CVE-2015-3197

ssl/s2_srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f does not prevent use of disabled ciphers, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by performing computations on SSLv2 traffic, related to the get_client_master_key and get_client_hello functions.

CVSSv2 score: 4.30 at SUSE

Response: The flaw exists but is not exploitable (in AM by default)

It is possible for external clients to make SSL connections to the AM database however this is not the default configuration. Customers who require this access and who are willing to assume the risks need to:

• create a special user for access (termed a “read-only” user because they have read-only access to a limited set of tables in the database (all sensitive data is encrypted as well)).
• open the firewall port for access to the database - normally this is always blocked.
• connect with their own client (possibly obtained from Postgres).

For this connection (if enabled) AM will use a vulnerable 1.0.1 version of the OpenSSL library but the issue is not exploitable in the default AM configuration.

Note that there is also an OpenSSL version 0.9.8 installed on the appliance but this is not vulnerable to this issue and not used for SSL connections.

CVE-2016-0701

The DH_check_pub_key function in crypto/dh/dh_check.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman (DH) key exchange, which makes it easier for remote attackers to discover a private DH exponent by making multiple handshakes with a peer that chose an inappropriate number, as demonstrated by a number in an X9.42 file.

CVSSv2 score: 7.12 at SUSE

Response: The flaw does not exist

The RSA Authentication Manager does not use a vulnerable version of OpenSSL.