Palo Alto Networks Security Advisories / PAN-SA-2016-0023

PAN-SA-2016-0023 OpenSSL Vulnerabilities


047910
Severity 8.2 · HIGH
Attack Vector NETWORK
Scope UNCHANGED
Attack Complexity LOW
Confidentiality Impact LOW
Privileges Required NONE
Integrity Impact NONE
User Interaction NONE
Availability Impact HIGH
JSON CSAF
Published 2016-09-02
Updated 2016-09-02
Reference 100669, 100133, PAN-60833, PAN-SA-2016-0023

Description

The OpenSSL library embedded in the GlobalProtect™ agent, TerminalServer™ agent and UserID™ agent is affected by the following public vulnerabilities: CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2109, and CVE-2016-2176 (Ref # 100669, 100133, PAN-60833).

At the time of this advisory and in the context of GlobalProtect, TerminalServer and UserID, no public exploitation of these vulnerabilities are known.

This issue affects GlobalProtect agent 3.1.0 and earlier; TerminalServer agent 7.0.5 and earlier; UserID agent 7.0.5 and earlier

CVECVSSSummary
CVE-2016-21057.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data.
CVE-2016-21067.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data.
CVE-2016-21075.9 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169.
CVE-2016-21097.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding.
CVE-2016-21768.2 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H)The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to obtain sensitive information from process stack memory or cause a denial of service (buffer over-read) via crafted EBCDIC ASN.1 data.

Product Status

VersionsAffectedUnaffected
User-ID Agent 7.0<= 7.0.5>= 7.0.6
Terminal Server Agent 7.0<= 7.0.5>= 7.0.6
GlobalProtect App 3.1<= 3.1.0>= 3.1.1

Severity: HIGH

CVSSv3.1 Base Score: 8.2 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H)

Weakness Type

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Solution

GlobalProtect App 3.1.1 and later; Terminal Server Agent 7.0.6 and later; User-ID Agent 7.0.6 and later

Workarounds and Mitigations

N/A

Terms of usePrivacyProduct Security Assurance and Vulnerability Disclosure PolicyReport vulnerabilitiesManage subscriptions
© 2025 Palo Alto Networks, Inc. All rights reserved.