Vulnerabilities > CVE-2006-4339 - Cryptographic Issues vulnerability in Openssl
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Signature Spoofing by Key Recreation An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Nessus
NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_35436.NASL description s700_800 11.04 Virtualvault 4.7 OWS (Apache 2.x) update : The remote HP-UX host is affected by multiple vulnerabilities : - Potential security vulnerabilities have been identified with Apache running on HP-UX VirtualVault. These vulnerabilities could be exploited remotely to allow execution of arbitrary code, Denial of Service (DoS), or unauthorized access. (HPSBUX02172 SSRT061269) - A security vulnerability has been identified in OpenSSL used in HP VirtualVault 4.7, 4.6, 4.5 and HP WebProxy that may allow remote unauthorized access. (HPSBUX02165 SSRT061266) last seen 2020-06-01 modified 2020-06-02 plugin id 23714 published 2006-11-22 reporter This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/23714 title HP-UX PHSS_35436 : s700_800 11.04 Virtualvault 4.7 OWS (Apache 2.x) update NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_35458.NASL description s700_800 11.04 Virtualvault 4.5 IWS Update : The remote HP-UX host is affected by multiple vulnerabilities : - A security vulnerability has been identified in OpenSSL used in HP VirtualVault 4.7, 4.6, 4.5 and HP WebProxy that may allow remote unauthorized access. (HPSBUX02165 SSRT061266) - Two potential security vulnerabilities have been reported in HP-UX VirtualVault Apache HTTP server versions prior to Apache 1.3.37 that may allow a Denial of Service (DoS) attack and execution of arbitrary code. (HPSBUX02164 SSRT061265) last seen 2020-06-01 modified 2020-06-02 plugin id 23716 published 2006-11-22 reporter This script is Copyright (C) 2006-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/23716 title HP-UX PHSS_35458 : s700_800 11.04 Virtualvault 4.5 IWS Update NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_1FE734BF4A0611DBB48D00508D6A62DF.NASL description Opera reports : A specially crafted digital certificate can bypass Opera last seen 2020-06-01 modified 2020-06-02 plugin id 22428 published 2006-09-22 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/22428 title FreeBSD : opera -- RSA Signature Forgery (1fe734bf-4a06-11db-b48d-00508d6a62df) NASL family F5 Networks Local Security Checks NASL id F5_BIGIP_SOL6623.NASL description The remote BIG-IP device is missing a patch required by a security advisory. last seen 2020-06-01 modified 2020-06-02 plugin id 78210 published 2014-10-10 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78210 title F5 Networks BIG-IP : OpenSSL signature vulnerability (SOL6623) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2006-310-01.NASL description New bind packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and 11.0 to fix security issues. The minimum OpenSSL version was raised to OpenSSL 0.9.7l and OpenSSL 0.9.8d to avoid exposure to known security flaws in older versions (these patches were already issued for Slackware). If you have not upgraded yet, get those as well to prevent a potentially exploitable security problem in named. In addition, the default RSA exponent was changed from 3 to 65537. Both of these issues are essentially the same as ones discovered in OpenSSL at the end of September 2006, only now there last seen 2020-06-01 modified 2020-06-02 plugin id 54867 published 2011-05-28 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/54867 title Slackware 10.0 / 10.1 / 10.2 / 11.0 / 8.1 / 9.0 / 9.1 : bind (SSA:2006-310-01) NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_119214.NASL description NSS_NSPR_JSS 3.30.2_x86: NSPR 4.15 / NSS 3.30.2 / JSS 4.3.2. Date this patch was last updated by Sun : Nov/11/17 This plugin has been deprecated and either replaced with individual 119214 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 20055 published 2005-10-19 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=20055 title Solaris 10 (x86) : 119214-36 (deprecated) NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_119214-32.NASL description NSS_NSPR_JSS 3.17.4_x86: NSPR 4.10.7 / NSS 3.17.4 / JSS 4.3.2. Date this patch was last updated by Sun : Dec/24/15 last seen 2020-06-01 modified 2020-06-02 plugin id 107814 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107814 title Solaris 10 (x86) : 119214-32 NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_119214-27.NASL description NSS_NSPR_JSS 3.13.1_x86: NSPR 4.8.9 / NSS 3.13.1 / JSS 4.3.2. Date this patch was last updated by Sun : Feb/08/12 last seen 2020-06-01 modified 2020-06-02 plugin id 107811 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107811 title Solaris 10 (x86) : 119214-27 (BEAST) NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0020_OPENSSL098E.NASL description The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has openssl098e packages installed that are affected by multiple vulnerabilities: - OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition. (CVE-2006-2937) - OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) public exponent or (2) public modulus values in X.509 certificates that require extra time to process when using RSA signature verification. (CVE-2006-2940) - Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers. (CVE-2006-3738) - OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1. (CVE-2006-4339) - The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference. (CVE-2006-4343) - The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and earlier does not properly perform Montgomery multiplication, which might allow local users to conduct a side-channel attack and retrieve RSA private keys. (CVE-2007-3108) - Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f allows remote attackers to execute arbitrary code via unspecified vectors. (CVE-2007-4995) - Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result of a fix for CVE-2006-3738. As of 20071012, it is unknown whether code execution is possible. (CVE-2007-5135) - OpenSSL 0.9.8i and earlier does not properly check the return value from the EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys. (CVE-2008-5077) - The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length. (CVE-2009-0590) - The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service (memory consumption) via a large series of future epoch DTLS records that are buffered in a queue, aka DTLS record buffer limitation bug. (CVE-2009-1377) - Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka DTLS fragment handling memory leak. (CVE-2009-1378) - Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) and possibly have unspecified other impact via a DTLS packet, as demonstrated by a packet from a server that uses a crafted server certificate. (CVE-2009-1379) - ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello. (CVE-2009-1386) - The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of- sequence DTLS handshake message, related to a fragment bug. (CVE-2009-1387) - The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large. (CVE-2009-2409) - OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls in (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, and (4) engines/e_ubsec.c, which has unspecified impact and context-dependent attack vectors. (CVE-2009-3245) - The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post- renegotiation context, related to a plaintext injection attack, aka the Project Mogul issue. (CVE-2009-3555) - Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678. (CVE-2009-4355) - The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot. (CVE-2010-0433) - The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key. (CVE-2012-2110) - The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the- middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a CRIME attack. (CVE-2012-4929) - OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key. (CVE-2013-0166) - The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side- channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the Lucky Thirteen issue. (CVE-2013-0169) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 127177 published 2019-08-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127177 title NewStart CGSL CORE 5.04 / MAIN 5.04 : openssl098e Multiple Vulnerabilities (NS-SA-2019-0020) NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_35463.NASL description s700_800 11.04 Virtualvault 4.7 (Apache 1.x) OWS update : The remote HP-UX host is affected by multiple vulnerabilities : - Two potential security vulnerabilities have been reported in HP-UX VirtualVault Apache HTTP server versions prior to Apache 1.3.37 that may allow a Denial of Service (DoS) attack and execution of arbitrary code. (HPSBUX02164 SSRT061265) - A security vulnerability has been identified in OpenSSL used in HP VirtualVault 4.7, 4.6, 4.5 and HP WebProxy that may allow remote unauthorized access. (HPSBUX02165 SSRT061266) last seen 2020-06-01 modified 2020-06-02 plugin id 23721 published 2006-11-22 reporter This script is Copyright (C) 2006-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/23721 title HP-UX PHSS_35463 : s700_800 11.04 Virtualvault 4.7 (Apache 1.x) OWS update NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-339-1.NASL description Philip Mackenzie, Marius Schilder, Jason Waddle and Ben Laurie of Google Security discovered that the OpenSSL library did not sufficiently check the padding of PKCS #1 v1.5 signatures if the exponent of the public key is 3 (which is widely used for CAs). This could be exploited to forge signatures without the need of the secret key. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 27918 published 2007-11-10 reporter Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/27918 title Ubuntu 5.04 / 5.10 / 6.06 LTS : openssl vulnerability (USN-339-1) NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_35481.NASL description s700_800 11.04 Virtualvault 4.7 TGP update : A security vulnerability has been identified in OpenSSL used in HP VirtualVault 4.7, 4.6, 4.5 and HP WebProxy that may allow remote unauthorized access. last seen 2020-06-01 modified 2020-06-02 plugin id 23723 published 2006-11-22 reporter This script is Copyright (C) 2006-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/23723 title HP-UX PHSS_35481 : HP-UX VirtualVault Remote Unauthorized Access (HPSBUX02165 SSRT061266 rev.1) NASL family Solaris Local Security Checks NASL id SOLARIS8_119209.NASL description NSS_NSPR_JSS 3.30.2: NSPR 4.15 / NSS 3.30.2 / JSS 4.3.2. Date this patch was last updated by Sun : Nov/11/17 last seen 2020-06-01 modified 2020-06-02 plugin id 23414 published 2006-11-06 reporter This script is Copyright (C) 2006-2017 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/23414 title Solaris 8 (sparc) : 119209-36 NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2008-0264.NASL description Red Hat Network Satellite Server version 5.0.2 is now available. This update includes fixes for a number of security issues in Red Hat Network Satellite Server Solaris client components. This update has been rated as having moderate security impact by the Red Hat Security Response Team. This release corrects several security vulnerabilities in various components shipped as part of the Red Hat Network Satellite Server Solaris client. In a typical operating environment, these components are not used by the Satellite Server in a vulnerable manner. These security updates will reduce risk should these components be used by other applications. Two denial-of-service flaws were fixed in ZLib. (CVE-2005-2096, CVE-2005-1849) Multiple flaws were fixed in OpenSSL. (CVE-2006-4343, CVE-2006-4339, CVE-2006-3738, CVE-2006-2940, CVE-2006-2937, CVE-2005-2969) Multiple flaws were fixed in Python. (CVE-2007-4965, CVE-2007-2052, CVE-2006-4980, CVE-2006-1542) Users of Red Hat Network Satellite Server 5.0.1 are advised to upgrade to 5.0.2, which resolves these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 43836 published 2010-01-10 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/43836 title RHEL 4 : Solaris client in Satellite Server (RHSA-2008:0264) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201408-19.NASL description The remote host is affected by the vulnerability described in GLSA-201408-19 (OpenOffice, LibreOffice: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in OpenOffice and Libreoffice. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to open a specially crafted file using OpenOffice, possibly resulting in execution of arbitrary code with the privileges of the process, a Denial of Service condition, execution of arbitrary Python code, authentication bypass, or reading and writing of arbitrary files. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 77467 published 2014-09-01 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77467 title GLSA-201408-19 : OpenOffice, LibreOffice: Multiple vulnerabilities NASL family Web Servers NASL id OPENSSL_0_9_7K_0_9_8C.NASL description According to its banner, the remote server is running a version of OpenSSL that is earlier than 0.9.7k or 0.9.8c. These versions do not properly verify PKCS #1 v1.5 signatures and X509 certificates when the RSA exponent is 3. last seen 2020-06-01 modified 2020-06-02 plugin id 17756 published 2012-01-04 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/17756 title OpenSSL < 0.9.7k / 0.9.8c PKCS Padding RSA Signature Forgery Vulnerability NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2006-166.NASL description verify.c in GnuTLS before 1.4.4, when using an RSA key with exponent 3, does not properly handle excess data in the digestAlgorithm.parameters field when generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents GnuTLS from correctly verifying X.509 and other certificates that use PKCS, a variant of CVE-2006-4339. The provided packages have been patched to correct this issues. last seen 2020-06-01 modified 2020-06-02 plugin id 24552 published 2007-02-18 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24552 title Mandrake Linux Security Advisory : gnutls (MDKSA-2006:166) NASL family SuSE Local Security Checks NASL id SUSE_COMPAT-OPENSSL097G-2163.NASL description A buffer overflow condition within the SSL_get_shared_ciphers() function and a DoS condition known as last seen 2020-06-01 modified 2020-06-02 plugin id 29405 published 2007-12-13 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29405 title SuSE 10 Security Update : compat-openssl097g (ZYPP Patch Number 2163) NASL family MacOS X Local Security Checks NASL id MACOSX_JAVA_REL6.NASL description The remote Mac OS X 10.4 host is running a version of Java for Mac OS X that is older than release 6. The remote version of this software contains several security vulnerabilities that may allow a rogue Java applet to escalate its privileges and to add or remove arbitrary items from the user last seen 2019-10-28 modified 2007-12-17 plugin id 29702 published 2007-12-17 reporter This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29702 title Mac OS X : Java for Mac OS X 10.4 Release 6 NASL family SuSE Local Security Checks NASL id SUSE_OPENSSL-2082.NASL description This update fixes a bug in OpenSSL that allowed the forgery of some special RSA signatures. (CVE-2006-4339) last seen 2020-06-01 modified 2020-06-02 plugin id 29541 published 2007-12-13 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29541 title SuSE 10 Security Update : openssl (ZYPP Patch Number 2082) NASL family Solaris Local Security Checks NASL id SOLARIS10_119213.NASL description NSS_NSPR_JSS 3.30.2: NSPR 4.15 / NSS 3.30.2 / JSS 4.3.2. Date this patch was last updated by Sun : Nov/09/17 This plugin has been deprecated and either replaced with individual 119213 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 20052 published 2005-10-19 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=20052 title Solaris 10 (sparc) : 119213-36 (deprecated) NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_35480.NASL description s700_800 11.04 Virtualvault 4.6 TGP update : A security vulnerability has been identified in OpenSSL used in HP VirtualVault 4.7, 4.6, 4.5 and HP WebProxy that may allow remote unauthorized access. last seen 2020-06-01 modified 2020-06-02 plugin id 23722 published 2006-11-22 reporter This script is Copyright (C) 2006-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/23722 title HP-UX PHSS_35480 : HP-UX VirtualVault Remote Unauthorized Access (HPSBUX02165 SSRT061266 rev.1) NASL family Solaris Local Security Checks NASL id SOLARIS9_119211.NASL description NSS_NSPR_JSS 3.30.2: NSPR 4.15 / NSS 3.30.2 / JSS 4.3.2. Date this patch was last updated by Sun : Nov/09/17 last seen 2020-06-01 modified 2020-06-02 plugin id 19842 published 2005-10-05 reporter This script is Copyright (C) 2005-2017 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19842 title Solaris 9 (sparc) : 119211-36 NASL family Solaris Local Security Checks NASL id SOLARIS8_114045.NASL description Security 3.3.4.8: NSPR 4.1.6 / NSS 3.3.4.8. Date this patch was last updated by Sun : Nov/08/06 last seen 2020-06-01 modified 2020-06-02 plugin id 23361 published 2006-11-06 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/23361 title Solaris 8 (sparc) : 114045-14 NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_119214-33.NASL description NSS_NSPR_JSS 3.21_x86: NSPR 4.11 / NSS 3.21 / JSS 4.3.2. Date this patch was last updated by Sun : Mar/22/16 last seen 2020-06-01 modified 2020-06-02 plugin id 107815 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107815 title Solaris 10 (x86) : 119214-33 NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_35110.NASL description s700_800 11.04 Webproxy server 2.0 update : The remote HP-UX host is affected by multiple vulnerabilities : - Two potential security vulnerabilities have been reported in HP-UX VirtualVault Apache HTTP server versions prior to Apache 1.3.37 that may allow a Denial of Service (DoS) attack and execution of arbitrary code. (HPSBUX02164 SSRT061265) - A security vulnerability has been identified in OpenSSL used in HP VirtualVault 4.7, 4.6, 4.5 and HP WebProxy that may allow remote unauthorized access. (HPSBUX02165 SSRT061266) last seen 2020-06-01 modified 2020-06-02 plugin id 23712 published 2006-11-22 reporter This script is Copyright (C) 2006-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/23712 title HP-UX PHSS_35110 : s700_800 11.04 Webproxy server 2.0 update NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2006-0661.NASL description Updated OpenSSL packages are now available to correct a security issue. This update has been rated as having important security impact by the Red Hat Security Response Team. The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. Daniel Bleichenbacher recently described an attack on PKCS #1 v1.5 signatures. Where an RSA key with exponent 3 is used it may be possible for an attacker to forge a PKCS #1 v1.5 signature that would be incorrectly verified by implementations that do not check for excess data in the RSA exponentiation result of the signature. The Google Security Team discovered that OpenSSL is vulnerable to this attack. This issue affects applications that use OpenSSL to verify X.509 certificates as well as other uses of PKCS #1 v1.5. (CVE-2006-4339) This errata also resolves a problem where a customized ca-bundle.crt file was overwritten when the openssl package was upgraded. Users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. Note: After installing this update, users are advised to either restart all services that use OpenSSL or restart their system. last seen 2020-06-01 modified 2020-06-02 plugin id 22321 published 2006-09-12 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/22321 title CentOS 3 / 4 : openssl (CESA-2006:0661) NASL family Solaris Local Security Checks NASL id SOLARIS10_121229-02.NASL description SunOS 5.10: libssl patch. Date this patch was last updated by Sun : Apr/23/07 last seen 2020-06-01 modified 2020-06-02 plugin id 107376 published 2018-03-12 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107376 title Solaris 10 (sparc) : 121229-02 NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2006-257-02.NASL description New openssl packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix a signature forgery security issue. last seen 2020-06-01 modified 2020-06-02 plugin id 22348 published 2006-09-15 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/22348 title Slackware 10.0 / 10.1 / 10.2 / 8.1 / 9.0 / 9.1 / current : openssl (SSA:2006-257-02) NASL family Solaris Local Security Checks NASL id SOLARIS10_119213-38.NASL description NSS_NSPR_JSS 3.35: NSPR 4.18 / NSS 3.35 / JSS 4.3.2. Date this patch was last updated by Sun : May/16/18 last seen 2020-06-01 modified 2020-06-02 plugin id 109882 published 2018-05-17 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109882 title Solaris 10 (sparc) : 119213-38 NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_118372.NASL description SunOS 5.10_x86: elfsign patch. Date this patch was last updated by Sun : Apr/16/07 last seen 2018-09-01 modified 2018-08-13 plugin id 20333 published 2005-12-20 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=20333 title Solaris 10 (x86) : 118372-10 NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_35437.NASL description s700_800 11.04 Webproxy server 2.1 (Apache 2.x) update : The remote HP-UX host is affected by multiple vulnerabilities : - A security vulnerability has been identified in OpenSSL used in HP VirtualVault 4.7, 4.6, 4.5 and HP WebProxy that may allow remote unauthorized access. (HPSBUX02165 SSRT061266) - Potential security vulnerabilities have been identified with Apache running on HP-UX VirtualVault. These vulnerabilities could be exploited remotely to allow execution of arbitrary code, Denial of Service (DoS), or unauthorized access. (HPSBUX02172 SSRT061269) last seen 2020-06-01 modified 2020-06-02 plugin id 23715 published 2006-11-22 reporter This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/23715 title HP-UX PHSS_35437 : s700_800 11.04 Webproxy server 2.1 (Apache 2.x) update NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_35461.NASL description s700_800 11.04 Virtualvault 4.5 OWS update : The remote HP-UX host is affected by multiple vulnerabilities : - Two potential security vulnerabilities have been reported in HP-UX VirtualVault Apache HTTP server versions prior to Apache 1.3.37 that may allow a Denial of Service (DoS) attack and execution of arbitrary code. (HPSBUX02164 SSRT061265) - A security vulnerability has been identified in OpenSSL used in HP VirtualVault 4.7, 4.6, 4.5 and HP WebProxy that may allow remote unauthorized access. (HPSBUX02165 SSRT061266) last seen 2020-06-01 modified 2020-06-02 plugin id 23719 published 2006-11-22 reporter This script is Copyright (C) 2006-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/23719 title HP-UX PHSS_35461 : s700_800 11.04 Virtualvault 4.5 OWS update NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2006-161.NASL description Daniel Bleichenbacher recently described an attack on PKCS #1 v1.5 signatures where an RSA key with a small exponent used could be vulnerable to forgery of a PKCS #1 v1.5 signature signed by that key. Any software using OpenSSL to verify X.509 certificates is potentially vulnerable to this issue, as well as any other use of PKCS #1 v1.5, including software uses OpenSSL for SSL or TLS. Updated packages are patched to address this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 23905 published 2006-12-16 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/23905 title Mandrake Linux Security Advisory : openssl (MDKSA-2006:161) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200610-06.NASL description The remote host is affected by the vulnerability described in GLSA-200610-06 (Mozilla Network Security Service (NSS): RSA signature forgery) Daniel Bleichenbacher discovered that it might be possible to forge signatures signed by RSA keys with the exponent of 3. This affects a number of RSA signature implementations, including Mozilla last seen 2020-06-01 modified 2020-06-02 plugin id 22892 published 2006-10-20 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22892 title GLSA-200610-06 : Mozilla Network Security Service (NSS): RSA signature forgery NASL family Solaris Local Security Checks NASL id SOLARIS10_116648-25.NASL description Web Server 6.1: Sun ONE Web Server 6.1 Patch WS61SP13. Date this patch was last updated by Sun : Sep/20/10 last seen 2020-06-01 modified 2020-06-02 plugin id 107295 published 2018-03-12 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107295 title Solaris 10 (sparc) : 116648-25 NASL family Solaris Local Security Checks NASL id SOLARIS10_116648.NASL description Web Server 6.1: Sun ONE Web Server 6.1 Patch WS61SP13. Date this patch was last updated by Sun : Sep/20/10 This plugin has been deprecated and either replaced with individual 116648 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 22946 published 2006-11-06 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=22946 title Solaris 10 (sparc) : 116648-25 (deprecated) NASL family SuSE Local Security Checks NASL id SUSE_SA_2006_055.NASL description The remote host is missing the patch for the advisory SUSE-SA:2006:055 (openssl,mozilla-nss). If an RSA key with exponent 3 is used it may be possible to forge a PKCS verify the certificate if they are not checking for excess data in the RSA exponentiation result of the signature. This problems affects various SSL implementations. This advisory covers the following implementations: - OpenSSL (CVE-2006-4339) - Mozilla NSS (CVE-2006-4340 and CVE-2006-4341) for SUSE Linux 10.0, 10.1 and SUSE Linux Enterprise 10. Implementations that are affected and still need to be updated: - gnutls in all distributions. - Mozilla NSS before SUSE Linux 10.0 and SUSE Linux Enterprise 10. The official openssl advisory is here: http://www.openssl.org/news/secadv_20060905.txt Some details of the actual technical problem can be found here: http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html last seen 2019-10-28 modified 2007-02-18 plugin id 24433 published 2007-02-18 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24433 title SUSE-SA:2006:055: openssl,mozilla-nss NASL family Windows NASL id VMWARE_MULTIPLE_VMSA_2008_0005.NASL description VMware products installed on the remote host are affected by multiple vulnerabilities : - The last seen 2020-06-01 modified 2020-06-02 plugin id 31729 published 2008-04-02 reporter This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/31729 title VMware Products Multiple Vulnerabilities (VMSA-2008-0005) NASL family Solaris Local Security Checks NASL id SOLARIS9_X86_119212.NASL description NSS_NSPR_JSS 3.30.2_x86: NSPR 4.15 / NSS 3.30.2 / JSS 4.3.2. Date this patch was last updated by Sun : Nov/09/17 last seen 2020-06-01 modified 2020-06-02 plugin id 19844 published 2005-10-05 reporter This script is Copyright (C) 2005-2017 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19844 title Solaris 9 (x86) : 119212-36 NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1174.NASL description Daniel Bleichenbacher discovered a flaw in the OpenSSL cryptographic package that could allow an attacker to generate a forged signature that OpenSSL will accept as valid. last seen 2020-06-01 modified 2020-06-02 plugin id 22716 published 2006-10-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22716 title Debian DSA-1174-1 : openssl096 - cryptographic weakness NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2007-0062.NASL description Updated java-1.4.2-ibm packages to correct several security issues are now available for Red Hat Enterprise Linux 3 and 4 Extras. This update has been rated as having critical security impact by the Red Hat Security Response Team. IBM last seen 2020-06-01 modified 2020-06-02 plugin id 63837 published 2013-01-24 reporter This script is Copyright (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/63837 title RHEL 3 / 4 : java-1.4.2-ibm (RHSA-2007:0062) NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_119214-36.NASL description NSS_NSPR_JSS 3.30.2_x86: NSPR 4.15 / NSS 3.30.2 / JSS 4.3.2. Date this patch was last updated by Sun : Nov/11/17 last seen 2020-06-01 modified 2020-06-02 plugin id 107816 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107816 title Solaris 10 (x86) : 119214-36 NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2006-0661.NASL description Updated OpenSSL packages are now available to correct several security issues. This update has been rated as having important security impact by the Red Hat Security Response Team. The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. These vulnerabilities can affect applications which use OpenSSL to parse ASN.1 data from untrusted sources, including SSL servers which enable client authentication and S/MIME applications. Users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. Note: After installing this update, users are advised to either restart all services that use OpenSSL or restart their system. From Red Hat Security Advisory 2006:0695 : Tavis Ormandy and Will Drewry of the Google Security Team discovered a buffer overflow in the SSL_get_shared_ciphers() utility function. An attacker could send a list of ciphers to an application that used this function and overrun a buffer (CVE-2006-3738). Few applications make use of this vulnerable function and generally it is used only when applications are compiled for debugging. Tavis Ormandy and Will Drewry of the Google Security Team discovered a flaw in the SSLv2 client code. When a client application used OpenSSL to create an SSLv2 connection to a malicious server, that server could cause the client to crash. (CVE-2006-4343) Dr S. N. Henson of the OpenSSL core team and Open Network Security recently developed an ASN.1 test suite for NISCC (www.niscc.gov.uk) which uncovered denial of service vulnerabilities : * Certain public key types can take disproportionate amounts of time to process, leading to a denial of service. (CVE-2006-2940) * During parsing of certain invalid ASN.1 structures an error condition was mishandled. This can result in an infinite loop which consumed system memory (CVE-2006-2937). This issue does not affect the OpenSSL version distributed in Red Hat Enterprise Linux 2.1. From Red Hat Security Advisory 2006:0661 : Daniel Bleichenbacher recently described an attack on PKCS #1 v1.5 signatures. Where an RSA key with exponent 3 is used it may be possible for an attacker to forge a PKCS #1 v1.5 signature that would be incorrectly verified by implementations that do not check for excess data in the RSA exponentiation result of the signature. The Google Security Team discovered that OpenSSL is vulnerable to this attack. This issue affects applications that use OpenSSL to verify X.509 certificates as well as other uses of PKCS #1 v1.5. (CVE-2006-4339) This errata also resolves a problem where a customized ca-bundle.crt file was overwritten when the openssl package was upgraded. last seen 2020-06-01 modified 2020-06-02 plugin id 67405 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/67405 title Oracle Linux 4 : openssl (ELSA-2006-0695 / ELSA-2006-0661) NASL family Solaris Local Security Checks NASL id SOLARIS10_121229.NASL description SunOS 5.10: libssl patch. Date this patch was last updated by Sun : Apr/23/07 last seen 2018-09-01 modified 2018-08-13 plugin id 20272 published 2005-12-07 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=20272 title Solaris 10 (sparc) : 121229-02 NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_077C2DCA8F9A11DBAB33000E0C2E438A.NASL description Problem Description When verifying a PKCS#1 v1.5 signature, OpenSSL ignores any bytes which follow the cryptographic hash being signed. In a valid signature there will be no such bytes. Impact OpenSSL will incorrectly report some invalid signatures as valid. When an RSA public exponent of 3 is used, or more generally when a small public exponent is used with a relatively large modulus (e.g., a public exponent of 17 with a 4096-bit modulus), an attacker can construct a signature which OpenSSL will accept as a valid PKCS#1 v1.5 signature. Workaround No workaround is available. last seen 2020-06-01 modified 2020-06-02 plugin id 23951 published 2006-12-30 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/23951 title FreeBSD : openssl -- Incorrect PKCS#1 v1.5 padding validation in crypto(3) (077c2dca-8f9a-11db-ab33-000e0c2e438a) NASL family HP-UX Local Security Checks NASL id HPUX_PHNE_35920.NASL description s700_800 11.23 Bind 9.2.0 components : Potential vulnerabilities have been identified with HP-UX running BIND. The vulnerabilities could be exploited remotely to create a Denial of Service (DoS). References: CVE-2006-4339, CVE-2007-0493 (BIND v9.3.2 only), CVE-2007-0494. last seen 2020-06-01 modified 2020-06-02 plugin id 26138 published 2007-09-25 reporter This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/26138 title HP-UX PHNE_35920 : HP-UX Running BIND, Remote Denial of Service (DoS) (HPSBUX02219 SSRT061273 rev.1) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2007-0072.NASL description IBMJava2-JRE and IBMJava2-SDK packages that correct several security issues are available for Red Hat Enterprise Linux 2.1. This update has been rated as having critical security impact by the Red Hat Security Response Team. IBM last seen 2020-06-01 modified 2020-06-02 plugin id 24320 published 2007-02-09 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/24320 title RHEL 2.1 : IBMJava2 (RHSA-2007:0072) NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_35462.NASL description s700_800 11.04 Virtualvault 4.6 OWS update : The remote HP-UX host is affected by multiple vulnerabilities : - Two potential security vulnerabilities have been reported in HP-UX VirtualVault Apache HTTP server versions prior to Apache 1.3.37 that may allow a Denial of Service (DoS) attack and execution of arbitrary code. (HPSBUX02164 SSRT061265) - A security vulnerability has been identified in OpenSSL used in HP VirtualVault 4.7, 4.6, 4.5 and HP WebProxy that may allow remote unauthorized access. (HPSBUX02165 SSRT061266) last seen 2020-06-01 modified 2020-06-02 plugin id 23720 published 2006-11-22 reporter This script is Copyright (C) 2006-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/23720 title HP-UX PHSS_35462 : s700_800 11.04 Virtualvault 4.6 OWS update NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2006-0661.NASL description Updated OpenSSL packages are now available to correct a security issue. This update has been rated as having important security impact by the Red Hat Security Response Team. The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. Daniel Bleichenbacher recently described an attack on PKCS #1 v1.5 signatures. Where an RSA key with exponent 3 is used it may be possible for an attacker to forge a PKCS #1 v1.5 signature that would be incorrectly verified by implementations that do not check for excess data in the RSA exponentiation result of the signature. The Google Security Team discovered that OpenSSL is vulnerable to this attack. This issue affects applications that use OpenSSL to verify X.509 certificates as well as other uses of PKCS #1 v1.5. (CVE-2006-4339) This errata also resolves a problem where a customized ca-bundle.crt file was overwritten when the openssl package was upgraded. Users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. Note: After installing this update, users are advised to either restart all services that use OpenSSL or restart their system. last seen 2020-06-01 modified 2020-06-02 plugin id 22331 published 2006-09-12 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/22331 title RHEL 2.1 / 3 / 4 : openssl (RHSA-2006:0661) NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_119214-37.NASL description NSS_NSPR_JSS 3.34_x86: NSPR 4.17 / NSS 3.3. Date this patch was last updated by Sun : May/16/18 last seen 2020-06-01 modified 2020-06-02 plugin id 109912 published 2018-05-18 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109912 title Solaris 10 (x86) : 119214-37 NASL family Windows NASL id OPENOFFICE_32.NASL description The version of Sun Microsystems OpenOffice.org installed on the remote host is prior to version 3.2. It is, therefore, affected by several issues : - Signatures may not be handled properly due to a vulnerability in the libxml2 library. (CVE-2006-4339) - There is an HMAC truncation authentication bypass vulnerability in the libxmlsec library. (CVE-2009-0217) - The application is bundled with a vulnerable version of the Microsoft VC++ runtime. (CVE-2009-2493) - Specially crafted XPM files are not processed properly, which could lead to arbitrary code execution. (CVE-2009-2949) - Specially crafted GIF files are not processed properly, which could lead to arbitrary code execution. (CVE-2009-2950) - Specially crafted Microsoft Word documents are not processed properly, which could lead to arbitrary code execution. (CVE-2009-3301 / CVE-2009-3302) last seen 2020-06-01 modified 2020-06-02 plugin id 44597 published 2010-02-12 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/44597 title Sun OpenOffice.org < 3.2 Multiple Vulnerabilities NASL family Solaris Local Security Checks NASL id SOLARIS9_X86_122715.NASL description SunOS 5.9_x86: wanboot and pkg utilities Patch. Date this patch was last updated by Sun : Oct/31/11 last seen 2020-06-01 modified 2020-06-02 plugin id 27031 published 2007-10-12 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27031 title Solaris 9 (x86) : 122715-03 NASL family Solaris Local Security Checks NASL id SOLARIS9_X86_114435.NASL description SunOS 5.9_x86: IKE patch. Date this patch was last updated by Sun : Aug/09/10 last seen 2016-09-26 modified 2012-06-14 plugin id 13602 published 2004-07-12 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=13602 title Solaris 9 (x86) : 114435-16 NASL family Solaris Local Security Checks NASL id SOLARIS10_119213-36.NASL description NSS_NSPR_JSS 3.30.2: NSPR 4.15 / NSS 3.30.2 / JSS 4.3.2. Date this patch was last updated by Sun : Nov/09/17 last seen 2020-06-01 modified 2020-06-02 plugin id 107313 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107313 title Solaris 10 (sparc) : 119213-36 NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_116649-25.NASL description Web Server 6.1: Sun ONE Web Server 6.1_x86 Patch WS61SP13. Date this patch was last updated by Sun : Sep/20/10 last seen 2020-06-01 modified 2020-06-02 plugin id 107796 published 2018-03-12 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107796 title Solaris 10 (x86) : 116649-25 NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2008-0525.NASL description Red Hat Network Satellite Server version 4.2.3 is now available. This update includes fixes for a number of security issues in Red Hat Network Satellite Server Solaris client components. This update has been rated as having moderate security impact by the Red Hat Security Response Team. This release corrects several security vulnerabilities in various components shipped as part of the Red Hat Network Satellite Server Solaris client. In a typical operating environment, these components are not used by the Satellite Server in a vulnerable manner. These security updates will reduce risk should these components be used by other applications. Several flaws in Zlib was discovered. An attacker could create a carefully-crafted compressed stream that would cause an application to crash if the stream is opened by a user. (CVE-2005-2096). An attacker could create a carefully crafted compressed stream that would cause an application to crash if the stream is opened by a user. (CVE-2005-1849) A buffer overflow was discovered in the OpenSSL SSL_get_shared_ciphers() utility function. An attacker could send a list of ciphers to an application that used this function and overrun a buffer (CVE-2006-3738). A flaw in the SSLv2 client code was discovered. If a client application used OpenSSL to create an SSLv2 connection to a malicious server, that server could cause the client to crash. (CVE-2006-4343) An attack on OpenSSL PKCS #1 v1.5 signatures was discovered. Where an RSA key with exponent 3 is used it may be possible for an attacker to forge a PKCS #1 v1.5 signature that would be incorrectly verified by implementations that do not check for excess data in the RSA exponentiation result of the signature. This issue affected applications that use OpenSSL to verify X.509 certificates as well as other uses of PKCS #1 v1.5. (CVE-2006-4339) OpenSSL contained a software work-around for a bug in SSL handling in Microsoft Internet Explorer version 3.0.2. It is enabled in most servers that use OpenSSL to provide support for SSL and TLS. This work-around could allow an attacker, acting as a last seen 2020-06-01 modified 2020-06-02 plugin id 43838 published 2010-01-10 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/43838 title RHEL 3 / 4 : Solaris client in Satellite Server (RHSA-2008:0525) NASL family SuSE Local Security Checks NASL id SUSE_BIND-2269.NASL description The RSA signature problem tracked by the Mitre CVE ID CVE-2006-4339 also affects the DNSSEC implementation in the BIND nameserver. This update fixes this problem. last seen 2020-06-01 modified 2020-06-02 plugin id 27166 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27166 title openSUSE 10 Security Update : bind (bind-2269) NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_119214-38.NASL description NSS_NSPR_JSS 3.35_x86: NSPR 4.18 / NSS 3.35 / JSS 4.3.2. Date this patch was last updated by Sun : May/16/18 last seen 2020-06-01 modified 2020-06-02 plugin id 109884 published 2018-05-17 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109884 title Solaris 10 (x86) : 119214-38 NASL family Solaris Local Security Checks NASL id SOLARIS10_119213-30.NASL description NSS_NSPR_JSS 3.16: NSPR 4.10.4 / NSS 3.16. Date this patch was last updated by Sun : Nov/15/14 last seen 2020-06-01 modified 2020-06-02 plugin id 107309 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107309 title Solaris 10 (sparc) : 119213-30 NASL family Solaris Local Security Checks NASL id SOLARIS9_113451.NASL description SunOS 5.9: IKE patch. Date this patch was last updated by Sun : Aug/09/10 last seen 2016-09-26 modified 2012-06-14 plugin id 13538 published 2004-07-12 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=13538 title Solaris 9 (sparc) : 113451-17 NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2006-207.NASL description The BIND DNS server is vulnerable to the recently-discovered OpenSSL RSA signature verification problem (CVE-2006-4339). BIND uses RSA cryptography as part of its DNSSEC implementation. As a result, to resolve the security issue, these packages need to be upgraded and for both KEY and DNSKEY record types, new RSASHA1 and RSAMD5 keys need to be generated using the last seen 2020-06-01 modified 2020-06-02 plugin id 24592 published 2007-02-18 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24592 title Mandrake Linux Security Advisory : bind (MDKSA-2006:207) NASL family Solaris Local Security Checks NASL id SOLARIS10_119213-33.NASL description NSS_NSPR_JSS 3.21: NSPR 4.11 / NSS 3.21 /. Date this patch was last updated by Sun : Mar/22/16 last seen 2020-06-01 modified 2020-06-02 plugin id 107312 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107312 title Solaris 10 (sparc) : 119213-33 NASL family Solaris Local Security Checks NASL id SOLARIS9_116648.NASL description Web Server 6.1: Sun ONE Web Server 6.1 Patch WS61SP13. Date this patch was last updated by Sun : Sep/20/10 last seen 2020-06-01 modified 2020-06-02 plugin id 23519 published 2006-11-06 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/23519 title Solaris 9 (sparc) : 116648-25 NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_119214-30.NASL description NSS_NSPR_JSS 3.16_x86: NSPR 4.10.4 / NSS 3. Date this patch was last updated by Sun : Nov/15/14 last seen 2020-06-01 modified 2020-06-02 plugin id 107812 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107812 title Solaris 10 (x86) : 119214-30 NASL family SuSE Local Security Checks NASL id SUSE_COMPAT-OPENSSL097G-2171.NASL description A buffer overflow condition within the SSL_get_shared_ciphers() function and a DoS condition known as last seen 2020-06-01 modified 2020-06-02 plugin id 27187 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27187 title openSUSE 10 Security Update : compat-openssl097g (compat-openssl097g-2171) NASL family Solaris Local Security Checks NASL id SOLARIS10_118371.NASL description SunOS 5.10: elfsign patch. Date this patch was last updated by Sun : Apr/16/07 last seen 2018-09-02 modified 2018-08-13 plugin id 20332 published 2005-12-20 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=20332 title Solaris 10 (sparc) : 118371-10 NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0033_OPENSSL.NASL description The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has openssl packages installed that are affected by multiple vulnerabilities: - OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an error state mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error. OpenSSL version 1.0.2b-1.0.2m are affected. Fixed in OpenSSL 1.0.2n. OpenSSL 1.1.0 is not affected. (CVE-2017-3737) - There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH1024 are considered just feasible, because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701. This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th generation). Note: The impact from this issue is similar to CVE-2017-3736, CVE-2017-3732 and CVE-2015-3193. OpenSSL version 1.0.2-1.0.2m and 1.1.0-1.1.0g are affected. Fixed in OpenSSL 1.0.2n. Due to the low severity of this issue we are not issuing a new release of OpenSSL 1.1.0 at this time. The fix will be included in OpenSSL 1.1.0h when it becomes available. The fix is also available in commit e502cc86d in the OpenSSL git repository. (CVE-2017-3738) - There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen. (CVE-2017-3736) - OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition. (CVE-2006-2937) - OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) public exponent or (2) public modulus values in X.509 certificates that require extra time to process when using RSA signature verification. (CVE-2006-2940) - Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers. (CVE-2006-3738) - OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1. (CVE-2006-4339) - The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference. (CVE-2006-4343) - The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and earlier does not properly perform Montgomery multiplication, which might allow local users to conduct a side-channel attack and retrieve RSA private keys. (CVE-2007-3108) - Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f allows remote attackers to execute arbitrary code via unspecified vectors. (CVE-2007-4995) - Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result of a fix for CVE-2006-3738. As of 20071012, it is unknown whether code execution is possible. (CVE-2007-5135) - Double free vulnerability in OpenSSL 0.9.8f and 0.9.8g, when the TLS server name extensions are enabled, allows remote attackers to cause a denial of service (crash) via a malformed Client Hello packet. NOTE: some of these details are obtained from third party information. (CVE-2008-0891) - OpenSSL 0.9.8f and 0.9.8g allows remote attackers to cause a denial of service (crash) via a TLS handshake that omits the Server Key Exchange message and uses particular cipher suites, which triggers a NULL pointer dereference. (CVE-2008-1672) - The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service (memory consumption) via a large series of future epoch DTLS records that are buffered in a queue, aka DTLS record buffer limitation bug. (CVE-2009-1377) - Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka DTLS fragment handling memory leak. (CVE-2009-1378) - Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) and possibly have unspecified other impact via a DTLS packet, as demonstrated by a packet from a server that uses a crafted server certificate. (CVE-2009-1379) - The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post- renegotiation context, related to a plaintext injection attack, aka the Project Mogul issue. (CVE-2009-3555) - Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678. (CVE-2009-4355) - The Cryptographic Message Syntax (CMS) implementation in crypto/cms/cms_asn1.c in OpenSSL before 0.9.8o and 1.x before 1.0.0a does not properly handle structures that contain OriginatorInfo, which allows context-dependent attackers to modify invalid memory locations or conduct double-free attacks, and possibly execute arbitrary code, via unspecified vectors. (CVE-2010-0742) - RSA verification recovery in the EVP_PKEY_verify_recover function in OpenSSL 1.x before 1.0.0a, as used by pkeyutl and possibly other applications, returns uninitialized memory upon failure, which might allow context-dependent attackers to bypass intended key requirements or obtain sensitive information via unspecified vectors. NOTE: some of these details are obtained from third party information. (CVE-2010-1633) - Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, when multi- threading and internal caching are enabled on a TLS server, might allow remote attackers to execute arbitrary code via client data that triggers a heap- based buffer overflow, related to (1) the TLS server name extension and (2) elliptic curve cryptography. (CVE-2010-3864) - OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier. (CVE-2010-4180) - ssl/t1_lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c allows remote attackers to cause a denial of service (crash), and possibly obtain sensitive information in applications that use OpenSSL, via a malformed ClientHello handshake message that triggers an out-of-bounds memory access, aka OCSP stapling vulnerability. (CVE-2011-0014) - crypto/x509/x509_vfy.c in OpenSSL 1.0.x before 1.0.0e does not initialize certain structure members, which makes it easier for remote attackers to bypass CRL validation by using a nextUpdate value corresponding to a time in the past. (CVE-2011-3207) - OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications, which allows remote attackers to cause a denial of service (crash) via unspecified vectors related to an out-of-bounds read. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4108. (CVE-2012-0050) - The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key. (CVE-2012-2110) - The ssl3_take_mac function in ssl/s3_both.c in OpenSSL 1.0.1 before 1.0.1f allows remote TLS servers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Next Protocol Negotiation record in a TLS handshake. (CVE-2013-4353) - The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2 obtains a certain version number from an incorrect data structure, which allows remote attackers to cause a denial of service (daemon crash) via crafted traffic from a TLS 1.2 client. (CVE-2013-6449) - The DTLS retransmission implementation in OpenSSL 1.0.0 before 1.0.0l and 1.0.1 before 1.0.1f does not properly maintain data structures for digest and encryption contexts, which might allow man-in-the-middle attackers to trigger the use of a different context and cause a denial of service (application crash) by interfering with packet delivery, related to ssl/d1_both.c and ssl/t1_enc.c. (CVE-2013-6450) - An information disclosure flaw was found in the way OpenSSL handled TLS and DTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server could send a specially crafted TLS or DTLS Heartbeat packet to disclose a limited portion of memory per request from a connected client or server. Note that the disclosed portions of memory could potentially include sensitive information such as private keys. (CVE-2014-0160) - A flaw was found in the way SSL 3.0 handled padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. This flaw allows a man-in-the-middle (MITM) attacker to decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. (CVE-2014-3566) - A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 127201 published 2019-08-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127201 title NewStart CGSL CORE 5.04 / MAIN 5.04 : openssl Multiple Vulnerabilities (NS-SA-2019-0033) NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_35460.NASL description s700_800 11.04 Virtualvault 4.7 IWS update : The remote HP-UX host is affected by multiple vulnerabilities : - Two potential security vulnerabilities have been reported in HP-UX VirtualVault Apache HTTP server versions prior to Apache 1.3.37 that may allow a Denial of Service (DoS) attack and execution of arbitrary code. (HPSBUX02164 SSRT061265) - A security vulnerability has been identified in OpenSSL used in HP VirtualVault 4.7, 4.6, 4.5 and HP WebProxy that may allow remote unauthorized access. (HPSBUX02165 SSRT061266) last seen 2020-06-01 modified 2020-06-02 plugin id 23718 published 2006-11-22 reporter This script is Copyright (C) 2006-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/23718 title HP-UX PHSS_35460 : s700_800 11.04 Virtualvault 4.7 IWS update NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1173.NASL description Daniel Bleichenbacher discovered a flaw in the OpenSSL cryptographic package that could allow an attacker to generate a forged signature that OpenSSL will accept as valid. last seen 2020-06-01 modified 2020-06-02 plugin id 22715 published 2006-10-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22715 title Debian DSA-1173-1 : openssl - cryptographic weakness NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2006-178.NASL description Openssl recently had several vulnerabilities which were patched (CVE-2006-2937,2940,3738,4339, 4343). Some versions of ntp are built against a static copy of the SSL libraries. As a precaution an updated copy built against the new libraries in being made available. last seen 2020-06-01 modified 2020-06-02 plugin id 24564 published 2007-02-18 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24564 title Mandrake Linux Security Advisory : ntp (MDKSA-2006:178) NASL family Solaris Local Security Checks NASL id SOLARIS10_119213-37.NASL description NSS_NSPR_JSS 3.34: NSPR 4.17 / NSS 3.34 /. Date this patch was last updated by Sun : May/16/18 last seen 2020-06-01 modified 2020-06-02 plugin id 109911 published 2018-05-18 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109911 title Solaris 10 (sparc) : 119213-37 NASL family Solaris Local Security Checks NASL id SOLARIS9_X86_114050.NASL description SunOS 5.9_x86: NSPR 4.1.6 / NSS 3.3.4.8. Date this patch was last updated by Sun : Nov/08/06 last seen 2020-06-01 modified 2020-06-02 plugin id 13589 published 2004-07-12 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13589 title Solaris 9 (x86) : 114050-14 NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_35459.NASL description s700_800 11.04 Virtualvault 4.6 IWS update : The remote HP-UX host is affected by multiple vulnerabilities : - Two potential security vulnerabilities have been reported in HP-UX VirtualVault Apache HTTP server versions prior to Apache 1.3.37 that may allow a Denial of Service (DoS) attack and execution of arbitrary code. (HPSBUX02164 SSRT061265) - A security vulnerability has been identified in OpenSSL used in HP VirtualVault 4.7, 4.6, 4.5 and HP WebProxy that may allow remote unauthorized access. (HPSBUX02165 SSRT061266) last seen 2020-06-01 modified 2020-06-02 plugin id 23717 published 2006-11-22 reporter This script is Copyright (C) 2006-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/23717 title HP-UX PHSS_35459 : s700_800 11.04 Virtualvault 4.6 IWS update NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_121230.NASL description SunOS 5.10_x86: libssl patch. Date this patch was last updated by Sun : Apr/23/07 last seen 2018-09-01 modified 2018-08-13 plugin id 20275 published 2005-12-07 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=20275 title Solaris 10 (x86) : 121230-02 NASL family Fedora Local Security Checks NASL id FEDORA_2006-953.NASL description This is a security update for CVE-2006-4339. Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher [Ben Laurie; Google Security Team] Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 24176 published 2007-01-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24176 title Fedora Core 5 : openssl-0.9.8a-5.3 / openssl097a-0.9.7a-4.2.2 (2006-953) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2007-0073.NASL description java-1.5.0-ibm packages that correct several security issues are available for Red Hat Enterprise Linux 4 Extras. This update has been rated as having critical security impact by the Red Hat Security Response Team. IBM last seen 2020-06-01 modified 2020-06-02 plugin id 63839 published 2013-01-24 reporter This script is Copyright (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/63839 title RHEL 4 : java-1.5.0-ibm (RHSA-2007:0073) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2006-177.NASL description Openssl recently had several vulnerabilities which were patched (CVE-2006-2937,2940,3738,4339, 4343). Some MySQL versions are built against a static copy of the SSL libraries. As a precaution an updated copy built against the new libraries in being made available. last seen 2020-06-01 modified 2020-06-02 plugin id 24563 published 2007-02-18 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24563 title Mandrake Linux Security Advisory : MySQL (MDKSA-2006:177) NASL family Solaris Local Security Checks NASL id SOLARIS8_116648.NASL description Web Server 6.1: Sun ONE Web Server 6.1 Patch WS61SP13. Date this patch was last updated by Sun : Sep/20/10 last seen 2020-06-01 modified 2020-06-02 plugin id 23381 published 2006-11-06 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/23381 title Solaris 8 (sparc) : 116648-25 NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2008-0629.NASL description Red Hat Network Satellite Server version 5.1.1 is now available. This update includes fixes for a number of security issues in Red Hat Network Satellite Server Solaris client components. This update has been rated as having moderate security impact by the Red Hat Security Response Team. This release corrects several security vulnerabilities in components shipped as part of the Red Hat Network Satellite Server Solaris client. In a typical operating environment, these components are not used by the Satellite Server in a vulnerable manner. These security updates will reduce risk should these components be used by other applications. Several flaws in Zlib were discovered. An attacker could create a carefully-crafted compressed stream that would cause an application to crash if the stream was opened by a user. (CVE-2005-2096, CVE-2005-1849) A buffer overflow was discovered in the OpenSSL SSL_get_shared_ciphers() utility function. An attacker could send a list of ciphers to an application that used this function and overrun a buffer (CVE-2006-3738). A flaw in the SSLv2 client code was discovered. If a client application used OpenSSL to create an SSLv2 connection to a malicious server, that server could cause the client to crash. (CVE-2006-4343) An attack on OpenSSL PKCS #1 v1.5 signatures was discovered. Where an RSA key with exponent 3 was used an attacker could, potentially, forge a PKCS #1 v1.5 signature that would be incorrectly verified by implementations that do not check for excess data in the RSA exponentiation result of the signature. This issue affected applications that use OpenSSL to verify X.509 certificates as well as other uses of PKCS #1 v1.5. (CVE-2006-4339) OpenSSL contained a software work-around for a bug in SSL handling in Microsoft Internet Explorer version 3.0.2. It is enabled in most servers that use OpenSSL to provide support for SSL and TLS. This work-around was vulnerable to a man-in-the-middle attack which allowed a remote user to force an SSL connection to use SSL 2.0, rather than a stronger protocol, such as SSL 3.0 or TLS 1.0. (CVE-2005-2969) During OpenSSL parsing of certain invalid ASN.1 structures, an error condition was mishandled. This could result in an infinite loop which consumed system memory (CVE-2006-2937). Certain public key types could take disproportionate amounts of time to process in OpenSSL, leading to a denial of service. (CVE-2006-2940) A flaw was discovered in the Python repr() function last seen 2020-06-01 modified 2020-06-02 plugin id 43839 published 2010-01-10 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/43839 title RHEL 4 : Solaris client in Satellite Server (RHSA-2008:0629) NASL family Solaris Local Security Checks NASL id SOLARIS10_119213-31.NASL description NSS_NSPR_JSS 3.17.2: NSPR 4.10.7 / NSS 3.1. Date this patch was last updated by Sun : Feb/19/15 last seen 2020-06-01 modified 2020-06-02 plugin id 107310 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107310 title Solaris 10 (sparc) : 119213-31 NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200609-05.NASL description The remote host is affected by the vulnerability described in GLSA-200609-05 (OpenSSL, AMD64 x86 emulation base libraries: RSA signature forgery) Daniel Bleichenbacher discovered that it might be possible to forge signatures signed by RSA keys with the exponent of 3. Impact : Since several CAs are using an exponent of 3 it might be possible for an attacker to create a key with a false CA signature. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 22327 published 2006-09-12 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22327 title GLSA-200609-05 : OpenSSL, AMD64 x86 emulation base libraries: RSA signature forgery NASL family SuSE Local Security Checks NASL id SUSE_BIND-2268.NASL description The RSA signature problem tracked by the Mitre CVE ID CVE-2006-4339 also affects the DNSSEC implementation in the BIND nameserver. This update fixes this problem. last seen 2020-06-01 modified 2020-06-02 plugin id 29386 published 2007-12-13 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29386 title SuSE 10 Security Update : bind (ZYPP Patch Number 2268) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_C97D7A37223311DF96DD001B2134EF46.NASL description OpenOffice.org Security Team reports : Fixed in OpenOffice.org 3.2 CVE-2006-4339: Potential vulnerability from 3rd party libxml2 libraries CVE-2009-0217: Potential vulnerability from 3rd party libxmlsec libraries CVE-2009-2493: OpenOffice.org 3 for Windows bundles a vulnerable version of MSVC Runtime CVE-2009-2949: Potential vulnerability related to XPM file processing CVE-2009-2950: Potential vulnerability related to GIF file processing CVE-2009-3301/2: Potential vulnerability related to MS-Word document processing last seen 2020-06-01 modified 2020-06-02 plugin id 44922 published 2010-03-01 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/44922 title FreeBSD : openoffice.org -- multiple vulnerabilities (c97d7a37-2233-11df-96dd-001b2134ef46) NASL family SuSE Local Security Checks NASL id SUSE_OPERA-2181.NASL description This update fixes the RSA signature checking problem found in openssl in the Opera webbrowser (which is statically linked against openssl). (CVE-2006-4339) A URL tag parsing heap overflow in Opera could be used to potentially execute code. (CVE-2006-4819) last seen 2020-06-01 modified 2020-06-02 plugin id 27374 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27374 title openSUSE 10 Security Update : opera (opera-2181) NASL family Solaris Local Security Checks NASL id SOLARIS10_119213-27.NASL description NSS_NSPR_JSS 3.13.1: NSPR 4.8.9 / NSS 3.13.1 / JSS 4.3.2. Date this patch was last updated by Sun : Feb/08/12 last seen 2020-06-01 modified 2020-06-02 plugin id 107308 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107308 title Solaris 10 (sparc) : 119213-27 (BEAST) NASL family Solaris Local Security Checks NASL id SOLARIS9_117123.NASL description SunOS 5.9: wanboot and pkg utilities Patch. Date this patch was last updated by Sun : Oct/31/11 last seen 2020-06-01 modified 2020-06-02 plugin id 26166 published 2007-09-25 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/26166 title Solaris 9 (sparc) : 117123-10 NASL family SuSE Local Security Checks NASL id SUSE_SA_2006_061.NASL description The remote host is missing the patch for the advisory SUSE-SA:2006:061 (opera). The web browser Opera has been updated to fix 2 security problems. CVE-2006-4339: Opera was affected by the RSA signature checking problem found in openssl, since it is statically linked against openssl. CVE-2006-4819: A URL tag parsing heap overflow in Opera could be used to potentially execute code. last seen 2019-10-28 modified 2007-02-18 plugin id 24439 published 2007-02-18 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24439 title SUSE-SA:2006:061: opera NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_35111.NASL description s700_800 11.04 Webproxy 2.1 (Apache 1.x) update : The remote HP-UX host is affected by multiple vulnerabilities : - A security vulnerability has been identified in OpenSSL used in HP VirtualVault 4.7, 4.6, 4.5 and HP WebProxy that may allow remote unauthorized access. (HPSBUX02165 SSRT061266) - Two potential security vulnerabilities have been reported in HP-UX VirtualVault Apache HTTP server versions prior to Apache 1.3.37 that may allow a Denial of Service (DoS) attack and execution of arbitrary code. (HPSBUX02164 SSRT061265) last seen 2020-06-01 modified 2020-06-02 plugin id 23713 published 2006-11-22 reporter This script is Copyright (C) 2006-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/23713 title HP-UX PHSS_35111 : s700_800 11.04 Webproxy 2.1 (Apache 1.x) update NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_121230-02.NASL description SunOS 5.10_x86: libssl patch. Date this patch was last updated by Sun : Apr/23/07 last seen 2020-06-01 modified 2020-06-02 plugin id 107877 published 2018-03-12 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107877 title Solaris 10 (x86) : 121230-02 NASL family Solaris Local Security Checks NASL id SOLARIS10_119213-32.NASL description NSS_NSPR_JSS 3.17.4: NSPR 4.10.7 / NSS 3.17.4 / JSS 4.3.2. Date this patch was last updated by Sun : Dec/24/15 last seen 2020-06-01 modified 2020-06-02 plugin id 107311 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107311 title Solaris 10 (sparc) : 119213-32 NASL family Fedora Local Security Checks NASL id FEDORA_2006-1004.NASL description - Thu Sep 28 2006 Tomas Mraz <tmraz at redhat.com> 0.9.8a-5.4 - fix CVE-2006-2937 - mishandled error on ASN.1 parsing (#207276) - fix CVE-2006-2940 - parasitic public keys DoS (#207274) - fix CVE-2006-3738 - buffer overflow in SSL_get_shared_ciphers (#206940) - fix CVE-2006-4343 - sslv2 client DoS (#206940) - Sat Sep 9 2006 Tomas Mraz <tmraz at redhat.com> 0.9.8a-5.3 - fix CVE-2006-4339 - prevent attack on PKCS#1 v1.5 signatures (#205180) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 24028 published 2007-01-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24028 title Fedora Core 5 : openssl-0.9.8a-5.4 (2006-1004) NASL family SuSE Local Security Checks NASL id SUSE_OPENSSL-2069.NASL description This update fixes a bug in OpenSSL that allowed the forgery of some special RSA signatures. (CVE-2006-4339) last seen 2020-06-01 modified 2020-06-02 plugin id 27367 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27367 title openSUSE 10 Security Update : openssl (openssl-2069) NASL family Solaris Local Security Checks NASL id SOLARIS9_114049.NASL description SunOS 5.9: NSPR 4.1.6 / NSS 3.3.4.8. Date this patch was last updated by Sun : Nov/07/06 last seen 2020-06-01 modified 2020-06-02 plugin id 13548 published 2004-07-12 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13548 title Solaris 9 (sparc) : 114049-14 NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_119214-31.NASL description NSS_NSPR_JSS 3.17.2_x86: NSPR 4.10.7 / NSS. Date this patch was last updated by Sun : Feb/19/15 last seen 2020-06-01 modified 2020-06-02 plugin id 107813 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107813 title Solaris 10 (x86) : 119214-31
Oval
| accepted | 2010-09-06T04:11:01.787-04:00 | ||||||||
| class | vulnerability | ||||||||
| contributors |
| ||||||||
| definition_extensions |
| ||||||||
| description | OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1. | ||||||||
| family | unix | ||||||||
| id | oval:org.mitre.oval:def:11656 | ||||||||
| status | accepted | ||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||
| title | OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1. | ||||||||
| version | 6 |
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
Seebug
| bulletinFamily | exploit |
| description | Apple Mac OS X是一款基于BSD的操作系统。 Apple Mac OS X存在多个安全问题,远程和本地攻击者可以利用漏洞进行恶意代码执行,拒绝服务攻击,特权提升,覆盖文件,获得敏感信息等攻击。 具体问题如下: AirPort-CVE-ID: CVE-2006-5710: AirPort无线驱动不正确处理应答帧,可导致基于堆的溢出。 ATS-CVE-ID: CVE-2006-4396: Apple Type服务不安全建立错误日至可导致任意文件覆盖。 ATS-CVE-ID: CVE-2006-4398: Apple Type服务存在多个缓冲区溢出,可导致以高权限执行任意代码。 ATS-CVE-ID: CVE-2006-4400: 利用特殊的字体文件,可导致任意代码执行。 CFNetwork-CVE-ID: CVE-2006-4401: 通过诱使用户访问恶意ftp URI,可导致任意ftp命令执行。 ClamAV-CVE-ID: CVE-2006-4182: 恶意email消息可导致ClamAV执行任意代码。 Finder-CVE-ID: CVE-2006-4402: 通过浏览共享目录可导致应用程序崩溃或执行任意代码。 ftpd-CVE-ID: CVE-2006-4403: 当ftp访问启用时,未授权用户可判别合法的账户名。 gnuzip-CVE-ID: CVE-2006-4334, CVE-2006-4335, CVE-2006-4336, CVE-2006-4337, CVE-2006-4338: gunzip处理压缩文件存在多个问题,可导致应用程序崩溃或执行任意指令。 Installer-CVE-ID: CVE-2006-4404: 当以管理用户安装软件时,系统权限可能被未授权利用。 OpenSSL-CVE-ID: CVE-2006-2937, CVE-2006-2940, CVE-2006-3738, CVE-2006-4339, CVE-2006-4343: OpenSSL存在多个安全问题可导致任意代码执行或者获得敏感信息。 perl-CVE-ID: CVE-2005-3962: 不安全处理字符串,可导致Perl应用程序执行任意代码。 PHP-CVE-ID: CVE-2006-1490, CVE-2006-1990: Php应用程序存在多个问题,可导致拒绝服务或执行任意代码。 PHP-CVE-ID: CVE-2006-5465: PHP的htmlentities()和htmlspecialchars()函数存在缓冲区溢出,可导致任意代码执行。 PPP-CVE-ID: CVE-2006-4406: 在不可信的本地网络上使用PPPoE可导致任意代码执行。 Samba-CVE-ID: CVE-2006-3403: 当Windows共享使用时,远程攻击者可进行拒绝服务攻击。 Security Framework-CVE-ID: CVE-2006-4407: 不安全的传送方法可导致不协商最安全的加密信息。 Security Framework-CVE-ID: CVE-2006-4408: 处理X.509证书时可导致拒绝服务攻击。 Security Framework-CVE-ID: CVE-2006-4409: 当使用http代理时,证书废弃列表不能获得。 Security Framework-CVE-ID: CVE-2006-4410: 部分调用证书错误的被授权。 VPN-CVE-ID: CVE-2006-4411: 恶意本地用户可获得系统特权。 WebKit-CVE-ID: CVE-2006-4412: 通过诱使用户浏览恶意web页执行任意代码。 Apple Mac OS X Server 10.4.8 Apple Mac OS X Server 10.4.7 Apple Mac OS X Server 10.4.6 Apple Mac OS X Server 10.4.5 Apple Mac OS X Server 10.4.4 Apple Mac OS X Server 10.4.3 Apple Mac OS X Server 10.4.2 Apple Mac OS X Server 10.4.1 Apple Mac OS X Server 10.4 Apple Mac OS X Server 10.3.9 Apple Mac OS X Server 10.3.8 Apple Mac OS X Server 10.3.7 Apple Mac OS X Server 10.3.6 Apple Mac OS X Server 10.3.5 Apple Mac OS X Server 10.3.4 Apple Mac OS X Server 10.3.3 Apple Mac OS X Server 10.3.2 Apple Mac OS X Server 10.3.1 Apple Mac OS X Server 10.3 Apple Mac OS X Server 10.2.8 Apple Mac OS X Server 10.2.7 Apple Mac OS X Server 10.2.6 Apple Mac OS X Server 10.2.5 Apple Mac OS X Server 10.2.4 Apple Mac OS X Server 10.2.3 Apple Mac OS X Server 10.2.2 Apple Mac OS X Server 10.2.1 Apple Mac OS X Server 10.2 Apple Mac OS X Server 10.1.5 Apple Mac OS X Server 10.1.4 Apple Mac OS X Server 10.1.3 Apple Mac OS X Server 10.1.2 Apple Mac OS X Server 10.1.1 Apple Mac OS X Server 10.1 Apple Mac OS X Server 10.0 Apple Mac OS X 10.4.8 Apple Mac OS X 10.4.7 Apple Mac OS X 10.4.6 Apple Mac OS X 10.4.5 Apple Mac OS X 10.4.4 Apple Mac OS X 10.4.3 Apple Mac OS X 10.4.2 Apple Mac OS X 10.4.1 Apple Mac OS X 10.4 Apple Mac OS X 10.3.9 Apple Mac OS X 10.3.8 Apple Mac OS X 10.3.7 Apple Mac OS X 10.3.6 Apple Mac OS X 10.3.5 Apple Mac OS X 10.3.4 Apple Mac OS X 10.3.3 Apple Mac OS X 10.3.2 Apple Mac OS X 10.3.1 Apple Mac OS X 10.3 Apple Mac OS X 10.2.8 Apple Mac OS X 10.2.7 Apple Mac OS X 10.2.6 Apple Mac OS X 10.2.5 Apple Mac OS X 10.2.4 Apple Mac OS X 10.2.3 Apple Mac OS X 10.2.2 Apple Mac OS X 10.2.1 Apple Mac OS X 10.2 Apple Mac OS X 10.1.5 Apple Mac OS X 10.1.4 Apple Mac OS X 10.1.3 Apple Mac OS X 10.1.2 Apple Mac OS X 10.1.1 Apple Mac OS X 10.1 Apple Mac OS X 10.1 Apple Mac OS X 10.0.4 Apple Mac OS X 10.0.3 Apple Mac OS X 10.0.2 Apple Mac OS X 10.0.1 Apple Mac OS X 10.0 3 Apple Mac OS X 10.0 <a href="http://docs.info.apple.com/article.html?artnum=304829" target="_blank">http://docs.info.apple.com/article.html?artnum=304829</a> |
| id | SSV:623 |
| last seen | 2017-11-19 |
| modified | 2006-11-29 |
| published | 2006-11-29 |
| reporter | Root |
| title | Apple Mac OS X 2006-007存在多个安全漏洞 |
Statements
| contributor | Mark J Cox |
| lastmodified | 2007-03-14 |
| organization | Red Hat |
| statement | Vulnerable. This issue affects OpenSSL and OpenSSL compatibility packages in Red Hat Enterprise Linux 2.1, 3, and 4. Updates, along with our advisory are available at the URL below. http://rhn.redhat.com/errata/RHSA-2006-0661.html Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. |
References
- http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html
- http://www.openssl.org/news/secadv_20060905.txt
- http://secunia.com/advisories/21709
- http://www.ubuntu.com/usn/usn-339-1
- http://www.securityfocus.com/bid/19849
- https://issues.rpath.com/browse/RPL-616
- http://www.us.debian.org/security/2006/dsa-1173
- http://www.debian.org/security/2006/dsa-1174
- http://security.freebsd.org/advisories/FreeBSD-SA-06:19.openssl.asc
- http://security.gentoo.org/glsa/glsa-200609-05.xml
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:161
- http://www.openbsd.org/errata.html
- http://www.redhat.com/support/errata/RHSA-2006-0661.html
- http://www.osvdb.org/28549
- http://securitytracker.com/id?1016791
- http://secunia.com/advisories/21778
- http://secunia.com/advisories/21785
- http://secunia.com/advisories/21812
- http://secunia.com/advisories/21823
- http://secunia.com/advisories/21852
- http://secunia.com/advisories/21791
- http://secunia.com/advisories/21767
- http://secunia.com/advisories/21776
- http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/
- http://www.kb.cert.org/vuls/id/845620
- http://secunia.com/advisories/21873
- http://secunia.com/advisories/21906
- http://secunia.com/advisories/21846
- http://support.avaya.com/elmodocs2/security/ASA-2006-188.htm
- http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.605306
- http://secunia.com/advisories/21927
- http://secunia.com/advisories/21870
- ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc
- http://secunia.com/advisories/22036
- http://www.opera.com/support/search/supsearch.dml?index=845
- http://secunia.com/advisories/21982
- http://security.gentoo.org/glsa/glsa-200609-18.xml
- http://www.novell.com/linux/security/advisories/2006_55_ssl.html
- http://secunia.com/advisories/21930
- http://secunia.com/advisories/22161
- http://secunia.com/advisories/22259
- http://secunia.com/advisories/22260
- http://openvpn.net/changelog.html
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1
- http://secunia.com/advisories/22226
- http://secunia.com/advisories/22232
- http://www.serv-u.com/releasenotes/
- http://secunia.com/advisories/22284
- http://www.gentoo.org/security/en/glsa/glsa-200610-06.xml
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102657-1
- http://secunia.com/advisories/22325
- http://secunia.com/advisories/22446
- http://www.novell.com/linux/security/advisories/2006_61_opera.html
- http://secunia.com/advisories/22509
- http://support.attachmate.com/techdocs/2137.html
- http://www.bluecoat.com/support/knowledge/openSSL_RSA_Signature_forgery.html
- http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102656-1
- http://secunia.com/advisories/22513
- http://secunia.com/advisories/22523
- http://secunia.com/advisories/22545
- http://secunia.com/advisories/22585
- http://www.arkoon.fr/upload/alertes/40AK-2006-04-FR-1.1_SSL360_OPENSSL_RSA.pdf
- http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.029-bind.html
- http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.566955
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102696-1
- http://secunia.com/advisories/22733
- http://secunia.com/advisories/22671
- http://secunia.com/advisories/22689
- http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml
- http://www.cisco.com/en/US/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html
- http://secunia.com/advisories/22758
- http://secunia.com/advisories/22799
- http://www.sybase.com/detail?id=1047991
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102686-1
- http://secunia.com/advisories/22711
- http://secunia.com/advisories/22934
- http://secunia.com/advisories/22936
- http://secunia.com/advisories/22937
- http://secunia.com/advisories/22938
- http://secunia.com/advisories/22939
- http://secunia.com/advisories/22940
- http://secunia.com/advisories/22949
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:207
- http://www.novell.com/linux/security/advisories/2006_26_sr.html
- http://secunia.com/advisories/22948
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102722-1
- http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html
- http://www.us-cert.gov/cas/techalerts/TA06-333A.html
- http://secunia.com/advisories/23155
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102744-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1
- http://secunia.com/advisories/23455
- http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html
- http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html
- http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html
- http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html
- http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html
- http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html
- http://secunia.com/advisories/23680
- http://secunia.com/advisories/23794
- http://support.attachmate.com/techdocs/2127.html
- http://support.attachmate.com/techdocs/2128.html
- http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.018.html
- http://www.redhat.com/support/errata/RHSA-2007-0062.html
- http://www.redhat.com/support/errata/RHSA-2007-0072.html
- http://www.redhat.com/support/errata/RHSA-2007-0073.html
- http://www.novell.com/linux/security/advisories/2007_10_ibmjava.html
- http://securitytracker.com/id?1017522
- http://secunia.com/advisories/23841
- http://secunia.com/advisories/23915
- http://secunia.com/advisories/22044
- http://secunia.com/advisories/22932
- http://secunia.com/advisories/24099
- http://secunia.com/advisories/24950
- http://secunia.com/advisories/24930
- http://dev2dev.bea.com/pub/advisory/238
- http://secunia.com/advisories/25284
- https://secure-support.novell.com/KanisaPlatform/Publishing/41/3143224_f.SAL_Public.html
- https://issues.rpath.com/browse/RPL-1633
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:177
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:178
- http://www.securityfocus.com/bid/22083
- http://secunia.com/advisories/25399
- http://secunia.com/advisories/25649
- http://secunia.com/advisories/22066
- http://secunia.com/advisories/26329
- http://secunia.com/advisories/26893
- http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html
- http://secunia.com/advisories/28115
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-201247-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1
- http://lists.vmware.com/pipermail/security-announce/2008/000008.html
- http://www.vmware.com/security/advisories/VMSA-2008-0005.html
- http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html
- http://www.vmware.com/support/player/doc/releasenotes_player.html
- http://www.vmware.com/support/player2/doc/releasenotes_player2.html
- http://www.vmware.com/support/server/doc/releasenotes_server.html
- http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
- http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
- http://www.securityfocus.com/bid/28276
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-200708-1
- http://secunia.com/advisories/31492
- http://www.redhat.com/support/errata/RHSA-2008-0629.html
- https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144
- http://secunia.com/advisories/38567
- http://www.openoffice.org/security/cves/CVE-2006-4339.html
- http://www.vupen.com/english/advisories/2010/0366
- http://secunia.com/advisories/38568
- http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000148.1-1
- http://www.vupen.com/english/advisories/2007/2315
- http://www.vupen.com/english/advisories/2007/2163
- http://www.vupen.com/english/advisories/2007/1401
- http://www.vupen.com/english/advisories/2006/4329
- http://www.vupen.com/english/advisories/2006/3730
- http://www.vupen.com/english/advisories/2006/3936
- http://www.vupen.com/english/advisories/2006/3453
- http://www.vupen.com/english/advisories/2006/4586
- http://www.vupen.com/english/advisories/2008/0905/references
- http://www.vupen.com/english/advisories/2007/1945
- http://www.vupen.com/english/advisories/2006/4744
- http://www.vupen.com/english/advisories/2007/1815
- http://www.vupen.com/english/advisories/2007/0254
- http://www.vupen.com/english/advisories/2006/4417
- http://www.vupen.com/english/advisories/2006/3748
- http://www.vupen.com/english/advisories/2006/4750
- http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540
- http://www.vupen.com/english/advisories/2006/3566
- http://www.vupen.com/english/advisories/2006/5146
- http://www.vupen.com/english/advisories/2006/3793
- http://www.vupen.com/english/advisories/2006/4366
- http://www.vupen.com/english/advisories/2007/4224
- http://www.vupen.com/english/advisories/2006/4327
- http://www.vupen.com/english/advisories/2006/4206
- http://www.vupen.com/english/advisories/2007/0343
- http://www.vupen.com/english/advisories/2006/4207
- http://www.vupen.com/english/advisories/2007/2783
- http://www.vupen.com/english/advisories/2006/4216
- http://www.vupen.com/english/advisories/2006/3899
- http://www.vupen.com/english/advisories/2006/4205
- http://marc.info/?l=bugtraq&m=130497311408250&w=2
- http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html
- http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000079.html
- http://jvn.jp/en/jp/JVN51615542/index.html
- http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742
- http://docs.info.apple.com/article.html?artnum=304829
- http://docs.info.apple.com/article.html?artnum=307177
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01070495
- http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml
- http://secunia.com/advisories/60799
- http://secunia.com/advisories/41818
- http://marc.info/?l=bind-announce&m=116253119512445&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28755
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11656
- http://www.securityfocus.com/archive/1/489739/100/0/threaded
- http://www.securityfocus.com/archive/1/456546/100/200/threaded
- http://www.securityfocus.com/archive/1/450327/100/0/threaded
- http://www.securityfocus.com/archive/1/445822/100/0/threaded
- http://www.securityfocus.com/archive/1/445231/100/0/threaded