2h <built-in method update of dict object at 0x72a9ccf84780> Application
oracle linux 5 <built-in method update of dict object at 0x72a9e41d2080> Operating System
oracle linux 6 <built-in method update of dict object at 0x72a9b0d59f00> Operating System
oracle linux 7 <built-in method update of dict object at 0x72a9b0a7a6c0> Operating System
oracle solaris 10 <built-in method update of dict object at 0x72a9cc70c440> Operating System
oracle solaris 11.3 <built-in method update of dict object at 0x72a9b0d58380> Operating System
suse linux_enterprise 12.0 <built-in method update of dict object at 0x72a9cdc71ac0> Operating System
nodejs node.js * <built-in method update of dict object at 0x72a9cc7312c0> Application
nodejs node.js * <built-in method update of dict object at 0x72a9b0b027c0> Application
nodejs node.js * <built-in method update of dict object at 0x72a9cc70e200> Application
nodejs node.js * <built-in method update of dict object at 0x72a9cc41d140> Application
nodejs node.js * <built-in method update of dict object at 0x72a9b0a7b7c0> Application
debian debian_linux 8.0 <built-in method update of dict object at 0x72a9cc830580> Operating System
canonical ubuntu_linux 12.04 <built-in method update of dict object at 0x72a9cc64c3c0> Operating System
canonical ubuntu_linux 14.04 <built-in method update of dict object at 0x72a9b0a79a40> Operating System
canonical ubuntu_linux 16.04 <built-in method update of dict object at 0x72a9cc70ca00> Operating System

Affected Configurations

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*
Yes cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*
Yes cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*
Yes cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*
Yes cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*
Yes cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*
Yes cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*
Yes cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*
Yes cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*
Yes cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*
Yes cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*
Yes cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*
Yes cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*
Yes cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*
Yes cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*
Yes cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*
Yes cpe:2.3:a:openssl:openssl:1.0.1p:*:*:*:*:*:*:*
Yes cpe:2.3:a:openssl:openssl:1.0.1q:*:*:*:*:*:*:*
Yes cpe:2.3:a:openssl:openssl:1.0.1r:*:*:*:*:*:*:*
Yes cpe:2.3:a:openssl:openssl:1.0.1s:*:*:*:*:*:*:*
Yes cpe:2.3:a:openssl:openssl:1.0.1t:*:*:*:*:*:*:*
Yes cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*
Yes cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*
Yes cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*
Yes cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*
Yes cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*
Yes cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*
Yes cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*
Yes cpe:2.3:a:openssl:openssl:1.0.2g:*:*:*:*:*:*:*
Yes cpe:2.3:a:openssl:openssl:1.0.2h:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:oracle:linux:5:*:*:*:*:*:*:*
Yes cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*
Yes cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*
Yes cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*
Yes cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:suse:linux_enterprise:12.0:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
Yes cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
Yes cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
Yes cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*
Yes cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
Yes cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
Yes cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*

References

Notification
Message here