JVNDB-2016-007655

JVNDB-2016-007655
OpenSSL �ｽﾉ包ｿｽ�ｽ�ｽ�ｽﾌ脆弱性
�ｽT�ｽv
OpenSSL �ｽﾉは、�ｽ�ｽ�ｽ�ｽ�ｽﾌ脆弱性�ｽ�ｽ�ｽ�ｽ�ｽﾝゑｿｽ�ｽﾜゑｿｽ�ｽB OpenSSL �ｽﾍ、�ｽ�ｽ�ｽﾌ包ｿｽ�ｽ�ｽ�ｽﾌ脆弱性�ｽ�ｽ�ｽC�ｽ�ｽ�ｽ�ｽ�ｽ�ｽ�ｽA�ｽb�ｽv�ｽf�ｽ[�ｽg�ｽ�ｽ�ｽ�ｽ�ｽ�ｽ�ｽ[�ｽX�ｽ�ｽ�ｽﾜゑｿｽ�ｽ�ｽ�ｽB �ｽ@�ｽ@* ciphersuite ChaCha20/Poly1305 �ｽﾉヒ�ｽ[�ｽv�ｽo�ｽb�ｽt�ｽ@�ｽI�ｽ[�ｽo�ｽ[�ｽt�ｽ�ｽ�ｽ[ - CVE-2016-7054 (�ｽd�ｽv�ｽx�ｽF�ｽ�ｽ) �ｽ@�ｽ@* �ｽ�ｽ�ｽ�ｽ�ｽ�ｽ CMS �ｽ\�ｽ�ｽ�ｽﾌ擾ｿｽ�ｽ�ｽ�ｽﾉゑｿｽ�ｽ�ｽ�ｽ�ｽ NULL �ｽ\|�ｽC�ｽ�ｽ�ｽ^�ｽQ�ｽﾆの厄ｿｽ�ｽ - CVE-2016-7053 (�ｽd�ｽv�ｽx�ｽF�ｽ�ｽ) �ｽ@�ｽ@* �ｽ�ｽ�ｽ�ｽ�ｽS�ｽ�ｽ�ｽ�ｽ�ｽ�ｽZ�ｽ�ｽ�ｽ�ｽ�ｽﾌ鯉ｿｽ�ｽ - CVE-2016-7055 (�ｽd�ｽv�ｽx�ｽF�ｽ�ｽ)
CVSS �ｽﾉゑｿｽ�ｽ[�ｽ�ｽ�ｽx (CVSS �ｽﾆゑｿｽ?)

�ｽe�ｽ�ｽ�ｽ�ｽ�ｽｯゑｿｽV�ｽX�ｽe�ｽ�ｽ

OpenSSL Project OpenSSL 1.1.0c �ｽ�ｽ�ｽO�ｽﾌバ�ｽ[�ｽW�ｽ�ｽ�ｽ�ｽ (CVE-2016-7053, CVE-2016-7054, CVE-2016-7055) OpenSSL 1.0.2 (CVE-2016-7055) �ｽ�ｽ�ｽ{�ｽd�ｽC EnterpriseDirectoryServer �ｽS�ｽo�ｽ[�ｽW�ｽ�ｽ�ｽ�ｽ EnterpriseIdentityManager 2.0�ｽﾈ降 ESMPRO/ServerAgent 4.4.22-1�ｽﾈ降 (Linux�ｽ�ｽ) ESMPRO/ServerAgentService �ｽS�ｽo�ｽ[�ｽW�ｽ�ｽ�ｽ�ｽ (Linux�ｽ�ｽ) SystemDirector Enterprise WebOTX Application Server Enterprise WebOTX Application Server Express WebOTX Application Server Foundation WebOTX Application Server Standard WebOTX Enterprise Service Bus WebOTX Portal Express5800 /SG �ｽS�ｽo�ｽ[�ｽW�ｽ�ｽ�ｽ�ｽ �ｽ�ｽ�ｽ�ｽ Cosminexus HTTP Server uCosminexus Application Server uCosminexus Application Server (64) uCosminexus Application Server -R uCosminexus Developer uCosminexus Primary Server Base uCosminexus Primary Server Base(64) uCosminexus Service Architect uCosminexus Service Platform uCosminexus Service Platform (64)
�ｽ{�ｽﾆ弱性�ｽﾌ影�ｽ�ｽ�ｽ�ｽ�ｽｯる製�ｽi�ｽﾌ詳細につゑｿｽ�ｽﾄは、�ｽx�ｽ�ｽ�ｽ_�ｽ�ｽｨゑｿｽﾑ参�ｽl�ｽ�ｽ�ｽ�ｽ�ｽ�ｽ�ｽm�ｽF�ｽ�ｽ�ｽ�ｽ�ｽ�ｽ�ｽ�ｽ�ｽB
�ｽz�ｽ閧ｳ�ｽ�ｽ�ｽe�ｽ�ｽ
�ｽz�ｽ閧ｳ�ｽ�ｽ�ｽe�ｽ�ｽ�ｽﾍ各�ｽﾆ弱性�ｽﾉゑｿｽ�ｽﾙなゑｿｽﾜゑｿｽ�ｽ�ｽ�ｽA�ｽA�ｽv�ｽ�ｽ�ｽP�ｽ[�ｽV�ｽ�ｽ�ｽ�ｽ�ｽ�ｽ�ｽN�ｽ�ｽ�ｽb�ｽV�ｽ�ｽ�ｽ�ｽ�ｽ�ｽT�ｽ[�ｽr�ｽX�ｽ^�ｽp�ｽW�ｽQ (DoS) �ｽU�ｽ�ｽ�ｽ�ｽ�ｽｯゑｿｽﾈどの可能�ｽ�ｽ�ｽ�ｽ�ｽ�ｽ�ｽ�ｽﾜゑｿｽ�ｽB
�ｽﾎ搾ｿｽ
[�ｽA�ｽb�ｽv�ｽf�ｽ[�ｽg�ｽ�ｽ�ｽ�ｽ] �ｽJ�ｽ�ｽ�ｽﾒゑｿｽ�ｽ氓�ｽ�ｽ�ｽ�ｽ�ｽ�ｽ�ｽ�ｽ�ｽﾆに、�ｽﾅ新�ｽﾅへア�ｽb�ｽv�ｽf�ｽ[�ｽg�ｽ�ｽ�ｽﾄ会ｿｽ�ｽ�ｽ�ｽ�ｽ�ｽB �ｽ{�ｽﾆ弱性�ｽ�ｽ�ｽC�ｽ�ｽ�ｽ�ｽ�ｽ�ｽ OpenSSL 1.1.0c �ｽ�ｽ�ｽ�ｽ�ｽ�ｽ�ｽ[�ｽX�ｽ�ｽ�ｽ�ｽﾄゑｿｽ�ｽﾜゑｿｽ�ｽB �ｽﾈゑｿｽ�ｽA CVE-2016-7055 �ｽ�ｽ �ｽd�ｽv�ｽx�ｽF�ｽ�ｽ �ｽﾌゑｿｽ�ｽﾟ、2016�ｽN11�ｽ�ｽ11�ｽ�ｽ�ｽ�ｽ�ｽﾝ、CVE-2016-7055 �ｽﾉ対ゑｿｽ�ｽ�ｽ OpenSSL 1.0.2 �ｽﾌア�ｽb�ｽv�ｽf�ｽ[�ｽg�ｽﾍ�ｿｽ�ｽ�ｽ�ｽ[�ｽX�ｽ�ｽ�ｽ�ｽﾄゑｿｽ�ｽﾜゑｿｽ�ｽ�ｽB
�ｽx�ｽ�ｽ�ｽ_�ｽ�ｽ�ｽ
OpenSSL Project News : OpenSSL 1.1.0 Series Release Notes OpenSSL Security Advisory : [10 Nov 2016] �ｽ�ｽ�ｽ{�ｽd�ｽC NEC�ｽ�ｽ�ｽi�ｽZ�ｽL�ｽ�ｽ�ｽ�ｽ�ｽe�ｽB�ｽ�ｽ�ｽ : NV17-009 NEC�ｽ�ｽ�ｽi�ｽZ�ｽL�ｽ�ｽ�ｽ�ｽ�ｽe�ｽB�ｽ�ｽ�ｽ : NV17-011 �ｽ�ｽ�ｽ�ｽ Hitachi Software Vulnerability Information : hitachi-sec-2017-115 �ｽ\�ｽt�ｽg�ｽE�ｽF�ｽA�ｽ�ｽ�ｽi�ｽZ�ｽL�ｽ�ｽ�ｽ�ｽ�ｽe�ｽB�ｽ�ｽ�ｽ : hitachi-sec-2017-115
CWE�ｽﾉゑｿｽ�ｽﾆ弱性�ｽ^�ｽC�ｽv�ｽ齬� CWE�ｽﾆゑｿｽ?

�ｽ�ｽ�ｽﾊ脆弱性�ｽ�ｽ�ｽﾊ子(CVE) CVE�ｽﾆゑｿｽ?
CVE-2016-7053 CVE-2016-7054 CVE-2016-7055
�ｽQ�ｽl�ｽ�ｽ�ｽ
JVN : JVNVU#92930223 JVN : JVNVU#92830136 National Vulnerability Database (NVD) : CVE-2016-7053 National Vulnerability Database (NVD) : CVE-2016-7054 National Vulnerability Database (NVD) : CVE-2016-7055
�ｽX�ｽV�ｽ�ｽ�ｽ�ｽ
[2017�ｽN03�ｽ�ｽ09�ｽ�ｽ] �ｽf�ｽ�ｽ [2017�ｽN06�ｽ�ｽ29�ｽ�ｽ] �ｽe�ｽ�ｽ�ｽ�ｽ�ｽｯゑｿｽV�ｽX�ｽe�ｽ�ｽ�ｽF�ｽx�ｽ�ｽ�ｽ_�ｽ�ｽ�ｽﾌ追会ｿｽ�ｽﾉ費ｿｽ�ｽ�ｽ�ｽ�ｽ�ｽe�ｽ�ｽ�ｽX�ｽV �ｽx�ｽ�ｽ�ｽ_�ｽ�ｽ�ｽF�ｽ�ｽ�ｽ�ｽ (hitachi-sec-2017-115) �ｽ�ｽﾇ会ｿｽ [2017�ｽN07�ｽ�ｽ25�ｽ�ｽ] �ｽe�ｽ�ｽ�ｽ�ｽ�ｽｯゑｿｽV�ｽX�ｽe�ｽ�ｽ�ｽF�ｽx�ｽ�ｽ�ｽ_�ｽ�ｽ�ｽﾌ追会ｿｽ�ｽﾉ費ｿｽ�ｽ�ｽ�ｽ�ｽ�ｽe�ｽ�ｽ�ｽX�ｽV �ｽx�ｽ�ｽ�ｽ_�ｽ�ｽ�ｽF�ｽ�ｽ�ｽ{�ｽd�ｽC (NV17-011) �ｽ�ｽﾇ会ｿｽ �ｽQ�ｽl�ｽ�ｽ�ｽFJVN (JVNVU#92830136) �ｽ�ｽﾇ会ｿｽ [2017�ｽN10�ｽ�ｽ03�ｽ�ｽ] �ｽe�ｽ�ｽ�ｽ�ｽ�ｽｯゑｿｽV�ｽX�ｽe�ｽ�ｽ�ｽF�ｽx�ｽ�ｽ�ｽ_�ｽ�ｽ�ｽ (NV17-009) �ｽﾌ更�ｽV�ｽﾉ費ｿｽ�ｽ�ｽ�ｽ�ｽ�ｽe�ｽ�ｽ�ｽX�ｽV �ｽe�ｽ�ｽ�ｽ�ｽ�ｽｯゑｿｽV�ｽX�ｽe�ｽ�ｽ�ｽF�ｽx�ｽ�ｽ�ｽ_�ｽ�ｽ�ｽ (NV17-011) �ｽﾌ更�ｽV�ｽﾉ費ｿｽ�ｽ�ｽ�ｽ�ｽ�ｽe�ｽ�ｽ�ｽX�ｽV [2018�ｽN01�ｽ�ｽ24�ｽ�ｽ] �ｽQ�ｽl�ｽ�ｽ�ｽFNational Vulnerability Database (NVD) (CVE-2016-7053) �ｽ�ｽﾇ会ｿｽ �ｽQ�ｽl�ｽ�ｽ�ｽFNational Vulnerability Database (NVD) (CVE-2016-7054) �ｽ�ｽﾇ会ｿｽ �ｽQ�ｽl�ｽ�ｽ�ｽFNational Vulnerability Database (NVD) (CVE-2016-7055) �ｽ�ｽﾇ会ｿｽ [2018�ｽN02�ｽ�ｽ07�ｽ�ｽ] �ｽe�ｽ�ｽ�ｽ�ｽ�ｽｯゑｿｽV�ｽX�ｽe�ｽ�ｽ�ｽF�ｽx�ｽ�ｽ�ｽ_�ｽ�ｽ�ｽ (NV17-009) �ｽﾌ更�ｽV�ｽﾉ費ｿｽ�ｽ�ｽ�ｽ�ｽ�ｽe�ｽ�ｽ�ｽX�ｽV �ｽe�ｽ�ｽ�ｽ�ｽ�ｽｯゑｿｽV�ｽX�ｽe�ｽ�ｽ�ｽF�ｽx�ｽ�ｽ�ｽ_�ｽ�ｽ�ｽ (NV17-011) �ｽﾌ更�ｽV�ｽﾉ費ｿｽ�ｽ�ｽ�ｽ�ｽ�ｽe�ｽ�ｽ�ｽX�ｽV


�ｽ�ｽ�ｽ\�ｽ�ｽ	2016/11/11
�ｽo�ｽ^�ｽ�ｽ	2017/03/09
�ｽﾅ終�ｽX�ｽV�ｽ�ｽ	2018/02/07

OpenSSL �ｽﾉ包ｿｽ�ｽ�ｽ�ｽﾌ脆弱性