Vulnerabilities > CVE-2011-5095 - Cryptographic Issues vulnerability in Openssl 0.9.8

047910
CVSS 4.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
NONE
network
high complexity
openssl
CWE-310
nessus
NVD
Published: 2012-06-20
Updated: 2012-06-21

Summary

The Diffie-Hellman key-exchange implementation in OpenSSL 0.9.8, when FIPS mode is enabled, does not properly validate a public parameter, which makes it easier for man-in-the-middle attackers to obtain the shared secret key by modifying network traffic, a related issue to CVE-2011-1923.

Vulnerable Configurations

Part Description Count
Application
Openssl
1

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

Nessus

NASL familySuSE Local Security Checks
NASL idSUSE_11_LIBOPENSSL-DEVEL-120710.NASL
descriptionThis update adds libopenssl0_9_8-hmac packages, that, when installed, will enforce FIPS 140-2 self-test being run upon first use of the library. If FIPS mode is enforced, these new packages are required in order to enable FIPS mode successfully. The update also imposes limits on the parameters of a Diffie-Hellman key exchange to prevent man-in-the-middle (MITM) attacks in FIPS mode. (CVE-2011-5095)
last seen2020-06-05
modified2013-01-25
plugin id64186
published2013-01-25
reporterThis script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/64186
titleSuSE 11.1 Security Update : libopenssl (SAT Patch Number 6521)
code
#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from SuSE 11 update information. The text itself is
# copyright (C) Novell, Inc.
#

if (NASL_LEVEL < 3000) exit(0);

include("compat.inc");

if (description)
{
  script_id(64186);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");

  script_cve_id("CVE-2011-5095");

  script_name(english:"SuSE 11.1 Security Update : libopenssl (SAT Patch Number 6521)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SuSE 11 host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update adds libopenssl0_9_8-hmac packages, that, when installed,
will enforce FIPS 140-2 self-test being run upon first use of the
library.

If FIPS mode is enforced, these new packages are required in order to
enable FIPS mode successfully.

The update also imposes limits on the parameters of a Diffie-Hellman
key exchange to prevent man-in-the-middle (MITM) attacks in FIPS mode.
(CVE-2011-5095)"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=767256"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=768097"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2011-5095.html"
  );
  script_set_attribute(attribute:"solution", value:"Apply SAT patch number 6521.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libopenssl0_9_8");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libopenssl0_9_8-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libopenssl0_9_8-hmac");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libopenssl0_9_8-hmac-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:openssl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:openssl-doc");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");

  script_set_attribute(attribute:"patch_publication_date", value:"2012/07/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/01/25");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11");
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu);

pl = get_kb_item("Host/SuSE/patchlevel");
if (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, "SuSE 11.1");


flag = 0;
if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"libopenssl0_9_8-0.9.8j-0.44.1")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"openssl-0.9.8j-0.44.1")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"libopenssl0_9_8-0.9.8j-0.44.1")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"libopenssl0_9_8-32bit-0.9.8j-0.44.1")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"openssl-0.9.8j-0.44.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, reference:"libopenssl0_9_8-0.9.8j-0.44.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, reference:"libopenssl0_9_8-hmac-0.9.8j-0.44.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, reference:"openssl-0.9.8j-0.44.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, reference:"openssl-doc-0.9.8j-0.44.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, cpu:"s390x", reference:"libopenssl0_9_8-32bit-0.9.8j-0.44.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, cpu:"s390x", reference:"libopenssl0_9_8-hmac-32bit-0.9.8j-0.44.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, cpu:"x86_64", reference:"libopenssl0_9_8-32bit-0.9.8j-0.44.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, cpu:"x86_64", reference:"libopenssl0_9_8-hmac-32bit-0.9.8j-0.44.1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

References