Vulnerabilities > CVE-2003-0078 - Information Exposure Through Discrepancy vulnerability in multiple products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
ssl3_get_record in s3_pkt.c for OpenSSL before 0.9.7a and 0.9.6 before 0.9.6i does not perform a MAC computation if an incorrect block cipher padding is used, which causes an information leak (timing discrepancy) that may make it easier to launch cryptographic attacks that rely on distinguishing between padding and MAC verification errors, possibly leading to extraction of the original plaintext, aka the "Vaudenay timing attack."
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Exploit-Db
description | OpenSSL 0.9.x CBC Error Information Leakage Weakness. CVE-2003-0078. Remote exploit for linux platform |
id | EDB-ID:22264 |
last seen | 2016-02-02 |
modified | 2003-02-19 |
published | 2003-02-19 |
reporter | Martin Vuagnoux |
source | https://www.exploit-db.com/download/22264/ |
title | OpenSSL 0.9.x CBC Error Information Leakage Weakness |
Nessus
NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_28685.NASL description s700_800 11.04 Virtualvault 4.5 OWS update : The remote HP-UX host is affected by multiple vulnerabilities : - A remotely exploitable potential vulnerability has been reported in CAN-2003-0078. - #1 A defect in the Java(TM) Virtual Machine may allow illegal access to protected fields or methods of an object. #2 The Java(TM) Secure Socket Extension (JSSE) may incorrectly validate the digital certificate of a web site. In addition, the Java Plug-in and Java Web Start may incorrectly validate the digital certificates of signed JAR files. last seen 2020-06-01 modified 2020-06-02 plugin id 17003 published 2005-02-16 reporter This script is Copyright (C) 2005-2013 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/17003 title HP-UX PHSS_28685 : s700_800 11.04 Virtualvault 4.5 OWS update code # # (C) Tenable Network Security, Inc. # # The descriptive text and patch checks in this plugin were # extracted from HP patch PHSS_28685. The text itself is # copyright (C) Hewlett-Packard Development Company, L.P. # include("compat.inc"); if (description) { script_id(17003); script_version("$Revision: 1.14 $"); script_cvs_date("$Date: 2013/04/20 00:36:51 $"); script_cve_id("CVE-2003-0078"); script_xref(name:"HP", value:"HPSBUX0301"); script_xref(name:"HP", value:"HPSBUX0303"); script_xref(name:"HP", value:"SSRT3467"); script_xref(name:"HP", value:"SSRT3521"); script_name(english:"HP-UX PHSS_28685 : s700_800 11.04 Virtualvault 4.5 OWS update"); script_summary(english:"Checks for the patch in the swlist output"); script_set_attribute( attribute:"synopsis", value:"The remote HP-UX host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "s700_800 11.04 Virtualvault 4.5 OWS update : The remote HP-UX host is affected by multiple vulnerabilities : - A remotely exploitable potential vulnerability has been reported in CAN-2003-0078. - #1 A defect in the Java(TM) Virtual Machine may allow illegal access to protected fields or methods of an object. #2 The Java(TM) Secure Socket Extension (JSSE) may incorrectly validate the digital certificate of a web site. In addition, the Java Plug-in and Java Web Start may incorrectly validate the digital certificates of signed JAR files." ); script_set_attribute( attribute:"solution", value:"Install patch PHSS_28685 or subsequent." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:hp-ux"); script_set_attribute(attribute:"patch_publication_date", value:"2003/07/29"); script_set_attribute(attribute:"patch_modification_date", value:"2003/08/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/02/16"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2013 Tenable Network Security, Inc."); script_family(english:"HP-UX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/HP-UX/version", "Host/HP-UX/swlist"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("hpux.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/HP-UX/version")) audit(AUDIT_OS_NOT, "HP-UX"); if (!get_kb_item("Host/HP-UX/swlist")) audit(AUDIT_PACKAGE_LIST_MISSING); if (!hpux_check_ctx(ctx:"11.04")) { exit(0, "The host is not affected since PHSS_28685 applies to a different OS release."); } patches = make_list("PHSS_28685", "PHSS_29545", "PHSS_29690", "PHSS_30160", "PHSS_30648", "PHSS_31828", "PHSS_32184", "PHSS_33396", "PHSS_34119", "PHSS_35107", "PHSS_35461", "PHSS_35556"); foreach patch (patches) { if (hpux_installed(app:patch)) { exit(0, "The host is not affected because patch "+patch+" is installed."); } } flag = 0; if (hpux_check_patch(app:"VaultTS.VV-CORE-CMN", version:"A.04.50")) flag++; if (hpux_check_patch(app:"VaultTS.VV-IWS", version:"A.04.50")) flag++; if (hpux_check_patch(app:"VaultTS.VV-IWS-GUI", version:"A.04.50")) flag++; if (hpux_check_patch(app:"VaultTS.VV-IWS-JAVA", version:"A.04.50")) flag++; if (hpux_check_patch(app:"VaultTS.VV-IWS-JK", version:"A.04.50")) flag++; if (hpux_check_patch(app:"VaultWS.WS-CORE", version:"A.04.50")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:hpux_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2003-063.NASL description Updated OpenSSL packages are available that fix a potential timing-based attack. [Updated 12 March 2003] Added packages for Red Hat Enterprise Linux ES and Red Hat Enterprise Linux WS OpenSSL is a commercial-grade, full-featured, open source toolkit which implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength, general purpose cryptography library. In a paper, Brice Canvel, Alain Hiltgen, Serge Vaudenay, and Martin Vuagnoux describe and demonstrate a timing-based attack on CBC ciphersuites in SSL and TLS. An active attacker may be able to use timing observations to distinguish between two different error cases: cipher padding errors and MAC verification errors. Over multiple connections this can leak sufficient information to be able to retrieve the plaintext of a common, fixed block. In order for an attack to be sucessful an attacker must be able to act as a man-in-the-middle to intercept and modify multiple connections which all involve a common fixed plaintext block (such as a password), and have good network conditions that allow small changes in timing to be reliably observed. These updated packages contain a patch provided by the OpenSSL group that corrects this vulnerability. Because server applications are affected by these vulnerabilities, we advise users to restart all services that use OpenSSL functionality or alternatively reboot their systems after installing these updates. last seen 2020-06-01 modified 2020-06-02 plugin id 12368 published 2004-07-06 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/12368 title RHEL 2.1 : openssl (RHSA-2003:063) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2003:063. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(12368); script_version ("1.26"); script_cvs_date("Date: 2019/10/25 13:36:10"); script_cve_id("CVE-2003-0078"); script_xref(name:"RHSA", value:"2003:063"); script_name(english:"RHEL 2.1 : openssl (RHSA-2003:063)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated OpenSSL packages are available that fix a potential timing-based attack. [Updated 12 March 2003] Added packages for Red Hat Enterprise Linux ES and Red Hat Enterprise Linux WS OpenSSL is a commercial-grade, full-featured, open source toolkit which implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength, general purpose cryptography library. In a paper, Brice Canvel, Alain Hiltgen, Serge Vaudenay, and Martin Vuagnoux describe and demonstrate a timing-based attack on CBC ciphersuites in SSL and TLS. An active attacker may be able to use timing observations to distinguish between two different error cases: cipher padding errors and MAC verification errors. Over multiple connections this can leak sufficient information to be able to retrieve the plaintext of a common, fixed block. In order for an attack to be sucessful an attacker must be able to act as a man-in-the-middle to intercept and modify multiple connections which all involve a common fixed plaintext block (such as a password), and have good network conditions that allow small changes in timing to be reliably observed. These updated packages contain a patch provided by the OpenSSL group that corrects this vulnerability. Because server applications are affected by these vulnerabilities, we advise users to restart all services that use OpenSSL functionality or alternatively reboot their systems after installing these updates." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2003-0078" ); # http://lasecwww.epfl.ch/pub/lasec/doc/Vau02a.ps script_set_attribute( attribute:"see_also", value:"https://lasec.epfl.ch/pub/lasec/doc/Vau02a.ps" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2003:063" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openssl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openssl-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openssl-perl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openssl095a"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openssl096"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2003/03/03"); script_set_attribute(attribute:"patch_publication_date", value:"2003/03/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/06"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^2\.1([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2003:063"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"openssl-0.9.6b-30.7")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i686", reference:"openssl-0.9.6b-30.7")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"openssl-devel-0.9.6b-30.7")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"openssl-perl-0.9.6b-30.7")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"openssl095a-0.9.5a-18.7")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"openssl096-0.9.6-13.7")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openssl / openssl-devel / openssl-perl / openssl095a / openssl096"); } }
NASL family Web Servers NASL id OPENSSL_PASSWORD_INTERCEPTION.NASL description According to its banner, the remote host is using a version of OpenSSL older than 0.9.6j or 0.9.7b. This version is vulnerable to a timing-based attack that could allow an attacker to guess the content of fixed data blocks and may eventually be able to guess the value of the private RSA key of the server. An attacker may use this implementation flaw to sniff the data going to this host and decrypt some parts of it, as well as impersonate the server and perform man-in-the-middle attacks. last seen 2020-06-01 modified 2020-06-02 plugin id 11267 published 2003-02-20 reporter This script is Copyright (C) 2003-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/11267 title OpenSSL < 0.9.6j / 0.9.7b Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if(description) { script_id(11267); script_version("1.43"); script_cvs_date("Date: 2018/07/16 14:09:14"); script_cve_id("CVE-2003-0078", "CVE-2003-0131", "CVE-2003-0147"); script_bugtraq_id(6884, 7148); script_xref(name:"RHSA", value:"2003:101-01"); script_xref(name:"SuSE", value:"SUSE-SA:2003:024"); script_name(english:"OpenSSL < 0.9.6j / 0.9.7b Multiple Vulnerabilities"); script_summary(english:"Checks for version of OpenSSL"); script_set_attribute(attribute:"synopsis", value: "The remote host has an application that is affected by multiple vulnerabilities." ); script_set_attribute(attribute:"description", value: "According to its banner, the remote host is using a version of OpenSSL older than 0.9.6j or 0.9.7b. This version is vulnerable to a timing-based attack that could allow an attacker to guess the content of fixed data blocks and may eventually be able to guess the value of the private RSA key of the server. An attacker may use this implementation flaw to sniff the data going to this host and decrypt some parts of it, as well as impersonate the server and perform man-in-the-middle attacks." ); script_set_attribute(attribute:"see_also", value:"https://www.openssl.org/news/secadv/20030219.txt" ); script_set_attribute(attribute:"see_also", value:"http://eprint.iacr.org/2003/052/" ); script_set_attribute(attribute:"solution", value: "Upgrade to version 0.9.6j (0.9.7b) or newer." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2003/02/19"); script_set_attribute(attribute:"patch_publication_date", value:"2003/04/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2003/02/20"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:openssl:openssl"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2003-2018 Tenable Network Security, Inc."); script_family(english:"Web Servers"); script_dependencie("find_service1.nasl", "http_version.nasl"); script_require_ports("Services/www", 443); exit(0); } # # The script code starts here - we rely on Apache to spit OpenSSL's # version. That sucks. # include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); include("backport.inc"); if ( get_kb_item("CVE-2003-0078") ) exit(0); ports = add_port_in_list(list:get_kb_list("Services/www"), port:443); foreach port (ports) { banner = get_backport_banner(banner:get_http_banner(port:port)); if ( ! banner || backported ) continue; if(egrep(pattern:"^Server.*OpenSSL/0\.9\.([0-5][^0-9]|6[^a-z]|6[a-i])", string:banner) || egrep(pattern:"^Server.*OpenSSL/0\.9\.7(-beta|a| )", string:banner)) security_warning(port); }
NASL family SuSE Local Security Checks NASL id SUSE_SA_2003_011.NASL description The remote host is missing the patch for the advisory SUSE-SA:2003:011 (openssl). OpenSSL is an implementation of the Secure Sockets Layer and Transport Layer Security protocols and provides strong cryptography for many applications in a Linux system. It is a default package in all SUSE products. A security weakness has been found, known as last seen 2020-06-01 modified 2020-06-02 plugin id 13783 published 2004-07-25 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13783 title SUSE-SA:2003:011: openssl code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # This plugin text was extracted from SuSE Security Advisory SUSE-SA:2003:011 # if ( ! defined_func("bn_random") ) exit(0); include("compat.inc"); if(description) { script_id(13783); script_bugtraq_id(6884, 6946); script_version ("1.16"); script_cve_id("CVE-2003-0078"); name["english"] = "SUSE-SA:2003:011: openssl"; script_name(english:name["english"]); script_set_attribute(attribute:"synopsis", value: "The remote host is missing a vendor-supplied security patch" ); script_set_attribute(attribute:"description", value: "The remote host is missing the patch for the advisory SUSE-SA:2003:011 (openssl). OpenSSL is an implementation of the Secure Sockets Layer and Transport Layer Security protocols and provides strong cryptography for many applications in a Linux system. It is a default package in all SUSE products. A security weakness has been found, known as 'Vaudenay timing attack on CBC', named after one of the discoverers (Brice Canvel (EPFL), Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and Martin Vuagnoux (EPFL, Ilion)). The weakness may allow an attacker to obtain a plaintext data block by observing timing differences in response to two different error cases (cipher padding errors vs. MAC verification errors). In order to exploit this vulnerability, the attacker has to meet certain requirements: The network connection between client and server must be of high quality to be able to observe timing differences, the attacker must be able to perform a man-in-the-middle attack, the transactions must repeatedly contain the same (encrypted) plain text block (such as a pop password or alike), and decoding failures in the SSL layer must not be propagated to the application that is using the SSL connection. These exploitation conditions considerably reduce the security risk imposed by the vulnerability. However, we recommend to completely remedy this weakness by installing the update packages for your system according to the following guidelines. There does not exist any temporary workaround for this problem other than applying the update packages. Please download the update package for your distribution and verify its integrity by the methods listed in section 3) of this announcement." ); script_set_attribute(attribute:"solution", value: "http://www.suse.de/security/2003_011_openssl.html" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_publication_date", value: "2004/07/25"); script_cvs_date("Date: 2019/10/25 13:36:27"); script_end_attributes(); summary["english"] = "Check for the version of the openssl package"; script_summary(english:summary["english"]); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); family["english"] = "SuSE Local Security Checks"; script_family(english:family["english"]); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/SuSE/rpm-list"); exit(0); } include("rpm.inc"); if ( rpm_check( reference:"openssl-0.9.6a-78", release:"SUSE7.1") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"openssl-0.9.6a-78", release:"SUSE7.2") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"openssl-0.9.6b-154", release:"SUSE7.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"openssl-0.9.6c-83", release:"SUSE8.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"openssl-0.9.6g-55", release:"SUSE8.1") ) { security_warning(0); exit(0); } if (rpm_exists(rpm:"openssl-", release:"SUSE7.1") || rpm_exists(rpm:"openssl-", release:"SUSE7.2") || rpm_exists(rpm:"openssl-", release:"SUSE7.3") || rpm_exists(rpm:"openssl-", release:"SUSE8.0") || rpm_exists(rpm:"openssl-", release:"SUSE8.1") ) { set_kb_item(name:"CVE-2003-0078", value:TRUE); }
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-253.NASL description A vulnerability has been discovered in OpenSSL, a Secure Socket Layer (SSL) implementation. In an upcoming paper, Brice Canvel (EPFL), Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and Martin Vuagnoux (EPFL, Ilion) describe and demonstrate a timing-based attack on CBC cipher suites used in SSL and TLS. OpenSSL has been found to be vulnerable to this attack. last seen 2020-06-01 modified 2020-06-02 plugin id 15090 published 2004-09-29 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15090 title Debian DSA-253-1 : openssl - information leak code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-253. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(15090); script_version("1.21"); script_cvs_date("Date: 2019/08/02 13:32:17"); script_cve_id("CVE-2003-0078"); script_bugtraq_id(6884); script_xref(name:"DSA", value:"253"); script_name(english:"Debian DSA-253-1 : openssl - information leak"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "A vulnerability has been discovered in OpenSSL, a Secure Socket Layer (SSL) implementation. In an upcoming paper, Brice Canvel (EPFL), Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and Martin Vuagnoux (EPFL, Ilion) describe and demonstrate a timing-based attack on CBC cipher suites used in SSL and TLS. OpenSSL has been found to be vulnerable to this attack." ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2003/dsa-253" ); script_set_attribute( attribute:"solution", value: "Upgrade the openssl packages. For the stable distribution (woody) this problem has been fixed in version 0.9.6c-2.woody.2. For the old stable distribution (potato) this problem has been fixed in version 0.9.6c-0.potato.5. Please note that this updates the version from potato-proposed-updates that supersedes the version in potato." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:openssl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:2.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0"); script_set_attribute(attribute:"patch_publication_date", value:"2003/02/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29"); script_set_attribute(attribute:"vuln_publication_date", value:"2003/02/19"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"2.2", prefix:"libssl-dev", reference:"0.9.6c-0.potato.5")) flag++; if (deb_check(release:"2.2", prefix:"libssl0.9.6", reference:"0.9.6c-0.potato.5")) flag++; if (deb_check(release:"2.2", prefix:"openssl", reference:"0.9.6c-0.potato.5")) flag++; if (deb_check(release:"2.2", prefix:"ssleay", reference:"0.9.6c-0.potato.5")) flag++; if (deb_check(release:"3.0", prefix:"libssl-dev", reference:"0.9.6c-2.woody.2")) flag++; if (deb_check(release:"3.0", prefix:"libssl0.9.6", reference:"0.9.6c-2.woody.2")) flag++; if (deb_check(release:"3.0", prefix:"openssl", reference:"0.9.6c-2.woody.2")) flag++; if (deb_check(release:"3.0", prefix:"ssleay", reference:"0.9.6c-2.woody.2")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2003-020.NASL description In an upcoming paper, Brice Canvel (EPFL), Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and Martin Vuagnoux (EPFL, Ilion) describe and demonstrate a timing-based attack on CBC ciphersuites in SSL and TLS. New versions of openssl have been released in response to this vulnerability (0.9.6i and 0.9.7a). The openssl released with Linux-Mandrake 7.2 and Single Network Firewall 7.2 has been patched to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 14005 published 2004-07-31 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14005 title Mandrake Linux Security Advisory : openssl (MDKSA-2003:020) NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_28686.NASL description s700_800 11.04 Virtualvault 4.6 OWS update : The remote HP-UX host is affected by multiple vulnerabilities : - A remotely exploitable potential vulnerability has been reported in CAN-2003-0078. - #1 A defect in the Java(TM) Virtual Machine may allow illegal access to protected fields or methods of an object. #2 The Java(TM) Secure Socket Extension (JSSE) may incorrectly validate the digital certificate of a web site. In addition, the Java Plug-in and Java Web Start may incorrectly validate the digital certificates of signed JAR files. last seen 2020-06-01 modified 2020-06-02 plugin id 17497 published 2005-03-18 reporter This script is Copyright (C) 2005-2013 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/17497 title HP-UX PHSS_28686 : s700_800 11.04 Virtualvault 4.6 OWS update
Redhat
advisories |
|
References
- http://www.openssl.org/news/secadv_20030219.txt
- http://www.debian.org/security/2003/dsa-253
- http://www.iss.net/security_center/static/11369.php
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000570
- http://www.linuxsecurity.com/advisories/engarde_advisory-2874.html
- http://www.redhat.com/support/errata/RHSA-2003-062.html
- http://www.redhat.com/support/errata/RHSA-2003-063.html
- http://www.redhat.com/support/errata/RHSA-2003-082.html
- http://www.redhat.com/support/errata/RHSA-2003-104.html
- http://www.redhat.com/support/errata/RHSA-2003-205.html
- ftp://patches.sgi.com/support/free/security/advisories/20030501-01-I
- http://www.trustix.org/errata/2003/0005
- http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:020
- ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-001.txt.asc
- http://www.ciac.org/ciac/bulletins/n-051.shtml
- http://www.securityfocus.com/bid/6884
- http://www.osvdb.org/3945
- http://marc.info/?l=bugtraq&m=104568426824439&w=2
- http://marc.info/?l=bugtraq&m=104567627211904&w=2
- http://marc.info/?l=bugtraq&m=104577183206905&w=2