Vulnerabilities > CVE-2012-0884 - Cryptographic Issues vulnerability in Openssl
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Million Message Attack (MMA) adaptive chosen ciphertext attack.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Signature Spoofing by Key Recreation An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Nessus
NASL family Solaris Local Security Checks NASL id SOLARIS11_OPENSSL_20120523.NASL description The remote Solaris system is missing necessary patches to address security updates : - The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Million Message Attack (MMA) adaptive chosen ciphertext attack. (CVE-2012-0884) last seen 2020-06-01 modified 2020-06-02 plugin id 80716 published 2015-01-19 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/80716 title Oracle Solaris Third-Party Patch Update : openssl (cve_2012_0884_cryptographic_issue1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the Oracle Third Party software advisories. # include("compat.inc"); if (description) { script_id(80716); script_version("1.2"); script_cvs_date("Date: 2018/11/15 20:50:24"); script_cve_id("CVE-2012-0884"); script_name(english:"Oracle Solaris Third-Party Patch Update : openssl (cve_2012_0884_cryptographic_issue1)"); script_summary(english:"Check for the 'entire' version."); script_set_attribute( attribute:"synopsis", value: "The remote Solaris system is missing a security patch for third-party software." ); script_set_attribute( attribute:"description", value: "The remote Solaris system is missing necessary patches to address security updates : - The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Million Message Attack (MMA) adaptive chosen ciphertext attack. (CVE-2012-0884)" ); # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?4a913f44" ); # https://blogs.oracle.com/sunsecurity/cve-2012-0884-cryptographic-issue-in-openssl script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?932d352f" ); script_set_attribute(attribute:"solution", value:"Upgrade to Solaris 11/11 SRU 7.5."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:11.0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:openssl"); script_set_attribute(attribute:"patch_publication_date", value:"2012/05/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/01/19"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris11/release", "Host/Solaris11/pkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("solaris.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Solaris11/release"); if (isnull(release)) audit(AUDIT_OS_NOT, "Solaris11"); pkg_list = solaris_pkg_list_leaves(); if (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, "Solaris pkg-list packages"); if (empty_or_null(egrep(string:pkg_list, pattern:"^openssl$"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "openssl"); flag = 0; if (solaris_check_release(release:"0.5.11-0.175.0.7.0.5.0", sru:"SRU 7.5") > 0) flag++; if (flag) { error_extra = 'Affected package : openssl\n' + solaris_get_report2(); error_extra = ereg_replace(pattern:"version", replace:"OS version", string:error_extra); if (report_verbosity > 0) security_warning(port:0, extra:error_extra); else security_warning(0); exit(0); } else audit(AUDIT_PACKAGE_NOT_AFFECTED, "openssl");NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_2AE114DEC06411E1B5E0000C299B62E1.NASL description Problem description : OpenSSL fails to clear the bytes used as block cipher padding in SSL 3.0 records when operating as a client or a server that accept SSL 3.0 handshakes. As a result, in each record, up to 15 bytes of uninitialized memory may be sent, encrypted, to the SSL peer. This could include sensitive contents of previously freed memory. [CVE-2011-4576] OpenSSL support for handshake restarts for server gated cryptography (SGC) can be used in a denial-of-service attack. [CVE-2011-4619] If an application uses OpenSSL last seen 2020-06-01 modified 2020-06-02 plugin id 59747 published 2012-06-28 reporter This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/59747 title FreeBSD : FreeBSD -- OpenSSL multiple vulnerabilities (2ae114de-c064-11e1-b5e0-000c299b62e1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2018 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # include("compat.inc"); if (description) { script_id(59747); script_version("1.14"); script_cvs_date("Date: 2018/11/10 11:49:42"); script_cve_id("CVE-2011-4109", "CVE-2011-4576", "CVE-2011-4619", "CVE-2012-0884", "CVE-2012-2110"); script_bugtraq_id(51281, 52428, 53158); script_xref(name:"FreeBSD", value:"SA-12:01.openssl"); script_name(english:"FreeBSD : FreeBSD -- OpenSSL multiple vulnerabilities (2ae114de-c064-11e1-b5e0-000c299b62e1)"); script_summary(english:"Checks for updated packages in pkg_info output"); script_set_attribute( attribute:"synopsis", value: "The remote FreeBSD host is missing one or more security-related updates." ); script_set_attribute( attribute:"description", value: "Problem description : OpenSSL fails to clear the bytes used as block cipher padding in SSL 3.0 records when operating as a client or a server that accept SSL 3.0 handshakes. As a result, in each record, up to 15 bytes of uninitialized memory may be sent, encrypted, to the SSL peer. This could include sensitive contents of previously freed memory. [CVE-2011-4576] OpenSSL support for handshake restarts for server gated cryptography (SGC) can be used in a denial-of-service attack. [CVE-2011-4619] If an application uses OpenSSL's certificate policy checking when verifying X509 certificates, by enabling the X509_V_FLAG_POLICY_CHECK flag, a policy check failure can lead to a double-free. [CVE-2011-4109] A weakness in the OpenSSL PKCS #7 code can be exploited using Bleichenbacher's attack on PKCS #1 v1.5 RSA padding also known as the million message attack (MMA). [CVE-2012-0884] The asn1_d2i_read_bio() function, used by the d2i_*_bio and d2i_*_fp functions, in OpenSSL contains multiple integer errors that can cause memory corruption when parsing encoded ASN.1 data. This error can occur on systems that parse untrusted ASN.1 data, such as X.509 certificates or RSA public keys. [CVE-2012-2110]" ); # https://vuxml.freebsd.org/freebsd/2ae114de-c064-11e1-b5e0-000c299b62e1.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?32392d4e" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:FreeBSD"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/05/03"); script_set_attribute(attribute:"patch_publication_date", value:"2012/06/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/06/28"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info", "Settings/ParanoidReport"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); if (report_paranoia < 2) audit(AUDIT_PARANOID); flag = 0; if (pkg_test(save_report:TRUE, pkg:"FreeBSD>=7.4<7.4_8")) flag++; if (pkg_test(save_report:TRUE, pkg:"FreeBSD>=8.1<8.1_10")) flag++; if (pkg_test(save_report:TRUE, pkg:"FreeBSD>=8.2<8.2_8")) flag++; if (pkg_test(save_report:TRUE, pkg:"FreeBSD>=8.3<8.3_2")) flag++; if (pkg_test(save_report:TRUE, pkg:"FreeBSD>=9.0<9.0_2")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family SuSE Local Security Checks NASL id OPENSUSE-2012-242.NASL description The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL was vulnerable to a Million Message Attack (MMA) adaptive chosen ciphertext attack (CVE-2012-0884). last seen 2020-06-05 modified 2014-06-13 plugin id 74605 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74605 title openSUSE Security Update : openssl (openSUSE-SU-2012:0547-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2012-242. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(74605); script_version("1.6"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2012-0884"); script_name(english:"openSUSE Security Update : openssl (openSUSE-SU-2012:0547-1)"); script_summary(english:"Check for the openSUSE-2012-242 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL was vulnerable to a Million Message Attack (MMA) adaptive chosen ciphertext attack (CVE-2012-0884)." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=749735" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=751977" ); script_set_attribute( attribute:"see_also", value:"https://lists.opensuse.org/opensuse-updates/2012-04/msg00054.html" ); script_set_attribute( attribute:"solution", value:"Update the affected openssl packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libopenssl-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libopenssl-devel-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libopenssl1_0_0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libopenssl1_0_0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openssl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openssl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openssl-debugsource"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/03/12"); script_set_attribute(attribute:"patch_publication_date", value:"2012/04/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE12\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE12.1", reference:"libopenssl-devel-1.0.0e-34.12.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"libopenssl1_0_0-1.0.0e-34.12.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"libopenssl1_0_0-debuginfo-1.0.0e-34.12.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"openssl-1.0.0e-34.12.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"openssl-debuginfo-1.0.0e-34.12.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"openssl-debugsource-1.0.0e-34.12.1") ) flag++; if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"libopenssl-devel-32bit-1.0.0e-34.12.1") ) flag++; if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"libopenssl1_0_0-32bit-1.0.0e-34.12.1") ) flag++; if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"libopenssl1_0_0-debuginfo-32bit-1.0.0e-34.12.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libopenssl-devel / libopenssl-devel-32bit / libopenssl1_0_0 / etc"); }NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2012-0699.NASL description Updated openssl packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. An integer underflow flaw, leading to a buffer over-read, was found in the way OpenSSL handled DTLS (Datagram Transport Layer Security) application data record lengths when using a block cipher in CBC (cipher-block chaining) mode. A malicious DTLS client or server could use this flaw to crash its DTLS connection peer. (CVE-2012-2333) Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Codenomicon as the original reporter. On Red Hat Enterprise Linux 6, this update also fixes an uninitialized variable use bug, introduced by the fix for CVE-2012-0884 (released via RHSA-2012:0426). This bug could possibly cause an attempt to create an encrypted message in the CMS (Cryptographic Message Syntax) format to fail. All OpenSSL users should upgrade to these updated packages, which contain a backported patch to resolve these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. last seen 2020-06-01 modified 2020-06-02 plugin id 59294 published 2012-05-30 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/59294 title CentOS 5 / 6 : openssl (CESA-2012:0699) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2012:0699 and # CentOS Errata and Security Advisory 2012:0699 respectively. # include("compat.inc"); if (description) { script_id(59294); script_version("1.11"); script_cvs_date("Date: 2020/01/07"); script_cve_id("CVE-2012-2333"); script_bugtraq_id(53476); script_xref(name:"RHSA", value:"2012:0699"); script_name(english:"CentOS 5 / 6 : openssl (CESA-2012:0699)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated openssl packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. An integer underflow flaw, leading to a buffer over-read, was found in the way OpenSSL handled DTLS (Datagram Transport Layer Security) application data record lengths when using a block cipher in CBC (cipher-block chaining) mode. A malicious DTLS client or server could use this flaw to crash its DTLS connection peer. (CVE-2012-2333) Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Codenomicon as the original reporter. On Red Hat Enterprise Linux 6, this update also fixes an uninitialized variable use bug, introduced by the fix for CVE-2012-0884 (released via RHSA-2012:0426). This bug could possibly cause an attempt to create an encrypted message in the CMS (Cryptographic Message Syntax) format to fail. All OpenSSL users should upgrade to these updated packages, which contain a backported patch to resolve these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted." ); # https://lists.centos.org/pipermail/centos-announce/2012-May/018659.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?e0a09342" ); # https://lists.centos.org/pipermail/centos-announce/2012-May/018660.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?ee0f4aed" ); script_set_attribute( attribute:"solution", value:"Update the affected openssl packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-2333"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:openssl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:openssl-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:openssl-perl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:openssl-static"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:6"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/05/14"); script_set_attribute(attribute:"patch_publication_date", value:"2012/05/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/05/30"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^(5|6)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 5.x / 6.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-5", reference:"openssl-0.9.8e-22.el5_8.4")) flag++; if (rpm_check(release:"CentOS-5", reference:"openssl-devel-0.9.8e-22.el5_8.4")) flag++; if (rpm_check(release:"CentOS-5", reference:"openssl-perl-0.9.8e-22.el5_8.4")) flag++; if (rpm_check(release:"CentOS-6", reference:"openssl-1.0.0-20.el6_2.5")) flag++; if (rpm_check(release:"CentOS-6", reference:"openssl-devel-1.0.0-20.el6_2.5")) flag++; if (rpm_check(release:"CentOS-6", reference:"openssl-perl-1.0.0-20.el6_2.5")) flag++; if (rpm_check(release:"CentOS-6", reference:"openssl-static-1.0.0-20.el6_2.5")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openssl / openssl-devel / openssl-perl / openssl-static"); }NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2454.NASL description Multiple vulnerabilities have been found in OpenSSL. The Common Vulnerabilities and Exposures project identifies the following issues : - CVE-2012-0884 Ivan Nestlerode discovered a weakness in the CMS and PKCS #7 implementations that could allow an attacker to decrypt data via a Million Message Attack (MMA). - CVE-2012-1165 It was discovered that a NULL pointer could be dereferenced when parsing certain S/MIME messages, leading to denial of service. - CVE-2012-2110 Tavis Ormandy, Google Security Team, discovered a vulnerability in the way DER-encoded ASN.1 data is parsed that can result in a heap overflow. Additionally, the fix for CVE-2011-4619 has been updated to address an issue with SGC handshakes. Tomas Hoger, Red Hat, discovered that the fix for CVE-2012-2110 for the 0.9.8 series of OpenSSL was incomplete. It has been assigned the CVE-2012-2131 identifier. last seen 2020-03-17 modified 2012-04-20 plugin id 58804 published 2012-04-20 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/58804 title Debian DSA-2454-2 : openssl - multiple vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-2454. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(58804); script_version("1.21"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2012-0884", "CVE-2012-1165", "CVE-2012-2110", "CVE-2012-2131"); script_bugtraq_id(52764, 53158); script_xref(name:"DSA", value:"2454"); script_name(english:"Debian DSA-2454-2 : openssl - multiple vulnerabilities"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Multiple vulnerabilities have been found in OpenSSL. The Common Vulnerabilities and Exposures project identifies the following issues : - CVE-2012-0884 Ivan Nestlerode discovered a weakness in the CMS and PKCS #7 implementations that could allow an attacker to decrypt data via a Million Message Attack (MMA). - CVE-2012-1165 It was discovered that a NULL pointer could be dereferenced when parsing certain S/MIME messages, leading to denial of service. - CVE-2012-2110 Tavis Ormandy, Google Security Team, discovered a vulnerability in the way DER-encoded ASN.1 data is parsed that can result in a heap overflow. Additionally, the fix for CVE-2011-4619 has been updated to address an issue with SGC handshakes. Tomas Hoger, Red Hat, discovered that the fix for CVE-2012-2110 for the 0.9.8 series of OpenSSL was incomplete. It has been assigned the CVE-2012-2131 identifier." ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2012-0884" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2012-1165" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2012-2110" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2011-4619" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2012-2110" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2012-2131" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/squeeze/openssl" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2012/dsa-2454" ); script_set_attribute( attribute:"solution", value: "Upgrade the openssl packages. For the stable distribution (squeeze), these problems have been fixed in version 0.9.8o-4squeeze12." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:openssl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:6.0"); script_set_attribute(attribute:"patch_publication_date", value:"2012/04/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/04/20"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"6.0", prefix:"libcrypto0.9.8-udeb", reference:"0.9.8o-4squeeze12")) flag++; if (deb_check(release:"6.0", prefix:"libssl-dev", reference:"0.9.8o-4squeeze12")) flag++; if (deb_check(release:"6.0", prefix:"libssl0.9.8", reference:"0.9.8o-4squeeze12")) flag++; if (deb_check(release:"6.0", prefix:"libssl0.9.8-dbg", reference:"0.9.8o-4squeeze12")) flag++; if (deb_check(release:"6.0", prefix:"openssl", reference:"0.9.8o-4squeeze12")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Web Servers NASL id OPENSSL_0_9_8U.NASL description According to its banner, the remote web server uses an OpenSSL version prior to 0.9.8u. As such, it is reportedly affected by the following vulnerabilities : - An error exists in the function last seen 2020-06-01 modified 2020-06-02 plugin id 58564 published 2012-04-02 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/58564 title OpenSSL < 0.9.8u Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(58564); script_version("1.11"); script_cvs_date("Date: 2018/11/15 20:50:25"); script_cve_id( "CVE-2006-7250", "CVE-2011-4619", "CVE-2012-0884", "CVE-2012-1165" ); script_bugtraq_id(51281, 52181, 52428, 52764); script_name(english:"OpenSSL < 0.9.8u Multiple Vulnerabilities"); script_summary(english:"Does a banner check"); script_set_attribute( attribute:"synopsis", value:"The remote host may be affected by multiple vulnerabilities." ); script_set_attribute( attribute:"description", value: "According to its banner, the remote web server uses an OpenSSL version prior to 0.9.8u. As such, it is reportedly affected by the following vulnerabilities : - An error exists in the function 'mime_hdr_cmp' that could allow a NULL pointer to be dereferenced when parsing certain MIME headers. (CVE-2006-7250) - The fix for CVE-2011-4619 was not complete. - An error exists in the Cryptographic Message Syntax (CMS) and PKCS #7 implementation such that data can be decrypted using Million Message Attack (MMA) adaptive chosen cipher text attack. (CVE-2012-0884) - An error exists in the function 'mime_param_cmp' in the file 'crypto/asn1/asn_mime.c' that can allow a NULL pointer to be dereferenced when handling certain S/MIME content. (CVE-2012-1165) Note that SSL/TLS applications are not necessarily affected, but those using CMS, PKCS #7 and S/MIME decryption operations are." ); script_set_attribute(attribute:"see_also", value:"https://marc.info/?l=openssl-dev&m=115685408414194&w=2"); script_set_attribute(attribute:"see_also", value:"https://www.openssl.org/news/secadv/20120312.txt"); script_set_attribute(attribute:"see_also", value:"https://www.openssl.org/news/changelog.html"); script_set_attribute(attribute:"see_also", value:"https://www.openwall.com/lists/oss-security/2012/03/13/2"); script_set_attribute(attribute:"see_also", value:"https://www.openwall.com/lists/oss-security/2012/02/28/14"); # https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=dc95c53c6f3fc9007fea9376d02f7bd82d2a0fb4 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?82fc5c0b"); script_set_attribute(attribute:"see_also", value:"https://rt.openssl.org/Ticket/Display.html?id=2711&user=guest&pass=guest"); script_set_attribute(attribute:"solution", value:"Upgrade to OpenSSL 0.9.8u or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/08/30"); script_set_attribute(attribute:"patch_publication_date", value:"2012/02/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/04/02"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:openssl:openssl"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Web Servers"); script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc."); script_dependencies("openssl_version.nasl"); script_require_keys("openssl/port"); exit(0); } include("openssl_version.inc"); openssl_check_version(fixed:'0.9.8u', severity:SECURITY_WARNING);NASL family Scientific Linux Local Security Checks NASL id SL_20120529_OPENSSL_ON_SL5_X.NASL description An integer underflow flaw, leading to a buffer over-read, was found in the way OpenSSL handled DTLS (Datagram Transport Layer Security) application data record lengths when using a block cipher in CBC (cipher-blockchaining) mode. A malicious DTLS client or server could use this flaw to crash its DTLS connection peer. (CVE-2012-2333) On SL6 this update also fixes an uninitialized variable use bug, introduced by the fix for CVE-2012-0884. This bug could possibly cause an attempt to create an encrypted message in the CMS (Cryptographic Message Syntax) format to fail. For the update to take effect all services linked to the OpenSSL library must be restarted. last seen 2020-03-18 modified 2012-08-01 plugin id 61320 published 2012-08-01 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/61320 title Scientific Linux Security Update : openssl on SL5.x, SL6.x i386/x86_64 (20120529) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text is (C) Scientific Linux. # include("compat.inc"); if (description) { script_id(61320); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2012-0884", "CVE-2012-2333"); script_name(english:"Scientific Linux Security Update : openssl on SL5.x, SL6.x i386/x86_64 (20120529)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Scientific Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "An integer underflow flaw, leading to a buffer over-read, was found in the way OpenSSL handled DTLS (Datagram Transport Layer Security) application data record lengths when using a block cipher in CBC (cipher-blockchaining) mode. A malicious DTLS client or server could use this flaw to crash its DTLS connection peer. (CVE-2012-2333) On SL6 this update also fixes an uninitialized variable use bug, introduced by the fix for CVE-2012-0884. This bug could possibly cause an attempt to create an encrypted message in the CMS (Cryptographic Message Syntax) format to fail. For the update to take effect all services linked to the OpenSSL library must be restarted." ); # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1205&L=scientific-linux-errata&T=0&P=1747 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?5e131a8f" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:openssl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:openssl-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:openssl-perl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:openssl-static"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/03/13"); script_set_attribute(attribute:"patch_publication_date", value:"2012/05/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Scientific Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux"); os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 6.x", "Scientific Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu); flag = 0; if (rpm_check(release:"SL5", reference:"openssl-0.9.8e-22.el5_8.4")) flag++; if (rpm_check(release:"SL5", reference:"openssl-devel-0.9.8e-22.el5_8.4")) flag++; if (rpm_check(release:"SL5", reference:"openssl-perl-0.9.8e-22.el5_8.4")) flag++; if (rpm_check(release:"SL6", reference:"openssl-1.0.0-20.el6_2.5")) flag++; if (rpm_check(release:"SL6", reference:"openssl-devel-1.0.0-20.el6_2.5")) flag++; if (rpm_check(release:"SL6", reference:"openssl-perl-1.0.0-20.el6_2.5")) flag++; if (rpm_check(release:"SL6", reference:"openssl-static-1.0.0-20.el6_2.5")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openssl / openssl-devel / openssl-perl / openssl-static"); }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2012-0699.NASL description Updated openssl packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. An integer underflow flaw, leading to a buffer over-read, was found in the way OpenSSL handled DTLS (Datagram Transport Layer Security) application data record lengths when using a block cipher in CBC (cipher-block chaining) mode. A malicious DTLS client or server could use this flaw to crash its DTLS connection peer. (CVE-2012-2333) Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Codenomicon as the original reporter. On Red Hat Enterprise Linux 6, this update also fixes an uninitialized variable use bug, introduced by the fix for CVE-2012-0884 (released via RHSA-2012:0426). This bug could possibly cause an attempt to create an encrypted message in the CMS (Cryptographic Message Syntax) format to fail. All OpenSSL users should upgrade to these updated packages, which contain a backported patch to resolve these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. last seen 2020-06-01 modified 2020-06-02 plugin id 59307 published 2012-05-30 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/59307 title RHEL 5 / 6 : openssl (RHSA-2012:0699) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2012:0699. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(59307); script_version ("1.18"); script_cvs_date("Date: 2019/10/24 15:35:35"); script_cve_id("CVE-2012-2333"); script_bugtraq_id(53476); script_xref(name:"RHSA", value:"2012:0699"); script_name(english:"RHEL 5 / 6 : openssl (RHSA-2012:0699)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated openssl packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. An integer underflow flaw, leading to a buffer over-read, was found in the way OpenSSL handled DTLS (Datagram Transport Layer Security) application data record lengths when using a block cipher in CBC (cipher-block chaining) mode. A malicious DTLS client or server could use this flaw to crash its DTLS connection peer. (CVE-2012-2333) Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Codenomicon as the original reporter. On Red Hat Enterprise Linux 6, this update also fixes an uninitialized variable use bug, introduced by the fix for CVE-2012-0884 (released via RHSA-2012:0426). This bug could possibly cause an attempt to create an encrypted message in the CMS (Cryptographic Message Syntax) format to fail. All OpenSSL users should upgrade to these updated packages, which contain a backported patch to resolve these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted." ); # https://rhn.redhat.com/errata/RHSA-2012-0426.html script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2012:0426" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2012:0699" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2012-2333" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openssl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openssl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openssl-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openssl-perl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openssl-static"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6.2"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/05/14"); script_set_attribute(attribute:"patch_publication_date", value:"2012/05/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/05/30"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^(5|6)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x / 6.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2012:0699"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL5", reference:"openssl-0.9.8e-22.el5_8.4")) flag++; if (rpm_check(release:"RHEL5", reference:"openssl-debuginfo-0.9.8e-22.el5_8.4")) flag++; if (rpm_check(release:"RHEL5", reference:"openssl-devel-0.9.8e-22.el5_8.4")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"openssl-perl-0.9.8e-22.el5_8.4")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"openssl-perl-0.9.8e-22.el5_8.4")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"openssl-perl-0.9.8e-22.el5_8.4")) flag++; if (rpm_check(release:"RHEL6", reference:"openssl-1.0.0-20.el6_2.5")) flag++; if (rpm_check(release:"RHEL6", reference:"openssl-debuginfo-1.0.0-20.el6_2.5")) flag++; if (rpm_check(release:"RHEL6", reference:"openssl-devel-1.0.0-20.el6_2.5")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"openssl-perl-1.0.0-20.el6_2.5")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"openssl-perl-1.0.0-20.el6_2.5")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"openssl-perl-1.0.0-20.el6_2.5")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"openssl-static-1.0.0-20.el6_2.5")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"openssl-static-1.0.0-20.el6_2.5")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"openssl-static-1.0.0-20.el6_2.5")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openssl / openssl-debuginfo / openssl-devel / openssl-perl / etc"); } }NASL family Web Servers NASL id OPENSSL_1_0_0H.NASL description According to its banner, the remote web server is running OpenSSL version 1.0.0 prior to version 1.0.0h. As such, it reportedly is affected by the following vulnerabilities : - An error exists in the function last seen 2020-06-01 modified 2020-06-02 plugin id 58565 published 2012-04-02 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/58565 title OpenSSL 1.0.0 < 1.0.0h Multiple Vulnerabilities NASL family Fedora Local Security Checks NASL id FEDORA_2012-4630.NASL description This minor update from upstream fixes two security vulnerabilities with moderate and low impact. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-04-12 plugin id 58697 published 2012-04-12 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/58697 title Fedora 17 : openssl-1.0.0h-1.fc17 (2012-4630) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2012-62.NASL description A NULL pointer dereference flaw was found in the way OpenSSL parsed Secure/Multipurpose Internet Mail Extensions (S/MIME) messages. An attacker could use this flaw to crash an application that uses OpenSSL to decrypt or verify S/MIME messages. (CVE-2012-1165) A flaw was found in the PKCS#7 and Cryptographic Message Syntax (CMS) implementations in OpenSSL. An attacker could possibly use this flaw to perform a Bleichenbacher attack to decrypt an encrypted CMS, PKCS#7, or S/MIME message by sending a large number of chosen ciphertext messages to a service using OpenSSL and measuring error response times. (CVE-2012-0884) last seen 2020-06-01 modified 2020-06-02 plugin id 69669 published 2013-09-04 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/69669 title Amazon Linux AMI : openssl (ALAS-2012-62) NASL family SuSE Local Security Checks NASL id SUSE_11_LIBOPENSSL-DEVEL-120328.NASL description The following security issues have been fixed : - Specially crafted MIME headers could cause openssl last seen 2020-06-05 modified 2012-04-11 plugin id 58678 published 2012-04-11 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/58678 title SuSE 11.1 Security Update : OpenSSL (SAT Patch Number 6054) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2014-0008.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - fix for CVE-2014-0224 - SSL/TLS MITM vulnerability - replace expired GlobalSign Root CA certificate in ca-bundle.crt - fix for CVE-2013-0169 - SSL/TLS CBC timing attack (#907589) - fix for CVE-2013-0166 - DoS in OCSP signatures checking (#908052) - enable compression only if explicitly asked for or OPENSSL_DEFAULT_ZLIB environment variable is set (fixes CVE-2012-4929 #857051) - use __secure_getenv everywhere instead of getenv (#839735) - fix for CVE-2012-2333 - improper checking for record length in DTLS (#820686) - fix for CVE-2012-2110 - memory corruption in asn1_d2i_read_bio (#814185) - fix problem with the SGC restart patch that might terminate handshake incorrectly - fix for CVE-2012-0884 - MMA weakness in CMS and PKCS#7 code (#802725) - fix for CVE-2012-1165 - NULL read dereference on bad MIME headers (#802489) - fix for CVE-2011-4108 & CVE-2012-0050 - DTLS plaintext recovery vulnerability and additional DTLS fixes (#771770) - fix for CVE-2011-4109 - double free in policy checks (#771771) - fix for CVE-2011-4576 - uninitialized SSL 3.0 padding (#771775) - fix for CVE-2011-4619 - SGC restart DoS attack (#771780) - add known answer test for SHA2 algorithms (#740866) - make default private key length in certificate Makefile 2048 bits (can be changed with PRIVATE_KEY_BITS setting) (#745410) - fix incorrect return value in parse_yesno (#726593) - added DigiCert CA certificates to ca-bundle (#735819) - added a new section about error states to README.FIPS (#628976) - add missing DH_check_pub_key call when DH key is computed (#698175) - presort list of ciphers available in SSL (#688901) - accept connection in s_server even if getaddrinfo fails (#561260) - point to openssl dgst for list of supported digests (#608639) - fix handling of future TLS versions (#599112) - added VeriSign Class 3 Public Primary Certification Authority - G5 and StartCom Certification Authority certs to ca-bundle (#675671, #617856) - upstream fixes for the CHIL engine (#622003, #671484) - add SHA-2 hashes in SSL_library_init (#676384) - fix CVE-2010-4180 - completely disable code for SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG (#659462) - fix CVE-2009-3245 - add missing bn_wexpand return checks (#570924) - fix CVE-2010-0433 - do not pass NULL princ to krb5_kt_get_entry which in the RHEL-5 and newer versions will crash in such case (#569774) - fix CVE-2009-3555 - support the safe renegotiation extension and do not allow legacy renegotiation on the server by default (#533125) - fix CVE-2009-2409 - drop MD2 algorithm from EVP tables (#510197) - fix CVE-2009-4355 - do not leak memory when CRYPTO_cleanup_all_ex_data is called prematurely by application (#546707) last seen 2020-06-01 modified 2020-06-02 plugin id 79532 published 2014-11-26 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79532 title OracleVM 3.2 : onpenssl (OVMSA-2014-0008) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2012-0531.NASL description An updated rhev-hypervisor6 package that fixes three security issues and one bug is now available. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A flaw was found in the way libtasn1 decoded DER data. An attacker could create carefully-crafted DER encoded input (such as an X.509 certificate) that, when parsed by an application that uses libtasn1 (such as applications using GnuTLS), could cause the application to crash. (CVE-2012-1569) A flaw was found in the way GnuTLS decrypted malformed TLS records. This could cause a TLS/SSL client or server to crash when processing a specially crafted TLS record from a remote TLS/SSL connection peer. (CVE-2012-1573) An integer overflow flaw was found in the implementation of the printf functions family. This could allow an attacker to bypass FORTIFY_SOURCE protections and execute arbitrary code using a format string flaw in an application, even though these protections are expected to limit the impact of such flaws to an application abort. (CVE-2012-0864) Red Hat would like to thank Matthew Hall of Mu Dynamics for reporting CVE-2012-1569 and CVE-2012-1573. This updated package provides updated components that include fixes for various security issues. These issues have no security impact on Red Hat Enterprise Virtualization Hypervisor itself, however. The security fixes included in this update address the following CVE numbers : CVE-2011-4128 (gnutls issue) CVE-2012-0879, CVE-2012-1090, and CVE-2012-1097 (kernel issues) CVE-2012-0884 and CVE-2012-1165 (openssl issues) CVE-2012-0060, CVE-2012-0061, and CVE-2012-0815 (rpm issues) This update also fixes the following bug : * The Hypervisor previously set the lro_disable option for the enic driver. The driver does not support this option, as a result the Hypervisor did not correctly detect and configure the network interfaces of a Cisco M81KR adaptor, when present. The Hypervisor has been updated and no longer sets the invalid option for this driver. (BZ#809463) Users of Red Hat Enterprise Virtualization Hypervisor are advised to upgrade to this updated package, which fixes these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 78922 published 2014-11-08 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78922 title RHEL 6 : rhev-hypervisor6 (RHSA-2012:0531) NASL family SuSE Local Security Checks NASL id SUSE_11_LIBOPENSSL-DEVEL-120327.NASL description The following security issues have been fixed : - Specially crafted MIME headers could cause openssl last seen 2020-06-05 modified 2012-04-11 plugin id 58677 published 2012-04-11 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/58677 title SuSE 11.1 Security Update : OpenSSL (SAT Patch Number 6054) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2012-0426.NASL description Updated openssl packages that fix two security issues and one bug are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. A NULL pointer dereference flaw was found in the way OpenSSL parsed Secure/Multipurpose Internet Mail Extensions (S/MIME) messages. An attacker could use this flaw to crash an application that uses OpenSSL to decrypt or verify S/MIME messages. (CVE-2012-1165) A flaw was found in the PKCS#7 and Cryptographic Message Syntax (CMS) implementations in OpenSSL. An attacker could possibly use this flaw to perform a Bleichenbacher attack to decrypt an encrypted CMS, PKCS#7, or S/MIME message by sending a large number of chosen ciphertext messages to a service using OpenSSL and measuring error response times. (CVE-2012-0884) This update also fixes a regression caused by the fix for CVE-2011-4619, released via RHSA-2012:0060 and RHSA-2012:0059, which caused Server Gated Cryptography (SGC) handshakes to fail. All OpenSSL users should upgrade to these updated packages, which contain backported patches to resolve these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. last seen 2020-04-16 modified 2012-03-28 plugin id 58507 published 2012-03-28 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/58507 title RHEL 5 / 6 : openssl (RHSA-2012:0426) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2012-0426.NASL description From Red Hat Security Advisory 2012:0426 : Updated openssl packages that fix two security issues and one bug are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. A NULL pointer dereference flaw was found in the way OpenSSL parsed Secure/Multipurpose Internet Mail Extensions (S/MIME) messages. An attacker could use this flaw to crash an application that uses OpenSSL to decrypt or verify S/MIME messages. (CVE-2012-1165) A flaw was found in the PKCS#7 and Cryptographic Message Syntax (CMS) implementations in OpenSSL. An attacker could possibly use this flaw to perform a Bleichenbacher attack to decrypt an encrypted CMS, PKCS#7, or S/MIME message by sending a large number of chosen ciphertext messages to a service using OpenSSL and measuring error response times. (CVE-2012-0884) This update also fixes a regression caused by the fix for CVE-2011-4619, released via RHSA-2012:0060 and RHSA-2012:0059, which caused Server Gated Cryptography (SGC) handshakes to fail. All OpenSSL users should upgrade to these updated packages, which contain backported patches to resolve these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. last seen 2020-06-01 modified 2020-06-02 plugin id 68501 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68501 title Oracle Linux 5 / 6 : openssl (ELSA-2012-0426) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1451-1.NASL description Ivan Nestlerode discovered that the Cryptographic Message Syntax (CMS) and PKCS #7 implementations in OpenSSL returned early if RSA decryption failed. This could allow an attacker to expose sensitive information via a Million Message Attack (MMA). (CVE-2012-0884) It was discovered that an integer underflow was possible when using TLS 1.1, TLS 1.2, or DTLS with CBC encryption. This could allow a remote attacker to cause a denial of service. (CVE-2012-2333). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 59289 published 2012-05-29 reporter Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/59289 title Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : openssl vulnerabilities (USN-1451-1) NASL family Fedora Local Security Checks NASL id FEDORA_2012-4665.NASL description This minor update from upstream fixes two security vulnerabilities with moderate and low impact. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-04-11 plugin id 58669 published 2012-04-11 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/58669 title Fedora 16 : openssl-1.0.0h-1.fc16 (2012-4665) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2014-0007.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - fix for CVE-2014-0224 - SSL/TLS MITM vulnerability - replace expired GlobalSign Root CA certificate in ca-bundle.crt - fix for CVE-2013-0169 - SSL/TLS CBC timing attack (#907589) - fix for CVE-2013-0166 - DoS in OCSP signatures checking (#908052) - enable compression only if explicitly asked for or OPENSSL_DEFAULT_ZLIB environment variable is set (fixes CVE-2012-4929 #857051) - use __secure_getenv everywhere instead of getenv (#839735) - fix for CVE-2012-2333 - improper checking for record length in DTLS (#820686) - fix for CVE-2012-2110 - memory corruption in asn1_d2i_read_bio (#814185) - fix problem with the SGC restart patch that might terminate handshake incorrectly - fix for CVE-2012-0884 - MMA weakness in CMS and PKCS#7 code (#802725) - fix for CVE-2012-1165 - NULL read dereference on bad MIME headers (#802489) - fix for CVE-2011-4108 & CVE-2012-0050 - DTLS plaintext recovery vulnerability and additional DTLS fixes (#771770) - fix for CVE-2011-4109 - double free in policy checks (#771771) - fix for CVE-2011-4576 - uninitialized SSL 3.0 padding (#771775) - fix for CVE-2011-4619 - SGC restart DoS attack (#771780) - add known answer test for SHA2 algorithms (#740866) - make default private key length in certificate Makefile 2048 bits (can be changed with PRIVATE_KEY_BITS setting) (#745410) - fix incorrect return value in parse_yesno (#726593) - added DigiCert CA certificates to ca-bundle (#735819) - added a new section about error states to README.FIPS (#628976) - add missing DH_check_pub_key call when DH key is computed (#698175) - presort list of ciphers available in SSL (#688901) - accept connection in s_server even if getaddrinfo fails (#561260) - point to openssl dgst for list of supported digests (#608639) - fix handling of future TLS versions (#599112) - added VeriSign Class 3 Public Primary Certification Authority - G5 and StartCom Certification Authority certs to ca-bundle (#675671, #617856) - upstream fixes for the CHIL engine (#622003, #671484) - add SHA-2 hashes in SSL_library_init (#676384) - fix CVE-2010-4180 - completely disable code for SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG (#659462) - fix CVE-2009-3245 - add missing bn_wexpand return checks (#570924) - fix CVE-2010-0433 - do not pass NULL princ to krb5_kt_get_entry which in the RHEL-5 and newer versions will crash in such case (#569774) - fix CVE-2009-3555 - support the safe renegotiation extension and do not allow legacy renegotiation on the server by default (#533125) - fix CVE-2009-2409 - drop MD2 algorithm from EVP tables (#510197) - fix CVE-2009-4355 - do not leak memory when CRYPTO_cleanup_all_ex_data is called prematurely by application (#546707) last seen 2020-06-01 modified 2020-06-02 plugin id 79531 published 2014-11-26 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79531 title OracleVM 2.2 : openssl (OVMSA-2014-0007) NASL family Scientific Linux Local Security Checks NASL id SL_20120327_OPENSSL_ON_SL5_X.NASL description OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. A NULL pointer dereference flaw was found in the way OpenSSL parsed Secure/Multipurpose Internet Mail Extensions (S/MIME) messages. An attacker could use this flaw to crash an application that uses OpenSSL to decrypt or verify S/MIME messages. (CVE-2012-1165) A flaw was found in the PKCS#7 and Cryptographic Message Syntax (CMS) implementations in OpenSSL. An attacker could possibly use this flaw to perform a Bleichenbacher attack to decrypt an encrypted CMS, PKCS#7, or S/MIME message by sending a large number of chosen ciphertext messages to a service using OpenSSL and measuring error response times. (CVE-2012-0884) This update also fixes a regression caused by the fix for CVE-2011-4619, released in a previous update, which caused Server Gated Cryptography (SGC) handshakes to fail. All OpenSSL users should upgrade to these updated packages, which contain backported patches to resolve these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. last seen 2020-03-18 modified 2012-08-01 plugin id 61293 published 2012-08-01 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/61293 title Scientific Linux Security Update : openssl on SL5.x, SL6.x i386/x86_64 (20120327) NASL family Fedora Local Security Checks NASL id FEDORA_2012-4659.NASL description This minor update from upstream fixes two security vulnerabilities with moderate and low impact. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-04-12 plugin id 58699 published 2012-04-12 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/58699 title Fedora 15 : openssl-1.0.0h-1.fc15 (2012-4659) NASL family SuSE Local Security Checks NASL id OPENSUSE-2013-153.NASL description openssl was updated to 1.0.0k security release to fix bugs and security issues. (bnc#802648 bnc#802746) The version was upgraded to avoid backporting the large fixes for SSL, TLS and DTLS Plaintext Recovery Attack (CVE-2013-0169) TLS 1.1 and 1.2 AES-NI crash (CVE-2012-2686) OCSP invalid key DoS issue (CVE-2013-0166) Also the following bugfix was included: bnc#757773 - c_rehash to accept more filename extensions last seen 2020-06-05 modified 2014-06-13 plugin id 74901 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74901 title openSUSE Security Update : openssl (openSUSE-SU-2013:0336-1) NASL family Junos Local Security Checks NASL id JUNIPER_SPACE_JSA10659.NASL description According to its self-reported version number, the remote Junos Space version is prior to 14.1R1. It is, therefore, affected by multiple vulnerabilities in bundled third party software components : - Multiple vulnerabilities in the bundled OpenSSL CentOS package. (CVE-2011-4109, CVE-2011-4576, CVE-2011-4619, CVE-2012-0884, CVE-2012-2110, CVE-2012-2333, CVE-2013-0166, CVE-2013-0169, CVE-2014-0224) - Multiple vulnerabilities in Oracle MySQL. (CVE-2013-5908) - Multiple vulnerabilities in the Oracle Java runtime. (CVE-2014-0411, CVE-2014-0423, CVE-2014-4244, CVE-2014-0453, CVE-2014-0460, CVE-2014-4263, CVE-2014-4264) last seen 2020-06-01 modified 2020-06-02 plugin id 80197 published 2014-12-22 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/80197 title Juniper Junos Space < 14.1R1 Multiple Vulnerabilities (JSA10659) NASL family Fedora Local Security Checks NASL id FEDORA_2012-18035.NASL description Update to 1.0.1c and synced all patches with Fedora openssl-1.0.1c-7.fc19 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-11-26 plugin id 63031 published 2012-11-26 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63031 title Fedora 18 : mingw-openssl-1.0.1c-1.fc18 (2012-18035) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2012-0488.NASL description An updated rhev-hypervisor5 package that fixes three security issues and one bug is now available. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The rhev-hypervisor5 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A flaw was found in the way libtasn1 decoded DER data. An attacker could create a carefully-crafted X.509 certificate that, when parsed by an application that uses GnuTLS, could cause the application to crash. (CVE-2012-1569) A flaw was found in the way GnuTLS decrypted malformed TLS records. This could cause a TLS/SSL client or server to crash when processing a specially crafted TLS record from a remote TLS/SSL connection peer. (CVE-2012-1573) An integer overflow flaw was found in the implementation of the printf functions family. This could allow an attacker to bypass FORTIFY_SOURCE protections and execute arbitrary code using a format string flaw in an application, even though these protections are expected to limit the impact of such flaws to an application abort. (CVE-2012-0864) Red Hat would like to thank Matthew Hall of Mu Dynamics for reporting CVE-2012-1569 and CVE-2012-1573. This updated package provides updated components that include fixes for various security issues. These issues have no security impact on Red Hat Enterprise Virtualization Hypervisor itself, however. The security fixes included in this update address the following CVE numbers : CVE-2011-4128 (gnutls issue) CVE-2012-1583 (kernel issue) CVE-2011-3045 (libpng issue) CVE-2012-0884 and CVE-2012-1165 (openssl issues) Further information on the changes made to the package is available on the relevant errata : https://rhn.redhat.com/errata/RHBA-2012-0398.html Users of Red Hat Enterprise Virtualization Hypervisor are advised to upgrade to this updated package, which fixes these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 79286 published 2014-11-17 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79286 title RHEL 5 : rhev-hypervisor5 (RHSA-2012:0488) NASL family AIX Local Security Checks NASL id AIX_OPENSSL_ADVISORY4.NASL description The version of OpenSSL running on the remote host is affected by the following vulnerabilities : - The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Million Message Attack (MMA) adaptive chosen ciphertext attack. (CVE-2012-0884) - The mime_param_cmp function in crypto/asn1/asn_mime.c in OpenSSL allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message, a different vulnerability than CVE-2006-7250. (CVE-2012-1165) - The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key. (CVE-2012-2110) - Multiple integer signedness errors in crypto/buffer/buffer.c in OpenSSL allow remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2110. (CVE-2012-2131) - Integer underflow in OpenSSL when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over- read) or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit IV calculation. (CVE-2012-2333) last seen 2020-06-01 modified 2020-06-02 plugin id 73562 published 2014-04-16 reporter This script is Copyright (C) 2014-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/73562 title AIX OpenSSL Advisory : openssl_advisory4.asc NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2012-0699.NASL description From Red Hat Security Advisory 2012:0699 : Updated openssl packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. An integer underflow flaw, leading to a buffer over-read, was found in the way OpenSSL handled DTLS (Datagram Transport Layer Security) application data record lengths when using a block cipher in CBC (cipher-block chaining) mode. A malicious DTLS client or server could use this flaw to crash its DTLS connection peer. (CVE-2012-2333) Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Codenomicon as the original reporter. On Red Hat Enterprise Linux 6, this update also fixes an uninitialized variable use bug, introduced by the fix for CVE-2012-0884 (released via RHSA-2012:0426). This bug could possibly cause an attempt to create an encrypted message in the CMS (Cryptographic Message Syntax) format to fail. All OpenSSL users should upgrade to these updated packages, which contain a backported patch to resolve these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. last seen 2020-06-01 modified 2020-06-02 plugin id 68533 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68533 title Oracle Linux 5 / 6 : openssl (ELSA-2012-0699) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2012-0426.NASL description Updated openssl packages that fix two security issues and one bug are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. A NULL pointer dereference flaw was found in the way OpenSSL parsed Secure/Multipurpose Internet Mail Extensions (S/MIME) messages. An attacker could use this flaw to crash an application that uses OpenSSL to decrypt or verify S/MIME messages. (CVE-2012-1165) A flaw was found in the PKCS#7 and Cryptographic Message Syntax (CMS) implementations in OpenSSL. An attacker could possibly use this flaw to perform a Bleichenbacher attack to decrypt an encrypted CMS, PKCS#7, or S/MIME message by sending a large number of chosen ciphertext messages to a service using OpenSSL and measuring error response times. (CVE-2012-0884) This update also fixes a regression caused by the fix for CVE-2011-4619, released via RHSA-2012:0060 and RHSA-2012:0059, which caused Server Gated Cryptography (SGC) handshakes to fail. All OpenSSL users should upgrade to these updated packages, which contain backported patches to resolve these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. last seen 2020-06-01 modified 2020-06-02 plugin id 58502 published 2012-03-28 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/58502 title CentOS 5 / 6 : openssl (CESA-2012:0426) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2012-038.NASL description Multiple vulnerabilities has been found and corrected in openssl : The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Million Message Attack (MMA) adaptive chosen ciphertext attack (CVE-2012-0884). The mime_param_cmp function in crypto/asn1/asn_mime.c in OpenSSL before 0.9.8u and 1.x before 1.0.0h allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message, a different vulnerability than CVE-2006-7250 (CVE-2012-1165). The updated packages have been patched to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 58490 published 2012-03-27 reporter This script is Copyright (C) 2012-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/58490 title Mandriva Linux Security Advisory : openssl (MDVSA-2012:038) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201312-03.NASL description The remote host is affected by the vulnerability described in GLSA-201312-03 (OpenSSL: Multiple Vulnerabilities) Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced below for details. Impact : Remote attackers can determine private keys, decrypt data, cause a Denial of Service or possibly have other unspecified impact. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 71169 published 2013-12-03 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/71169 title GLSA-201312-03 : OpenSSL: Multiple Vulnerabilities NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_60EB344E6EB111E18AD700E0815B8DA8.NASL description The OpenSSL Team reports : A weakness in the OpenSSL CMS and PKCS #7 code can be exploited using Bleichenbacher last seen 2020-06-01 modified 2020-06-02 plugin id 58360 published 2012-03-16 reporter This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/58360 title FreeBSD : OpenSSL -- CMS and S/MIME Bleichenbacher attack (60eb344e-6eb1-11e1-8ad7-00e0815b8da8)
Redhat
| advisories |
| ||||||||||||||||||||||||
| rpms |
|
References
- http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077086.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077221.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077666.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html
- http://marc.info/?l=bugtraq&m=133728068926468&w=2
- http://marc.info/?l=bugtraq&m=133951357207000&w=2
- http://marc.info/?l=bugtraq&m=134039053214295&w=2
- http://rhn.redhat.com/errata/RHSA-2012-0426.html
- http://rhn.redhat.com/errata/RHSA-2012-0488.html
- http://rhn.redhat.com/errata/RHSA-2012-0531.html
- http://rhn.redhat.com/errata/RHSA-2012-1306.html
- http://rhn.redhat.com/errata/RHSA-2012-1307.html
- http://rhn.redhat.com/errata/RHSA-2012-1308.html
- http://secunia.com/advisories/48580
- http://secunia.com/advisories/48895
- http://secunia.com/advisories/48916
- http://secunia.com/advisories/57353
- http://www.debian.org/security/2012/dsa-2454
- http://www.kb.cert.org/vuls/id/737740
- http://www.openssl.org/news/secadv_20120312.txt
- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564
- https://downloads.avaya.com/css/P8/documents/100162507
- https://hermes.opensuse.org/messages/14330767