Vulnerabilities > CVE-2011-4577 - Resource Management Errors vulnerability in Openssl
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
OpenSSL before 0.9.8s and 1.x before 1.0.0f, when RFC 3779 support is enabled, allows remote attackers to cause a denial of service (assertion failure) via an X.509 certificate containing certificate-extension data associated with (1) IP address blocks or (2) Autonomous System (AS) identifiers.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family VMware ESX Local Security Checks NASL id VMWARE_VMSA-2012-0013.NASL description a. vCenter and ESX update to JRE 1.6.0 Update 31 The Oracle (Sun) JRE is updated to version 1.6.0_31, which addresses multiple security issues. Oracle has documented the CVE identifiers that are addressed by this update in the Oracle Java SE Critical Patch Update Advisory of February 2012. b. vCenter Update Manager update to JRE 1.5.0 Update 36 The Oracle (Sun) JRE is updated to 1.5.0_36 to address multiple security issues. Oracle has documented the CVE identifiers that are addressed in JRE 1.5.0_36 in the Oracle Java SE Critical Patch Update Advisory for June 2012. c. Update to ESX/ESXi userworld OpenSSL library The ESX/ESXi userworld OpenSSL library is updated from version 0.9.8p to version 0.9.8t to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-4180, CVE-2010-4252, CVE-2011-0014, CVE-2011-4108, CVE-2011-4109, CVE-2011-4576, CVE-2011-4577, CVE-2011-4619, and CVE-2012-0050 to these issues. d. Update to ESX service console OpenSSL RPM The service console OpenSSL RPM is updated to version 0.9.8e-22.el5_8.3 to resolve a security issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-2110 to this issue. e. Update to ESX service console kernel The ESX service console kernel is updated to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2011-1833, CVE-2011-2484, CVE-2011-2496, CVE-2011-3188, CVE-2011-3209, CVE-2011-3363, CVE-2011-4110, CVE-2011-1020, CVE-2011-4132, CVE-2011-4324, CVE-2011-4325, CVE-2012-0207, CVE-2011-2699, and CVE-2012-1583 to these issues. f. Update to ESX service console Perl RPM The ESX service console Perl RPM is updated to perl-5.8.8.32.1.8999.vmw to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-2761, CVE-2010-4410, and CVE-2011-3597 to these issues. g. Update to ESX service console libxml2 RPMs The ESX service console libmxl2 RPMs are updated to libxml2-2.6.26-2.1.15.el5_8.2 and libxml2-python-2.6.26-2.1.15.el5_8.2 to resolve a security issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-0841 to this issue. h. Update to ESX service console glibc RPM The ESX service console glibc RPM is updated to version glibc-2.5-81.el5_8.1 to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-5029, CVE-2009-5064, CVE-2010-0830, CVE-2011-1089, CVE-2011-4609, and CVE-2012-0864 to these issue. i. Update to ESX service console GnuTLS RPM The ESX service console GnuTLS RPM is updated to version 1.4.1-7.el5_8.2 to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2011-4128, CVE-2012-1569, and CVE-2012-1573 to these issues. j. Update to ESX service console popt, rpm, rpm-libs, and rpm-python RPMS The ESX service console popt, rpm, rpm-libs, and rpm-python RPMS are updated to the following versions to resolve multiple security issues : - popt-1.10.2.3-28.el5_8 - rpm-4.4.2.3-28.el5_8 - rpm-libs-4.4.2.3-28.el5_8 - rpm-python-4.4.2.3-28.el5_8 The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-0060, CVE-2012-0061, and CVE-2012-0815 to these issues. k. Vulnerability in third-party Apache Struts component The version of Apache Struts in vCenter Operations has been updated to 2.3.4 which addresses an arbitrary file overwrite vulnerability. This vulnerability allows an attacker to create a denial of service by overwriting arbitrary files without authentication. The attacker would need to be on the same network as the system where vCOps is installed. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-0393 to this issue. Note: Apache struts 2.3.4 addresses the following issues as well : CVE-2011-5057, CVE-2012-0391, CVE-2012-0392, CVE-2012-0394. It was found that these do not affect vCOps. VMware would like to thank Alexander Minozhenko from ERPScan for reporting this issue to us. last seen 2020-06-01 modified 2020-06-02 plugin id 61747 published 2012-08-31 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/61747 title VMSA-2012-0013 : VMware vSphere and vCOps updates to third-party libraries code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from VMware Security Advisory 2012-0013. # The text itself is copyright (C) VMware Inc. # include("compat.inc"); if (description) { script_id(61747); script_version("1.56"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/07/30"); script_cve_id("CVE-2009-5029", "CVE-2009-5064", "CVE-2010-0830", "CVE-2010-2761", "CVE-2010-4180", "CVE-2010-4252", "CVE-2010-4410", "CVE-2011-0014", "CVE-2011-1020", "CVE-2011-1089", "CVE-2011-1833", "CVE-2011-2484", "CVE-2011-2496", "CVE-2011-2699", "CVE-2011-3188", "CVE-2011-3209", "CVE-2011-3363", "CVE-2011-3597", "CVE-2011-4108", "CVE-2011-4109", "CVE-2011-4110", "CVE-2011-4128", "CVE-2011-4132", "CVE-2011-4324", "CVE-2011-4325", "CVE-2011-4576", "CVE-2011-4577", "CVE-2011-4609", "CVE-2011-4619", "CVE-2012-0050", "CVE-2012-0060", "CVE-2012-0061", "CVE-2012-0207", "CVE-2012-0393", "CVE-2012-0815", "CVE-2012-0841", "CVE-2012-0864", "CVE-2012-1569", "CVE-2012-1573", "CVE-2012-1583", "CVE-2012-2110"); script_bugtraq_id(40063, 44199, 45145, 45163, 45164, 46264, 46567, 46740, 47321, 48383, 48802, 49108, 49289, 49626, 49911, 50311, 50609, 50663, 50755, 50798, 50898, 51194, 51257, 51281, 51343, 51366, 51439, 51467, 51563, 52009, 52010, 52011, 52012, 52013, 52014, 52015, 52016, 52017, 52018, 52019, 52020, 52107, 52161, 52201, 52667, 52668, 52865, 53136, 53139, 53158, 53946, 53947, 53948, 53949, 53950, 53951, 53952, 53953, 53954, 53956, 53958, 53959, 53960); script_xref(name:"VMSA", value:"2012-0013"); script_name(english:"VMSA-2012-0013 : VMware vSphere and vCOps updates to third-party libraries"); script_summary(english:"Checks esxupdate output for the patches"); script_set_attribute( attribute:"synopsis", value: "The remote VMware ESXi / ESX host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "a. vCenter and ESX update to JRE 1.6.0 Update 31 The Oracle (Sun) JRE is updated to version 1.6.0_31, which addresses multiple security issues. Oracle has documented the CVE identifiers that are addressed by this update in the Oracle Java SE Critical Patch Update Advisory of February 2012. b. vCenter Update Manager update to JRE 1.5.0 Update 36 The Oracle (Sun) JRE is updated to 1.5.0_36 to address multiple security issues. Oracle has documented the CVE identifiers that are addressed in JRE 1.5.0_36 in the Oracle Java SE Critical Patch Update Advisory for June 2012. c. Update to ESX/ESXi userworld OpenSSL library The ESX/ESXi userworld OpenSSL library is updated from version 0.9.8p to version 0.9.8t to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-4180, CVE-2010-4252, CVE-2011-0014, CVE-2011-4108, CVE-2011-4109, CVE-2011-4576, CVE-2011-4577, CVE-2011-4619, and CVE-2012-0050 to these issues. d. Update to ESX service console OpenSSL RPM The service console OpenSSL RPM is updated to version 0.9.8e-22.el5_8.3 to resolve a security issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-2110 to this issue. e. Update to ESX service console kernel The ESX service console kernel is updated to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2011-1833, CVE-2011-2484, CVE-2011-2496, CVE-2011-3188, CVE-2011-3209, CVE-2011-3363, CVE-2011-4110, CVE-2011-1020, CVE-2011-4132, CVE-2011-4324, CVE-2011-4325, CVE-2012-0207, CVE-2011-2699, and CVE-2012-1583 to these issues. f. Update to ESX service console Perl RPM The ESX service console Perl RPM is updated to perl-5.8.8.32.1.8999.vmw to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-2761, CVE-2010-4410, and CVE-2011-3597 to these issues. g. Update to ESX service console libxml2 RPMs The ESX service console libmxl2 RPMs are updated to libxml2-2.6.26-2.1.15.el5_8.2 and libxml2-python-2.6.26-2.1.15.el5_8.2 to resolve a security issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-0841 to this issue. h. Update to ESX service console glibc RPM The ESX service console glibc RPM is updated to version glibc-2.5-81.el5_8.1 to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-5029, CVE-2009-5064, CVE-2010-0830, CVE-2011-1089, CVE-2011-4609, and CVE-2012-0864 to these issue. i. Update to ESX service console GnuTLS RPM The ESX service console GnuTLS RPM is updated to version 1.4.1-7.el5_8.2 to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2011-4128, CVE-2012-1569, and CVE-2012-1573 to these issues. j. Update to ESX service console popt, rpm, rpm-libs, and rpm-python RPMS The ESX service console popt, rpm, rpm-libs, and rpm-python RPMS are updated to the following versions to resolve multiple security issues : - popt-1.10.2.3-28.el5_8 - rpm-4.4.2.3-28.el5_8 - rpm-libs-4.4.2.3-28.el5_8 - rpm-python-4.4.2.3-28.el5_8 The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-0060, CVE-2012-0061, and CVE-2012-0815 to these issues. k. Vulnerability in third-party Apache Struts component The version of Apache Struts in vCenter Operations has been updated to 2.3.4 which addresses an arbitrary file overwrite vulnerability. This vulnerability allows an attacker to create a denial of service by overwriting arbitrary files without authentication. The attacker would need to be on the same network as the system where vCOps is installed. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-0393 to this issue. Note: Apache struts 2.3.4 addresses the following issues as well : CVE-2011-5057, CVE-2012-0391, CVE-2012-0392, CVE-2012-0394. It was found that these do not affect vCOps. VMware would like to thank Alexander Minozhenko from ERPScan for reporting this issue to us." ); script_set_attribute( attribute:"see_also", value:"http://lists.vmware.com/pipermail/security-announce/2012/000197.html" ); script_set_attribute(attribute:"solution", value:"Apply the missing patches."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Java Applet Field Bytecode Verifier Cache Remote Code Execution'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx:4.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx:4.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi:4.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi:5.0"); script_set_attribute(attribute:"vuln_publication_date", value:"2010/06/01"); script_set_attribute(attribute:"patch_publication_date", value:"2012/08/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/31"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"VMware ESX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/VMware/release", "Host/VMware/version"); script_require_ports("Host/VMware/esxupdate", "Host/VMware/esxcli_software_vibs"); exit(0); } include("audit.inc"); include("vmware_esx_packages.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/VMware/release")) audit(AUDIT_OS_NOT, "VMware ESX / ESXi"); if ( !get_kb_item("Host/VMware/esxcli_software_vibs") && !get_kb_item("Host/VMware/esxupdate") ) audit(AUDIT_PACKAGE_LIST_MISSING); init_esx_check(date:"2012-08-30"); flag = 0; if ( esx_check( ver : "ESX 4.0", patch : "ESX400-201209401-SG", patch_updates : make_list("ESX400-201302401-SG", "ESX400-201305401-SG", "ESX400-201310401-SG", "ESX400-201404401-SG") ) ) flag++; if ( esx_check( ver : "ESX 4.0", patch : "ESX400-201209402-SG", patch_updates : make_list("ESX400-201305404-SG", "ESX400-201310402-SG") ) ) flag++; if (esx_check(ver:"ESX 4.0", patch:"ESX400-201209404-SG")) flag++; if ( esx_check( ver : "ESX 4.1", patch : "ESX410-201208101-SG", patch_updates : make_list("ESX410-201211401-SG", "ESX410-201301401-SG", "ESX410-201304401-SG", "ESX410-201307401-SG", "ESX410-201312401-SG", "ESX410-201404401-SG", "ESX410-Update03") ) ) flag++; if ( esx_check( ver : "ESX 4.1", patch : "ESX410-201208102-SG", patch_updates : make_list("ESX410-201301405-SG", "ESX410-201304402-SG", "ESX410-201307405-SG", "ESX410-Update03") ) ) flag++; if ( esx_check( ver : "ESX 4.1", patch : "ESX410-201208103-SG", patch_updates : make_list("ESX410-201307403-SG", "ESX410-Update03") ) ) flag++; if ( esx_check( ver : "ESX 4.1", patch : "ESX410-201208104-SG", patch_updates : make_list("ESX410-Update03") ) ) flag++; if ( esx_check( ver : "ESX 4.1", patch : "ESX410-201208105-SG", patch_updates : make_list("ESX410-Update03") ) ) flag++; if ( esx_check( ver : "ESX 4.1", patch : "ESX410-201208106-SG", patch_updates : make_list("ESX410-201307404-SG", "ESX410-Update03") ) ) flag++; if ( esx_check( ver : "ESX 4.1", patch : "ESX410-201208107-SG", patch_updates : make_list("ESX410-Update03") ) ) flag++; if ( esx_check( ver : "ESXi 4.1", patch : "ESXi410-201208101-SG", patch_updates : make_list("ESXi410-201211401-SG", "ESXi410-201301401-SG", "ESXi410-201304401-SG", "ESXi410-201307401-SG", "ESXi410-201312401-SG", "ESXi410-201404401-SG", "ESXi410-Update03") ) ) flag++; if (esx_check(ver:"ESXi 5.0", vib:"VMware:esx-base:5.0.0-1.25.912577")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:esx_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2012-0059.NASL description Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was discovered that the Datagram Transport Layer Security (DTLS) protocol implementation in OpenSSL leaked timing information when performing certain operations. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a DTLS server as a padding oracle. (CVE-2011-4108) An information leak flaw was found in the SSL 3.0 protocol implementation in OpenSSL. Incorrect initialization of SSL record padding bytes could cause an SSL client or server to send a limited amount of possibly sensitive data to its SSL peer via the encrypted connection. (CVE-2011-4576) A denial of service flaw was found in the RFC 3779 implementation in OpenSSL. A remote attacker could use this flaw to make an application using OpenSSL exit unexpectedly by providing a specially crafted X.509 certificate that has malformed RFC 3779 extension data. (CVE-2011-4577) It was discovered that OpenSSL did not limit the number of TLS/SSL handshake restarts required to support Server Gated Cryptography. A remote attacker could use this flaw to make a TLS/SSL server using OpenSSL consume an excessive amount of CPU by continuously restarting the handshake. (CVE-2011-4619) All OpenSSL users should upgrade to these updated packages, which contain backported patches to resolve these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. last seen 2020-04-16 modified 2012-01-25 plugin id 57677 published 2012-01-25 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/57677 title RHEL 6 : openssl (RHSA-2012:0059) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2012:0059. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(57677); script_version ("1.21"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/04/15"); script_cve_id("CVE-2011-4108", "CVE-2011-4576", "CVE-2011-4577", "CVE-2011-4619"); script_bugtraq_id(51281); script_xref(name:"RHSA", value:"2012:0059"); script_name(english:"RHEL 6 : openssl (RHSA-2012:0059)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was discovered that the Datagram Transport Layer Security (DTLS) protocol implementation in OpenSSL leaked timing information when performing certain operations. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a DTLS server as a padding oracle. (CVE-2011-4108) An information leak flaw was found in the SSL 3.0 protocol implementation in OpenSSL. Incorrect initialization of SSL record padding bytes could cause an SSL client or server to send a limited amount of possibly sensitive data to its SSL peer via the encrypted connection. (CVE-2011-4576) A denial of service flaw was found in the RFC 3779 implementation in OpenSSL. A remote attacker could use this flaw to make an application using OpenSSL exit unexpectedly by providing a specially crafted X.509 certificate that has malformed RFC 3779 extension data. (CVE-2011-4577) It was discovered that OpenSSL did not limit the number of TLS/SSL handshake restarts required to support Server Gated Cryptography. A remote attacker could use this flaw to make a TLS/SSL server using OpenSSL consume an excessive amount of CPU by continuously restarting the handshake. (CVE-2011-4619) All OpenSSL users should upgrade to these updated packages, which contain backported patches to resolve these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2012:0059" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2011-4577" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2011-4576" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2011-4108" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2011-4619" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openssl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openssl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openssl-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openssl-perl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openssl-static"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6.2"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/01/06"); script_set_attribute(attribute:"patch_publication_date", value:"2012/01/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/01/25"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2012:0059"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL6", reference:"openssl-1.0.0-20.el6_2.1")) flag++; if (rpm_check(release:"RHEL6", reference:"openssl-debuginfo-1.0.0-20.el6_2.1")) flag++; if (rpm_check(release:"RHEL6", reference:"openssl-devel-1.0.0-20.el6_2.1")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"openssl-perl-1.0.0-20.el6_2.1")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"openssl-perl-1.0.0-20.el6_2.1")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"openssl-perl-1.0.0-20.el6_2.1")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"openssl-static-1.0.0-20.el6_2.1")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"openssl-static-1.0.0-20.el6_2.1")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"openssl-static-1.0.0-20.el6_2.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openssl / openssl-debuginfo / openssl-devel / openssl-perl / etc"); } }NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1357-1.NASL description It was discovered that the elliptic curve cryptography (ECC) subsystem in OpenSSL, when using the Elliptic Curve Digital Signature Algorithm (ECDSA) for the ECDHE_ECDSA cipher suite, did not properly implement curves over binary fields. This could allow an attacker to determine private keys via a timing attack. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-1945) Adam Langley discovered that the ephemeral Elliptic Curve Diffie-Hellman (ECDH) functionality in OpenSSL did not ensure thread safety while processing handshake messages from clients. This could allow a remote attacker to cause a denial of service via out-of-order messages that violate the TLS protocol. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-3210) Nadhem Alfardan and Kenny Paterson discovered that the Datagram Transport Layer Security (DTLS) implementation in OpenSSL performed a MAC check only if certain padding is valid. This could allow a remote attacker to recover plaintext. (CVE-2011-4108) Antonio Martin discovered that a flaw existed in the fix to address CVE-2011-4108, the DTLS MAC check failure. This could allow a remote attacker to cause a denial of service. (CVE-2012-0050) Ben Laurie discovered a double free vulnerability in OpenSSL that could be triggered when the X509_V_FLAG_POLICY_CHECK flag is enabled. This could allow a remote attacker to cause a denial of service. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-4109) It was discovered that OpenSSL, in certain circumstances involving ECDH or ECDHE cipher suites, used an incorrect modular reduction algorithm in its implementation of the P-256 and P-384 NIST elliptic curves. This could allow a remote attacker to obtain the private key of a TLS server via multiple handshake attempts. This issue only affected Ubuntu 8.04 LTS. (CVE-2011-4354) Adam Langley discovered that the SSL 3.0 implementation in OpenSSL did not properly initialize data structures for block cipher padding. This could allow a remote attacker to obtain sensitive information. (CVE-2011-4576) Andrew Chi discovered that OpenSSL, when RFC 3779 support is enabled, could trigger an assert when handling an X.509 certificate containing certificate-extension data associated with IP address blocks or Autonomous System (AS) identifiers. This could allow a remote attacker to cause a denial of service. (CVE-2011-4577) Adam Langley discovered that the Server Gated Cryptography (SGC) implementation in OpenSSL did not properly handle handshake restarts. This could allow a remote attacker to cause a denial of service. (CVE-2011-4619) Andrey Kulikov discovered that the GOST block cipher engine in OpenSSL did not properly handle invalid parameters. This could allow a remote attacker to cause a denial of service via crafted data from a TLS client. This issue only affected Ubuntu 11.10. (CVE-2012-0027). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 57887 published 2012-02-10 reporter Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/57887 title Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : openssl vulnerabilities (USN-1357-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-1357-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(57887); script_version("1.11"); script_cvs_date("Date: 2019/09/19 12:54:27"); script_cve_id("CVE-2011-1945", "CVE-2011-3210", "CVE-2011-4108", "CVE-2011-4109", "CVE-2011-4354", "CVE-2011-4576", "CVE-2011-4577", "CVE-2011-4619", "CVE-2012-0027", "CVE-2012-0050"); script_bugtraq_id(47888, 49471, 50882, 51281, 51563); script_xref(name:"USN", value:"1357-1"); script_name(english:"Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : openssl vulnerabilities (USN-1357-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "It was discovered that the elliptic curve cryptography (ECC) subsystem in OpenSSL, when using the Elliptic Curve Digital Signature Algorithm (ECDSA) for the ECDHE_ECDSA cipher suite, did not properly implement curves over binary fields. This could allow an attacker to determine private keys via a timing attack. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-1945) Adam Langley discovered that the ephemeral Elliptic Curve Diffie-Hellman (ECDH) functionality in OpenSSL did not ensure thread safety while processing handshake messages from clients. This could allow a remote attacker to cause a denial of service via out-of-order messages that violate the TLS protocol. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-3210) Nadhem Alfardan and Kenny Paterson discovered that the Datagram Transport Layer Security (DTLS) implementation in OpenSSL performed a MAC check only if certain padding is valid. This could allow a remote attacker to recover plaintext. (CVE-2011-4108) Antonio Martin discovered that a flaw existed in the fix to address CVE-2011-4108, the DTLS MAC check failure. This could allow a remote attacker to cause a denial of service. (CVE-2012-0050) Ben Laurie discovered a double free vulnerability in OpenSSL that could be triggered when the X509_V_FLAG_POLICY_CHECK flag is enabled. This could allow a remote attacker to cause a denial of service. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-4109) It was discovered that OpenSSL, in certain circumstances involving ECDH or ECDHE cipher suites, used an incorrect modular reduction algorithm in its implementation of the P-256 and P-384 NIST elliptic curves. This could allow a remote attacker to obtain the private key of a TLS server via multiple handshake attempts. This issue only affected Ubuntu 8.04 LTS. (CVE-2011-4354) Adam Langley discovered that the SSL 3.0 implementation in OpenSSL did not properly initialize data structures for block cipher padding. This could allow a remote attacker to obtain sensitive information. (CVE-2011-4576) Andrew Chi discovered that OpenSSL, when RFC 3779 support is enabled, could trigger an assert when handling an X.509 certificate containing certificate-extension data associated with IP address blocks or Autonomous System (AS) identifiers. This could allow a remote attacker to cause a denial of service. (CVE-2011-4577) Adam Langley discovered that the Server Gated Cryptography (SGC) implementation in OpenSSL did not properly handle handshake restarts. This could allow a remote attacker to cause a denial of service. (CVE-2011-4619) Andrey Kulikov discovered that the GOST block cipher engine in OpenSSL did not properly handle invalid parameters. This could allow a remote attacker to cause a denial of service via crafted data from a TLS client. This issue only affected Ubuntu 11.10. (CVE-2012-0027). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/1357-1/" ); script_set_attribute( attribute:"solution", value: "Update the affected libssl0.9.8, libssl1.0.0 and / or openssl packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libssl0.9.8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libssl1.0.0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openssl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:11.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:11.10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.04:-:lts"); script_set_attribute(attribute:"vuln_publication_date", value:"2011/05/31"); script_set_attribute(attribute:"patch_publication_date", value:"2012/02/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/02/10"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(8\.04|10\.04|10\.10|11\.04|11\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 8.04 / 10.04 / 10.10 / 11.04 / 11.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"8.04", pkgname:"libssl0.9.8", pkgver:"0.9.8g-4ubuntu3.15")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"openssl", pkgver:"0.9.8g-4ubuntu3.15")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"libssl0.9.8", pkgver:"0.9.8k-7ubuntu8.8")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"openssl", pkgver:"0.9.8k-7ubuntu8.8")) flag++; if (ubuntu_check(osver:"10.10", pkgname:"libssl0.9.8", pkgver:"0.9.8o-1ubuntu4.6")) flag++; if (ubuntu_check(osver:"10.10", pkgname:"openssl", pkgver:"0.9.8o-1ubuntu4.6")) flag++; if (ubuntu_check(osver:"11.04", pkgname:"libssl0.9.8", pkgver:"0.9.8o-5ubuntu1.2")) flag++; if (ubuntu_check(osver:"11.04", pkgname:"openssl", pkgver:"0.9.8o-5ubuntu1.2")) flag++; if (ubuntu_check(osver:"11.10", pkgname:"libssl1.0.0", pkgver:"1.0.0e-2ubuntu4.2")) flag++; if (ubuntu_check(osver:"11.10", pkgname:"openssl", pkgver:"1.0.0e-2ubuntu4.2")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libssl0.9.8 / libssl1.0.0 / openssl"); }NASL family SuSE Local Security Checks NASL id SUSE_11_LIBOPENSSL-DEVEL-120111.NASL description Various security vulnerabilities have been fixed in OpenSSL : - DTLS plaintext recovery attack. (CVE-2011-4108) - double-free in Policy Checks. (CVE-2011-4109) - uninitialized SSL 3.0 padding. (CVE-2011-4576) - malformed RFC 3779 data can cause assertion failures. (CVE-2011-4577) - SGC restart DoS attack (CVE-2011-4619) last seen 2020-06-05 modified 2012-01-17 plugin id 57569 published 2012-01-17 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/57569 title SuSE 11.1 Security Update : OpenSSL (SAT Patch Number 5635) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SuSE 11 update information. The text itself is # copyright (C) Novell, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(57569); script_version("1.6"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2011-4108", "CVE-2011-4109", "CVE-2011-4576", "CVE-2011-4577", "CVE-2011-4619"); script_name(english:"SuSE 11.1 Security Update : OpenSSL (SAT Patch Number 5635)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 11 host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Various security vulnerabilities have been fixed in OpenSSL : - DTLS plaintext recovery attack. (CVE-2011-4108) - double-free in Policy Checks. (CVE-2011-4109) - uninitialized SSL 3.0 padding. (CVE-2011-4576) - malformed RFC 3779 data can cause assertion failures. (CVE-2011-4577) - SGC restart DoS attack (CVE-2011-4619)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=739719" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-4108.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-4109.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-4576.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-4577.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-4619.html" ); script_set_attribute(attribute:"solution", value:"Apply SAT patch number 5635."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libopenssl0_9_8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libopenssl0_9_8-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:openssl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:openssl-doc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"patch_publication_date", value:"2012/01/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/01/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11"); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu); pl = get_kb_item("Host/SuSE/patchlevel"); if (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, "SuSE 11.1"); flag = 0; if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"libopenssl0_9_8-0.9.8j-0.26.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"openssl-0.9.8j-0.26.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"libopenssl0_9_8-0.9.8j-0.26.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"libopenssl0_9_8-32bit-0.9.8j-0.26.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"openssl-0.9.8j-0.26.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"libopenssl0_9_8-0.9.8j-0.26.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"openssl-0.9.8j-0.26.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"openssl-doc-0.9.8j-0.26.1")) flag++; if (rpm_check(release:"SLES11", sp:1, cpu:"s390x", reference:"libopenssl0_9_8-32bit-0.9.8j-0.26.1")) flag++; if (rpm_check(release:"SLES11", sp:1, cpu:"x86_64", reference:"libopenssl0_9_8-32bit-0.9.8j-0.26.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_78CC8A463E5611E189B4001EC9578670.NASL description The OpenSSL Team reports : 6 security flaws have been fixed in OpenSSL 1.0.0f : If X509_V_FLAG_POLICY_CHECK is set in OpenSSL 0.9.8, then a policy check failure can lead to a double-free. OpenSSL prior to 1.0.0f and 0.9.8s failed to clear the bytes used as block cipher padding in SSL 3.0 records. As a result, in each record, up to 15 bytes of uninitialized memory may be sent, encrypted, to the SSL peer. This could include sensitive contents of previously freed memory. RFC 3779 data can be included in certificates, and if it is malformed, may trigger an assertion failure. This could be used in a denial-of-service attack. Support for handshake restarts for server gated cryptograpy (SGC) can be used in a denial-of-service attack. A malicious TLS client can send an invalid set of GOST parameters which will cause the server to crash due to lack of error checking. This could be used in a denial-of-service attack. last seen 2020-06-01 modified 2020-06-02 plugin id 57551 published 2012-01-16 reporter This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/57551 title FreeBSD : OpenSSL -- multiple vulnerabilities (78cc8a46-3e56-11e1-89b4-001ec9578670) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2018 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # include("compat.inc"); if (description) { script_id(57551); script_version("1.12"); script_cvs_date("Date: 2018/12/19 13:21:18"); script_cve_id("CVE-2011-4108", "CVE-2011-4109", "CVE-2011-4576", "CVE-2011-4577", "CVE-2011-4619", "CVE-2012-0027"); script_bugtraq_id(51281); script_name(english:"FreeBSD : OpenSSL -- multiple vulnerabilities (78cc8a46-3e56-11e1-89b4-001ec9578670)"); script_summary(english:"Checks for updated package in pkg_info output"); script_set_attribute( attribute:"synopsis", value:"The remote FreeBSD host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "The OpenSSL Team reports : 6 security flaws have been fixed in OpenSSL 1.0.0f : If X509_V_FLAG_POLICY_CHECK is set in OpenSSL 0.9.8, then a policy check failure can lead to a double-free. OpenSSL prior to 1.0.0f and 0.9.8s failed to clear the bytes used as block cipher padding in SSL 3.0 records. As a result, in each record, up to 15 bytes of uninitialized memory may be sent, encrypted, to the SSL peer. This could include sensitive contents of previously freed memory. RFC 3779 data can be included in certificates, and if it is malformed, may trigger an assertion failure. This could be used in a denial-of-service attack. Support for handshake restarts for server gated cryptograpy (SGC) can be used in a denial-of-service attack. A malicious TLS client can send an invalid set of GOST parameters which will cause the server to crash due to lack of error checking. This could be used in a denial-of-service attack." ); # http://openssl.org/news/secadv/20120104.txt script_set_attribute( attribute:"see_also", value:"https://www.openssl.org/news/secadv/20120104.txt" ); # https://vuxml.freebsd.org/freebsd/78cc8a46-3e56-11e1-89b4-001ec9578670.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?726bda3b" ); script_set_attribute(attribute:"solution", value:"Update the affected package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:openssl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/01/04"); script_set_attribute(attribute:"patch_publication_date", value:"2012/01/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/01/16"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (pkg_test(save_report:TRUE, pkg:"openssl<1.0.0_8")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2012-0059.NASL description From Red Hat Security Advisory 2012:0059 : Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was discovered that the Datagram Transport Layer Security (DTLS) protocol implementation in OpenSSL leaked timing information when performing certain operations. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a DTLS server as a padding oracle. (CVE-2011-4108) An information leak flaw was found in the SSL 3.0 protocol implementation in OpenSSL. Incorrect initialization of SSL record padding bytes could cause an SSL client or server to send a limited amount of possibly sensitive data to its SSL peer via the encrypted connection. (CVE-2011-4576) A denial of service flaw was found in the RFC 3779 implementation in OpenSSL. A remote attacker could use this flaw to make an application using OpenSSL exit unexpectedly by providing a specially crafted X.509 certificate that has malformed RFC 3779 extension data. (CVE-2011-4577) It was discovered that OpenSSL did not limit the number of TLS/SSL handshake restarts required to support Server Gated Cryptography. A remote attacker could use this flaw to make a TLS/SSL server using OpenSSL consume an excessive amount of CPU by continuously restarting the handshake. (CVE-2011-4619) All OpenSSL users should upgrade to these updated packages, which contain backported patches to resolve these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. last seen 2020-06-01 modified 2020-06-02 plugin id 68437 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68437 title Oracle Linux 6 : openssl (ELSA-2012-0059) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2012:0059 and # Oracle Linux Security Advisory ELSA-2012-0059 respectively. # include("compat.inc"); if (description) { script_id(68437); script_version("1.8"); script_cvs_date("Date: 2019/09/30 10:58:17"); script_cve_id("CVE-2011-4108", "CVE-2011-4576", "CVE-2011-4577", "CVE-2011-4619"); script_bugtraq_id(51281, 51563); script_xref(name:"RHSA", value:"2012:0059"); script_name(english:"Oracle Linux 6 : openssl (ELSA-2012-0059)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2012:0059 : Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was discovered that the Datagram Transport Layer Security (DTLS) protocol implementation in OpenSSL leaked timing information when performing certain operations. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a DTLS server as a padding oracle. (CVE-2011-4108) An information leak flaw was found in the SSL 3.0 protocol implementation in OpenSSL. Incorrect initialization of SSL record padding bytes could cause an SSL client or server to send a limited amount of possibly sensitive data to its SSL peer via the encrypted connection. (CVE-2011-4576) A denial of service flaw was found in the RFC 3779 implementation in OpenSSL. A remote attacker could use this flaw to make an application using OpenSSL exit unexpectedly by providing a specially crafted X.509 certificate that has malformed RFC 3779 extension data. (CVE-2011-4577) It was discovered that OpenSSL did not limit the number of TLS/SSL handshake restarts required to support Server Gated Cryptography. A remote attacker could use this flaw to make a TLS/SSL server using OpenSSL consume an excessive amount of CPU by continuously restarting the handshake. (CVE-2011-4619) All OpenSSL users should upgrade to these updated packages, which contain backported patches to resolve these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2012-January/002569.html" ); script_set_attribute( attribute:"solution", value:"Update the affected openssl packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:openssl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:openssl-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:openssl-perl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:openssl-static"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/01/05"); script_set_attribute(attribute:"patch_publication_date", value:"2012/01/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 6", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); flag = 0; if (rpm_check(release:"EL6", reference:"openssl-1.0.0-20.el6_2.1")) flag++; if (rpm_check(release:"EL6", reference:"openssl-devel-1.0.0-20.el6_2.1")) flag++; if (rpm_check(release:"EL6", reference:"openssl-perl-1.0.0-20.el6_2.1")) flag++; if (rpm_check(release:"EL6", reference:"openssl-static-1.0.0-20.el6_2.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openssl / openssl-devel / openssl-perl / openssl-static"); }NASL family SuSE Local Security Checks NASL id SUSE_OPENSSL-7923.NASL description Various security vulnerabilities have been fixed in OpenSSL : - DTLS plaintext recovery attack. (CVE-2011-4108) - double-free in Policy Checks. (CVE-2011-4109) - uninitialized SSL 3.0 padding. (CVE-2011-4576) - malformed RFC 3779 data can cause assertion failures. (CVE-2011-4577) - SGC restart DoS attack (CVE-2011-4619) last seen 2020-06-05 modified 2012-01-17 plugin id 57570 published 2012-01-17 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/57570 title SuSE 10 Security Update : OpenSSL (ZYPP Patch Number 7923) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The text description of this plugin is (C) Novell, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(57570); script_version ("1.7"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2011-4108", "CVE-2011-4109", "CVE-2011-4576", "CVE-2011-4577", "CVE-2011-4619"); script_name(english:"SuSE 10 Security Update : OpenSSL (ZYPP Patch Number 7923)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 10 host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "Various security vulnerabilities have been fixed in OpenSSL : - DTLS plaintext recovery attack. (CVE-2011-4108) - double-free in Policy Checks. (CVE-2011-4109) - uninitialized SSL 3.0 padding. (CVE-2011-4576) - malformed RFC 3779 data can cause assertion failures. (CVE-2011-4577) - SGC restart DoS attack (CVE-2011-4619)" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-4108.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-4109.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-4576.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-4577.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-4619.html" ); script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 7923."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux"); script_set_attribute(attribute:"patch_publication_date", value:"2012/01/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/01/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled."); if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE."); if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages."); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) exit(1, "Failed to determine the architecture type."); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented."); flag = 0; if (rpm_check(release:"SLED10", sp:4, reference:"openssl-0.9.8a-18.56.3")) flag++; if (rpm_check(release:"SLED10", sp:4, reference:"openssl-devel-0.9.8a-18.56.3")) flag++; if (rpm_check(release:"SLED10", sp:4, cpu:"x86_64", reference:"openssl-32bit-0.9.8a-18.56.3")) flag++; if (rpm_check(release:"SLED10", sp:4, cpu:"x86_64", reference:"openssl-devel-32bit-0.9.8a-18.56.3")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"openssl-0.9.8a-18.56.3")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"openssl-devel-0.9.8a-18.56.3")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"openssl-doc-0.9.8a-18.56.3")) flag++; if (rpm_check(release:"SLES10", sp:4, cpu:"x86_64", reference:"openssl-32bit-0.9.8a-18.56.3")) flag++; if (rpm_check(release:"SLES10", sp:4, cpu:"x86_64", reference:"openssl-devel-32bit-0.9.8a-18.56.3")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else exit(0, "The host is not affected.");NASL family SuSE Local Security Checks NASL id SUSE_11_4_LIBOPENSSL-DEVEL-120111.NASL description Various security vulnerabilities have been fixed in openssl : - DTLS plaintext recovery attack (CVE-2011-4108) - uninitialized SSL 3.0 padding (CVE-2011-4576) - malformed RFC 3779 data can cause assertion failures (CVE-2011-4577) - SGC restart DoS attack (CVE-2011-4619) - invalid GOST parameters DoS attack (CVE-2012-0027) last seen 2020-06-05 modified 2014-06-13 plugin id 75908 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75908 title openSUSE Security Update : libopenssl-devel (openSUSE-SU-2012:0083-1) NASL family Web Servers NASL id HPSMH_7_1_1_1.NASL description According to the web server last seen 2020-06-01 modified 2020-06-02 plugin id 59851 published 2012-07-05 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/59851 title HP System Management Homepage < 7.1.1 Multiple Vulnerabilities NASL family Misc. NASL id VMWARE_ESXI_5_0_BUILD_912577_REMOTE.NASL description The remote VMware ESXi 5.0 host is affected by Multiple Vulnerabilities : - An integer overflow condition exists in the __tzfile_read() function in the glibc library. An unauthenticated, remote attacker can exploit this, via a crafted timezone (TZ) file, to cause a denial of service or the execution of arbitrary code. (CVE-2009-5029) - ldd in the glibc library is affected by a privilege escalation vulnerability due to the omission of certain LD_TRACE_LOADED_OBJECTS checks in a crafted executable file. Note that this vulnerability is disputed by the library vendor. (CVE-2009-5064) - A remote code execution vulnerability exists in the glibc library due to an integer signedness error in the elf_get_dynamic_info() function when the last seen 2020-06-01 modified 2020-06-02 plugin id 70885 published 2013-11-13 reporter This script is (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/70885 title ESXi 5.0 < Build 912577 Multiple Vulnerabilities (remote check) NASL family Scientific Linux Local Security Checks NASL id SL_20120124_OPENSSL_ON_SL6_X.NASL description OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was discovered that the Datagram Transport Layer Security (DTLS) protocol implementation in OpenSSL leaked timing information when performing certain operations. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a DTLS server as a padding oracle. (CVE-2011-4108) An information leak flaw was found in the SSL 3.0 protocol implementation in OpenSSL. Incorrect initialization of SSL record padding bytes could cause an SSL client or server to send a limited amount of possibly sensitive data to its SSL peer via the encrypted connection. (CVE-2011-4576) A denial of service flaw was found in the RFC 3779 implementation in OpenSSL. A remote attacker could use this flaw to make an application using OpenSSL exit unexpectedly by providing a specially crafted X.509 certificate that has malformed RFC 3779 extension data. (CVE-2011-4577) It was discovered that OpenSSL did not limit the number of TLS/SSL handshake restarts required to support Server Gated Cryptography. A remote attacker could use this flaw to make a TLS/SSL server using OpenSSL consume an excessive amount of CPU by continuously restarting the handshake. (CVE-2011-4619) All OpenSSL users should upgrade to these updated packages, which contain backported patches to resolve these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. last seen 2020-03-18 modified 2012-08-01 plugin id 61225 published 2012-08-01 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/61225 title Scientific Linux Security Update : openssl on SL6.x i386/x86_64 (20120124) NASL family Web Servers NASL id OPENSSL_0_9_8S.NASL description According to its banner, the remote web server is running a version of OpenSSL older than 0.9.8s. Such versions have the following vulnerabilities : - An error exists related to ECDSA signatures and binary curves. The implementation of curves over binary fields could allow a remote, unauthenticated attacker to determine private key material via timing attacks. (CVE-2011-1945) - The Datagram Transport Layer Security (DTLS) implementation is vulnerable to plaintext recovery attacks when decrypting in CBC mode. (CVE-2011-4108) - A double-free error exists during a policy check failure if the flag last seen 2020-06-01 modified 2020-06-02 plugin id 57459 published 2012-01-09 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/57459 title OpenSSL < 0.9.8s Multiple Vulnerabilities NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2012-0109.NASL description An updated rhev-hypervisor6 package that fixes multiple security issues and various bugs is now available. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A heap overflow flaw was found in the way QEMU-KVM emulated the e1000 network interface card. A privileged guest user in a virtual machine whose network interface is configured to use the e1000 emulated driver could use this flaw to crash the host or, possibly, escalate their privileges on the host. (CVE-2012-0029) An information leak flaw was found in the SSL 3.0 protocol implementation in OpenSSL. Incorrect initialization of SSL record padding bytes could cause an SSL client or server to send a limited amount of possibly sensitive data to its SSL peer via the encrypted connection. (CVE-2011-4576) A denial of service flaw was found in the RFC 3779 implementation in OpenSSL. A remote attacker could use this flaw to make an application using OpenSSL exit unexpectedly by providing a specially crafted X.509 certificate that has malformed RFC 3779 extension data. (CVE-2011-4577) It was discovered that OpenSSL did not limit the number of TLS/SSL handshake restarts required to support Server Gated Cryptography. A remote attacker could use this flaw to make a TLS/SSL server using OpenSSL consume an excessive amount of CPU by continuously restarting the handshake. (CVE-2011-4619) Red Hat would like to thank Nicolae Mogoreanu for reporting CVE-2012-0029. This updated package provides updated components that include fixes for various security issues. These issues have no security impact on Red Hat Enterprise Virtualization Hypervisor itself, however. The security fixes included in this update address the following CVE numbers : CVE-2009-5029 and CVE-2011-4609 (glibc issues) CVE-2012-0056 (kernel issue) CVE-2011-4108 and CVE-2012-0050 (openssl issues) This update also fixes the following bugs : * Previously, it was possible to begin a Hypervisor installation without any valid disks to install to. Now, if no valid disks are found for Hypervisor installation, a message is displayed informing the user that there are no valid disks for installation. (BZ#781471) * Previously, the user interface for the Hypervisor did not indicate whether the system was registered with Red Hat Network (RHN) Classic or RHN Satellite. As a result, customers could not easily determine the registration status of their Hypervisor installations. The TUI has been updated to display the registration status of the Hypervisor. (BZ#788223) * Previously, autoinstall would fail if the firstboot or reinstall options were passed but local_boot or upgrade were not passed. Now, neither the local_boot or upgrade parameters are required for autoinstall. (BZ#788225) Users of the Red Hat Enterprise Virtualization Hypervisor are advised to upgrade to this updated package, which fixes these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 79282 published 2014-11-17 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79282 title RHEL 6 : rhev-hypervisor6 (RHSA-2012:0109) NASL family Misc. NASL id VMWARE_VMSA-2012-0013_REMOTE.NASL description The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several third-party libraries : - Apache Struts - glibc - GnuTLS - JRE - kernel - libxml2 - OpenSSL - Perl - popt and rpm last seen 2020-06-01 modified 2020-06-02 plugin id 89038 published 2016-02-29 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/89038 title VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2012-0013) (remote check) NASL family MacOS X Local Security Checks NASL id MACOSX_10_8_4.NASL description The remote host is running a version of Mac OS X 10.8.x that is prior to 10.8.4. The newer version contains multiple security-related fixes for the following components : - CFNetwork - CoreAnimation - CoreMedia Playback - CUPS - Disk Management - OpenSSL - QuickDraw Manager - QuickTime - SMB last seen 2020-06-01 modified 2020-06-02 plugin id 66808 published 2013-06-05 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/66808 title Mac OS X 10.8.x < 10.8.4 Multiple Vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_11_3_LIBOPENSSL-DEVEL-120111.NASL description Various security vulnerabilities have been fixed in openssl : - DTLS plaintext recovery attack (CVE-2011-4108) - uninitialized SSL 3.0 padding (CVE-2011-4576) - malformed RFC 3779 data can cause assertion failures (CVE-2011-4577) - SGC restart DoS attack (CVE-2011-4619) - invalid GOST parameters DoS attack (CVE-2012-0027) last seen 2020-06-05 modified 2014-06-13 plugin id 75598 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75598 title openSUSE Security Update : libopenssl-devel (openSUSE-SU-2012:0083-1) NASL family Web Servers NASL id OPENSSL_1_0_0F.NASL description According to its banner, the remote web server is running a version of OpenSSL 1.x that is earlier than 1.0.0f. Such versions are affected by the following vulnerabilities : - The Datagram Transport Layer Security (DTLS) implementation is vulnerable to plaintext recovery attacks when decrypting in CBC mode. (CVE-2011-4108) - An error exists related to SSLv3.0 records that can lead to disclosure of uninitialized memory because the library does not clear all bytes used as block cipher padding. (CVE-2011-4576) - An error exists related to RFC 3779 processing that can allow denial of service attacks. Note that this functionality is not enabled by default and must be configured at compile time via the last seen 2020-06-01 modified 2020-06-02 plugin id 57460 published 2012-01-09 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/57460 title OpenSSL 1.x < 1.0.0f Multiple Vulnerabilities NASL family SuSE Local Security Checks NASL id OPENSUSE-2013-153.NASL description openssl was updated to 1.0.0k security release to fix bugs and security issues. (bnc#802648 bnc#802746) The version was upgraded to avoid backporting the large fixes for SSL, TLS and DTLS Plaintext Recovery Attack (CVE-2013-0169) TLS 1.1 and 1.2 AES-NI crash (CVE-2012-2686) OCSP invalid key DoS issue (CVE-2013-0166) Also the following bugfix was included: bnc#757773 - c_rehash to accept more filename extensions last seen 2020-06-05 modified 2014-06-13 plugin id 74901 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74901 title openSUSE Security Update : openssl (openSUSE-SU-2013:0336-1) NASL family Fedora Local Security Checks NASL id FEDORA_2012-18035.NASL description Update to 1.0.1c and synced all patches with Fedora openssl-1.0.1c-7.fc19 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-11-26 plugin id 63031 published 2012-11-26 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63031 title Fedora 18 : mingw-openssl-1.0.1c-1.fc18 (2012-18035) NASL family Fedora Local Security Checks NASL id FEDORA_2012-0250.NASL description New upstream package with bugfixes and fixes for moderate and low impact CVEs. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-01-16 plugin id 57546 published 2012-01-16 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/57546 title Fedora 15 : openssl-1.0.0f-1.fc15 (2012-0250) NASL family Solaris Local Security Checks NASL id SOLARIS11_OPENSSL_20120404.NASL description The remote Solaris system is missing necessary patches to address security updates : - The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack. (CVE-2011-4108) - Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to have an unspecified impact by triggering failure of a policy check. (CVE-2011-4109) - The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer. (CVE-2011-4576) - OpenSSL before 0.9.8s and 1.x before 1.0.0f, when RFC 3779 support is enabled, allows remote attackers to cause a denial of service (assertion failure) via an X.509 certificate containing certificate-extension data associated with (1) IP address blocks or (2) Autonomous System (AS) identifiers. (CVE-2011-4577) - The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors. (CVE-2011-4619) - The GOST ENGINE in OpenSSL before 1.0.0f does not properly handle invalid parameters for the GOST block cipher, which allows remote attackers to cause a denial of service (daemon crash) via crafted data from a TLS client. (CVE-2012-0027) - OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications, which allows remote attackers to cause a denial of service (crash) via unspecified vectors related to an out-of-bounds read. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4108. (CVE-2012-0050) last seen 2020-06-01 modified 2020-06-02 plugin id 80715 published 2015-01-19 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/80715 title Oracle Solaris Third-Party Patch Update : openssl (cve_2012_0050_denial_of) NASL family Fedora Local Security Checks NASL id FEDORA_2012-0232.NASL description New upstream package with bugfixes and fixes for moderate and low impact CVEs. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-01-11 plugin id 57479 published 2012-01-11 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/57479 title Fedora 16 : openssl-1.0.0f-1.fc16 (2012-0232) NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2013-002.NASL description The remote host is running a version of Mac OS X 10.6 or 10.7 that does not have Security Update 2013-002 applied. This update contains numerous security-related fixes for the following components : - CoreMedia Playback (10.7 only) - Directory Service (10.6 only) - OpenSSL - QuickDraw Manager - QuickTime - Ruby (10.6 only) - SMB (10.7 only) last seen 2020-06-01 modified 2020-06-02 plugin id 66809 published 2013-06-05 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/66809 title Mac OS X Multiple Vulnerabilities (Security Update 2013-002) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2012-0059.NASL description Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was discovered that the Datagram Transport Layer Security (DTLS) protocol implementation in OpenSSL leaked timing information when performing certain operations. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a DTLS server as a padding oracle. (CVE-2011-4108) An information leak flaw was found in the SSL 3.0 protocol implementation in OpenSSL. Incorrect initialization of SSL record padding bytes could cause an SSL client or server to send a limited amount of possibly sensitive data to its SSL peer via the encrypted connection. (CVE-2011-4576) A denial of service flaw was found in the RFC 3779 implementation in OpenSSL. A remote attacker could use this flaw to make an application using OpenSSL exit unexpectedly by providing a specially crafted X.509 certificate that has malformed RFC 3779 extension data. (CVE-2011-4577) It was discovered that OpenSSL did not limit the number of TLS/SSL handshake restarts required to support Server Gated Cryptography. A remote attacker could use this flaw to make a TLS/SSL server using OpenSSL consume an excessive amount of CPU by continuously restarting the handshake. (CVE-2011-4619) All OpenSSL users should upgrade to these updated packages, which contain backported patches to resolve these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. last seen 2020-06-01 modified 2020-06-02 plugin id 57731 published 2012-01-31 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/57731 title CentOS 6 : openssl (CESA-2012:0059) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2012-38.NASL description It was discovered that the Datagram Transport Layer Security (DTLS) protocol implementation in OpenSSL leaked timing information when performing certain operations. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a DTLS server as a padding oracle. (CVE-2011-4108) An information leak flaw was found in the SSL 3.0 protocol implementation in OpenSSL. Incorrect initialization of SSL record padding bytes could cause an SSL client or server to send a limited amount of possibly sensitive data to its SSL peer via the encrypted connection. (CVE-2011-4576) A denial of service flaw was found in the RFC 3779 implementation in OpenSSL. A remote attacker could use this flaw to make an application using OpenSSL exit unexpectedly by providing a specially crafted X.509 certificate that has malformed RFC 3779 extension data. (CVE-2011-4577) It was discovered that OpenSSL did not limit the number of TLS/SSL handshake restarts required to support Server Gated Cryptography. A remote attacker could use this flaw to make a TLS/SSL server using OpenSSL consume an excessive amount of CPU by continuously restarting the handshake. (CVE-2011-4619) last seen 2020-06-01 modified 2020-06-02 plugin id 69645 published 2013-09-04 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/69645 title Amazon Linux AMI : openssl (ALAS-2012-38) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201203-12.NASL description The remote host is affected by the vulnerability described in GLSA-201203-12 (OpenSSL: Multiple vulnerabilities) Multiple vulnerabilities have been found in OpenSSL: Timing differences for decryption are exposed by CBC mode encryption in OpenSSL’s implementation of DTLS (CVE-2011-4108). A policy check failure can result in a double-free error when X509_V_FLAG_POLICY_CHECK is set (CVE-2011-4109). Clients and servers using SSL 3.0 handshakes do not clear the block cipher padding, allowing a record to contain up to 15 bytes of uninitialized memory, which could include sensitive information (CVE-2011-4576). Assertion errors can occur during the handling of malformed X.509 certificates when OpenSSL is built with RFC 3779 support (CVE-2011-4577). A resource management error can occur when OpenSSL’s server gated cryptography (SGC) does not properly handle handshake restarts (CVE-2011-4619). Invalid parameters in the GOST block cipher are not properly handled by the GOST ENGINE(CVE-2012-0027). An incorrect fix for CVE-2011-4108 creates an unspecified vulnerability for DTLS applications using OpenSSL (CVE-2012-0050). Impact : A remote attacker may be able to cause a Denial of Service or obtain sensitive information, including plaintext passwords. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 58222 published 2012-03-06 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/58222 title GLSA-201203-12 : OpenSSL: Multiple vulnerabilities NASL family SuSE Local Security Checks NASL id OPENSUSE-2012-52.NASL description openssl was prone to several security issues : - DTLS Plaintext Recovery Attack (CVE-2011-4108) - Uninitialized SSL 3.0 Padding (CVE-2011-4576) - Malformed RFC 3779 Data Can Cause Assertion Failures (CVE-2011-4577) - SGC Restart DoS Attack (CVE-2011-4619) - Invalid GOST parameters DoS Attack (CVE-2012-0027) last seen 2020-06-05 modified 2014-06-13 plugin id 74722 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/74722 title openSUSE Security Update : openssl (openSUSE-2012-52)
Redhat
| rpms |
|
References
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
- http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html
- http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html
- http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.html
- http://marc.info/?l=bugtraq&m=132750648501816&w=2
- http://marc.info/?l=bugtraq&m=134039053214295&w=2
- http://secunia.com/advisories/57353
- http://support.apple.com/kb/HT5784
- http://www.kb.cert.org/vuls/id/737740
- http://www.openssl.org/news/secadv_20120104.txt
- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564