Wind River Support Network


LIN7-5730 : Security Advisory - OpenSSL - CVE-2016-0703

Created: Feb 28, 2016    Updated: Sep 8, 2018
Resolved Date: Mar 1, 2016
Found In Version: 7.0
Fix Version:
Severity: Critical
Applicable for: Wind River Linux 7
Component/s: Userspace


Note: This issue is corrected by the CVE-2015-0293 patch. No further patch will be issued for this CVE. 

Divide-and-conquer session key recovery in SSLv2 (CVE-2016-0703) 

Severity: High 

This issue only affected versions of OpenSSL prior to March 19th 2015 at which 
time the code was refactored to address vulnerability CVE-2015-0293. 

s2_srvr.c did not enforce that clear-key-length is 0 for non-export ciphers. If 
clear-key bytes are present for these ciphers, they *displace* encrypted-key 
bytes. This leads to an efficient divide-and-conquer key recovery attack: if an 
eavesdropper has intercepted an SSLv2 handshake, they can use the server as an 
oracle to determine the SSLv2 master-key, using only 16 connections to the 
server and negligible computation. 

More importantly, this leads to a more efficient version of DROWN that is 
effective against non-export ciphersuites, and requires no significant 

This issue affected OpenSSL versions 1.0.2, 1.0.1l, 1.0.0q, 0.9.8ze and all 
earlier versions. It was fixed in OpenSSL 1.0.2a, 1.0.1m, 1.0.0r and 0.9.8zf 
(released March 19th 2015). 

This issue was reported to OpenSSL on February 10th 2016 by David Adrian and J. 
Alex Halderman of the University of Michigan. The underlying defect had by 
then already been fixed by Emilia Käsper of OpenSSL on March 4th 2015. The fix 
for this issue can be identified by commits ae50d827 (1.0.2a), cd56a08d 
(1.0.1m), 1a08063 (1.0.0r) and 65c588c (0.9.8zf). 

Security Notices

Other Downloads


Live chat