mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-06 02:31:38 +00:00
2.3 KiB
2.3 KiB
CVE-2016-0703
Description
The get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a accepts a nonzero CLIENT-MASTER-KEY CLEAR-KEY-LENGTH value for an arbitrary cipher, which allows man-in-the-middle attackers to determine the MASTER-KEY value and decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a related issue to CVE-2016-0800.
POC
Reference
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168
Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/Artem-Salnikov/devops-netology
- https://github.com/Artem-Tvr/sysadmin-09-security
- https://github.com/Janith-Sandamal/Metasploitable2
- https://github.com/Justic-D/Dev_net_home_1
- https://github.com/Kapotov/3.9.1
- https://github.com/RClueX/Hackerone-Reports
- https://github.com/Vainoord/devops-netology
- https://github.com/Valdem88/dev-17_ib-yakovlev_vs
- https://github.com/Vladislav-Pugachev/netology-DevOps-dz_-14
- https://github.com/WiktorMysz/devops-netology
- https://github.com/alexandrburyakov/Rep2
- https://github.com/alexgro1982/devops-netology
- https://github.com/bysart/devops-netology
- https://github.com/chnzzh/OpenSSL-CVE-lib
- https://github.com/dmitrii1312/03-sysadmin-09
- https://github.com/geon071/netolofy_12
- https://github.com/ilya-starchikov/devops-netology
- https://github.com/imhunterand/hackerone-publicy-disclosed
- https://github.com/nikolay480/devops-netology
- https://github.com/odolezal/D-Link-DIR-655
- https://github.com/pashicop/3.9_1
- https://github.com/stanmay77/security
- https://github.com/vitaliivakhr/NETOLOGY
- https://github.com/yellownine/netology-DevOps