Vulnerabilities > CVE-2011-4619 - Resource Management Errors vulnerability in Openssl

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN

Summary

The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors.

Vulnerable Configurations

Part Description Count
Application
Openssl
121

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyVMware ESX Local Security Checks
    NASL idVMWARE_VMSA-2012-0013.NASL
    descriptiona. vCenter and ESX update to JRE 1.6.0 Update 31 The Oracle (Sun) JRE is updated to version 1.6.0_31, which addresses multiple security issues. Oracle has documented the CVE identifiers that are addressed by this update in the Oracle Java SE Critical Patch Update Advisory of February 2012. b. vCenter Update Manager update to JRE 1.5.0 Update 36 The Oracle (Sun) JRE is updated to 1.5.0_36 to address multiple security issues. Oracle has documented the CVE identifiers that are addressed in JRE 1.5.0_36 in the Oracle Java SE Critical Patch Update Advisory for June 2012. c. Update to ESX/ESXi userworld OpenSSL library The ESX/ESXi userworld OpenSSL library is updated from version 0.9.8p to version 0.9.8t to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-4180, CVE-2010-4252, CVE-2011-0014, CVE-2011-4108, CVE-2011-4109, CVE-2011-4576, CVE-2011-4577, CVE-2011-4619, and CVE-2012-0050 to these issues. d. Update to ESX service console OpenSSL RPM The service console OpenSSL RPM is updated to version 0.9.8e-22.el5_8.3 to resolve a security issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-2110 to this issue. e. Update to ESX service console kernel The ESX service console kernel is updated to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2011-1833, CVE-2011-2484, CVE-2011-2496, CVE-2011-3188, CVE-2011-3209, CVE-2011-3363, CVE-2011-4110, CVE-2011-1020, CVE-2011-4132, CVE-2011-4324, CVE-2011-4325, CVE-2012-0207, CVE-2011-2699, and CVE-2012-1583 to these issues. f. Update to ESX service console Perl RPM The ESX service console Perl RPM is updated to perl-5.8.8.32.1.8999.vmw to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-2761, CVE-2010-4410, and CVE-2011-3597 to these issues. g. Update to ESX service console libxml2 RPMs The ESX service console libmxl2 RPMs are updated to libxml2-2.6.26-2.1.15.el5_8.2 and libxml2-python-2.6.26-2.1.15.el5_8.2 to resolve a security issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-0841 to this issue. h. Update to ESX service console glibc RPM The ESX service console glibc RPM is updated to version glibc-2.5-81.el5_8.1 to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-5029, CVE-2009-5064, CVE-2010-0830, CVE-2011-1089, CVE-2011-4609, and CVE-2012-0864 to these issue. i. Update to ESX service console GnuTLS RPM The ESX service console GnuTLS RPM is updated to version 1.4.1-7.el5_8.2 to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2011-4128, CVE-2012-1569, and CVE-2012-1573 to these issues. j. Update to ESX service console popt, rpm, rpm-libs, and rpm-python RPMS The ESX service console popt, rpm, rpm-libs, and rpm-python RPMS are updated to the following versions to resolve multiple security issues : - popt-1.10.2.3-28.el5_8 - rpm-4.4.2.3-28.el5_8 - rpm-libs-4.4.2.3-28.el5_8 - rpm-python-4.4.2.3-28.el5_8 The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-0060, CVE-2012-0061, and CVE-2012-0815 to these issues. k. Vulnerability in third-party Apache Struts component The version of Apache Struts in vCenter Operations has been updated to 2.3.4 which addresses an arbitrary file overwrite vulnerability. This vulnerability allows an attacker to create a denial of service by overwriting arbitrary files without authentication. The attacker would need to be on the same network as the system where vCOps is installed. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-0393 to this issue. Note: Apache struts 2.3.4 addresses the following issues as well : CVE-2011-5057, CVE-2012-0391, CVE-2012-0392, CVE-2012-0394. It was found that these do not affect vCOps. VMware would like to thank Alexander Minozhenko from ERPScan for reporting this issue to us.
    last seen2020-06-01
    modified2020-06-02
    plugin id61747
    published2012-08-31
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61747
    titleVMSA-2012-0013 : VMware vSphere and vCOps updates to third-party libraries
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from VMware Security Advisory 2012-0013. 
    # The text itself is copyright (C) VMware Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(61747);
      script_version("1.56");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/07/30");
    
      script_cve_id("CVE-2009-5029", "CVE-2009-5064", "CVE-2010-0830", "CVE-2010-2761", "CVE-2010-4180", "CVE-2010-4252", "CVE-2010-4410", "CVE-2011-0014", "CVE-2011-1020", "CVE-2011-1089", "CVE-2011-1833", "CVE-2011-2484", "CVE-2011-2496", "CVE-2011-2699", "CVE-2011-3188", "CVE-2011-3209", "CVE-2011-3363", "CVE-2011-3597", "CVE-2011-4108", "CVE-2011-4109", "CVE-2011-4110", "CVE-2011-4128", "CVE-2011-4132", "CVE-2011-4324", "CVE-2011-4325", "CVE-2011-4576", "CVE-2011-4577", "CVE-2011-4609", "CVE-2011-4619", "CVE-2012-0050", "CVE-2012-0060", "CVE-2012-0061", "CVE-2012-0207", "CVE-2012-0393", "CVE-2012-0815", "CVE-2012-0841", "CVE-2012-0864", "CVE-2012-1569", "CVE-2012-1573", "CVE-2012-1583", "CVE-2012-2110");
      script_bugtraq_id(40063, 44199, 45145, 45163, 45164, 46264, 46567, 46740, 47321, 48383, 48802, 49108, 49289, 49626, 49911, 50311, 50609, 50663, 50755, 50798, 50898, 51194, 51257, 51281, 51343, 51366, 51439, 51467, 51563, 52009, 52010, 52011, 52012, 52013, 52014, 52015, 52016, 52017, 52018, 52019, 52020, 52107, 52161, 52201, 52667, 52668, 52865, 53136, 53139, 53158, 53946, 53947, 53948, 53949, 53950, 53951, 53952, 53953, 53954, 53956, 53958, 53959, 53960);
      script_xref(name:"VMSA", value:"2012-0013");
    
      script_name(english:"VMSA-2012-0013 : VMware vSphere and vCOps updates to third-party libraries");
      script_summary(english:"Checks esxupdate output for the patches");
    
      script_set_attribute(
        attribute:"synopsis",
        value:
    "The remote VMware ESXi / ESX host is missing one or more
    security-related patches."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "a. vCenter and ESX update to JRE 1.6.0 Update 31
    
       The Oracle (Sun) JRE is updated to version 1.6.0_31, which
       addresses multiple security issues. Oracle has documented the
       CVE identifiers that are addressed by this update in the Oracle
       Java SE Critical Patch Update Advisory of February 2012.
    
    b. vCenter Update Manager update to JRE 1.5.0 Update 36
    
       The Oracle (Sun) JRE is updated to 1.5.0_36 to address multiple
       security issues.  Oracle has documented the CVE identifiers that
       are addressed in JRE 1.5.0_36 in the Oracle Java SE Critical
       Patch Update Advisory for June 2012.
    
    c. Update to ESX/ESXi userworld OpenSSL library
    
       The ESX/ESXi userworld OpenSSL library is updated from version
       0.9.8p to version 0.9.8t to resolve multiple security issues.
    
       The Common Vulnerabilities and Exposures project (cve.mitre.org)
       has assigned the names CVE-2010-4180, CVE-2010-4252,
       CVE-2011-0014, CVE-2011-4108, CVE-2011-4109, CVE-2011-4576,
       CVE-2011-4577, CVE-2011-4619, and CVE-2012-0050 to these issues.
    
    d. Update to ESX service console OpenSSL RPM
    
       The service console OpenSSL RPM is updated to version
       0.9.8e-22.el5_8.3 to resolve a security issue.
    
       The Common Vulnerabilities and Exposures project (cve.mitre.org)
       has assigned the name CVE-2012-2110 to this issue.
    
    e. Update to ESX service console kernel
    
       The ESX service console kernel is updated to resolve multiple
       security issues.
    
       The Common Vulnerabilities and Exposures project (cve.mitre.org)
       has assigned the names CVE-2011-1833, CVE-2011-2484,
       CVE-2011-2496, CVE-2011-3188, CVE-2011-3209, CVE-2011-3363,
       CVE-2011-4110, CVE-2011-1020, CVE-2011-4132, CVE-2011-4324,
       CVE-2011-4325, CVE-2012-0207, CVE-2011-2699, and CVE-2012-1583
       to these issues.
    
    f. Update to ESX service console Perl RPM
    
       The ESX service console Perl RPM is updated to
       perl-5.8.8.32.1.8999.vmw to resolve multiple security issues.
    
       The Common Vulnerabilities and Exposures project (cve.mitre.org)
       has assigned the names CVE-2010-2761, CVE-2010-4410, and
       CVE-2011-3597 to these issues.
    
    g. Update to ESX service console libxml2 RPMs
    
       The ESX service console libmxl2 RPMs are updated to
       libxml2-2.6.26-2.1.15.el5_8.2 and
       libxml2-python-2.6.26-2.1.15.el5_8.2 to resolve a security
       issue.
    
       The Common Vulnerabilities and Exposures project (cve.mitre.org)
       has assigned the name CVE-2012-0841 to this issue.
    
    h. Update to ESX service console glibc RPM
    
       The ESX service console glibc RPM is updated to version
       glibc-2.5-81.el5_8.1 to resolve multiple security issues.
    
       The Common Vulnerabilities and Exposures project (cve.mitre.org)
      has assigned the names CVE-2009-5029, CVE-2009-5064,
       CVE-2010-0830, CVE-2011-1089, CVE-2011-4609, and CVE-2012-0864
       to these issue.
    
    i. Update to ESX service console GnuTLS RPM
    
       The ESX service console GnuTLS RPM is updated to version
       1.4.1-7.el5_8.2 to resolve multiple security issues.
    
       The Common Vulnerabilities and Exposures project (cve.mitre.org)
       has assigned the names CVE-2011-4128, CVE-2012-1569, and
       CVE-2012-1573 to these issues.
    
    j. Update to ESX service console popt, rpm, rpm-libs,
       and rpm-python RPMS
    
       The ESX service console popt, rpm, rpm-libs, and rpm-python RPMS
       are updated to the following versions to resolve multiple
       security issues :
          - popt-1.10.2.3-28.el5_8
          - rpm-4.4.2.3-28.el5_8
          - rpm-libs-4.4.2.3-28.el5_8
          - rpm-python-4.4.2.3-28.el5_8
    
       The Common Vulnerabilities and Exposures project (cve.mitre.org)
       has assigned the name CVE-2012-0060, CVE-2012-0061, and
       CVE-2012-0815 to these issues.
    
    k. Vulnerability in third-party Apache Struts component
    
       The version of Apache Struts in vCenter Operations has been
       updated to 2.3.4 which addresses an arbitrary file overwrite
       vulnerability. This vulnerability allows an attacker to create
       a denial of service by overwriting arbitrary files without
       authentication. The attacker would need to be on the same network
       as the system where vCOps is installed.
    
       The Common Vulnerabilities and Exposures project (cve.mitre.org) has
       assigned the name CVE-2012-0393 to this issue.
    
       Note: Apache struts 2.3.4 addresses the following issues as well :
       CVE-2011-5057, CVE-2012-0391, CVE-2012-0392, CVE-2012-0394. It
       was found that these do not affect vCOps.
    
       VMware would like to thank Alexander Minozhenko from ERPScan for
       reporting this issue to us."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://lists.vmware.com/pipermail/security-announce/2012/000197.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply the missing patches.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Java Applet Field Bytecode Verifier Cache Remote Code Execution');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx:4.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx:4.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi:4.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi:5.0");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2010/06/01");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/08/30");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/31");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"VMware ESX Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/VMware/release", "Host/VMware/version");
      script_require_ports("Host/VMware/esxupdate", "Host/VMware/esxcli_software_vibs");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("vmware_esx_packages.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/VMware/release")) audit(AUDIT_OS_NOT, "VMware ESX / ESXi");
    if (
      !get_kb_item("Host/VMware/esxcli_software_vibs") &&
      !get_kb_item("Host/VMware/esxupdate")
    ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    init_esx_check(date:"2012-08-30");
    flag = 0;
    
    
    if (
      esx_check(
        ver           : "ESX 4.0",
        patch         : "ESX400-201209401-SG",
        patch_updates : make_list("ESX400-201302401-SG", "ESX400-201305401-SG", "ESX400-201310401-SG", "ESX400-201404401-SG")
      )
    ) flag++;
    if (
      esx_check(
        ver           : "ESX 4.0",
        patch         : "ESX400-201209402-SG",
        patch_updates : make_list("ESX400-201305404-SG", "ESX400-201310402-SG")
      )
    ) flag++;
    if (esx_check(ver:"ESX 4.0", patch:"ESX400-201209404-SG")) flag++;
    
    if (
      esx_check(
        ver           : "ESX 4.1",
        patch         : "ESX410-201208101-SG",
        patch_updates : make_list("ESX410-201211401-SG", "ESX410-201301401-SG", "ESX410-201304401-SG", "ESX410-201307401-SG", "ESX410-201312401-SG", "ESX410-201404401-SG", "ESX410-Update03")
      )
    ) flag++;
    if (
      esx_check(
        ver           : "ESX 4.1",
        patch         : "ESX410-201208102-SG",
        patch_updates : make_list("ESX410-201301405-SG", "ESX410-201304402-SG", "ESX410-201307405-SG", "ESX410-Update03")
      )
    ) flag++;
    if (
      esx_check(
        ver           : "ESX 4.1",
        patch         : "ESX410-201208103-SG",
        patch_updates : make_list("ESX410-201307403-SG", "ESX410-Update03")
      )
    ) flag++;
    if (
      esx_check(
        ver           : "ESX 4.1",
        patch         : "ESX410-201208104-SG",
        patch_updates : make_list("ESX410-Update03")
      )
    ) flag++;
    if (
      esx_check(
        ver           : "ESX 4.1",
        patch         : "ESX410-201208105-SG",
        patch_updates : make_list("ESX410-Update03")
      )
    ) flag++;
    if (
      esx_check(
        ver           : "ESX 4.1",
        patch         : "ESX410-201208106-SG",
        patch_updates : make_list("ESX410-201307404-SG", "ESX410-Update03")
      )
    ) flag++;
    if (
      esx_check(
        ver           : "ESX 4.1",
        patch         : "ESX410-201208107-SG",
        patch_updates : make_list("ESX410-Update03")
      )
    ) flag++;
    
    if (
      esx_check(
        ver           : "ESXi 4.1",
        patch         : "ESXi410-201208101-SG",
        patch_updates : make_list("ESXi410-201211401-SG", "ESXi410-201301401-SG", "ESXi410-201304401-SG", "ESXi410-201307401-SG", "ESXi410-201312401-SG", "ESXi410-201404401-SG", "ESXi410-Update03")
      )
    ) flag++;
    
    if (esx_check(ver:"ESXi 5.0", vib:"VMware:esx-base:5.0.0-1.25.912577")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:esx_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2012-0059.NASL
    descriptionUpdated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was discovered that the Datagram Transport Layer Security (DTLS) protocol implementation in OpenSSL leaked timing information when performing certain operations. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a DTLS server as a padding oracle. (CVE-2011-4108) An information leak flaw was found in the SSL 3.0 protocol implementation in OpenSSL. Incorrect initialization of SSL record padding bytes could cause an SSL client or server to send a limited amount of possibly sensitive data to its SSL peer via the encrypted connection. (CVE-2011-4576) A denial of service flaw was found in the RFC 3779 implementation in OpenSSL. A remote attacker could use this flaw to make an application using OpenSSL exit unexpectedly by providing a specially crafted X.509 certificate that has malformed RFC 3779 extension data. (CVE-2011-4577) It was discovered that OpenSSL did not limit the number of TLS/SSL handshake restarts required to support Server Gated Cryptography. A remote attacker could use this flaw to make a TLS/SSL server using OpenSSL consume an excessive amount of CPU by continuously restarting the handshake. (CVE-2011-4619) All OpenSSL users should upgrade to these updated packages, which contain backported patches to resolve these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
    last seen2020-04-16
    modified2012-01-25
    plugin id57677
    published2012-01-25
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57677
    titleRHEL 6 : openssl (RHSA-2012:0059)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2012:0059. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(57677);
      script_version ("1.21");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/04/15");
    
      script_cve_id("CVE-2011-4108", "CVE-2011-4576", "CVE-2011-4577", "CVE-2011-4619");
      script_bugtraq_id(51281);
      script_xref(name:"RHSA", value:"2012:0059");
    
      script_name(english:"RHEL 6 : openssl (RHSA-2012:0059)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated openssl packages that fix multiple security issues are now
    available for Red Hat Enterprise Linux 6.
    
    The Red Hat Security Response Team has rated this update as having
    moderate security impact. Common Vulnerability Scoring System (CVSS)
    base scores, which give detailed severity ratings, are available for
    each vulnerability from the CVE links in the References section.
    
    OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL
    v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a
    full-strength, general purpose cryptography library.
    
    It was discovered that the Datagram Transport Layer Security (DTLS)
    protocol implementation in OpenSSL leaked timing information when
    performing certain operations. A remote attacker could possibly use
    this flaw to retrieve plain text from the encrypted packets by using a
    DTLS server as a padding oracle. (CVE-2011-4108)
    
    An information leak flaw was found in the SSL 3.0 protocol
    implementation in OpenSSL. Incorrect initialization of SSL record
    padding bytes could cause an SSL client or server to send a limited
    amount of possibly sensitive data to its SSL peer via the encrypted
    connection. (CVE-2011-4576)
    
    A denial of service flaw was found in the RFC 3779 implementation in
    OpenSSL. A remote attacker could use this flaw to make an application
    using OpenSSL exit unexpectedly by providing a specially crafted X.509
    certificate that has malformed RFC 3779 extension data.
    (CVE-2011-4577)
    
    It was discovered that OpenSSL did not limit the number of TLS/SSL
    handshake restarts required to support Server Gated Cryptography. A
    remote attacker could use this flaw to make a TLS/SSL server using
    OpenSSL consume an excessive amount of CPU by continuously restarting
    the handshake. (CVE-2011-4619)
    
    All OpenSSL users should upgrade to these updated packages, which
    contain backported patches to resolve these issues. For the update to
    take effect, all services linked to the OpenSSL library must be
    restarted, or the system rebooted."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2012:0059"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2011-4577"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2011-4576"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2011-4108"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2011-4619"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openssl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openssl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openssl-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openssl-perl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openssl-static");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6.2");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/01/06");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/01/24");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/01/25");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2012:0059";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL6", reference:"openssl-1.0.0-20.el6_2.1")) flag++;
    
      if (rpm_check(release:"RHEL6", reference:"openssl-debuginfo-1.0.0-20.el6_2.1")) flag++;
    
      if (rpm_check(release:"RHEL6", reference:"openssl-devel-1.0.0-20.el6_2.1")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"openssl-perl-1.0.0-20.el6_2.1")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"openssl-perl-1.0.0-20.el6_2.1")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"openssl-perl-1.0.0-20.el6_2.1")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"openssl-static-1.0.0-20.el6_2.1")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"openssl-static-1.0.0-20.el6_2.1")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"openssl-static-1.0.0-20.el6_2.1")) flag++;
    
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openssl / openssl-debuginfo / openssl-devel / openssl-perl / etc");
      }
    }
    
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_2AE114DEC06411E1B5E0000C299B62E1.NASL
    descriptionProblem description : OpenSSL fails to clear the bytes used as block cipher padding in SSL 3.0 records when operating as a client or a server that accept SSL 3.0 handshakes. As a result, in each record, up to 15 bytes of uninitialized memory may be sent, encrypted, to the SSL peer. This could include sensitive contents of previously freed memory. [CVE-2011-4576] OpenSSL support for handshake restarts for server gated cryptography (SGC) can be used in a denial-of-service attack. [CVE-2011-4619] If an application uses OpenSSL
    last seen2020-06-01
    modified2020-06-02
    plugin id59747
    published2012-06-28
    reporterThis script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/59747
    titleFreeBSD : FreeBSD -- OpenSSL multiple vulnerabilities (2ae114de-c064-11e1-b5e0-000c299b62e1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from the FreeBSD VuXML database :
    #
    # Copyright 2003-2018 Jacques Vidrine and contributors
    #
    # Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
    # HTML, PDF, PostScript, RTF and so forth) with or without modification,
    # are permitted provided that the following conditions are met:
    # 1. Redistributions of source code (VuXML) must retain the above
    #    copyright notice, this list of conditions and the following
    #    disclaimer as the first lines of this file unmodified.
    # 2. Redistributions in compiled form (transformed to other DTDs,
    #    published online in any format, converted to PDF, PostScript,
    #    RTF and other formats) must reproduce the above copyright
    #    notice, this list of conditions and the following disclaimer
    #    in the documentation and/or other materials provided with the
    #    distribution.
    # 
    # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
    # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
    # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
    # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
    # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
    # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
    # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
    # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
    # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
    # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
    # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(59747);
      script_version("1.14");
      script_cvs_date("Date: 2018/11/10 11:49:42");
    
      script_cve_id("CVE-2011-4109", "CVE-2011-4576", "CVE-2011-4619", "CVE-2012-0884", "CVE-2012-2110");
      script_bugtraq_id(51281, 52428, 53158);
      script_xref(name:"FreeBSD", value:"SA-12:01.openssl");
    
      script_name(english:"FreeBSD : FreeBSD -- OpenSSL multiple vulnerabilities (2ae114de-c064-11e1-b5e0-000c299b62e1)");
      script_summary(english:"Checks for updated packages in pkg_info output");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote FreeBSD host is missing one or more security-related
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Problem description :
    
    OpenSSL fails to clear the bytes used as block cipher padding in SSL
    3.0 records when operating as a client or a server that accept SSL 3.0
    handshakes. As a result, in each record, up to 15 bytes of
    uninitialized memory may be sent, encrypted, to the SSL peer. This
    could include sensitive contents of previously freed memory.
    [CVE-2011-4576]
    
    OpenSSL support for handshake restarts for server gated cryptography
    (SGC) can be used in a denial-of-service attack. [CVE-2011-4619]
    
    If an application uses OpenSSL's certificate policy checking when
    verifying X509 certificates, by enabling the X509_V_FLAG_POLICY_CHECK
    flag, a policy check failure can lead to a double-free.
    [CVE-2011-4109]
    
    A weakness in the OpenSSL PKCS #7 code can be exploited using
    Bleichenbacher's attack on PKCS #1 v1.5 RSA padding also known as the
    million message attack (MMA). [CVE-2012-0884]
    
    The asn1_d2i_read_bio() function, used by the d2i_*_bio and d2i_*_fp
    functions, in OpenSSL contains multiple integer errors that can cause
    memory corruption when parsing encoded ASN.1 data. This error can
    occur on systems that parse untrusted ASN.1 data, such as X.509
    certificates or RSA public keys. [CVE-2012-2110]"
      );
      # https://vuxml.freebsd.org/freebsd/2ae114de-c064-11e1-b5e0-000c299b62e1.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?32392d4e"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:FreeBSD");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/05/03");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/06/27");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/06/28");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"FreeBSD Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info", "Settings/ParanoidReport");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("freebsd_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD");
    if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    if (report_paranoia < 2) audit(AUDIT_PARANOID);
    
    flag = 0;
    
    if (pkg_test(save_report:TRUE, pkg:"FreeBSD>=7.4<7.4_8")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"FreeBSD>=8.1<8.1_10")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"FreeBSD>=8.2<8.2_8")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"FreeBSD>=8.3<8.3_2")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"FreeBSD>=9.0<9.0_2")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1357-1.NASL
    descriptionIt was discovered that the elliptic curve cryptography (ECC) subsystem in OpenSSL, when using the Elliptic Curve Digital Signature Algorithm (ECDSA) for the ECDHE_ECDSA cipher suite, did not properly implement curves over binary fields. This could allow an attacker to determine private keys via a timing attack. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-1945) Adam Langley discovered that the ephemeral Elliptic Curve Diffie-Hellman (ECDH) functionality in OpenSSL did not ensure thread safety while processing handshake messages from clients. This could allow a remote attacker to cause a denial of service via out-of-order messages that violate the TLS protocol. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-3210) Nadhem Alfardan and Kenny Paterson discovered that the Datagram Transport Layer Security (DTLS) implementation in OpenSSL performed a MAC check only if certain padding is valid. This could allow a remote attacker to recover plaintext. (CVE-2011-4108) Antonio Martin discovered that a flaw existed in the fix to address CVE-2011-4108, the DTLS MAC check failure. This could allow a remote attacker to cause a denial of service. (CVE-2012-0050) Ben Laurie discovered a double free vulnerability in OpenSSL that could be triggered when the X509_V_FLAG_POLICY_CHECK flag is enabled. This could allow a remote attacker to cause a denial of service. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-4109) It was discovered that OpenSSL, in certain circumstances involving ECDH or ECDHE cipher suites, used an incorrect modular reduction algorithm in its implementation of the P-256 and P-384 NIST elliptic curves. This could allow a remote attacker to obtain the private key of a TLS server via multiple handshake attempts. This issue only affected Ubuntu 8.04 LTS. (CVE-2011-4354) Adam Langley discovered that the SSL 3.0 implementation in OpenSSL did not properly initialize data structures for block cipher padding. This could allow a remote attacker to obtain sensitive information. (CVE-2011-4576) Andrew Chi discovered that OpenSSL, when RFC 3779 support is enabled, could trigger an assert when handling an X.509 certificate containing certificate-extension data associated with IP address blocks or Autonomous System (AS) identifiers. This could allow a remote attacker to cause a denial of service. (CVE-2011-4577) Adam Langley discovered that the Server Gated Cryptography (SGC) implementation in OpenSSL did not properly handle handshake restarts. This could allow a remote attacker to cause a denial of service. (CVE-2011-4619) Andrey Kulikov discovered that the GOST block cipher engine in OpenSSL did not properly handle invalid parameters. This could allow a remote attacker to cause a denial of service via crafted data from a TLS client. This issue only affected Ubuntu 11.10. (CVE-2012-0027). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id57887
    published2012-02-10
    reporterUbuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57887
    titleUbuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : openssl vulnerabilities (USN-1357-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-1357-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(57887);
      script_version("1.11");
      script_cvs_date("Date: 2019/09/19 12:54:27");
    
      script_cve_id("CVE-2011-1945", "CVE-2011-3210", "CVE-2011-4108", "CVE-2011-4109", "CVE-2011-4354", "CVE-2011-4576", "CVE-2011-4577", "CVE-2011-4619", "CVE-2012-0027", "CVE-2012-0050");
      script_bugtraq_id(47888, 49471, 50882, 51281, 51563);
      script_xref(name:"USN", value:"1357-1");
    
      script_name(english:"Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : openssl vulnerabilities (USN-1357-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "It was discovered that the elliptic curve cryptography (ECC) subsystem
    in OpenSSL, when using the Elliptic Curve Digital Signature Algorithm
    (ECDSA) for the ECDHE_ECDSA cipher suite, did not properly implement
    curves over binary fields. This could allow an attacker to determine
    private keys via a timing attack. This issue only affected Ubuntu 8.04
    LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-1945)
    
    Adam Langley discovered that the ephemeral Elliptic Curve
    Diffie-Hellman (ECDH) functionality in OpenSSL did not ensure thread
    safety while processing handshake messages from clients. This could
    allow a remote attacker to cause a denial of service via out-of-order
    messages that violate the TLS protocol. This issue only affected
    Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04.
    (CVE-2011-3210)
    
    Nadhem Alfardan and Kenny Paterson discovered that the Datagram
    Transport Layer Security (DTLS) implementation in OpenSSL performed a
    MAC check only if certain padding is valid. This could allow a remote
    attacker to recover plaintext. (CVE-2011-4108)
    
    Antonio Martin discovered that a flaw existed in the fix to address
    CVE-2011-4108, the DTLS MAC check failure. This could allow a remote
    attacker to cause a denial of service. (CVE-2012-0050)
    
    Ben Laurie discovered a double free vulnerability in OpenSSL that
    could be triggered when the X509_V_FLAG_POLICY_CHECK flag is enabled.
    This could allow a remote attacker to cause a denial of service. This
    issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10
    and Ubuntu 11.04. (CVE-2011-4109)
    
    It was discovered that OpenSSL, in certain circumstances involving
    ECDH or ECDHE cipher suites, used an incorrect modular reduction
    algorithm in its implementation of the P-256 and P-384 NIST elliptic
    curves. This could allow a remote attacker to obtain the private key
    of a TLS server via multiple handshake attempts. This issue only
    affected Ubuntu 8.04 LTS. (CVE-2011-4354)
    
    Adam Langley discovered that the SSL 3.0 implementation in OpenSSL did
    not properly initialize data structures for block cipher padding. This
    could allow a remote attacker to obtain sensitive information.
    (CVE-2011-4576)
    
    Andrew Chi discovered that OpenSSL, when RFC 3779 support is enabled,
    could trigger an assert when handling an X.509 certificate containing
    certificate-extension data associated with IP address blocks or
    Autonomous System (AS) identifiers. This could allow a remote attacker
    to cause a denial of service. (CVE-2011-4577)
    
    Adam Langley discovered that the Server Gated Cryptography (SGC)
    implementation in OpenSSL did not properly handle handshake restarts.
    This could allow a remote attacker to cause a denial of service.
    (CVE-2011-4619)
    
    Andrey Kulikov discovered that the GOST block cipher engine in OpenSSL
    did not properly handle invalid parameters. This could allow a remote
    attacker to cause a denial of service via crafted data from a TLS
    client. This issue only affected Ubuntu 11.10. (CVE-2012-0027).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/1357-1/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Update the affected libssl0.9.8, libssl1.0.0 and / or openssl
    packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libssl0.9.8");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libssl1.0.0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openssl");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.10");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:11.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:11.10");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.04:-:lts");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2011/05/31");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/02/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/02/10");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(8\.04|10\.04|10\.10|11\.04|11\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 8.04 / 10.04 / 10.10 / 11.04 / 11.10", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"8.04", pkgname:"libssl0.9.8", pkgver:"0.9.8g-4ubuntu3.15")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"openssl", pkgver:"0.9.8g-4ubuntu3.15")) flag++;
    if (ubuntu_check(osver:"10.04", pkgname:"libssl0.9.8", pkgver:"0.9.8k-7ubuntu8.8")) flag++;
    if (ubuntu_check(osver:"10.04", pkgname:"openssl", pkgver:"0.9.8k-7ubuntu8.8")) flag++;
    if (ubuntu_check(osver:"10.10", pkgname:"libssl0.9.8", pkgver:"0.9.8o-1ubuntu4.6")) flag++;
    if (ubuntu_check(osver:"10.10", pkgname:"openssl", pkgver:"0.9.8o-1ubuntu4.6")) flag++;
    if (ubuntu_check(osver:"11.04", pkgname:"libssl0.9.8", pkgver:"0.9.8o-5ubuntu1.2")) flag++;
    if (ubuntu_check(osver:"11.04", pkgname:"openssl", pkgver:"0.9.8o-5ubuntu1.2")) flag++;
    if (ubuntu_check(osver:"11.10", pkgname:"libssl1.0.0", pkgver:"1.0.0e-2ubuntu4.2")) flag++;
    if (ubuntu_check(osver:"11.10", pkgname:"openssl", pkgver:"1.0.0e-2ubuntu4.2")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libssl0.9.8 / libssl1.0.0 / openssl");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_LIBOPENSSL-DEVEL-120111.NASL
    descriptionVarious security vulnerabilities have been fixed in OpenSSL : - DTLS plaintext recovery attack. (CVE-2011-4108) - double-free in Policy Checks. (CVE-2011-4109) - uninitialized SSL 3.0 padding. (CVE-2011-4576) - malformed RFC 3779 data can cause assertion failures. (CVE-2011-4577) - SGC restart DoS attack (CVE-2011-4619)
    last seen2020-06-05
    modified2012-01-17
    plugin id57569
    published2012-01-17
    reporterThis script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/57569
    titleSuSE 11.1 Security Update : OpenSSL (SAT Patch Number 5635)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from SuSE 11 update information. The text itself is
    # copyright (C) Novell, Inc.
    #
    
    if (NASL_LEVEL < 3000) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(57569);
      script_version("1.6");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2011-4108", "CVE-2011-4109", "CVE-2011-4576", "CVE-2011-4577", "CVE-2011-4619");
    
      script_name(english:"SuSE 11.1 Security Update : OpenSSL (SAT Patch Number 5635)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 11 host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Various security vulnerabilities have been fixed in OpenSSL :
    
      - DTLS plaintext recovery attack. (CVE-2011-4108)
    
      - double-free in Policy Checks. (CVE-2011-4109)
    
      - uninitialized SSL 3.0 padding. (CVE-2011-4576)
    
      - malformed RFC 3779 data can cause assertion failures.
        (CVE-2011-4577)
    
      - SGC restart DoS attack (CVE-2011-4619)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=739719"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2011-4108.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2011-4109.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2011-4576.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2011-4577.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2011-4619.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply SAT patch number 5635.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libopenssl0_9_8");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libopenssl0_9_8-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:openssl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:openssl-doc");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2012/01/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/01/17");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2020 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11");
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu);
    
    pl = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, "SuSE 11.1");
    
    
    flag = 0;
    if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"libopenssl0_9_8-0.9.8j-0.26.1")) flag++;
    if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"openssl-0.9.8j-0.26.1")) flag++;
    if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"libopenssl0_9_8-0.9.8j-0.26.1")) flag++;
    if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"libopenssl0_9_8-32bit-0.9.8j-0.26.1")) flag++;
    if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"openssl-0.9.8j-0.26.1")) flag++;
    if (rpm_check(release:"SLES11", sp:1, reference:"libopenssl0_9_8-0.9.8j-0.26.1")) flag++;
    if (rpm_check(release:"SLES11", sp:1, reference:"openssl-0.9.8j-0.26.1")) flag++;
    if (rpm_check(release:"SLES11", sp:1, reference:"openssl-doc-0.9.8j-0.26.1")) flag++;
    if (rpm_check(release:"SLES11", sp:1, cpu:"s390x", reference:"libopenssl0_9_8-32bit-0.9.8j-0.26.1")) flag++;
    if (rpm_check(release:"SLES11", sp:1, cpu:"x86_64", reference:"libopenssl0_9_8-32bit-0.9.8j-0.26.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2012-0060.NASL
    descriptionFrom Red Hat Security Advisory 2012:0060 : Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was discovered that the Datagram Transport Layer Security (DTLS) protocol implementation in OpenSSL leaked timing information when performing certain operations. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a DTLS server as a padding oracle. (CVE-2011-4108) A double free flaw was discovered in the policy checking code in OpenSSL. A remote attacker could use this flaw to crash an application that uses OpenSSL by providing an X.509 certificate that has specially crafted policy extension data. (CVE-2011-4109) An information leak flaw was found in the SSL 3.0 protocol implementation in OpenSSL. Incorrect initialization of SSL record padding bytes could cause an SSL client or server to send a limited amount of possibly sensitive data to its SSL peer via the encrypted connection. (CVE-2011-4576) It was discovered that OpenSSL did not limit the number of TLS/SSL handshake restarts required to support Server Gated Cryptography. A remote attacker could use this flaw to make a TLS/SSL server using OpenSSL consume an excessive amount of CPU by continuously restarting the handshake. (CVE-2011-4619) All OpenSSL users should upgrade to these updated packages, which contain backported patches to resolve these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
    last seen2020-06-01
    modified2020-06-02
    plugin id68438
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68438
    titleOracle Linux 5 : openssl (ELSA-2012-0060)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2012:0060 and 
    # Oracle Linux Security Advisory ELSA-2012-0060 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(68438);
      script_version("1.8");
      script_cvs_date("Date: 2019/09/30 10:58:17");
    
      script_cve_id("CVE-2011-4108", "CVE-2011-4109", "CVE-2011-4576", "CVE-2011-4619");
      script_bugtraq_id(51281, 51563);
      script_xref(name:"RHSA", value:"2012:0060");
    
      script_name(english:"Oracle Linux 5 : openssl (ELSA-2012-0060)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "From Red Hat Security Advisory 2012:0060 :
    
    Updated openssl packages that fix multiple security issues are now
    available for Red Hat Enterprise Linux 5.
    
    The Red Hat Security Response Team has rated this update as having
    moderate security impact. Common Vulnerability Scoring System (CVSS)
    base scores, which give detailed severity ratings, are available for
    each vulnerability from the CVE links in the References section.
    
    OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL
    v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a
    full-strength, general purpose cryptography library.
    
    It was discovered that the Datagram Transport Layer Security (DTLS)
    protocol implementation in OpenSSL leaked timing information when
    performing certain operations. A remote attacker could possibly use
    this flaw to retrieve plain text from the encrypted packets by using a
    DTLS server as a padding oracle. (CVE-2011-4108)
    
    A double free flaw was discovered in the policy checking code in
    OpenSSL. A remote attacker could use this flaw to crash an application
    that uses OpenSSL by providing an X.509 certificate that has specially
    crafted policy extension data. (CVE-2011-4109)
    
    An information leak flaw was found in the SSL 3.0 protocol
    implementation in OpenSSL. Incorrect initialization of SSL record
    padding bytes could cause an SSL client or server to send a limited
    amount of possibly sensitive data to its SSL peer via the encrypted
    connection. (CVE-2011-4576)
    
    It was discovered that OpenSSL did not limit the number of TLS/SSL
    handshake restarts required to support Server Gated Cryptography. A
    remote attacker could use this flaw to make a TLS/SSL server using
    OpenSSL consume an excessive amount of CPU by continuously restarting
    the handshake. (CVE-2011-4619)
    
    All OpenSSL users should upgrade to these updated packages, which
    contain backported patches to resolve these issues. For the update to
    take effect, all services linked to the OpenSSL library must be
    restarted, or the system rebooted."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2012-January/002567.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected openssl packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:openssl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:openssl-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:openssl-perl");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/01/05");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/01/25");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 5", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    
    flag = 0;
    if (rpm_check(release:"EL5", reference:"openssl-0.9.8e-20.el5_7.1")) flag++;
    if (rpm_check(release:"EL5", reference:"openssl-devel-0.9.8e-20.el5_7.1")) flag++;
    if (rpm_check(release:"EL5", reference:"openssl-perl-0.9.8e-20.el5_7.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openssl / openssl-devel / openssl-perl");
    }
    
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_78CC8A463E5611E189B4001EC9578670.NASL
    descriptionThe OpenSSL Team reports : 6 security flaws have been fixed in OpenSSL 1.0.0f : If X509_V_FLAG_POLICY_CHECK is set in OpenSSL 0.9.8, then a policy check failure can lead to a double-free. OpenSSL prior to 1.0.0f and 0.9.8s failed to clear the bytes used as block cipher padding in SSL 3.0 records. As a result, in each record, up to 15 bytes of uninitialized memory may be sent, encrypted, to the SSL peer. This could include sensitive contents of previously freed memory. RFC 3779 data can be included in certificates, and if it is malformed, may trigger an assertion failure. This could be used in a denial-of-service attack. Support for handshake restarts for server gated cryptograpy (SGC) can be used in a denial-of-service attack. A malicious TLS client can send an invalid set of GOST parameters which will cause the server to crash due to lack of error checking. This could be used in a denial-of-service attack.
    last seen2020-06-01
    modified2020-06-02
    plugin id57551
    published2012-01-16
    reporterThis script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57551
    titleFreeBSD : OpenSSL -- multiple vulnerabilities (78cc8a46-3e56-11e1-89b4-001ec9578670)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from the FreeBSD VuXML database :
    #
    # Copyright 2003-2018 Jacques Vidrine and contributors
    #
    # Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
    # HTML, PDF, PostScript, RTF and so forth) with or without modification,
    # are permitted provided that the following conditions are met:
    # 1. Redistributions of source code (VuXML) must retain the above
    #    copyright notice, this list of conditions and the following
    #    disclaimer as the first lines of this file unmodified.
    # 2. Redistributions in compiled form (transformed to other DTDs,
    #    published online in any format, converted to PDF, PostScript,
    #    RTF and other formats) must reproduce the above copyright
    #    notice, this list of conditions and the following disclaimer
    #    in the documentation and/or other materials provided with the
    #    distribution.
    # 
    # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
    # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
    # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
    # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
    # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
    # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
    # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
    # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
    # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
    # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
    # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(57551);
      script_version("1.12");
      script_cvs_date("Date: 2018/12/19 13:21:18");
    
      script_cve_id("CVE-2011-4108", "CVE-2011-4109", "CVE-2011-4576", "CVE-2011-4577", "CVE-2011-4619", "CVE-2012-0027");
      script_bugtraq_id(51281);
    
      script_name(english:"FreeBSD : OpenSSL -- multiple vulnerabilities (78cc8a46-3e56-11e1-89b4-001ec9578670)");
      script_summary(english:"Checks for updated package in pkg_info output");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote FreeBSD host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The OpenSSL Team reports :
    
    6 security flaws have been fixed in OpenSSL 1.0.0f :
    
    If X509_V_FLAG_POLICY_CHECK is set in OpenSSL 0.9.8, then a policy
    check failure can lead to a double-free.
    
    OpenSSL prior to 1.0.0f and 0.9.8s failed to clear the bytes used as
    block cipher padding in SSL 3.0 records. As a result, in each record,
    up to 15 bytes of uninitialized memory may be sent, encrypted, to the
    SSL peer. This could include sensitive contents of previously freed
    memory.
    
    RFC 3779 data can be included in certificates, and if it is malformed,
    may trigger an assertion failure. This could be used in a
    denial-of-service attack.
    
    Support for handshake restarts for server gated cryptograpy (SGC) can
    be used in a denial-of-service attack.
    
    A malicious TLS client can send an invalid set of GOST parameters
    which will cause the server to crash due to lack of error checking.
    This could be used in a denial-of-service attack."
      );
      # http://openssl.org/news/secadv/20120104.txt
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.openssl.org/news/secadv/20120104.txt"
      );
      # https://vuxml.freebsd.org/freebsd/78cc8a46-3e56-11e1-89b4-001ec9578670.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?726bda3b"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:openssl");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/01/04");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/01/14");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/01/16");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"FreeBSD Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("freebsd_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD");
    if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (pkg_test(save_report:TRUE, pkg:"openssl<1.0.0_8")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2012-0059.NASL
    descriptionFrom Red Hat Security Advisory 2012:0059 : Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was discovered that the Datagram Transport Layer Security (DTLS) protocol implementation in OpenSSL leaked timing information when performing certain operations. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a DTLS server as a padding oracle. (CVE-2011-4108) An information leak flaw was found in the SSL 3.0 protocol implementation in OpenSSL. Incorrect initialization of SSL record padding bytes could cause an SSL client or server to send a limited amount of possibly sensitive data to its SSL peer via the encrypted connection. (CVE-2011-4576) A denial of service flaw was found in the RFC 3779 implementation in OpenSSL. A remote attacker could use this flaw to make an application using OpenSSL exit unexpectedly by providing a specially crafted X.509 certificate that has malformed RFC 3779 extension data. (CVE-2011-4577) It was discovered that OpenSSL did not limit the number of TLS/SSL handshake restarts required to support Server Gated Cryptography. A remote attacker could use this flaw to make a TLS/SSL server using OpenSSL consume an excessive amount of CPU by continuously restarting the handshake. (CVE-2011-4619) All OpenSSL users should upgrade to these updated packages, which contain backported patches to resolve these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
    last seen2020-06-01
    modified2020-06-02
    plugin id68437
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68437
    titleOracle Linux 6 : openssl (ELSA-2012-0059)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2012:0059 and 
    # Oracle Linux Security Advisory ELSA-2012-0059 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(68437);
      script_version("1.8");
      script_cvs_date("Date: 2019/09/30 10:58:17");
    
      script_cve_id("CVE-2011-4108", "CVE-2011-4576", "CVE-2011-4577", "CVE-2011-4619");
      script_bugtraq_id(51281, 51563);
      script_xref(name:"RHSA", value:"2012:0059");
    
      script_name(english:"Oracle Linux 6 : openssl (ELSA-2012-0059)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "From Red Hat Security Advisory 2012:0059 :
    
    Updated openssl packages that fix multiple security issues are now
    available for Red Hat Enterprise Linux 6.
    
    The Red Hat Security Response Team has rated this update as having
    moderate security impact. Common Vulnerability Scoring System (CVSS)
    base scores, which give detailed severity ratings, are available for
    each vulnerability from the CVE links in the References section.
    
    OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL
    v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a
    full-strength, general purpose cryptography library.
    
    It was discovered that the Datagram Transport Layer Security (DTLS)
    protocol implementation in OpenSSL leaked timing information when
    performing certain operations. A remote attacker could possibly use
    this flaw to retrieve plain text from the encrypted packets by using a
    DTLS server as a padding oracle. (CVE-2011-4108)
    
    An information leak flaw was found in the SSL 3.0 protocol
    implementation in OpenSSL. Incorrect initialization of SSL record
    padding bytes could cause an SSL client or server to send a limited
    amount of possibly sensitive data to its SSL peer via the encrypted
    connection. (CVE-2011-4576)
    
    A denial of service flaw was found in the RFC 3779 implementation in
    OpenSSL. A remote attacker could use this flaw to make an application
    using OpenSSL exit unexpectedly by providing a specially crafted X.509
    certificate that has malformed RFC 3779 extension data.
    (CVE-2011-4577)
    
    It was discovered that OpenSSL did not limit the number of TLS/SSL
    handshake restarts required to support Server Gated Cryptography. A
    remote attacker could use this flaw to make a TLS/SSL server using
    OpenSSL consume an excessive amount of CPU by continuously restarting
    the handshake. (CVE-2011-4619)
    
    All OpenSSL users should upgrade to these updated packages, which
    contain backported patches to resolve these issues. For the update to
    take effect, all services linked to the OpenSSL library must be
    restarted, or the system rebooted."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2012-January/002569.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected openssl packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:openssl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:openssl-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:openssl-perl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:openssl-static");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/01/05");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/01/25");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 6", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    
    flag = 0;
    if (rpm_check(release:"EL6", reference:"openssl-1.0.0-20.el6_2.1")) flag++;
    if (rpm_check(release:"EL6", reference:"openssl-devel-1.0.0-20.el6_2.1")) flag++;
    if (rpm_check(release:"EL6", reference:"openssl-perl-1.0.0-20.el6_2.1")) flag++;
    if (rpm_check(release:"EL6", reference:"openssl-static-1.0.0-20.el6_2.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openssl / openssl-devel / openssl-perl / openssl-static");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_OPENSSL-7923.NASL
    descriptionVarious security vulnerabilities have been fixed in OpenSSL : - DTLS plaintext recovery attack. (CVE-2011-4108) - double-free in Policy Checks. (CVE-2011-4109) - uninitialized SSL 3.0 padding. (CVE-2011-4576) - malformed RFC 3779 data can cause assertion failures. (CVE-2011-4577) - SGC restart DoS attack (CVE-2011-4619)
    last seen2020-06-05
    modified2012-01-17
    plugin id57570
    published2012-01-17
    reporterThis script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/57570
    titleSuSE 10 Security Update : OpenSSL (ZYPP Patch Number 7923)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The text description of this plugin is (C) Novell, Inc.
    #
    
    if (NASL_LEVEL < 3000) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(57570);
      script_version ("1.7");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2011-4108", "CVE-2011-4109", "CVE-2011-4576", "CVE-2011-4577", "CVE-2011-4619");
    
      script_name(english:"SuSE 10 Security Update : OpenSSL (ZYPP Patch Number 7923)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 10 host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Various security vulnerabilities have been fixed in OpenSSL :
    
      - DTLS plaintext recovery attack. (CVE-2011-4108)
    
      - double-free in Policy Checks. (CVE-2011-4109)
    
      - uninitialized SSL 3.0 padding. (CVE-2011-4576)
    
      - malformed RFC 3779 data can cause assertion failures.
        (CVE-2011-4577)
    
      - SGC restart DoS attack (CVE-2011-4619)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2011-4108.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2011-4109.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2011-4576.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2011-4577.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2011-4619.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 7923.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2012/01/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/01/17");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2020 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
    if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE.");
    if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages.");
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) exit(1, "Failed to determine the architecture type.");
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented.");
    
    
    flag = 0;
    if (rpm_check(release:"SLED10", sp:4, reference:"openssl-0.9.8a-18.56.3")) flag++;
    if (rpm_check(release:"SLED10", sp:4, reference:"openssl-devel-0.9.8a-18.56.3")) flag++;
    if (rpm_check(release:"SLED10", sp:4, cpu:"x86_64", reference:"openssl-32bit-0.9.8a-18.56.3")) flag++;
    if (rpm_check(release:"SLED10", sp:4, cpu:"x86_64", reference:"openssl-devel-32bit-0.9.8a-18.56.3")) flag++;
    if (rpm_check(release:"SLES10", sp:4, reference:"openssl-0.9.8a-18.56.3")) flag++;
    if (rpm_check(release:"SLES10", sp:4, reference:"openssl-devel-0.9.8a-18.56.3")) flag++;
    if (rpm_check(release:"SLES10", sp:4, reference:"openssl-doc-0.9.8a-18.56.3")) flag++;
    if (rpm_check(release:"SLES10", sp:4, cpu:"x86_64", reference:"openssl-32bit-0.9.8a-18.56.3")) flag++;
    if (rpm_check(release:"SLES10", sp:4, cpu:"x86_64", reference:"openssl-devel-32bit-0.9.8a-18.56.3")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else exit(0, "The host is not affected.");
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2454.NASL
    descriptionMultiple vulnerabilities have been found in OpenSSL. The Common Vulnerabilities and Exposures project identifies the following issues : - CVE-2012-0884 Ivan Nestlerode discovered a weakness in the CMS and PKCS #7 implementations that could allow an attacker to decrypt data via a Million Message Attack (MMA). - CVE-2012-1165 It was discovered that a NULL pointer could be dereferenced when parsing certain S/MIME messages, leading to denial of service. - CVE-2012-2110 Tavis Ormandy, Google Security Team, discovered a vulnerability in the way DER-encoded ASN.1 data is parsed that can result in a heap overflow. Additionally, the fix for CVE-2011-4619 has been updated to address an issue with SGC handshakes. Tomas Hoger, Red Hat, discovered that the fix for CVE-2012-2110 for the 0.9.8 series of OpenSSL was incomplete. It has been assigned the CVE-2012-2131 identifier.
    last seen2020-03-17
    modified2012-04-20
    plugin id58804
    published2012-04-20
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/58804
    titleDebian DSA-2454-2 : openssl - multiple vulnerabilities
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-2454. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(58804);
      script_version("1.21");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2012-0884", "CVE-2012-1165", "CVE-2012-2110", "CVE-2012-2131");
      script_bugtraq_id(52764, 53158);
      script_xref(name:"DSA", value:"2454");
    
      script_name(english:"Debian DSA-2454-2 : openssl - multiple vulnerabilities");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Multiple vulnerabilities have been found in OpenSSL. The Common
    Vulnerabilities and Exposures project identifies the following issues
    :
    
      - CVE-2012-0884
        Ivan Nestlerode discovered a weakness in the CMS and
        PKCS #7 implementations that could allow an attacker to
        decrypt data via a Million Message Attack (MMA).
    
      - CVE-2012-1165
        It was discovered that a NULL pointer could be
        dereferenced when parsing certain S/MIME messages,
        leading to denial of service.
    
      - CVE-2012-2110
        Tavis Ormandy, Google Security Team, discovered a
        vulnerability in the way DER-encoded ASN.1 data is
        parsed that can result in a heap overflow.
    
    Additionally, the fix for CVE-2011-4619 has been updated to address an
    issue with SGC handshakes.
    
    Tomas Hoger, Red Hat, discovered that the fix for CVE-2012-2110 for
    the 0.9.8 series of OpenSSL was incomplete. It has been assigned the
    CVE-2012-2131 identifier."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2012-0884"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2012-1165"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2012-2110"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2011-4619"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2012-2110"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2012-2131"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/squeeze/openssl"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.debian.org/security/2012/dsa-2454"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the openssl packages.
    
    For the stable distribution (squeeze), these problems have been fixed
    in version 0.9.8o-4squeeze12."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:openssl");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:6.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2012/04/24");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/04/20");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"6.0", prefix:"libcrypto0.9.8-udeb", reference:"0.9.8o-4squeeze12")) flag++;
    if (deb_check(release:"6.0", prefix:"libssl-dev", reference:"0.9.8o-4squeeze12")) flag++;
    if (deb_check(release:"6.0", prefix:"libssl0.9.8", reference:"0.9.8o-4squeeze12")) flag++;
    if (deb_check(release:"6.0", prefix:"libssl0.9.8-dbg", reference:"0.9.8o-4squeeze12")) flag++;
    if (deb_check(release:"6.0", prefix:"openssl", reference:"0.9.8o-4squeeze12")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyAIX Local Security Checks
    NASL idAIX_OPENSSL_ADVISORY3.NASL
    descriptionThe version of OpenSSL running on the remote host is affected by the following vulnerabilities : - The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack. (CVE-2011-4108) - Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to have an unspecified impact by triggering failure of a policy check. (CVE-2011-4109) - The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer. (CVE-2011-4576) - The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service via unspecified vectors. (CVE-2011-4619) - OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications, which allows remote attackers to cause a denial of service via unspecified vectors. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4108. (CVE-2012-0050)
    last seen2020-06-01
    modified2020-06-02
    plugin id73561
    published2014-04-16
    reporterThis script is Copyright (C) 2014-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/73561
    titleAIX OpenSSL Advisory : openssl_advisory3.asc
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_4_LIBOPENSSL-DEVEL-120111.NASL
    descriptionVarious security vulnerabilities have been fixed in openssl : - DTLS plaintext recovery attack (CVE-2011-4108) - uninitialized SSL 3.0 padding (CVE-2011-4576) - malformed RFC 3779 data can cause assertion failures (CVE-2011-4577) - SGC restart DoS attack (CVE-2011-4619) - invalid GOST parameters DoS attack (CVE-2012-0027)
    last seen2020-06-05
    modified2014-06-13
    plugin id75908
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75908
    titleopenSUSE Security Update : libopenssl-devel (openSUSE-SU-2012:0083-1)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2012-0086.NASL
    descriptionFrom Red Hat Security Advisory 2012:0086 : Updated openssl packages that fix two security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. An information leak flaw was found in the SSL 3.0 protocol implementation in OpenSSL. Incorrect initialization of SSL record padding bytes could cause an SSL client or server to send a limited amount of possibly sensitive data to its SSL peer via the encrypted connection. (CVE-2011-4576) It was discovered that OpenSSL did not limit the number of TLS/SSL handshake restarts required to support Server Gated Cryptography. A remote attacker could use this flaw to make a TLS/SSL server using OpenSSL consume an excessive amount of CPU by continuously restarting the handshake. (CVE-2011-4619) All OpenSSL users should upgrade to these updated packages, which contain backported patches to resolve these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
    last seen2020-06-01
    modified2020-06-02
    plugin id68447
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68447
    titleOracle Linux 4 : openssl (ELSA-2012-0086)
  • NASL familyWeb Servers
    NASL idOPENSSL_0_9_8U.NASL
    descriptionAccording to its banner, the remote web server uses an OpenSSL version prior to 0.9.8u. As such, it is reportedly affected by the following vulnerabilities : - An error exists in the function
    last seen2020-06-01
    modified2020-06-02
    plugin id58564
    published2012-04-02
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/58564
    titleOpenSSL < 0.9.8u Multiple Vulnerabilities
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2012-0086.NASL
    descriptionUpdated openssl packages that fix two security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. An information leak flaw was found in the SSL 3.0 protocol implementation in OpenSSL. Incorrect initialization of SSL record padding bytes could cause an SSL client or server to send a limited amount of possibly sensitive data to its SSL peer via the encrypted connection. (CVE-2011-4576) It was discovered that OpenSSL did not limit the number of TLS/SSL handshake restarts required to support Server Gated Cryptography. A remote attacker could use this flaw to make a TLS/SSL server using OpenSSL consume an excessive amount of CPU by continuously restarting the handshake. (CVE-2011-4619) All OpenSSL users should upgrade to these updated packages, which contain backported patches to resolve these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
    last seen2020-04-16
    modified2012-02-02
    plugin id57789
    published2012-02-02
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57789
    titleRHEL 4 : openssl (RHSA-2012:0086)
  • NASL familyWeb Servers
    NASL idHPSMH_7_1_1_1.NASL
    descriptionAccording to the web server
    last seen2020-06-01
    modified2020-06-02
    plugin id59851
    published2012-07-05
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/59851
    titleHP System Management Homepage < 7.1.1 Multiple Vulnerabilities
  • NASL familyWeb Servers
    NASL idOPENSSL_1_0_0H.NASL
    descriptionAccording to its banner, the remote web server is running OpenSSL version 1.0.0 prior to version 1.0.0h. As such, it reportedly is affected by the following vulnerabilities : - An error exists in the function
    last seen2020-06-01
    modified2020-06-02
    plugin id58565
    published2012-04-02
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/58565
    titleOpenSSL 1.0.0 < 1.0.0h Multiple Vulnerabilities
  • NASL familyMisc.
    NASL idVMWARE_ESXI_5_0_BUILD_912577_REMOTE.NASL
    descriptionThe remote VMware ESXi 5.0 host is affected by Multiple Vulnerabilities : - An integer overflow condition exists in the __tzfile_read() function in the glibc library. An unauthenticated, remote attacker can exploit this, via a crafted timezone (TZ) file, to cause a denial of service or the execution of arbitrary code. (CVE-2009-5029) - ldd in the glibc library is affected by a privilege escalation vulnerability due to the omission of certain LD_TRACE_LOADED_OBJECTS checks in a crafted executable file. Note that this vulnerability is disputed by the library vendor. (CVE-2009-5064) - A remote code execution vulnerability exists in the glibc library due to an integer signedness error in the elf_get_dynamic_info() function when the
    last seen2020-06-01
    modified2020-06-02
    plugin id70885
    published2013-11-13
    reporterThis script is (C) 2013-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/70885
    titleESXi 5.0 < Build 912577 Multiple Vulnerabilities (remote check)
  • NASL familyF5 Networks Local Security Checks
    NASL idF5_BIGIP_SOL15461.NASL
    descriptionThe Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors.
    last seen2020-06-01
    modified2020-06-02
    plugin id78188
    published2014-10-10
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78188
    titleF5 Networks BIG-IP : OpenSSL vulnerability (SOL15461)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2012-0168.NASL
    descriptionAn updated rhev-hypervisor5 package that fixes several security issues and various bugs is now available. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The rhev-hypervisor5 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A heap overflow flaw was found in the way QEMU-KVM emulated the e1000 network interface card. A privileged guest user in a virtual machine whose network interface is configured to use the e1000 emulated driver could use this flaw to crash the host or, possibly, escalate their privileges on the host. (CVE-2012-0029) A divide-by-zero flaw was found in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id79283
    published2014-11-17
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79283
    titleRHEL 5 : rhev-hypervisor5 (RHSA-2012:0168)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20120124_OPENSSL_ON_SL6_X.NASL
    descriptionOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was discovered that the Datagram Transport Layer Security (DTLS) protocol implementation in OpenSSL leaked timing information when performing certain operations. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a DTLS server as a padding oracle. (CVE-2011-4108) An information leak flaw was found in the SSL 3.0 protocol implementation in OpenSSL. Incorrect initialization of SSL record padding bytes could cause an SSL client or server to send a limited amount of possibly sensitive data to its SSL peer via the encrypted connection. (CVE-2011-4576) A denial of service flaw was found in the RFC 3779 implementation in OpenSSL. A remote attacker could use this flaw to make an application using OpenSSL exit unexpectedly by providing a specially crafted X.509 certificate that has malformed RFC 3779 extension data. (CVE-2011-4577) It was discovered that OpenSSL did not limit the number of TLS/SSL handshake restarts required to support Server Gated Cryptography. A remote attacker could use this flaw to make a TLS/SSL server using OpenSSL consume an excessive amount of CPU by continuously restarting the handshake. (CVE-2011-4619) All OpenSSL users should upgrade to these updated packages, which contain backported patches to resolve these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
    last seen2020-03-18
    modified2012-08-01
    plugin id61225
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61225
    titleScientific Linux Security Update : openssl on SL6.x i386/x86_64 (20120124)
  • NASL familyWeb Servers
    NASL idOPENSSL_0_9_8S.NASL
    descriptionAccording to its banner, the remote web server is running a version of OpenSSL older than 0.9.8s. Such versions have the following vulnerabilities : - An error exists related to ECDSA signatures and binary curves. The implementation of curves over binary fields could allow a remote, unauthenticated attacker to determine private key material via timing attacks. (CVE-2011-1945) - The Datagram Transport Layer Security (DTLS) implementation is vulnerable to plaintext recovery attacks when decrypting in CBC mode. (CVE-2011-4108) - A double-free error exists during a policy check failure if the flag
    last seen2020-06-01
    modified2020-06-02
    plugin id57459
    published2012-01-09
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/57459
    titleOpenSSL < 0.9.8s Multiple Vulnerabilities
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2012-0109.NASL
    descriptionAn updated rhev-hypervisor6 package that fixes multiple security issues and various bugs is now available. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A heap overflow flaw was found in the way QEMU-KVM emulated the e1000 network interface card. A privileged guest user in a virtual machine whose network interface is configured to use the e1000 emulated driver could use this flaw to crash the host or, possibly, escalate their privileges on the host. (CVE-2012-0029) An information leak flaw was found in the SSL 3.0 protocol implementation in OpenSSL. Incorrect initialization of SSL record padding bytes could cause an SSL client or server to send a limited amount of possibly sensitive data to its SSL peer via the encrypted connection. (CVE-2011-4576) A denial of service flaw was found in the RFC 3779 implementation in OpenSSL. A remote attacker could use this flaw to make an application using OpenSSL exit unexpectedly by providing a specially crafted X.509 certificate that has malformed RFC 3779 extension data. (CVE-2011-4577) It was discovered that OpenSSL did not limit the number of TLS/SSL handshake restarts required to support Server Gated Cryptography. A remote attacker could use this flaw to make a TLS/SSL server using OpenSSL consume an excessive amount of CPU by continuously restarting the handshake. (CVE-2011-4619) Red Hat would like to thank Nicolae Mogoreanu for reporting CVE-2012-0029. This updated package provides updated components that include fixes for various security issues. These issues have no security impact on Red Hat Enterprise Virtualization Hypervisor itself, however. The security fixes included in this update address the following CVE numbers : CVE-2009-5029 and CVE-2011-4609 (glibc issues) CVE-2012-0056 (kernel issue) CVE-2011-4108 and CVE-2012-0050 (openssl issues) This update also fixes the following bugs : * Previously, it was possible to begin a Hypervisor installation without any valid disks to install to. Now, if no valid disks are found for Hypervisor installation, a message is displayed informing the user that there are no valid disks for installation. (BZ#781471) * Previously, the user interface for the Hypervisor did not indicate whether the system was registered with Red Hat Network (RHN) Classic or RHN Satellite. As a result, customers could not easily determine the registration status of their Hypervisor installations. The TUI has been updated to display the registration status of the Hypervisor. (BZ#788223) * Previously, autoinstall would fail if the firstboot or reinstall options were passed but local_boot or upgrade were not passed. Now, neither the local_boot or upgrade parameters are required for autoinstall. (BZ#788225) Users of the Red Hat Enterprise Virtualization Hypervisor are advised to upgrade to this updated package, which fixes these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id79282
    published2014-11-17
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79282
    titleRHEL 6 : rhev-hypervisor6 (RHSA-2012:0109)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2014-0008.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - fix for CVE-2014-0224 - SSL/TLS MITM vulnerability - replace expired GlobalSign Root CA certificate in ca-bundle.crt - fix for CVE-2013-0169 - SSL/TLS CBC timing attack (#907589) - fix for CVE-2013-0166 - DoS in OCSP signatures checking (#908052) - enable compression only if explicitly asked for or OPENSSL_DEFAULT_ZLIB environment variable is set (fixes CVE-2012-4929 #857051) - use __secure_getenv everywhere instead of getenv (#839735) - fix for CVE-2012-2333 - improper checking for record length in DTLS (#820686) - fix for CVE-2012-2110 - memory corruption in asn1_d2i_read_bio (#814185) - fix problem with the SGC restart patch that might terminate handshake incorrectly - fix for CVE-2012-0884 - MMA weakness in CMS and PKCS#7 code (#802725) - fix for CVE-2012-1165 - NULL read dereference on bad MIME headers (#802489) - fix for CVE-2011-4108 & CVE-2012-0050 - DTLS plaintext recovery vulnerability and additional DTLS fixes (#771770) - fix for CVE-2011-4109 - double free in policy checks (#771771) - fix for CVE-2011-4576 - uninitialized SSL 3.0 padding (#771775) - fix for CVE-2011-4619 - SGC restart DoS attack (#771780) - add known answer test for SHA2 algorithms (#740866) - make default private key length in certificate Makefile 2048 bits (can be changed with PRIVATE_KEY_BITS setting) (#745410) - fix incorrect return value in parse_yesno (#726593) - added DigiCert CA certificates to ca-bundle (#735819) - added a new section about error states to README.FIPS (#628976) - add missing DH_check_pub_key call when DH key is computed (#698175) - presort list of ciphers available in SSL (#688901) - accept connection in s_server even if getaddrinfo fails (#561260) - point to openssl dgst for list of supported digests (#608639) - fix handling of future TLS versions (#599112) - added VeriSign Class 3 Public Primary Certification Authority - G5 and StartCom Certification Authority certs to ca-bundle (#675671, #617856) - upstream fixes for the CHIL engine (#622003, #671484) - add SHA-2 hashes in SSL_library_init (#676384) - fix CVE-2010-4180 - completely disable code for SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG (#659462) - fix CVE-2009-3245 - add missing bn_wexpand return checks (#570924) - fix CVE-2010-0433 - do not pass NULL princ to krb5_kt_get_entry which in the RHEL-5 and newer versions will crash in such case (#569774) - fix CVE-2009-3555 - support the safe renegotiation extension and do not allow legacy renegotiation on the server by default (#533125) - fix CVE-2009-2409 - drop MD2 algorithm from EVP tables (#510197) - fix CVE-2009-4355 - do not leak memory when CRYPTO_cleanup_all_ex_data is called prematurely by application (#546707)
    last seen2020-06-01
    modified2020-06-02
    plugin id79532
    published2014-11-26
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79532
    titleOracleVM 3.2 : onpenssl (OVMSA-2014-0008)
  • NASL familyMisc.
    NASL idVMWARE_VMSA-2012-0013_REMOTE.NASL
    descriptionThe remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several third-party libraries : - Apache Struts - glibc - GnuTLS - JRE - kernel - libxml2 - OpenSSL - Perl - popt and rpm
    last seen2020-06-01
    modified2020-06-02
    plugin id89038
    published2016-02-29
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/89038
    titleVMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2012-0013) (remote check)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2012-0060.NASL
    descriptionUpdated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was discovered that the Datagram Transport Layer Security (DTLS) protocol implementation in OpenSSL leaked timing information when performing certain operations. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a DTLS server as a padding oracle. (CVE-2011-4108) A double free flaw was discovered in the policy checking code in OpenSSL. A remote attacker could use this flaw to crash an application that uses OpenSSL by providing an X.509 certificate that has specially crafted policy extension data. (CVE-2011-4109) An information leak flaw was found in the SSL 3.0 protocol implementation in OpenSSL. Incorrect initialization of SSL record padding bytes could cause an SSL client or server to send a limited amount of possibly sensitive data to its SSL peer via the encrypted connection. (CVE-2011-4576) It was discovered that OpenSSL did not limit the number of TLS/SSL handshake restarts required to support Server Gated Cryptography. A remote attacker could use this flaw to make a TLS/SSL server using OpenSSL consume an excessive amount of CPU by continuously restarting the handshake. (CVE-2011-4619) All OpenSSL users should upgrade to these updated packages, which contain backported patches to resolve these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
    last seen2020-06-01
    modified2020-06-02
    plugin id57692
    published2012-01-26
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57692
    titleCentOS 5 : openssl (CESA-2012:0060)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2012-007.NASL
    descriptionMultiple vulnerabilities has been found and corrected in openssl : The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack (CVE-2011-4108). Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to have an unspecified impact by triggering failure of a policy check (CVE-2011-4109). The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer (CVE-2011-4576). The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service via unspecified vectors (CVE-2011-4619). The GOST ENGINE in OpenSSL before 1.0.0f does not properly handle invalid parameters for the GOST block cipher, which allows remote attackers to cause a denial of service (daemon crash) via crafted data from a TLS client (CVE-2012-0027). The updated packages have been patched to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id61942
    published2012-09-06
    reporterThis script is Copyright (C) 2012-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/61942
    titleMandriva Linux Security Advisory : openssl (MDVSA-2012:007)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2012-0426.NASL
    descriptionUpdated openssl packages that fix two security issues and one bug are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. A NULL pointer dereference flaw was found in the way OpenSSL parsed Secure/Multipurpose Internet Mail Extensions (S/MIME) messages. An attacker could use this flaw to crash an application that uses OpenSSL to decrypt or verify S/MIME messages. (CVE-2012-1165) A flaw was found in the PKCS#7 and Cryptographic Message Syntax (CMS) implementations in OpenSSL. An attacker could possibly use this flaw to perform a Bleichenbacher attack to decrypt an encrypted CMS, PKCS#7, or S/MIME message by sending a large number of chosen ciphertext messages to a service using OpenSSL and measuring error response times. (CVE-2012-0884) This update also fixes a regression caused by the fix for CVE-2011-4619, released via RHSA-2012:0060 and RHSA-2012:0059, which caused Server Gated Cryptography (SGC) handshakes to fail. All OpenSSL users should upgrade to these updated packages, which contain backported patches to resolve these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
    last seen2020-04-16
    modified2012-03-28
    plugin id58507
    published2012-03-28
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/58507
    titleRHEL 5 / 6 : openssl (RHSA-2012:0426)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2012-0426.NASL
    descriptionFrom Red Hat Security Advisory 2012:0426 : Updated openssl packages that fix two security issues and one bug are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. A NULL pointer dereference flaw was found in the way OpenSSL parsed Secure/Multipurpose Internet Mail Extensions (S/MIME) messages. An attacker could use this flaw to crash an application that uses OpenSSL to decrypt or verify S/MIME messages. (CVE-2012-1165) A flaw was found in the PKCS#7 and Cryptographic Message Syntax (CMS) implementations in OpenSSL. An attacker could possibly use this flaw to perform a Bleichenbacher attack to decrypt an encrypted CMS, PKCS#7, or S/MIME message by sending a large number of chosen ciphertext messages to a service using OpenSSL and measuring error response times. (CVE-2012-0884) This update also fixes a regression caused by the fix for CVE-2011-4619, released via RHSA-2012:0060 and RHSA-2012:0059, which caused Server Gated Cryptography (SGC) handshakes to fail. All OpenSSL users should upgrade to these updated packages, which contain backported patches to resolve these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
    last seen2020-06-01
    modified2020-06-02
    plugin id68501
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68501
    titleOracle Linux 5 / 6 : openssl (ELSA-2012-0426)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2012-0060.NASL
    descriptionUpdated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was discovered that the Datagram Transport Layer Security (DTLS) protocol implementation in OpenSSL leaked timing information when performing certain operations. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a DTLS server as a padding oracle. (CVE-2011-4108) A double free flaw was discovered in the policy checking code in OpenSSL. A remote attacker could use this flaw to crash an application that uses OpenSSL by providing an X.509 certificate that has specially crafted policy extension data. (CVE-2011-4109) An information leak flaw was found in the SSL 3.0 protocol implementation in OpenSSL. Incorrect initialization of SSL record padding bytes could cause an SSL client or server to send a limited amount of possibly sensitive data to its SSL peer via the encrypted connection. (CVE-2011-4576) It was discovered that OpenSSL did not limit the number of TLS/SSL handshake restarts required to support Server Gated Cryptography. A remote attacker could use this flaw to make a TLS/SSL server using OpenSSL consume an excessive amount of CPU by continuously restarting the handshake. (CVE-2011-4619) All OpenSSL users should upgrade to these updated packages, which contain backported patches to resolve these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
    last seen2020-04-16
    modified2012-01-25
    plugin id57678
    published2012-01-25
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57678
    titleRHEL 5 : openssl (RHSA-2012:0060)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_10_8_4.NASL
    descriptionThe remote host is running a version of Mac OS X 10.8.x that is prior to 10.8.4. The newer version contains multiple security-related fixes for the following components : - CFNetwork - CoreAnimation - CoreMedia Playback - CUPS - Disk Management - OpenSSL - QuickDraw Manager - QuickTime - SMB
    last seen2020-06-01
    modified2020-06-02
    plugin id66808
    published2013-06-05
    reporterThis script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/66808
    titleMac OS X 10.8.x < 10.8.4 Multiple Vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_3_LIBOPENSSL-DEVEL-120111.NASL
    descriptionVarious security vulnerabilities have been fixed in openssl : - DTLS plaintext recovery attack (CVE-2011-4108) - uninitialized SSL 3.0 padding (CVE-2011-4576) - malformed RFC 3779 data can cause assertion failures (CVE-2011-4577) - SGC restart DoS attack (CVE-2011-4619) - invalid GOST parameters DoS attack (CVE-2012-0027)
    last seen2020-06-05
    modified2014-06-13
    plugin id75598
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75598
    titleopenSUSE Security Update : libopenssl-devel (openSUSE-SU-2012:0083-1)
  • NASL familyWeb Servers
    NASL idOPENSSL_1_0_0F.NASL
    descriptionAccording to its banner, the remote web server is running a version of OpenSSL 1.x that is earlier than 1.0.0f. Such versions are affected by the following vulnerabilities : - The Datagram Transport Layer Security (DTLS) implementation is vulnerable to plaintext recovery attacks when decrypting in CBC mode. (CVE-2011-4108) - An error exists related to SSLv3.0 records that can lead to disclosure of uninitialized memory because the library does not clear all bytes used as block cipher padding. (CVE-2011-4576) - An error exists related to RFC 3779 processing that can allow denial of service attacks. Note that this functionality is not enabled by default and must be configured at compile time via the
    last seen2020-06-01
    modified2020-06-02
    plugin id57460
    published2012-01-09
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/57460
    titleOpenSSL 1.x < 1.0.0f Multiple Vulnerabilities
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2014-0007.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - fix for CVE-2014-0224 - SSL/TLS MITM vulnerability - replace expired GlobalSign Root CA certificate in ca-bundle.crt - fix for CVE-2013-0169 - SSL/TLS CBC timing attack (#907589) - fix for CVE-2013-0166 - DoS in OCSP signatures checking (#908052) - enable compression only if explicitly asked for or OPENSSL_DEFAULT_ZLIB environment variable is set (fixes CVE-2012-4929 #857051) - use __secure_getenv everywhere instead of getenv (#839735) - fix for CVE-2012-2333 - improper checking for record length in DTLS (#820686) - fix for CVE-2012-2110 - memory corruption in asn1_d2i_read_bio (#814185) - fix problem with the SGC restart patch that might terminate handshake incorrectly - fix for CVE-2012-0884 - MMA weakness in CMS and PKCS#7 code (#802725) - fix for CVE-2012-1165 - NULL read dereference on bad MIME headers (#802489) - fix for CVE-2011-4108 & CVE-2012-0050 - DTLS plaintext recovery vulnerability and additional DTLS fixes (#771770) - fix for CVE-2011-4109 - double free in policy checks (#771771) - fix for CVE-2011-4576 - uninitialized SSL 3.0 padding (#771775) - fix for CVE-2011-4619 - SGC restart DoS attack (#771780) - add known answer test for SHA2 algorithms (#740866) - make default private key length in certificate Makefile 2048 bits (can be changed with PRIVATE_KEY_BITS setting) (#745410) - fix incorrect return value in parse_yesno (#726593) - added DigiCert CA certificates to ca-bundle (#735819) - added a new section about error states to README.FIPS (#628976) - add missing DH_check_pub_key call when DH key is computed (#698175) - presort list of ciphers available in SSL (#688901) - accept connection in s_server even if getaddrinfo fails (#561260) - point to openssl dgst for list of supported digests (#608639) - fix handling of future TLS versions (#599112) - added VeriSign Class 3 Public Primary Certification Authority - G5 and StartCom Certification Authority certs to ca-bundle (#675671, #617856) - upstream fixes for the CHIL engine (#622003, #671484) - add SHA-2 hashes in SSL_library_init (#676384) - fix CVE-2010-4180 - completely disable code for SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG (#659462) - fix CVE-2009-3245 - add missing bn_wexpand return checks (#570924) - fix CVE-2010-0433 - do not pass NULL princ to krb5_kt_get_entry which in the RHEL-5 and newer versions will crash in such case (#569774) - fix CVE-2009-3555 - support the safe renegotiation extension and do not allow legacy renegotiation on the server by default (#533125) - fix CVE-2009-2409 - drop MD2 algorithm from EVP tables (#510197) - fix CVE-2009-4355 - do not leak memory when CRYPTO_cleanup_all_ex_data is called prematurely by application (#546707)
    last seen2020-06-01
    modified2020-06-02
    plugin id79531
    published2014-11-26
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79531
    titleOracleVM 2.2 : openssl (OVMSA-2014-0007)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20120327_OPENSSL_ON_SL5_X.NASL
    descriptionOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. A NULL pointer dereference flaw was found in the way OpenSSL parsed Secure/Multipurpose Internet Mail Extensions (S/MIME) messages. An attacker could use this flaw to crash an application that uses OpenSSL to decrypt or verify S/MIME messages. (CVE-2012-1165) A flaw was found in the PKCS#7 and Cryptographic Message Syntax (CMS) implementations in OpenSSL. An attacker could possibly use this flaw to perform a Bleichenbacher attack to decrypt an encrypted CMS, PKCS#7, or S/MIME message by sending a large number of chosen ciphertext messages to a service using OpenSSL and measuring error response times. (CVE-2012-0884) This update also fixes a regression caused by the fix for CVE-2011-4619, released in a previous update, which caused Server Gated Cryptography (SGC) handshakes to fail. All OpenSSL users should upgrade to these updated packages, which contain backported patches to resolve these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
    last seen2020-03-18
    modified2012-08-01
    plugin id61293
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61293
    titleScientific Linux Security Update : openssl on SL5.x, SL6.x i386/x86_64 (20120327)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2012-006.NASL
    descriptionMultiple vulnerabilities has been found and corrected in openssl : The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack (CVE-2011-4108). Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to have an unspecified impact by triggering failure of a policy check (CVE-2011-4109). The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer (CVE-2011-4576). The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service via unspecified vectors (CVE-2011-4619). The updated packages have been patched to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id57568
    published2012-01-17
    reporterThis script is Copyright (C) 2012-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/57568
    titleMandriva Linux Security Advisory : openssl (MDVSA-2012:006)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20120201_OPENSSL_ON_SL4_X.NASL
    descriptionOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. An information leak flaw was found in the SSL 3.0 protocol implementation in OpenSSL. Incorrect initialization of SSL record padding bytes could cause an SSL client or server to send a limited amount of possibly sensitive data to its SSL peer via the encrypted connection. (CVE-2011-4576) It was discovered that OpenSSL did not limit the number of TLS/SSL handshake restarts required to support Server Gated Cryptography. A remote attacker could use this flaw to make a TLS/SSL server using OpenSSL consume an excessive amount of CPU by continuously restarting the handshake. (CVE-2011-4619) All OpenSSL users should upgrade to these updated packages, which contain backported patches to resolve these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
    last seen2020-03-18
    modified2012-08-01
    plugin id61232
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61232
    titleScientific Linux Security Update : openssl on SL4.x i386/x86_64 (20120201)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2013-153.NASL
    descriptionopenssl was updated to 1.0.0k security release to fix bugs and security issues. (bnc#802648 bnc#802746) The version was upgraded to avoid backporting the large fixes for SSL, TLS and DTLS Plaintext Recovery Attack (CVE-2013-0169) TLS 1.1 and 1.2 AES-NI crash (CVE-2012-2686) OCSP invalid key DoS issue (CVE-2013-0166) Also the following bugfix was included: bnc#757773 - c_rehash to accept more filename extensions
    last seen2020-06-05
    modified2014-06-13
    plugin id74901
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74901
    titleopenSUSE Security Update : openssl (openSUSE-SU-2013:0336-1)
  • NASL familyJunos Local Security Checks
    NASL idJUNIPER_SPACE_JSA10659.NASL
    descriptionAccording to its self-reported version number, the remote Junos Space version is prior to 14.1R1. It is, therefore, affected by multiple vulnerabilities in bundled third party software components : - Multiple vulnerabilities in the bundled OpenSSL CentOS package. (CVE-2011-4109, CVE-2011-4576, CVE-2011-4619, CVE-2012-0884, CVE-2012-2110, CVE-2012-2333, CVE-2013-0166, CVE-2013-0169, CVE-2014-0224) - Multiple vulnerabilities in Oracle MySQL. (CVE-2013-5908) - Multiple vulnerabilities in the Oracle Java runtime. (CVE-2014-0411, CVE-2014-0423, CVE-2014-4244, CVE-2014-0453, CVE-2014-0460, CVE-2014-4263, CVE-2014-4264)
    last seen2020-06-01
    modified2020-06-02
    plugin id80197
    published2014-12-22
    reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/80197
    titleJuniper Junos Space < 14.1R1 Multiple Vulnerabilities (JSA10659)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2012-18035.NASL
    descriptionUpdate to 1.0.1c and synced all patches with Fedora openssl-1.0.1c-7.fc19 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2012-11-26
    plugin id63031
    published2012-11-26
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63031
    titleFedora 18 : mingw-openssl-1.0.1c-1.fc18 (2012-18035)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2012-0250.NASL
    descriptionNew upstream package with bugfixes and fixes for moderate and low impact CVEs. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2012-01-16
    plugin id57546
    published2012-01-16
    reporterThis script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/57546
    titleFedora 15 : openssl-1.0.0f-1.fc15 (2012-0250)
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS11_OPENSSL_20120404.NASL
    descriptionThe remote Solaris system is missing necessary patches to address security updates : - The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack. (CVE-2011-4108) - Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to have an unspecified impact by triggering failure of a policy check. (CVE-2011-4109) - The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer. (CVE-2011-4576) - OpenSSL before 0.9.8s and 1.x before 1.0.0f, when RFC 3779 support is enabled, allows remote attackers to cause a denial of service (assertion failure) via an X.509 certificate containing certificate-extension data associated with (1) IP address blocks or (2) Autonomous System (AS) identifiers. (CVE-2011-4577) - The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors. (CVE-2011-4619) - The GOST ENGINE in OpenSSL before 1.0.0f does not properly handle invalid parameters for the GOST block cipher, which allows remote attackers to cause a denial of service (daemon crash) via crafted data from a TLS client. (CVE-2012-0027) - OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications, which allows remote attackers to cause a denial of service (crash) via unspecified vectors related to an out-of-bounds read. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4108. (CVE-2012-0050)
    last seen2020-06-01
    modified2020-06-02
    plugin id80715
    published2015-01-19
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/80715
    titleOracle Solaris Third-Party Patch Update : openssl (cve_2012_0050_denial_of)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2012-0232.NASL
    descriptionNew upstream package with bugfixes and fixes for moderate and low impact CVEs. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2012-01-11
    plugin id57479
    published2012-01-11
    reporterThis script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/57479
    titleFedora 16 : openssl-1.0.0f-1.fc16 (2012-0232)
  • NASL familyMisc.
    NASL idJUNIPER_SBR_MULTIPLE.NASL
    descriptionThe version of Juniper Steel-Belted Radius software installed on the remote RedHat or CentOS host is affected by multiple OpenSSL vulnerabilities : - The SSL 3.0 implementation in OpenSSL does not properly initialize data structures for block cipher padding, which could allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer. (CVE-2011-4576) - The Server Gated Cryptography (SGC) implementation in OpenSSL does not properly handle handshake restarts, which could allow remote attackers to cause a denial of service condition. (CVE-2011-4619)
    last seen2020-06-01
    modified2020-06-02
    plugin id70165
    published2013-09-27
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/70165
    titleJuniper Steel-Belted Radius Multiple OpenSSL Vulnerabilities
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SECUPD2013-002.NASL
    descriptionThe remote host is running a version of Mac OS X 10.6 or 10.7 that does not have Security Update 2013-002 applied. This update contains numerous security-related fixes for the following components : - CoreMedia Playback (10.7 only) - Directory Service (10.6 only) - OpenSSL - QuickDraw Manager - QuickTime - Ruby (10.6 only) - SMB (10.7 only)
    last seen2020-06-01
    modified2020-06-02
    plugin id66809
    published2013-06-05
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/66809
    titleMac OS X Multiple Vulnerabilities (Security Update 2013-002)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20120124_OPENSSL_ON_SL5_X.NASL
    descriptionOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was discovered that the Datagram Transport Layer Security (DTLS) protocol implementation in OpenSSL leaked timing information when performing certain operations. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a DTLS server as a padding oracle. (CVE-2011-4108) A double free flaw was discovered in the policy checking code in OpenSSL. A remote attacker could use this flaw to crash an application that uses OpenSSL by providing an X.509 certificate that has specially crafted policy extension data. (CVE-2011-4109) An information leak flaw was found in the SSL 3.0 protocol implementation in OpenSSL. Incorrect initialization of SSL record padding bytes could cause an SSL client or server to send a limited amount of possibly sensitive data to its SSL peer via the encrypted connection. (CVE-2011-4576) It was discovered that OpenSSL did not limit the number of TLS/SSL handshake restarts required to support Server Gated Cryptography. A remote attacker could use this flaw to make a TLS/SSL server using OpenSSL consume an excessive amount of CPU by continuously restarting the handshake. (CVE-2011-4619) All OpenSSL users should upgrade to these updated packages, which contain backported patches to resolve these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
    last seen2020-03-18
    modified2012-08-01
    plugin id61224
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61224
    titleScientific Linux Security Update : openssl on SL5.x i386/x86_64 (20120124)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2012-0059.NASL
    descriptionUpdated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was discovered that the Datagram Transport Layer Security (DTLS) protocol implementation in OpenSSL leaked timing information when performing certain operations. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a DTLS server as a padding oracle. (CVE-2011-4108) An information leak flaw was found in the SSL 3.0 protocol implementation in OpenSSL. Incorrect initialization of SSL record padding bytes could cause an SSL client or server to send a limited amount of possibly sensitive data to its SSL peer via the encrypted connection. (CVE-2011-4576) A denial of service flaw was found in the RFC 3779 implementation in OpenSSL. A remote attacker could use this flaw to make an application using OpenSSL exit unexpectedly by providing a specially crafted X.509 certificate that has malformed RFC 3779 extension data. (CVE-2011-4577) It was discovered that OpenSSL did not limit the number of TLS/SSL handshake restarts required to support Server Gated Cryptography. A remote attacker could use this flaw to make a TLS/SSL server using OpenSSL consume an excessive amount of CPU by continuously restarting the handshake. (CVE-2011-4619) All OpenSSL users should upgrade to these updated packages, which contain backported patches to resolve these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
    last seen2020-06-01
    modified2020-06-02
    plugin id57731
    published2012-01-31
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57731
    titleCentOS 6 : openssl (CESA-2012:0059)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2012-0426.NASL
    descriptionUpdated openssl packages that fix two security issues and one bug are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. A NULL pointer dereference flaw was found in the way OpenSSL parsed Secure/Multipurpose Internet Mail Extensions (S/MIME) messages. An attacker could use this flaw to crash an application that uses OpenSSL to decrypt or verify S/MIME messages. (CVE-2012-1165) A flaw was found in the PKCS#7 and Cryptographic Message Syntax (CMS) implementations in OpenSSL. An attacker could possibly use this flaw to perform a Bleichenbacher attack to decrypt an encrypted CMS, PKCS#7, or S/MIME message by sending a large number of chosen ciphertext messages to a service using OpenSSL and measuring error response times. (CVE-2012-0884) This update also fixes a regression caused by the fix for CVE-2011-4619, released via RHSA-2012:0060 and RHSA-2012:0059, which caused Server Gated Cryptography (SGC) handshakes to fail. All OpenSSL users should upgrade to these updated packages, which contain backported patches to resolve these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
    last seen2020-06-01
    modified2020-06-02
    plugin id58502
    published2012-03-28
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/58502
    titleCentOS 5 / 6 : openssl (CESA-2012:0426)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2012-38.NASL
    descriptionIt was discovered that the Datagram Transport Layer Security (DTLS) protocol implementation in OpenSSL leaked timing information when performing certain operations. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a DTLS server as a padding oracle. (CVE-2011-4108) An information leak flaw was found in the SSL 3.0 protocol implementation in OpenSSL. Incorrect initialization of SSL record padding bytes could cause an SSL client or server to send a limited amount of possibly sensitive data to its SSL peer via the encrypted connection. (CVE-2011-4576) A denial of service flaw was found in the RFC 3779 implementation in OpenSSL. A remote attacker could use this flaw to make an application using OpenSSL exit unexpectedly by providing a specially crafted X.509 certificate that has malformed RFC 3779 extension data. (CVE-2011-4577) It was discovered that OpenSSL did not limit the number of TLS/SSL handshake restarts required to support Server Gated Cryptography. A remote attacker could use this flaw to make a TLS/SSL server using OpenSSL consume an excessive amount of CPU by continuously restarting the handshake. (CVE-2011-4619)
    last seen2020-06-01
    modified2020-06-02
    plugin id69645
    published2013-09-04
    reporterThis script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/69645
    titleAmazon Linux AMI : openssl (ALAS-2012-38)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201203-12.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201203-12 (OpenSSL: Multiple vulnerabilities) Multiple vulnerabilities have been found in OpenSSL: Timing differences for decryption are exposed by CBC mode encryption in OpenSSL&rsquo;s implementation of DTLS (CVE-2011-4108). A policy check failure can result in a double-free error when X509_V_FLAG_POLICY_CHECK is set (CVE-2011-4109). Clients and servers using SSL 3.0 handshakes do not clear the block cipher padding, allowing a record to contain up to 15 bytes of uninitialized memory, which could include sensitive information (CVE-2011-4576). Assertion errors can occur during the handling of malformed X.509 certificates when OpenSSL is built with RFC 3779 support (CVE-2011-4577). A resource management error can occur when OpenSSL&rsquo;s server gated cryptography (SGC) does not properly handle handshake restarts (CVE-2011-4619). Invalid parameters in the GOST block cipher are not properly handled by the GOST ENGINE(CVE-2012-0027). An incorrect fix for CVE-2011-4108 creates an unspecified vulnerability for DTLS applications using OpenSSL (CVE-2012-0050). Impact : A remote attacker may be able to cause a Denial of Service or obtain sensitive information, including plaintext passwords. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id58222
    published2012-03-06
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/58222
    titleGLSA-201203-12 : OpenSSL: Multiple vulnerabilities
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2390.NASL
    descriptionSeveral vulnerabilities were discovered in OpenSSL, an implementation of TLS and related protocols. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities : - CVE-2011-4108 The DTLS implementation performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack. - CVE-2011-4109 A double free vulnerability when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to cause applications crashes and potentially allow execution of arbitrary code by triggering failure of a policy check. - CVE-2011-4354 On 32-bit systems, the operations on NIST elliptic curves P-256 and P-384 are not correctly implemented, potentially leaking the private ECC key of a TLS server. (Regular RSA-based keys are not affected by this vulnerability.) - CVE-2011-4576 The SSL 3.0 implementation does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer. - CVE-2011-4619 The Server Gated Cryptography (SGC) implementation in OpenSSL does not properly handle handshake restarts, unnecessarily simplifying CPU exhaustion attacks.
    last seen2020-03-17
    modified2012-01-16
    plugin id57543
    published2012-01-16
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57543
    titleDebian DSA-2390-1 : openssl - several vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2012-52.NASL
    descriptionopenssl was prone to several security issues : - DTLS Plaintext Recovery Attack (CVE-2011-4108) - Uninitialized SSL 3.0 Padding (CVE-2011-4576) - Malformed RFC 3779 Data Can Cause Assertion Failures (CVE-2011-4577) - SGC Restart DoS Attack (CVE-2011-4619) - Invalid GOST parameters DoS Attack (CVE-2012-0027)
    last seen2020-06-05
    modified2014-06-13
    plugin id74722
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/74722
    titleopenSUSE Security Update : openssl (openSUSE-2012-52)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2012-0086.NASL
    descriptionUpdated openssl packages that fix two security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. An information leak flaw was found in the SSL 3.0 protocol implementation in OpenSSL. Incorrect initialization of SSL record padding bytes could cause an SSL client or server to send a limited amount of possibly sensitive data to its SSL peer via the encrypted connection. (CVE-2011-4576) It was discovered that OpenSSL did not limit the number of TLS/SSL handshake restarts required to support Server Gated Cryptography. A remote attacker could use this flaw to make a TLS/SSL server using OpenSSL consume an excessive amount of CPU by continuously restarting the handshake. (CVE-2011-4619) All OpenSSL users should upgrade to these updated packages, which contain backported patches to resolve these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
    last seen2020-06-01
    modified2020-06-02
    plugin id57806
    published2012-02-03
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57806
    titleCentOS 4 : openssl (CESA-2012:0086)

Redhat

advisories
  • bugzilla
    id771780
    titleCVE-2011-4619 openssl: SGC restart DoS attack
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 6 is installed
        ovaloval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • commentopenssl is earlier than 0:1.0.0-20.el6_2.1
            ovaloval:com.redhat.rhsa:tst:20120059001
          • commentopenssl is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20171929008
        • AND
          • commentopenssl-devel is earlier than 0:1.0.0-20.el6_2.1
            ovaloval:com.redhat.rhsa:tst:20120059003
          • commentopenssl-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20171929002
        • AND
          • commentopenssl-perl is earlier than 0:1.0.0-20.el6_2.1
            ovaloval:com.redhat.rhsa:tst:20120059005
          • commentopenssl-perl is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20171929004
        • AND
          • commentopenssl-static is earlier than 0:1.0.0-20.el6_2.1
            ovaloval:com.redhat.rhsa:tst:20120059007
          • commentopenssl-static is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20171929006
    rhsa
    idRHSA-2012:0059
    released2012-01-24
    severityModerate
    titleRHSA-2012:0059: openssl security update (Moderate)
  • bugzilla
    id771780
    titleCVE-2011-4619 openssl: SGC restart DoS attack
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 5 is installed
        ovaloval:com.redhat.rhba:tst:20070331005
      • OR
        • AND
          • commentopenssl-devel is earlier than 0:0.9.8e-20.el5_7.1
            ovaloval:com.redhat.rhsa:tst:20120060001
          • commentopenssl-devel is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070964002
        • AND
          • commentopenssl is earlier than 0:0.9.8e-20.el5_7.1
            ovaloval:com.redhat.rhsa:tst:20120060003
          • commentopenssl is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070964004
        • AND
          • commentopenssl-perl is earlier than 0:0.9.8e-20.el5_7.1
            ovaloval:com.redhat.rhsa:tst:20120060005
          • commentopenssl-perl is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070964006
    rhsa
    idRHSA-2012:0060
    released2012-01-24
    severityModerate
    titleRHSA-2012:0060: openssl security update (Moderate)
  • bugzilla
    id771780
    titleCVE-2011-4619 openssl: SGC restart DoS attack
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 4 is installed
        ovaloval:com.redhat.rhba:tst:20070304025
      • OR
        • AND
          • commentopenssl is earlier than 0:0.9.7a-43.18.el4
            ovaloval:com.redhat.rhsa:tst:20120086001
          • commentopenssl is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060661004
        • AND
          • commentopenssl-perl is earlier than 0:0.9.7a-43.18.el4
            ovaloval:com.redhat.rhsa:tst:20120086003
          • commentopenssl-perl is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060661008
        • AND
          • commentopenssl-devel is earlier than 0:0.9.7a-43.18.el4
            ovaloval:com.redhat.rhsa:tst:20120086005
          • commentopenssl-devel is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060661006
    rhsa
    idRHSA-2012:0086
    released2012-02-01
    severityModerate
    titleRHSA-2012:0086: openssl security update (Moderate)
  • rhsa
    idRHSA-2012:1306
  • rhsa
    idRHSA-2012:1307
  • rhsa
    idRHSA-2012:1308
rpms
  • openssl-0:1.0.0-20.el6_2.1
  • openssl-debuginfo-0:1.0.0-20.el6_2.1
  • openssl-devel-0:1.0.0-20.el6_2.1
  • openssl-perl-0:1.0.0-20.el6_2.1
  • openssl-static-0:1.0.0-20.el6_2.1
  • openssl-0:0.9.8e-20.el5_7.1
  • openssl-debuginfo-0:0.9.8e-20.el5_7.1
  • openssl-devel-0:0.9.8e-20.el5_7.1
  • openssl-perl-0:0.9.8e-20.el5_7.1
  • openssl-0:0.9.7a-43.18.el4
  • openssl-debuginfo-0:0.9.7a-43.18.el4
  • openssl-devel-0:0.9.7a-43.18.el4
  • openssl-perl-0:0.9.7a-43.18.el4
  • rhev-hypervisor6-0:6.2-20120209.0.el6_2
  • rhev-hypervisor6-tools-0:6.2-20120209.0.el6_2

References