Bug 977616 (CVE-2016-2107) - VUL-0: CVE-2016-2107: openssl: Padding oracle in AES-NI CBC MAC check
Summary: VUL-0: CVE-2016-2107: openssl: Padding oracle in AES-NI CBC MAC check
Status: RESOLVED FIXED
Alias: CVE-2016-2107
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Major
Target Milestone: ---
Deadline: 2016-05-10
Assignee: Security Team bot
QA Contact: Security Team bot
URL:
Whiteboard: CVSSv2:SUSE:CVE-2016-2107:7.1:(AV:N/...
Keywords:
Depends on:
Blocks: 977584
  Show dependency treegraph
 
Reported: 2016-04-28 11:19 UTC by Andreas Stieger
Modified: 2022-02-16 21:23 UTC (History)
7 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Stieger 2016-04-28 11:19:17 UTC 
EMBARGOED
CRD: 2016-03-03 15:00 UTC

Padding oracle in AES-NI CBC MAC check (CVE-2016-2107)
======================================================

Severity: High

A MITM attacker can use a padding oracle attack to decrypt traffic
when the connection uses an AES CBC cipher and the server support
AES-NI.

This issue was introduced as part of the fix for Lucky 13 padding
attack (CVE-2013-0169). The padding check was rewritten to be in
constant time by making sure that always the same bytes are read and
compared against either the MAC or padding bytes. But it no longer
checked that there was enough data to have both the MAC and padding
bytes.

This issue was reported to OpenSSL on 13th of April 2016 by Juraj
Somorovsky. The fix was developed by Kurt Roeckx of the OpenSSL
development team.

See 2752.patch (mjc link https://gitlab.openssl.org/openssl/openssl/merge_requests/2572)

(patch not yet shared)
Comment 1 Andreas Stieger 2016-04-28 12:10:59 UTC 
CRD: 2016-05-03 15:00 UTC
Comment 2 Swamp Workflow Management 2016-04-28 22:00:47 UTC 
bugbot adjusting priority
Comment 4 Andreas Stieger 2016-04-29 12:25:12 UTC 
Issue introduced upstream by fix for CVE-2013-0169
https://www.openssl.org/news/secadv/20130205.txt

Meaning the upstream releases 1.0.1d/1.0.1e, 1.0.0k or 0.9.8y and later were affected upstream, without accounting for our backports.
Comment 11 Swamp Workflow Management 2016-05-03 08:03:05 UTC 
An update workflow for this issue was started.
This issue was rated as important.
Please submit fixed packages until 2016-05-10.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/62679
Comment 12 Bernhard Wiedemann 2016-05-03 15:00:34 UTC 
This is an autogenerated message for OBS integration:
This bug (977616) was mentioned in
https://build.opensuse.org/request/show/393430 13.2+42.1 / openssl
Comment 13 Bernhard Wiedemann 2016-05-03 16:00:28 UTC 
This is an autogenerated message for OBS integration:
This bug (977616) was mentioned in
https://build.opensuse.org/request/show/393456 Factory / openssl
Comment 16 Swamp Workflow Management 2016-05-03 20:09:22 UTC 
SUSE-SU-2016:1206-1: An update that solves 5 vulnerabilities and has four fixes is now available.

Category: security (important)
Bug References: 889013,971354,976942,976943,977614,977615,977616,977617,977621
CVE References: CVE-2016-2105,CVE-2016-2106,CVE-2016-2107,CVE-2016-2108,CVE-2016-2109
Sources used:
SUSE Linux Enterprise Server 11-SECURITY (src):    openssl1-1.0.1g-0.47.1
Comment 17 Forgotten User MuQ5q_YN48 2016-05-04 07:19:54 UTC 
(In reply to Andreas Stieger from comment #4)
> Issue introduced upstream by fix for CVE-2013-0169
> https://www.openssl.org/news/secadv/20130205.txt
> 
> Meaning the upstream releases 1.0.1d/1.0.1e, 1.0.0k or 0.9.8y and later were
> affected upstream, without accounting for our backports.

As per: http://seclists.org/oss-sec/2016/q2/202 I agree that upstream
 - 1.0.1d through 1.0.1s
 - 1.0.2 through 1.0.2g
are affected upstream.
But 0.9.8 and 1.0.0 lines are not affected (no AES-NI support)
Comment 18 Vítězslav Čížek 2016-05-04 08:42:32 UTC 
There's a reproducer (written in Go) at
https://github.com/FiloSottile/CVE-2016-2107
Comment 19 Swamp Workflow Management 2016-05-04 14:15:20 UTC 
SUSE-SU-2016:1228-1: An update that solves 5 vulnerabilities and has three fixes is now available.

Category: security (important)
Bug References: 958501,976942,976943,977614,977615,977616,977617,977621
CVE References: CVE-2016-2105,CVE-2016-2106,CVE-2016-2107,CVE-2016-2108,CVE-2016-2109
Sources used:
SUSE Linux Enterprise Software Development Kit 12 (src):    openssl-1.0.1i-27.16.1
SUSE Linux Enterprise Server 12 (src):    openssl-1.0.1i-27.16.1
SUSE Linux Enterprise Desktop 12 (src):    openssl-1.0.1i-27.16.1
Comment 20 Swamp Workflow Management 2016-05-04 16:10:45 UTC 
SUSE-SU-2016:1233-1: An update that solves 5 vulnerabilities and has three fixes is now available.

Category: security (important)
Bug References: 958501,976942,976943,977614,977615,977616,977617,977621
CVE References: CVE-2016-2105,CVE-2016-2106,CVE-2016-2107,CVE-2016-2108,CVE-2016-2109
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    openssl-1.0.1i-47.1
SUSE Linux Enterprise Server 12-SP1 (src):    openssl-1.0.1i-47.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    openssl-1.0.1i-47.1
Comment 21 Marcus Meissner 2016-05-05 07:19:15 UTC 
good write up by cloudflare

https://blog.cloudflare.com/yet-another-padding-oracle-in-openssl-cbc-ciphersuites/
Comment 22 Swamp Workflow Management 2016-05-05 11:08:17 UTC 
openSUSE-SU-2016:1237-1: An update that solves 5 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 976942,976943,977614,977615,977616,977617
CVE References: CVE-2016-2105,CVE-2016-2106,CVE-2016-2107,CVE-2016-2108,CVE-2016-2109
Sources used:
openSUSE Evergreen 11.4 (src):    openssl-1.0.1p-74.1
Comment 23 Swamp Workflow Management 2016-05-05 11:09:23 UTC 
openSUSE-SU-2016:1238-1: An update that solves 5 vulnerabilities and has three fixes is now available.

Category: security (important)
Bug References: 958501,976942,976943,977614,977615,977616,977617,977621
CVE References: CVE-2016-2105,CVE-2016-2106,CVE-2016-2107,CVE-2016-2108,CVE-2016-2109
Sources used:
openSUSE 13.2 (src):    openssl-1.0.1k-2.36.1
Comment 24 Swamp Workflow Management 2016-05-05 11:11:58 UTC 
openSUSE-SU-2016:1240-1: An update that solves 5 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 976942,976943,977614,977615,977616,977617
CVE References: CVE-2016-2105,CVE-2016-2106,CVE-2016-2107,CVE-2016-2108,CVE-2016-2109
Sources used:
openSUSE 13.1 (src):    openssl-1.0.1k-11.87.1
Comment 25 Swamp Workflow Management 2016-05-05 16:09:40 UTC 
openSUSE-SU-2016:1243-1: An update that solves 5 vulnerabilities and has three fixes is now available.

Category: security (important)
Bug References: 958501,976942,976943,977614,977615,977616,977617,977621
CVE References: CVE-2016-2105,CVE-2016-2106,CVE-2016-2107,CVE-2016-2108,CVE-2016-2109
Sources used:
openSUSE Leap 42.1 (src):    openssl-1.0.1i-15.1
Comment 26 Marcus Meissner 2016-05-11 08:54:11 UTC 
released
Comment 27 Bernhard Wiedemann 2016-05-11 10:00:43 UTC 
This is an autogenerated message for OBS integration:
This bug (977616) was mentioned in
https://build.opensuse.org/request/show/394817 42.2 / openssl
Comment 28 Swamp Workflow Management 2016-06-14 09:09:19 UTC 
openSUSE-SU-2016:1566-1: An update that fixes 5 vulnerabilities is now available.

Category: security (important)
Bug References: 968047,968048,968050,977614,977616
CVE References: CVE-2016-0702,CVE-2016-0705,CVE-2016-0797,CVE-2016-2105,CVE-2016-2107
Sources used:
openSUSE Leap 42.1 (src):    nodejs-4.4.5-27.1
openSUSE 13.2 (src):    nodejs-4.4.5-18.1
Comment 30 Swamp Workflow Management 2022-02-16 21:23:45 UTC 
SUSE-FU-2022:0445-1: An update that solves 183 vulnerabilities, contains 21 features and has 299 fixes is now available.

Category: feature (moderate)
Bug References: 1000080,1000117,1000194,1000677,1000742,1001148,1001912,1002585,1002895,1003091,1005246,1009528,1010874,1010966,1011936,1015549,1019637,1021641,1022085,1022086,1022271,1027079,1027610,1027688,1027705,1027908,1028281,1028723,1029523,1029902,1030038,1032118,1032119,1035604,1039469,1040164,1040256,1041090,1042392,1042670,1044095,1044107,1044175,1049186,1049304,1050653,1050665,1055478,1055542,1055825,1056058,1056951,1057496,1062237,1065363,1066242,1066873,1068790,1070737,1070738,1070853,1071905,1071906,1071941,1073310,1073845,1073879,1074247,1076519,1077096,1077230,1078329,1079761,1080301,1081005,1081750,1081751,1082155,1082163,1082318,1083826,1084117,1084157,1085276,1085529,1085661,1087102,1087104,1088573,1089039,1090427,1090765,1090953,1093518,1093917,1094788,1094814,1094883,1095267,1096738,1096937,1097158,1097531,1097624,1098535,1098592,1099308,1099569,1100078,1101246,1101470,1102868,1104789,1106197,1108508,1109882,1109998,1110435,1110869,1110871,1111493,1111622,1111657,1112209,1112357,1113534,1113652,1113742,1113975,1115769,1117951,1118611,1119376,1119416,1119792,1121717,1121852,1122191,1123064,1123185,1123186,1123558,1124885,1125815,1126283,1126318,1127080,1127173,1128146,1128323,1128355,1129071,1129566,1130840,1131291,1132174,1132323,1132455,1132663,1132900,1135009,1136444,1138666,1138715,1138746,1139915,1140255,1141168,1142899,1143033,1143454,1143893,1144506,1149686,1149792,1150003,1150190,1150250,1150895,1153830,1155815,1156677,1156694,1156908,1157104,1157354,1158809,1159235,1159538,1160163,1161557,1161770,1162224,1162367,1162743,1163978,1164310,1165439,1165578,1165730,1165823,1165960,1166139,1166758,1167008,1167501,1167732,1167746,1168480,1168973,1169489,1170175,1170863,1171368,1171561,1172226,1172908,1172928,1173226,1173356,1174009,1174091,1174514,1175729,1176116,1176129,1176134,1176232,1176256,1176257,1176258,1176259,1176262,1176389,1176785,1176977,1177120,1177127,1177559,1178168,1178341,1178670,1179491,1179562,1179630,1179805,1180125,1180781,1181126,1181324,1181944,1182066,1182211,1182244,1182264,1182331,1182333,1182379,1182963,1183059,1183374,1183858,1184505,1185588,1185706,1185748,1186738,1187045,1189521,1190781,1193357,356549,381844,394317,408865,428177,430141,431945,437293,442740,459468,489641,504687,509031,526319,590833,610223,610642,629905,637176,651003,657698,658604,670526,673071,693027,715423,720601,743787,747125,748738,749210,749213,749735,750618,751718,751946,751977,754447,754677,761500,774710,784670,784994,787526,793420,799119,802184,803004,809831,811890,822642,825221,828513,831629,832833,834601,835687,839107,84331,849377,855666,855676,856687,857203,857850,858239,867887,869945,871152,872299,873351,876282,876710,876712,876748,880891,885662,885882,889013,889363,892477,892480,895129,898917,901223,901277,901902,902364,906878,907584,908362,908372,912014,912015,912018,912292,912293,912294,912296,912460,913229,915479,917607,917759,917815,919648,920236,922448,922488,922496,922499,922500,926597,929678,929736,930189,931698,931978,933898,933911,934487,934489,934491,934493,935856,937085,937212,937492,937634,937912,939456,940608,942385,942751,943421,944204,945455,946648,947104,947357,947679,948198,952871,954256,954486,954690,957812,957813,957815,958501,961334,962291,963415,963974,964204,964472,964474,965830,967128,968046,968047,968048,968050,968265,968270,968374,968601,975875,976942,977584,977614,977615,977616,977663,978224,981848,982268,982575,983249,984323,985054,988086,990207,990392,990419,990428,991193,991877,992120,992988,992989,992992,993130,993819,993825,993968,994749,994844,994910,995075,995324,995359,995377,995959,996255,997043,997614,998190,999665,999666,999668
CVE References: CVE-2006-2937,CVE-2006-2940,CVE-2006-3738,CVE-2006-4339,CVE-2006-4343,CVE-2006-7250,CVE-2007-3108,CVE-2007-4995,CVE-2007-5135,CVE-2008-0891,CVE-2008-1672,CVE-2008-5077,CVE-2009-0590,CVE-2009-0591,CVE-2009-0789,CVE-2009-1377,CVE-2009-1378,CVE-2009-1379,CVE-2009-1386,CVE-2009-1387,CVE-2010-0740,CVE-2010-0742,CVE-2010-1633,CVE-2010-2939,CVE-2010-3864,CVE-2010-5298,CVE-2011-0014,CVE-2011-3207,CVE-2011-3210,CVE-2011-3389,CVE-2011-4108,CVE-2011-4576,CVE-2011-4577,CVE-2011-4619,CVE-2011-4944,CVE-2012-0027,CVE-2012-0050,CVE-2012-0845,CVE-2012-0884,CVE-2012-1150,CVE-2012-1165,CVE-2012-2110,CVE-2012-2686,CVE-2012-4929,CVE-2013-0166,CVE-2013-0169,CVE-2013-1752,CVE-2013-4238,CVE-2013-4314,CVE-2013-4353,CVE-2013-6449,CVE-2013-6450,CVE-2014-0012,CVE-2014-0076,CVE-2014-0160,CVE-2014-0195,CVE-2014-0198,CVE-2014-0221,CVE-2014-0224,CVE-2014-1829,CVE-2014-1830,CVE-2014-2667,CVE-2014-3470,CVE-2014-3505,CVE-2014-3506,CVE-2014-3507,CVE-2014-3508,CVE-2014-3509,CVE-2014-3510,CVE-2014-3511,CVE-2014-3512,CVE-2014-3513,CVE-2014-3566,CVE-2014-3567,CVE-2014-3568,CVE-2014-3570,CVE-2014-3571,CVE-2014-3572,CVE-2014-4650,CVE-2014-5139,CVE-2014-7202,CVE-2014-7203,CVE-2014-8275,CVE-2014-9721,CVE-2015-0204,CVE-2015-0205,CVE-2015-0206,CVE-2015-0209,CVE-2015-0286,CVE-2015-0287,CVE-2015-0288,CVE-2015-0289,CVE-2015-0293,CVE-2015-1788,CVE-2015-1789,CVE-2015-1790,CVE-2015-1791,CVE-2015-1792,CVE-2015-2296,CVE-2015-3194,CVE-2015-3195,CVE-2015-3196,CVE-2015-3197,CVE-2015-3216,CVE-2015-4000,CVE-2016-0702,CVE-2016-0705,CVE-2016-0797,CVE-2016-0798,CVE-2016-0799,CVE-2016-0800,CVE-2016-10745,CVE-2016-2105,CVE-2016-2106,CVE-2016-2107,CVE-2016-2109,CVE-2016-2176,CVE-2016-2177,CVE-2016-2178,CVE-2016-2179,CVE-2016-2180,CVE-2016-2181,CVE-2016-2182,CVE-2016-2183,CVE-2016-6302,CVE-2016-6303,CVE-2016-6304,CVE-2016-6306,CVE-2016-7052,CVE-2016-7055,CVE-2016-9015,CVE-2017-18342,CVE-2017-3731,CVE-2017-3732,CVE-2017-3735,CVE-2017-3736,CVE-2017-3737,CVE-2017-3738,CVE-2018-0732,CVE-2018-0734,CVE-2018-0737,CVE-2018-0739,CVE-2018-18074,CVE-2018-20060,CVE-2018-5407,CVE-2018-7750,CVE-2019-10906,CVE-2019-11236,CVE-2019-11324,CVE-2019-13132,CVE-2019-1547,CVE-2019-1551,CVE-2019-1559,CVE-2019-1563,CVE-2019-20907,CVE-2019-20916,CVE-2019-5010,CVE-2019-6250,CVE-2019-8341,CVE-2019-9740,CVE-2019-9947,CVE-2020-14343,CVE-2020-15166,CVE-2020-15523,CVE-2020-15801,CVE-2020-1747,CVE-2020-1971,CVE-2020-25659,CVE-2020-26137,CVE-2020-27783,CVE-2020-28493,CVE-2020-29651,CVE-2020-36242,CVE-2020-8492,CVE-2021-23336,CVE-2021-23840,CVE-2021-23841,CVE-2021-28957,CVE-2021-29921,CVE-2021-3177,CVE-2021-33503,CVE-2021-3426,CVE-2021-3712
JIRA References: ECO-3105,SLE-11435,SLE-12684,SLE-12986,SLE-13688,SLE-14253,SLE-15159,SLE-15860,SLE-15861,SLE-16754,SLE-17532,SLE-17957,SLE-18260,SLE-18354,SLE-18446,SLE-19264,SLE-3887,SLE-4480,SLE-4577,SLE-7686,SLE-9135
Sources used:
SUSE Manager Tools 12-BETA (src):    venv-salt-minion-3002.2-3.3.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.