Vulnerabilities > CVE-2013-0166 - Cryptographic Issues vulnerability in multiple products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Signature Spoofing by Key Recreation An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Nessus
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2014-0416.NASL description Updated rhevm-spice-client packages that fix multiple security issues are now available for Red Hat Enterprise Virtualization Manager 3. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Red Hat Enterprise Virtualization Manager provides access to virtual machines using SPICE. These SPICE client packages provide the SPICE client and usbclerk service for both Windows 32-bit operating systems and Windows 64-bit operating systems. The rhevm-spice-client package includes the mingw-virt-viewer Windows SPICE client. OpenSSL, a general purpose cryptography library with a TLS implementation, is bundled with mingw-virt-viewer. The mingw-virt-viewer package has been updated to correct the following issues : An information disclosure flaw was found in the way OpenSSL handled TLS and DTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server could send a specially crafted TLS or DTLS Heartbeat packet to disclose a limited portion of memory per request from a connected client or server. Note that the disclosed portions of memory could potentially include sensitive information such as private keys. (CVE-2014-0160) It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2013-0169) A NULL pointer dereference flaw was found in the way OpenSSL handled TLS/SSL protocol handshake packets. A specially crafted handshake packet could cause a TLS/SSL client using OpenSSL to crash. (CVE-2013-4353) It was discovered that the TLS/SSL protocol could leak information about plain text when optional compression was used. An attacker able to control part of the plain text sent over an encrypted TLS/SSL connection could possibly use this flaw to recover other portions of the plain text. (CVE-2012-4929) Red Hat would like to thank the OpenSSL project for reporting CVE-2014-0160. Upstream acknowledges Neel Mehta of Google Security as the original reporter. The updated mingw-virt-viewer Windows SPICE client further includes OpenSSL security fixes that have no security impact on mingw-virt-viewer itself. The security fixes included in this update address the following CVE numbers : CVE-2013-6449, CVE-2013-6450, CVE-2012-2686, and CVE-2013-0166 All Red Hat Enterprise Virtualization Manager users are advised to upgrade to these updated packages, which address these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 79013 published 2014-11-08 reporter This script is Copyright (C) 2014-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/79013 title RHEL 6 : rhevm-spice-client (RHSA-2014:0416) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2014:0416. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(79013); script_version("1.9"); script_cvs_date("Date: 2019/10/24 15:35:38"); script_cve_id("CVE-2012-2686", "CVE-2012-4929", "CVE-2013-0166", "CVE-2013-0169", "CVE-2013-4353", "CVE-2013-6449", "CVE-2013-6450", "CVE-2014-0160"); script_bugtraq_id(55704, 57755, 57778, 60268, 64530, 64618, 64691, 66690); script_xref(name:"RHSA", value:"2014:0416"); script_name(english:"RHEL 6 : rhevm-spice-client (RHSA-2014:0416)"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated rhevm-spice-client packages that fix multiple security issues are now available for Red Hat Enterprise Virtualization Manager 3. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Red Hat Enterprise Virtualization Manager provides access to virtual machines using SPICE. These SPICE client packages provide the SPICE client and usbclerk service for both Windows 32-bit operating systems and Windows 64-bit operating systems. The rhevm-spice-client package includes the mingw-virt-viewer Windows SPICE client. OpenSSL, a general purpose cryptography library with a TLS implementation, is bundled with mingw-virt-viewer. The mingw-virt-viewer package has been updated to correct the following issues : An information disclosure flaw was found in the way OpenSSL handled TLS and DTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server could send a specially crafted TLS or DTLS Heartbeat packet to disclose a limited portion of memory per request from a connected client or server. Note that the disclosed portions of memory could potentially include sensitive information such as private keys. (CVE-2014-0160) It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2013-0169) A NULL pointer dereference flaw was found in the way OpenSSL handled TLS/SSL protocol handshake packets. A specially crafted handshake packet could cause a TLS/SSL client using OpenSSL to crash. (CVE-2013-4353) It was discovered that the TLS/SSL protocol could leak information about plain text when optional compression was used. An attacker able to control part of the plain text sent over an encrypted TLS/SSL connection could possibly use this flaw to recover other portions of the plain text. (CVE-2012-4929) Red Hat would like to thank the OpenSSL project for reporting CVE-2014-0160. Upstream acknowledges Neel Mehta of Google Security as the original reporter. The updated mingw-virt-viewer Windows SPICE client further includes OpenSSL security fixes that have no security impact on mingw-virt-viewer itself. The security fixes included in this update address the following CVE numbers : CVE-2013-6449, CVE-2013-6450, CVE-2012-2686, and CVE-2013-0166 All Red Hat Enterprise Virtualization Manager users are advised to upgrade to these updated packages, which address these issues." ); script_set_attribute( attribute:"see_also", value:"http://rhn.redhat.com/errata/RHSA-2014-0416.html" ); script_set_attribute( attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2013-0169.html" ); script_set_attribute( attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2012-4929.html" ); script_set_attribute( attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2013-4353.html" ); script_set_attribute( attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2014-0160.html" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:N"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rhevm-spice-client-x64-cab"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rhevm-spice-client-x64-msi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rhevm-spice-client-x86-cab"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rhevm-spice-client-x86-msi"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/09/14"); script_set_attribute(attribute:"patch_publication_date", value:"2014/04/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/08"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 Tenable Network Security, Inc."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = eregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! ereg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); flag = 0; if (rpm_exists(rpm:"rhevm-spice-client-x64-cab-3\.3-", release:"RHEL6") && rpm_check(release:"RHEL6", reference:"rhevm-spice-client-x64-cab-3.3-12.el6_5")) flag++; if (rpm_exists(rpm:"rhevm-spice-client-x64-msi-3\.3-", release:"RHEL6") && rpm_check(release:"RHEL6", reference:"rhevm-spice-client-x64-msi-3.3-12.el6_5")) flag++; if (rpm_exists(rpm:"rhevm-spice-client-x86-cab-3\.3-", release:"RHEL6") && rpm_check(release:"RHEL6", reference:"rhevm-spice-client-x86-cab-3.3-12.el6_5")) flag++; if (rpm_exists(rpm:"rhevm-spice-client-x86-msi-3\.3-", release:"RHEL6") && rpm_check(release:"RHEL6", reference:"rhevm-spice-client-x86-msi-3.3-12.el6_5")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "rhevm-spice-client-x64-cab-3.3 / rhevm-spice-client-x64-msi-3.3 / etc"); }
NASL family SuSE Local Security Checks NASL id OPENSUSE-2016-294.NASL description This update for libopenssl0_9_8 fixes the following issues : - CVE-2016-0800 aka the last seen 2020-06-05 modified 2016-03-04 plugin id 89651 published 2016-03-04 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/89651 title openSUSE Security Update : libopenssl0_9_8 (openSUSE-2016-294) (DROWN) (FREAK) (POODLE) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2016-294. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(89651); script_version("1.20"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2013-0166", "CVE-2013-0169", "CVE-2014-0076", "CVE-2014-0195", "CVE-2014-0221", "CVE-2014-0224", "CVE-2014-3470", "CVE-2014-3505", "CVE-2014-3506", "CVE-2014-3507", "CVE-2014-3508", "CVE-2014-3510", "CVE-2014-3566", "CVE-2014-3567", "CVE-2014-3568", "CVE-2014-3569", "CVE-2014-3570", "CVE-2014-3571", "CVE-2014-3572", "CVE-2014-8275", "CVE-2015-0204", "CVE-2015-0209", "CVE-2015-0286", "CVE-2015-0287", "CVE-2015-0288", "CVE-2015-0289", "CVE-2015-0293", "CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-3195", "CVE-2015-3197", "CVE-2016-0797", "CVE-2016-0799", "CVE-2016-0800"); script_name(english:"openSUSE Security Update : libopenssl0_9_8 (openSUSE-2016-294) (DROWN) (FREAK) (POODLE)"); script_summary(english:"Check for the openSUSE-2016-294 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for libopenssl0_9_8 fixes the following issues : - CVE-2016-0800 aka the 'DROWN' attack (bsc#968046): OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA padding oracle. This update changes the openssl library to : - Disable SSLv2 protocol support by default. This can be overridden by setting the environment variable 'OPENSSL_ALLOW_SSL2' or by using SSL_CTX_clear_options using the SSL_OP_NO_SSLv2 flag. Note that various services and clients had already disabled SSL protocol 2 by default previously. - Disable all weak EXPORT ciphers by default. These can be reenabled if required by old legacy software using the environment variable 'OPENSSL_ALLOW_EXPORT'. - CVE-2016-0797 (bnc#968048): The BN_hex2bn() and BN_dec2bn() functions had a bug that could result in an attempt to de-reference a NULL pointer leading to crashes. This could have security consequences if these functions were ever called by user applications with large untrusted hex/decimal data. Also, internal usage of these functions in OpenSSL uses data from config files or application command line arguments. If user developed applications generated config file data based on untrusted data, then this could have had security consequences as well. - CVE-2016-0799 (bnc#968374) On many 64 bit systems, the internal fmtstr() and doapr_outch() functions could miscalculate the length of a string and attempt to access out-of-bounds memory locations. These problems could have enabled attacks where large amounts of untrusted data is passed to the BIO_*printf functions. If applications use these functions in this way then they could have been vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could have been vulnerable if the data is from untrusted sources. OpenSSL command line applications could also have been vulnerable when they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable. - The package was updated to 0.9.8zh : - fixes many security vulnerabilities (not separately listed): CVE-2015-3195, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1792, CVE-2015-1791, CVE-2015-0286, CVE-2015-0287, CVE-2015-0289, CVE-2015-0293, CVE-2015-0209, CVE-2015-0288, CVE-2014-3571, CVE-2014-3569, CVE-2014-3572, CVE-2015-0204, CVE-2014-8275, CVE-2014-3570, CVE-2014-3567, CVE-2014-3568, CVE-2014-3566, CVE-2014-3510, CVE-2014-3507, CVE-2014-3506, CVE-2014-3505, CVE-2014-3508, CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-3470, CVE-2014-0076, CVE-2013-0169, CVE-2013-0166 - avoid running OPENSSL_config twice. This avoids breaking engine loading. (boo#952871, boo#967787) - fix CVE-2015-3197 (boo#963415) - SSLv2 doesn't block disabled ciphers" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=952871" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=963415" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=967787" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=968046" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=968048" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=968374" ); script_set_attribute( attribute:"solution", value:"Update the affected libopenssl0_9_8 packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libopenssl0_9_8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libopenssl0_9_8-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libopenssl0_9_8-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libopenssl0_9_8-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libopenssl0_9_8-debugsource"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.1"); script_set_attribute(attribute:"patch_publication_date", value:"2016/03/03"); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/03/04"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE13\.2|SUSE42\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.2 / 42.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE13.2", reference:"libopenssl0_9_8-0.9.8zh-9.3.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"libopenssl0_9_8-debuginfo-0.9.8zh-9.3.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"libopenssl0_9_8-debugsource-0.9.8zh-9.3.1") ) flag++; if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libopenssl0_9_8-32bit-0.9.8zh-9.3.1") ) flag++; if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libopenssl0_9_8-debuginfo-32bit-0.9.8zh-9.3.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libopenssl0_9_8-0.9.8zh-14.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libopenssl0_9_8-debuginfo-0.9.8zh-14.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libopenssl0_9_8-debugsource-0.9.8zh-14.1") ) flag++; if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"libopenssl0_9_8-32bit-0.9.8zh-14.1") ) flag++; if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"libopenssl0_9_8-debuginfo-32bit-0.9.8zh-14.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libopenssl0_9_8 / libopenssl0_9_8-32bit / libopenssl0_9_8-debuginfo / etc"); }
NASL family Web Servers NASL id OPENSSL_0_9_8Y.NASL description According to its banner, the remote web server is running a version of OpenSSL prior to 0.9.8y. The OpenSSL library is, therefore, reportedly affected by the following vulnerabilities : - An error exists related to the handling of OCSP response verification that could allow denial of service attacks. (CVE-2013-0166) - An error exists related to the SSL/TLS/DTLS protocols, CBC mode encryption and response time. An attacker could obtain plaintext contents of encrypted traffic via timing attacks. (CVE-2013-0169) last seen 2020-06-01 modified 2020-06-02 plugin id 64532 published 2013-02-09 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/64532 title OpenSSL < 0.9.8y Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(64532); script_version("1.16"); script_cvs_date("Date: 2019/12/04"); script_cve_id("CVE-2013-0166", "CVE-2013-0169"); script_bugtraq_id(57778, 60268); script_name(english:"OpenSSL < 0.9.8y Multiple Vulnerabilities"); script_summary(english:"Does a banner check"); script_set_attribute(attribute:"synopsis", value: "The remote host may be affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "According to its banner, the remote web server is running a version of OpenSSL prior to 0.9.8y. The OpenSSL library is, therefore, reportedly affected by the following vulnerabilities : - An error exists related to the handling of OCSP response verification that could allow denial of service attacks. (CVE-2013-0166) - An error exists related to the SSL/TLS/DTLS protocols, CBC mode encryption and response time. An attacker could obtain plaintext contents of encrypted traffic via timing attacks. (CVE-2013-0169)"); script_set_attribute(attribute:"see_also", value:"https://www.openssl.org/news/secadv/20130204.txt"); script_set_attribute(attribute:"solution", value: "Upgrade to OpenSSL 0.9.8y or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-0169"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/02/04"); script_set_attribute(attribute:"patch_publication_date", value:"2013/02/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/02/09"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:openssl:openssl"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Web Servers"); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("openssl_version.nasl"); script_require_keys("openssl/port"); exit(0); } include("openssl_version.inc"); openssl_check_version(fixed:'0.9.8y', severity:SECURITY_NOTE);
NASL family Scientific Linux Local Security Checks NASL id SL_20130304_OPENSSL_ON_SL5_X.NASL description It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2013-0169) A NULL pointer dereference flaw was found in the OCSP response verification in OpenSSL. A malicious OCSP server could use this flaw to crash applications performing OCSP verification by sending a specially- crafted response. (CVE-2013-0166) It was discovered that the TLS/SSL protocol could leak information about plain text when optional compression was used. An attacker able to control part of the plain text sent over an encrypted TLS/SSL connection could possibly use this flaw to recover other portions of the plain text. (CVE-2012-4929) Note: This update disables zlib compression, which was previously enabled in OpenSSL by default. Applications using OpenSSL now need to explicitly enable zlib compression to use it. It was found that OpenSSL read certain environment variables even when used by a privileged (setuid or setgid) application. A local attacker could use this flaw to escalate their privileges. No application shipped with Scientific Linux 5 and 6 was affected by this problem. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. last seen 2020-03-18 modified 2013-03-05 plugin id 65022 published 2013-03-05 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/65022 title Scientific Linux Security Update : openssl on SL5.x, SL6.x i386/x86_64 (20130304) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text is (C) Scientific Linux. # include("compat.inc"); if (description) { script_id(65022); script_version("1.10"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2012-4929", "CVE-2013-0166", "CVE-2013-0169"); script_name(english:"Scientific Linux Security Update : openssl on SL5.x, SL6.x i386/x86_64 (20130304)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Scientific Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2013-0169) A NULL pointer dereference flaw was found in the OCSP response verification in OpenSSL. A malicious OCSP server could use this flaw to crash applications performing OCSP verification by sending a specially- crafted response. (CVE-2013-0166) It was discovered that the TLS/SSL protocol could leak information about plain text when optional compression was used. An attacker able to control part of the plain text sent over an encrypted TLS/SSL connection could possibly use this flaw to recover other portions of the plain text. (CVE-2012-4929) Note: This update disables zlib compression, which was previously enabled in OpenSSL by default. Applications using OpenSSL now need to explicitly enable zlib compression to use it. It was found that OpenSSL read certain environment variables even when used by a privileged (setuid or setgid) application. A local attacker could use this flaw to escalate their privileges. No application shipped with Scientific Linux 5 and 6 was affected by this problem. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted." ); # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1303&L=scientific-linux-errata&T=0&P=1414 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?de223d65" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:openssl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:openssl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:openssl-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:openssl-perl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:openssl-static"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/09/15"); script_set_attribute(attribute:"patch_publication_date", value:"2013/03/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/03/05"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Scientific Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux"); os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 6.x", "Scientific Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu); flag = 0; if (rpm_check(release:"SL5", reference:"openssl-0.9.8e-26.el5_9.1")) flag++; if (rpm_check(release:"SL5", reference:"openssl-debuginfo-0.9.8e-26.el5_9.1")) flag++; if (rpm_check(release:"SL5", reference:"openssl-devel-0.9.8e-26.el5_9.1")) flag++; if (rpm_check(release:"SL5", reference:"openssl-perl-0.9.8e-26.el5_9.1")) flag++; if (rpm_check(release:"SL6", reference:"openssl-1.0.0-27.el6_4.2")) flag++; if (rpm_check(release:"SL6", reference:"openssl-debuginfo-1.0.0-27.el6_4.2")) flag++; if (rpm_check(release:"SL6", reference:"openssl-devel-1.0.0-27.el6_4.2")) flag++; if (rpm_check(release:"SL6", reference:"openssl-perl-1.0.0-27.el6_4.2")) flag++; if (rpm_check(release:"SL6", reference:"openssl-static-1.0.0-27.el6_4.2")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openssl / openssl-debuginfo / openssl-devel / openssl-perl / etc"); }
NASL family Misc. NASL id JUNOS_PULSE_JSA10591.NASL description According to its self-reported version, the version of IVE / UAC OS running on the remote host may be affected by multiple vulnerabilities : - Remote attackers may be able to trigger buffer overflow vulnerabilities on the OpenSSL libraries by sending specially crafted DER data, resulting in memory corruption. (CVE-2012-2131) - A weakness in the OpenSSL library leaves it vulnerable to an attack that could allow a third party to recover (fully or partially) the plaintext from encrypted traffic. (CVE-2013-0169) - A flaw in OCSP signature verification in the OpenSSL library allows remote OCSP servers to cause a denial of service condition with an invalid key. (CVE-2013-0166) last seen 2020-06-01 modified 2020-06-02 plugin id 69987 published 2013-09-19 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/69987 title Junos Pulse Secure IVE / UAC OS Multiple SSL Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(69987); script_version("2.10"); script_cvs_date("Date: 2018/07/12 19:01:15"); script_cve_id("CVE-2012-2131", "CVE-2013-0166", "CVE-2013-0169"); script_bugtraq_id(53212, 57778, 60268); script_name(english:"Junos Pulse Secure IVE / UAC OS Multiple SSL Vulnerabilities"); script_summary(english:"Checks IVE/UAC OS version"); script_set_attribute( attribute:"synopsis", value:"The remote device is missing a vendor-supplied security patch." ); script_set_attribute( attribute:"description", value: "According to its self-reported version, the version of IVE / UAC OS running on the remote host may be affected by multiple vulnerabilities : - Remote attackers may be able to trigger buffer overflow vulnerabilities on the OpenSSL libraries by sending specially crafted DER data, resulting in memory corruption. (CVE-2012-2131) - A weakness in the OpenSSL library leaves it vulnerable to an attack that could allow a third party to recover (fully or partially) the plaintext from encrypted traffic. (CVE-2013-0169) - A flaw in OCSP signature verification in the OpenSSL library allows remote OCSP servers to cause a denial of service condition with an invalid key. (CVE-2013-0166)" ); script_set_attribute(attribute:"see_also", value:"https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10591"); script_set_attribute( attribute:"solution", value: "Upgrade to Juniper IVE/UAC OS version 7.1r15 / 7.2r11 / 7.3r6 / 7.4r3 / 4.1r8.1 / 4.2r5.1 / 4.3r6 / 4.4r3 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/04/24"); script_set_attribute(attribute:"patch_publication_date", value:"2013/09/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/09/19"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/o:juniper:ive_os"); script_set_attribute(attribute:"cpe", value:"cpe:/a:juniper:junos_pulse_access_control_service"); script_set_attribute(attribute:"cpe", value:"cpe:/a:juniper:junos_pulse_secure_access_service"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Misc."); script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/Juniper/IVE OS/Version", "Settings/ParanoidReport"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); version = get_kb_item_or_exit('Host/Juniper/IVE OS/Version'); match = eregmatch(string:version, pattern:"^([\d.]+)[Rr]([0-9.]+)"); if (isnull(match)) exit(1, 'Error parsing version: ' + version); release = match[1]; build = match[2]; # check report paranoia settings in order to avoid false positives, # since a workaround is possible, and only devices with SSL acceleration # cards are vulnerable if (report_paranoia < 2) audit(AUDIT_PARANOID); fix = ''; # IVE-SA if (release == '7.1' && ver_compare(ver:build, fix:'15', strict:FALSE) == -1) fix = '7.1r15'; if (release == '7.2' && ver_compare(ver:build, fix:'11', strict:FALSE) == -1) fix = '7.2r11'; if (release == '7.3' && ver_compare(ver:build, fix:'6', strict:FALSE) == -1) fix = '7.3r6'; if (release == '7.4' && ver_compare(ver:build, fix:'3', strict:FALSE) == -1) fix = '7.4r3'; # IVE-IC (UAC OS) if (release == '4.1' && ver_compare(ver:build, fix:'8.1', strict:FALSE) == -1) fix = '4.1r8.1'; if (release == '4.2' && ver_compare(ver:build, fix:'5.1', strict:FALSE) == -1) fix = '4.2r5.1'; if (release == '4.3' && ver_compare(ver:build, fix:'6', strict:FALSE) == -1) fix = '4.3r6'; if (release == '4.4' && ver_compare(ver:build, fix:'3', strict:FALSE) == -1) fix = '4.4r3'; if (fix != '') { if (report_verbosity > 0) { report = '\n Installed version : ' + version + '\n Fixed version : ' + fix + '\n'; security_hole(port:0, extra:report); } else security_hole(0); } else audit(AUDIT_INST_VER_NOT_VULN, 'IVE/UAC OS', version);
NASL family Solaris Local Security Checks NASL id SOLARIS11_OPENSSL_20130716.NASL description The remote Solaris system is missing necessary patches to address security updates : - OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key. (CVE-2013-0166) - The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the last seen 2020-06-01 modified 2020-06-02 plugin id 80719 published 2015-01-19 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/80719 title Oracle Solaris Third-Party Patch Update : openssl (lucky_thirteen_vulnerability_in_solaris) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the Oracle Third Party software advisories. # include("compat.inc"); if (description) { script_id(80719); script_version("1.2"); script_cvs_date("Date: 2018/11/15 20:50:24"); script_cve_id("CVE-2013-0166", "CVE-2013-0169"); script_name(english:"Oracle Solaris Third-Party Patch Update : openssl (lucky_thirteen_vulnerability_in_solaris)"); script_summary(english:"Check for the 'entire' version."); script_set_attribute( attribute:"synopsis", value: "The remote Solaris system is missing a security patch for third-party software." ); script_set_attribute( attribute:"description", value: "The remote Solaris system is missing necessary patches to address security updates : - OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key. (CVE-2013-0166) - The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the 'Lucky Thirteen' issue. (CVE-2013-0169)" ); # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?4a913f44" ); # https://blogs.oracle.com/sunsecurity/lucky-thirteen-vulnerability-in-solaris-openssl script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?2d8ba7ad" ); script_set_attribute(attribute:"solution", value:"Upgrade to Solaris 11.1.7.5.0."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:11.1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:openssl"); script_set_attribute(attribute:"patch_publication_date", value:"2013/07/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/01/19"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris11/release", "Host/Solaris11/pkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("solaris.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Solaris11/release"); if (isnull(release)) audit(AUDIT_OS_NOT, "Solaris11"); pkg_list = solaris_pkg_list_leaves(); if (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, "Solaris pkg-list packages"); if (empty_or_null(egrep(string:pkg_list, pattern:"^openssl$"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "openssl"); flag = 0; if (solaris_check_release(release:"0.5.11-0.175.1.7.0.5.0", sru:"SRU 11.1.7.5.0") > 0) flag++; if (flag) { error_extra = 'Affected package : openssl\n' + solaris_get_report2(); error_extra = ereg_replace(pattern:"version", replace:"OS version", string:error_extra); if (report_verbosity > 0) security_warning(port:0, extra:error_extra); else security_warning(0); exit(0); } else audit(AUDIT_PACKAGE_NOT_AFFECTED, "openssl");
NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0020_OPENSSL098E.NASL description The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has openssl098e packages installed that are affected by multiple vulnerabilities: - OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition. (CVE-2006-2937) - OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) public exponent or (2) public modulus values in X.509 certificates that require extra time to process when using RSA signature verification. (CVE-2006-2940) - Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers. (CVE-2006-3738) - OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1. (CVE-2006-4339) - The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference. (CVE-2006-4343) - The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and earlier does not properly perform Montgomery multiplication, which might allow local users to conduct a side-channel attack and retrieve RSA private keys. (CVE-2007-3108) - Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f allows remote attackers to execute arbitrary code via unspecified vectors. (CVE-2007-4995) - Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result of a fix for CVE-2006-3738. As of 20071012, it is unknown whether code execution is possible. (CVE-2007-5135) - OpenSSL 0.9.8i and earlier does not properly check the return value from the EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys. (CVE-2008-5077) - The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length. (CVE-2009-0590) - The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service (memory consumption) via a large series of future epoch DTLS records that are buffered in a queue, aka DTLS record buffer limitation bug. (CVE-2009-1377) - Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka DTLS fragment handling memory leak. (CVE-2009-1378) - Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) and possibly have unspecified other impact via a DTLS packet, as demonstrated by a packet from a server that uses a crafted server certificate. (CVE-2009-1379) - ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello. (CVE-2009-1386) - The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of- sequence DTLS handshake message, related to a fragment bug. (CVE-2009-1387) - The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large. (CVE-2009-2409) - OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls in (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, and (4) engines/e_ubsec.c, which has unspecified impact and context-dependent attack vectors. (CVE-2009-3245) - The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post- renegotiation context, related to a plaintext injection attack, aka the Project Mogul issue. (CVE-2009-3555) - Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678. (CVE-2009-4355) - The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot. (CVE-2010-0433) - The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key. (CVE-2012-2110) - The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the- middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a CRIME attack. (CVE-2012-4929) - OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key. (CVE-2013-0166) - The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side- channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the Lucky Thirteen issue. (CVE-2013-0169) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 127177 published 2019-08-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127177 title NewStart CGSL CORE 5.04 / MAIN 5.04 : openssl098e Multiple Vulnerabilities (NS-SA-2019-0020) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from ZTE advisory NS-SA-2019-0020. The text # itself is copyright (C) ZTE, Inc. include("compat.inc"); if (description) { script_id(127177); script_version("1.3"); script_cvs_date("Date: 2019/09/24 11:01:33"); script_cve_id( "CVE-2006-2937", "CVE-2006-2940", "CVE-2006-3738", "CVE-2006-4339", "CVE-2006-4343", "CVE-2007-3108", "CVE-2007-4995", "CVE-2007-5135", "CVE-2008-5077", "CVE-2009-0590", "CVE-2009-1377", "CVE-2009-1378", "CVE-2009-1379", "CVE-2009-1386", "CVE-2009-1387", "CVE-2009-2409", "CVE-2009-3245", "CVE-2009-3555", "CVE-2009-4355", "CVE-2010-0433", "CVE-2012-2110", "CVE-2012-4929", "CVE-2013-0166", "CVE-2013-0169" ); script_name(english:"NewStart CGSL CORE 5.04 / MAIN 5.04 : openssl098e Multiple Vulnerabilities (NS-SA-2019-0020)"); script_set_attribute(attribute:"synopsis", value: "The remote machine is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has openssl098e packages installed that are affected by multiple vulnerabilities: - OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition. (CVE-2006-2937) - OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) public exponent or (2) public modulus values in X.509 certificates that require extra time to process when using RSA signature verification. (CVE-2006-2940) - Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers. (CVE-2006-3738) - OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1. (CVE-2006-4339) - The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference. (CVE-2006-4343) - The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and earlier does not properly perform Montgomery multiplication, which might allow local users to conduct a side-channel attack and retrieve RSA private keys. (CVE-2007-3108) - Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f allows remote attackers to execute arbitrary code via unspecified vectors. (CVE-2007-4995) - Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result of a fix for CVE-2006-3738. As of 20071012, it is unknown whether code execution is possible. (CVE-2007-5135) - OpenSSL 0.9.8i and earlier does not properly check the return value from the EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys. (CVE-2008-5077) - The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length. (CVE-2009-0590) - The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service (memory consumption) via a large series of future epoch DTLS records that are buffered in a queue, aka DTLS record buffer limitation bug. (CVE-2009-1377) - Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka DTLS fragment handling memory leak. (CVE-2009-1378) - Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) and possibly have unspecified other impact via a DTLS packet, as demonstrated by a packet from a server that uses a crafted server certificate. (CVE-2009-1379) - ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello. (CVE-2009-1386) - The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of- sequence DTLS handshake message, related to a fragment bug. (CVE-2009-1387) - The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large. (CVE-2009-2409) - OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls in (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, and (4) engines/e_ubsec.c, which has unspecified impact and context-dependent attack vectors. (CVE-2009-3245) - The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post- renegotiation context, related to a plaintext injection attack, aka the Project Mogul issue. (CVE-2009-3555) - Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678. (CVE-2009-4355) - The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot. (CVE-2010-0433) - The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key. (CVE-2012-2110) - The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the- middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a CRIME attack. (CVE-2012-4929) - OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key. (CVE-2013-0166) - The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side- channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the Lucky Thirteen issue. (CVE-2013-0169) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"http://security.gd-linux.com/notice/NS-SA-2019-0020"); script_set_attribute(attribute:"solution", value: "Upgrade the vulnerable CGSL openssl098e packages. Note that updated packages may not be available yet. Please contact ZTE for more information."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2009-3245"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_cwe_id(20, 119, 189, 310, 399); script_set_attribute(attribute:"vuln_publication_date", value:"2006/09/05"); script_set_attribute(attribute:"patch_publication_date", value:"2019/07/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/12"); script_set_attribute(attribute:"plugin_type", value:"local"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"NewStart CGSL Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/ZTE-CGSL/release", "Host/ZTE-CGSL/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/ZTE-CGSL/release"); if (isnull(release) || release !~ "^CGSL (MAIN|CORE)") audit(AUDIT_OS_NOT, "NewStart Carrier Grade Server Linux"); if (release !~ "CGSL CORE 5.04" && release !~ "CGSL MAIN 5.04") audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04'); if (!get_kb_item("Host/ZTE-CGSL/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "NewStart Carrier Grade Server Linux", cpu); flag = 0; pkgs = { "CGSL CORE 5.04": [ "openssl098e-0.9.8e-29.el7.centos.3", "openssl098e-debuginfo-0.9.8e-29.el7.centos.3" ], "CGSL MAIN 5.04": [ "openssl098e-0.9.8e-29.el7.centos.3", "openssl098e-debuginfo-0.9.8e-29.el7.centos.3" ] }; pkg_list = pkgs[release]; foreach (pkg in pkg_list) if (rpm_check(release:"ZTE " + release, reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openssl098e"); }
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2013-0833.NASL description The version of JBoss Enterprise Application Platform 6.0.1 running on the remote system is vulnerable to the following issues: - A man-in-the-middle attack is possible when applications running on JBoss Web use the COOKIE session tracking method. The flaw is in the org.apache.catalina.connector.Response.encodeURL() method. By making use of this, an attacker could obtain a user last seen 2020-06-01 modified 2020-06-02 plugin id 66971 published 2013-06-24 reporter This script is Copyright (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/66971 title JBoss Enterprise Application Platform 6.1.0 Update (RHSA-2013:0833) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(66971); script_version("1.16"); script_cvs_date("Date: 2019/10/24 15:35:37"); script_cve_id( "CVE-2012-4529", "CVE-2012-4572", "CVE-2012-5575", "CVE-2013-0166", "CVE-2013-0169", "CVE-2013-0218", "CVE-2013-2067" ); script_bugtraq_id(57652, 57778, 59799, 60040, 60043, 60045, 60268); script_xref(name:"RHSA", value:"2013:0833"); script_name(english:"JBoss Enterprise Application Platform 6.1.0 Update (RHSA-2013:0833)"); script_summary(english:"Checks for the installed versions of JBoss Enterprise Application Platform"); script_set_attribute(attribute:"synopsis", value:"The remote Red Hat host is missing a security update."); script_set_attribute(attribute:"description", value: "The version of JBoss Enterprise Application Platform 6.0.1 running on the remote system is vulnerable to the following issues: - A man-in-the-middle attack is possible when applications running on JBoss Web use the COOKIE session tracking method. The flaw is in the org.apache.catalina.connector.Response.encodeURL() method. By making use of this, an attacker could obtain a user's jsessionid and hijack their session. (CVE-2012-4529) - If multiple applications used the same custom authorization module class name, a local attacker could deploy a malicious application authorization module that would permit or deny user access. (CVE-2012-4572) - XML encryption backwards compatibility attacks could allow an attacker to force a server to use insecure legacy cryptosystems. (CVE-2012-5575) - A NULL pointer dereference flaw could allow a malicious OCSP to crash applications performing OCSP verification. (CVE-2013-0166) - An OpenSSL leaks timing information issue exists that could allow a remote attacker to retrieve plaintext from the encrypted packets. (CVE-2013-0169) - The JBoss Enterprise Application Platform administrator password and the sucker password are stored in a world- readable, auto-install XML file created by the GUI installer. (CVE-2013-0218) - Tomcat incorrectly handles certain authentication requests. A remote attacker could use this flaw to inject a request that would get executed with a victim's credentials. (CVE-2013-2067)"); script_set_attribute(attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2012-4529.html"); script_set_attribute(attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2012-4572.html"); script_set_attribute(attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2012-5575.html"); script_set_attribute(attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2013-0166.html"); script_set_attribute(attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2013-0169.html"); script_set_attribute(attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2013-0218.html"); script_set_attribute(attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2013-2067.html"); # https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform&downloadType=distributions script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c7770d98"); script_set_attribute(attribute:"solution", value: "Upgrade the installed JBoss Enterprise Application Platform 6.0.1 to 6.1.0 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/10/10"); script_set_attribute(attribute:"patch_publication_date", value:"2013/05/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/06/24"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:jboss_enterprise_application_platform:6.0.1"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Red Hat Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2013-2019 Tenable Network Security, Inc."); script_dependencies("ssh_get_info.nasl", "jboss_detect.nbin"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); # We are only interested in Red Hat systems if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); info = ""; jboss = 0; installs = get_kb_list_or_exit("Host/JBoss/EAP"); if(!isnull(installs)) jboss = 1; foreach install (make_list(installs)) { match = eregmatch(string:install, pattern:"([^:]+):(.*)"); if (!isnull(match)) { ver = match[1]; path = match[2]; if (ver =~ "^6.0.1([^0-9]|$)") { info += '\n' + ' Path : ' + path+ '\n'; info += ' Version : ' + ver + '\n'; } } } # Report what we found. if (info) { if (report_verbosity > 0) { if (max_index(split(info)) > 3) s = 's of the JBoss Enterprise Application Platform are'; else s = ' of the JBoss Enterprise Application Platform is'; report = '\n' + 'The following instance'+s+' out of date and\nshould be upgraded to 6.1.0 or later :\n' + info; security_hole(port:0, extra:report); } else security_hole(port:0); } else if ( (!info) && (jboss) ) { exit(0, "The JBoss Enterprise Application Platform version installed is not affected."); } else audit(AUDIT_HOST_NOT, "affected");
NASL family F5 Networks Local Security Checks NASL id F5_BIGIP_SOL14261.NASL description OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d do not properly perform signature verification for Online Certificate Status Protocol (OCSP) responses, which allow remote attackers to cause a denial-of-service (DoS) (NULL pointer dereference and application crash) by way of an invalid key. last seen 2020-06-01 modified 2020-06-02 plugin id 78145 published 2014-10-10 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78145 title F5 Networks BIG-IP : OpenSSL OCSP vulnerability (SOL14261) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from F5 Networks BIG-IP Solution SOL14261. # # The text description of this plugin is (C) F5 Networks. # include("compat.inc"); if (description) { script_id(78145); script_version("1.5"); script_cvs_date("Date: 2019/01/04 10:03:40"); script_cve_id("CVE-2013-0166"); script_bugtraq_id(57755, 60268); script_name(english:"F5 Networks BIG-IP : OpenSSL OCSP vulnerability (SOL14261)"); script_summary(english:"Checks the BIG-IP version."); script_set_attribute( attribute:"synopsis", value:"The remote device is missing a vendor-supplied security patch." ); script_set_attribute( attribute:"description", value: "OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d do not properly perform signature verification for Online Certificate Status Protocol (OCSP) responses, which allow remote attackers to cause a denial-of-service (DoS) (NULL pointer dereference and application crash) by way of an invalid key." ); script_set_attribute( attribute:"see_also", value:"https://support.f5.com/csp/article/K14261" ); script_set_attribute( attribute:"solution", value: "Upgrade to one of the non-vulnerable versions listed in the F5 Solution SOL14261." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_access_policy_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_advanced_firewall_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_security_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_visibility_and_reporting"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_link_controller"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_local_traffic_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_policy_enforcement_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_wan_optimization_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_webaccelerator"); script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip"); script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip_protocol_security_manager"); script_set_attribute(attribute:"patch_publication_date", value:"2013/03/07"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/10/10"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"F5 Networks Local Security Checks"); script_dependencies("f5_bigip_detect.nbin"); script_require_keys("Host/local_checks_enabled", "Host/BIG-IP/hotfix", "Host/BIG-IP/modules", "Host/BIG-IP/version"); exit(0); } include("f5_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); version = get_kb_item("Host/BIG-IP/version"); if ( ! version ) audit(AUDIT_OS_NOT, "F5 Networks BIG-IP"); if ( isnull(get_kb_item("Host/BIG-IP/hotfix")) ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/hotfix"); if ( ! get_kb_item("Host/BIG-IP/modules") ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/modules"); sol = "SOL14261"; vmatrix = make_array(); # AFM vmatrix["AFM"] = make_array(); vmatrix["AFM"]["affected" ] = make_list("11.3.0"); vmatrix["AFM"]["unaffected"] = make_list("11.4.0","11.3.0HF2"); # APM vmatrix["APM"] = make_array(); vmatrix["APM"]["affected" ] = make_list("11.0.0-11.3.0","10.1.0-10.2.4"); vmatrix["APM"]["unaffected"] = make_list("11.4.0","11.3.0HF2","11.2.1HF4","11.2.0HF4","11.1.0HF6","11.0.0HF5","10.2.4HF6"); # ASM vmatrix["ASM"] = make_array(); vmatrix["ASM"]["affected" ] = make_list("11.0.0-11.3.0","10.0.0-10.2.4","9.2.0-9.4.8"); vmatrix["ASM"]["unaffected"] = make_list("11.4.0","11.3.0HF2","11.2.1HF4","11.2.0HF4","11.1.0HF6","11.0.0HF5","10.2.4HF6"); # AVR vmatrix["AVR"] = make_array(); vmatrix["AVR"]["affected" ] = make_list("11.0.0-11.3.0"); vmatrix["AVR"]["unaffected"] = make_list("11.4.0","11.3.0HF2","11.2.1HF4","11.2.0HF4","11.1.0HF6","11.0.0HF5"); # LC vmatrix["LC"] = make_array(); vmatrix["LC"]["affected" ] = make_list("11.0.0-11.3.0","10.0.0-10.2.4","9.2.2-9.4.8"); vmatrix["LC"]["unaffected"] = make_list("11.4.0","11.3.0HF2","11.2.1HF4","11.2.0HF4","11.1.0HF6","11.0.0HF5","10.2.4HF6"); # LTM vmatrix["LTM"] = make_array(); vmatrix["LTM"]["affected" ] = make_list("11.0.0-11.3.0","10.0.0-10.2.4","9.0.0-9.6.1"); vmatrix["LTM"]["unaffected"] = make_list("11.4.0","11.3.0HF2","11.2.1HF4","11.2.0HF4","11.1.0HF6","11.0.0HF5","10.2.4HF6"); # PEM vmatrix["PEM"] = make_array(); vmatrix["PEM"]["affected" ] = make_list("11.3.0"); vmatrix["PEM"]["unaffected"] = make_list("11.4.0","11.3.0HF2"); # PSM vmatrix["PSM"] = make_array(); vmatrix["PSM"]["affected" ] = make_list("11.0.0-11.3.0","10.0.0-10.2.4","9.4.5-9.4.8"); vmatrix["PSM"]["unaffected"] = make_list("11.4.0","11.3.0HF2","11.2.1HF4","11.2.0HF4","11.1.0HF6","11.0.0HF5","10.2.4HF6"); # WAM vmatrix["WAM"] = make_array(); vmatrix["WAM"]["affected" ] = make_list("11.0.0-11.3.0","10.0.0-10.2.4","9.4.0-9.4.8"); vmatrix["WAM"]["unaffected"] = make_list("11.3.0HF2","11.2.1HF4","11.2.0HF4","11.1.0HF6","11.0.0HF5","10.2.4HF6"); # WOM vmatrix["WOM"] = make_array(); vmatrix["WOM"]["affected" ] = make_list("11.0.0-11.3.0","10.0.0-10.2.4"); vmatrix["WOM"]["unaffected"] = make_list("11.3.0HF2","11.2.1HF4","11.2.0HF4","11.1.0HF6","11.0.0HF5","10.2.4HF6"); if (bigip_is_affected(vmatrix:vmatrix, sol:sol)) { if (report_verbosity > 0) security_warning(port:0, extra:bigip_report_get()); else security_warning(0); exit(0); } else { tested = bigip_get_tested_modules(); audit_extra = "For BIG-IP module(s) " + tested + ","; if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version); else audit(AUDIT_HOST_NOT, "running any of the affected modules"); }
NASL family SuSE Local Security Checks NASL id SUSE_11_LIBOPENSSL-DEVEL-130325.NASL description OpenSSL has been updated to fix several security issues : - Avoid the openssl CRIME attack by disabling SSL compression by default. Setting the environment variable last seen 2020-06-05 modified 2013-03-28 plugin id 65718 published 2013-03-28 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/65718 title SuSE 11.2 Security Update : OpenSSL (SAT Patch Number 7548) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SuSE 11 update information. The text itself is # copyright (C) Novell, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(65718); script_version("1.8"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2012-4929", "CVE-2013-0166", "CVE-2013-0169"); script_name(english:"SuSE 11.2 Security Update : OpenSSL (SAT Patch Number 7548)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 11 host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "OpenSSL has been updated to fix several security issues : - Avoid the openssl CRIME attack by disabling SSL compression by default. Setting the environment variable 'OPENSSL_NO_DEFAULT_ZLIB' to 'no' enables compression again. (CVE-2012-4929) - Timing attacks against TLS could be used by physically local attackers to gain access to transmitted plain text or private keymaterial. This issue is also known as the 'Lucky-13' issue. (CVE-2013-0169) - A OCSP invalid key denial of service issue was fixed. (CVE-2013-0166)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=779952" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=802648" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=802746" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-4929.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-0166.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-0169.html" ); script_set_attribute(attribute:"solution", value:"Apply SAT patch number 7548."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libopenssl0_9_8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libopenssl0_9_8-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libopenssl0_9_8-hmac"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libopenssl0_9_8-hmac-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:openssl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:openssl-doc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"patch_publication_date", value:"2013/03/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/03/28"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11"); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu); pl = get_kb_item("Host/SuSE/patchlevel"); if (isnull(pl) || int(pl) != 2) audit(AUDIT_OS_NOT, "SuSE 11.2"); flag = 0; if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"libopenssl0_9_8-0.9.8j-0.50.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"openssl-0.9.8j-0.50.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"libopenssl0_9_8-0.9.8j-0.50.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"libopenssl0_9_8-32bit-0.9.8j-0.50.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"openssl-0.9.8j-0.50.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"libopenssl0_9_8-0.9.8j-0.50.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"libopenssl0_9_8-hmac-0.9.8j-0.50.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"openssl-0.9.8j-0.50.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"openssl-doc-0.9.8j-0.50.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"libopenssl0_9_8-32bit-0.9.8j-0.50.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"libopenssl0_9_8-hmac-32bit-0.9.8j-0.50.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"libopenssl0_9_8-32bit-0.9.8j-0.50.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"libopenssl0_9_8-hmac-32bit-0.9.8j-0.50.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2013-052.NASL description Multiple vulnerabilities has been found and corrected in openssl : OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key (CVE-2013-0166). The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the Lucky Thirteen issue (CVE-2013-0169). The updated packages have been upgraded to the 1.0.0k version which is not vulnerable to these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 66066 published 2013-04-20 reporter This script is Copyright (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/66066 title Mandriva Linux Security Advisory : openssl (MDVSA-2013:052) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandriva Linux Security Advisory MDVSA-2013:052. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(66066); script_version("1.16"); script_cvs_date("Date: 2019/08/02 13:32:55"); script_cve_id("CVE-2013-0166", "CVE-2013-0169"); script_bugtraq_id(57778, 60268); script_xref(name:"MDVSA", value:"2013:052"); script_name(english:"Mandriva Linux Security Advisory : openssl (MDVSA-2013:052)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandriva Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Multiple vulnerabilities has been found and corrected in openssl : OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key (CVE-2013-0166). The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the Lucky Thirteen issue (CVE-2013-0169). The updated packages have been upgraded to the 1.0.0k version which is not vulnerable to these issues." ); script_set_attribute( attribute:"see_also", value:"https://www.openssl.org/news/secadv/20130204.txt" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64openssl-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64openssl-engines1.0.0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64openssl-static-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64openssl1.0.0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:openssl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:1"); script_set_attribute(attribute:"patch_publication_date", value:"2013/04/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/04/20"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64openssl-devel-1.0.0k-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64openssl-engines1.0.0-1.0.0k-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64openssl-static-devel-1.0.0k-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64openssl1.0.0-1.0.0k-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"openssl-1.0.0k-1.mbs1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family CGI abuses NASL id SPLUNK_503.NASL description According to its version number, the Splunk Web hosted on the remote web server is affected by multiple vulnerabilities : - The application is affected by an unspecified cross-site scripting vulnerability. An attacker can exploit this issue to inject arbitrary HTML and script code into a user last seen 2020-06-01 modified 2020-06-02 plugin id 66835 published 2013-06-06 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/66835 title Splunk 5.0.x < 5.0.3 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(66835); script_version("1.15"); script_cvs_date("Date: 2019/11/27"); script_cve_id("CVE-2012-6447", "CVE-2013-0166", "CVE-2013-0169"); script_bugtraq_id(57778, 60226, 60268); script_name(english:"Splunk 5.0.x < 5.0.3 Multiple Vulnerabilities"); script_summary(english:"Checks the version of Splunk."); script_set_attribute(attribute:"synopsis", value: "The remote web server contains an application that is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "According to its version number, the Splunk Web hosted on the remote web server is affected by multiple vulnerabilities : - The application is affected by an unspecified cross-site scripting vulnerability. An attacker can exploit this issue to inject arbitrary HTML and script code into a user's browser to be executed within the security context of the affected site. (CVE-2012-6447) - The version of OpenSSL included with Splunk 5.x is affected by multiple vulnerabilities including a denial of service and a plaintext recovery attack. (CVE-2013-0166, CVE-2013-0169) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"https://www.splunk.com/view/SP-CAAAHXG"); script_set_attribute(attribute:"see_also", value:"http://docs.splunk.com/Special:SpecialLatestDoc?t=Documentation/Splunk/latest/ReleaseNotes/5.0.3"); script_set_attribute(attribute:"solution", value: "Upgrade to Splunk 5.0.3 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-6447"); script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990); script_set_attribute(attribute:"vuln_publication_date", value:"2013/05/28"); script_set_attribute(attribute:"patch_publication_date", value:"2013/05/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/06/06"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:splunk:splunk"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CGI abuses"); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("splunkd_detect.nasl", "splunk_web_detect.nasl"); script_require_keys("installed_sw/Splunk"); script_require_ports("Services/www", 8089, 8000); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); include("install_func.inc"); app = "Splunk"; get_install_count(app_name:app, exit_if_zero:TRUE); port = get_http_port(default:8000, embedded:TRUE); install = get_single_install( app_name : app, port : port, exit_if_unknown_ver : TRUE ); dir = install['path']; ver = install['version']; install_url = build_url(qs:dir, port:port); if (ver =~ "^5\.0\." && ver_compare(ver:ver,fix:"5.0.3",strict:FALSE) < 0) { set_kb_item(name:"www/"+port+"/XSS", value:TRUE); if (report_verbosity > 0) { report = '\n URL : ' +install_url+ '\n Installed version : ' +ver+ '\n Fixed version : 5.0.3\n'; security_warning(port:port, extra:report); } else security_warning(port); } else audit(AUDIT_WEB_APP_NOT_AFFECTED, app, install_url, ver);
NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2013-004.NASL description The remote host is running a version of Mac OS X 10.6 or 10.7 that does not have Security Update 2013-004 applied. This update contains several security-related fixes for the following component : - Apache - Bind - Certificate Trust Policy - ClamAV - Installer - IPSec - Mobile Device Management - OpenSSL - PHP - PostgreSQL - QuickTime - sudo Note that successful exploitation of the most serious issues could result in arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 69878 published 2013-09-13 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/69878 title Mac OS X Multiple Vulnerabilities (Security Update 2013-004) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(69878); script_version("1.18"); script_cvs_date("Date: 2018/07/14 1:59:36"); script_cve_id( "CVE-2012-0883", "CVE-2012-2686", "CVE-2012-2687", "CVE-2012-3499", "CVE-2012-3817", "CVE-2012-4244", "CVE-2012-4558", "CVE-2012-5166", "CVE-2012-5688", "CVE-2013-0166", "CVE-2013-0169", "CVE-2013-1027", "CVE-2013-1028", "CVE-2013-1030", "CVE-2013-1032", "CVE-2013-1635", "CVE-2013-1643", "CVE-2013-1775", "CVE-2013-1824", "CVE-2013-1899", "CVE-2013-1900", "CVE-2013-1901", "CVE-2013-1902", "CVE-2013-1903", "CVE-2013-2020", "CVE-2013-2021", "CVE-2013-2110", "CVE-2013-2266" ); script_bugtraq_id( 53046, 54658, 55131, 55522, 55852, 56817, 57755, 57778, 58165, 58203, 58224, 58736, 58766, 58876, 58877, 58878, 58879, 58882, 59434, 60118, 60268, 60411, 62370, 62371, 62373, 62375, 62377 ); script_xref(name:"APPLE-SA", value:"APPLE-SA-2013-09-12-1"); script_name(english:"Mac OS X Multiple Vulnerabilities (Security Update 2013-004)"); script_summary(english:"Check for the presence of Security Update 2013-004"); script_set_attribute( attribute:"synopsis", value: "The remote host is missing a Mac OS X update that fixes several security issues." ); script_set_attribute( attribute:"description", value: "The remote host is running a version of Mac OS X 10.6 or 10.7 that does not have Security Update 2013-004 applied. This update contains several security-related fixes for the following component : - Apache - Bind - Certificate Trust Policy - ClamAV - Installer - IPSec - Mobile Device Management - OpenSSL - PHP - PostgreSQL - QuickTime - sudo Note that successful exploitation of the most serious issues could result in arbitrary code execution." ); script_set_attribute(attribute:"see_also", value:"http://support.apple.com/kb/HT5880"); script_set_attribute(attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html"); script_set_attribute(attribute:"see_also", value:"http://www.securityfocus.com/archive/1/528594/30/0/threaded"); script_set_attribute(attribute:"solution", value:"Install Security Update 2013-004 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Mac OS X Sudo Password Bypass'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990); script_set_attribute(attribute:"vuln_publication_date", value:"2012/04/16"); script_set_attribute(attribute:"patch_publication_date", value:"2013/09/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/09/13"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/MacOSX/Version", "Host/MacOSX/packages/boms"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); os = get_kb_item("Host/MacOSX/Version"); if (!os) audit(AUDIT_OS_NOT, "Mac OS X"); if (!ereg(pattern:"Mac OS X 10\.[67]([^0-9]|$)", string:os)) audit(AUDIT_OS_NOT, "Mac OS X 10.6 / 10.7"); else if ("Mac OS X 10.6" >< os && !ereg(pattern:"Mac OS X 10\.6($|\.[0-8]([^0-9]|$))", string:os)) exit(0, "The remote host uses a version of Mac OS X Snow Leopard later than 10.6.8."); else if ("Mac OS X 10.7" >< os && !ereg(pattern:"Mac OS X 10\.7($|\.[0-5]([^0-9]|$))", string:os)) exit(0, "The remote host uses a version of Mac OS X Lion later than 10.7.5."); packages = get_kb_item_or_exit("Host/MacOSX/packages/boms", exit_code:1); if ( egrep(pattern:"^com\.apple\.pkg\.update\.security(\.10\.[6-8]\..+)?\.(2013\.00[4-9]|201[4-9]\.[0-9]+)(\.(snowleopard[0-9.]*|lion))?\.bom", string:packages) ) exit(0, "The host has Security Update 2013-004 or later installed and is therefore not affected."); else { set_kb_item(name:"www/0/XSS", value:TRUE); if (report_verbosity > 0) { security_boms = egrep(pattern:"^com\.apple\.pkg\.update\.security", string:packages); report = '\n Installed security BOMs : '; if (security_boms) report += str_replace(find:'\n', replace:'\n ', string:security_boms); else report += 'n/a'; report += '\n'; security_hole(port:0, extra:report); } else security_hole(0); }
NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2013-171.NASL description It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2013-0169) A NULL pointer dereference flaw was found in the OCSP response verification in OpenSSL. A malicious OCSP server could use this flaw to crash applications performing OCSP verification by sending a specially crafted response. (CVE-2013-0166) It was discovered that the TLS/SSL protocol could leak information about plain text when optional compression was used. An attacker able to control part of the plain text sent over an encrypted TLS/SSL connection could possibly use this flaw to recover other portions of the plain text. (CVE-2012-4929) Note: This update disables zlib compression, which was previously enabled in OpenSSL by default. Applications using OpenSSL now need to explicitly enable zlib compression to use it. last seen 2020-06-01 modified 2020-06-02 plugin id 69730 published 2013-09-04 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/69730 title Amazon Linux AMI : openssl (ALAS-2013-171) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Amazon Linux AMI Security Advisory ALAS-2013-171. # include("compat.inc"); if (description) { script_id(69730); script_version("1.9"); script_cvs_date("Date: 2018/04/18 15:09:35"); script_cve_id("CVE-2012-4929", "CVE-2013-0166", "CVE-2013-0169"); script_xref(name:"ALAS", value:"2013-171"); script_xref(name:"RHSA", value:"2013:0587"); script_name(english:"Amazon Linux AMI : openssl (ALAS-2013-171)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Amazon Linux AMI host is missing a security update." ); script_set_attribute( attribute:"description", value: "It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2013-0169) A NULL pointer dereference flaw was found in the OCSP response verification in OpenSSL. A malicious OCSP server could use this flaw to crash applications performing OCSP verification by sending a specially crafted response. (CVE-2013-0166) It was discovered that the TLS/SSL protocol could leak information about plain text when optional compression was used. An attacker able to control part of the plain text sent over an encrypted TLS/SSL connection could possibly use this flaw to recover other portions of the plain text. (CVE-2012-4929) Note: This update disables zlib compression, which was previously enabled in OpenSSL by default. Applications using OpenSSL now need to explicitly enable zlib compression to use it." ); script_set_attribute( attribute:"see_also", value:"https://alas.aws.amazon.com/ALAS-2013-171.html" ); script_set_attribute( attribute:"solution", value:"Run 'yum update openssl' to update your system." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:openssl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:openssl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:openssl-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:openssl-perl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:openssl-static"); script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2013/03/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/09/04"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc."); script_family(english:"Amazon Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/AmazonLinux/release"); if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux"); os_ver = pregmatch(pattern: "^AL(A|\d)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux"); os_ver = os_ver[1]; if (os_ver != "A") { if (os_ver == 'A') os_ver = 'AMI'; audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver); } if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (rpm_check(release:"ALA", reference:"openssl-1.0.0k-1.48.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"openssl-debuginfo-1.0.0k-1.48.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"openssl-devel-1.0.0k-1.48.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"openssl-perl-1.0.0k-1.48.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"openssl-static-1.0.0k-1.48.amzn1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openssl / openssl-debuginfo / openssl-devel / openssl-perl / etc"); }
NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_00B0D8CD709711E298D9003067C2616F.NASL description OpenSSL security team reports : A flaw in the OpenSSL handling of CBC mode ciphersuites in TLS 1.1 and TLS 1.2 on AES-NI supporting platforms can be exploited in a DoS attack. A flaw in the OpenSSL handling of OCSP response verification can be exploited in a denial of service attack. last seen 2020-06-01 modified 2020-06-02 plugin id 64488 published 2013-02-07 reporter This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/64488 title FreeBSD : OpenSSL -- TLS 1.1, 1.2 denial of service (00b0d8cd-7097-11e2-98d9-003067c2616f) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2018 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # include("compat.inc"); if (description) { script_id(64488); script_version("1.19"); script_cvs_date("Date: 2018/11/21 10:46:30"); script_cve_id("CVE-2012-2686", "CVE-2013-0166", "CVE-2013-0169"); script_name(english:"FreeBSD : OpenSSL -- TLS 1.1, 1.2 denial of service (00b0d8cd-7097-11e2-98d9-003067c2616f)"); script_summary(english:"Checks for updated package in pkg_info output"); script_set_attribute( attribute:"synopsis", value:"The remote FreeBSD host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "OpenSSL security team reports : A flaw in the OpenSSL handling of CBC mode ciphersuites in TLS 1.1 and TLS 1.2 on AES-NI supporting platforms can be exploited in a DoS attack. A flaw in the OpenSSL handling of OCSP response verification can be exploited in a denial of service attack." ); # http://www.openssl.org/news/secadv/20120510.txt script_set_attribute( attribute:"see_also", value:"https://www.openssl.org/news/secadv/20120510.txt" ); # https://vuxml.freebsd.org/freebsd/00b0d8cd-7097-11e2-98d9-003067c2616f.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?5b6afcf7" ); script_set_attribute(attribute:"solution", value:"Update the affected package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:openssl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/02/05"); script_set_attribute(attribute:"patch_publication_date", value:"2013/02/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/02/07"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (pkg_test(save_report:TRUE, pkg:"openssl<1.0.1_6")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Misc. NASL id VMWARE_ESX_VMSA-2013-0009_REMOTE.NASL description The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several third-party libraries : - GnuTLS - Kernel - OpenSSL last seen 2020-06-01 modified 2020-06-02 plugin id 89666 published 2016-03-04 reporter This script is Copyright (C) 2016-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/89666 title VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2013-0009) (remote check) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(89666); script_version("1.4"); script_cvs_date("Date: 2018/11/15 20:50:24"); script_cve_id( "CVE-2013-0166", "CVE-2013-0169", "CVE-2013-0268", "CVE-2013-0338", "CVE-2013-0871", "CVE-2013-2116" ); script_bugtraq_id( 57778, 57838, 57986, 58180, 60268, 60215 ); script_xref(name:"VMSA", value:"2013-0009"); script_xref(name:"CERT", value:"737740"); script_xref(name:"EDB-ID", value:"27297"); script_name(english:"VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2013-0009) (remote check)"); script_summary(english:"Checks the version and build numbers of the remote host."); script_set_attribute(attribute:"synopsis", value: "The remote VMware ESX / ESXi host is missing a security-related patch."); script_set_attribute(attribute:"description", value: "The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several third-party libraries : - GnuTLS - Kernel - OpenSSL"); script_set_attribute(attribute:"see_also", value:"https://www.vmware.com/security/advisories/VMSA-2013-0009.html"); script_set_attribute(attribute:"solution", value: "Apply the appropriate patch according to the vendor advisory that pertains to ESX version 4.0 / 4.1 or ESXi version 4.0 / 4.1."); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_set_attribute(attribute:"vuln_publication_date", value:"2013/02/04"); script_set_attribute(attribute:"patch_publication_date", value:"2013/07/31"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/03/04"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Misc."); script_copyright(english:"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc."); script_dependencies("vmware_vsphere_detect.nbin"); script_require_keys("Host/VMware/version", "Host/VMware/release"); script_require_ports("Host/VMware/vsphere"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); ver = get_kb_item_or_exit("Host/VMware/version"); rel = get_kb_item_or_exit("Host/VMware/release"); port = get_kb_item_or_exit("Host/VMware/vsphere"); esx = ''; build = 0; fix = FALSE; if ("ESX" >!< rel) audit(AUDIT_OS_NOT, "VMware ESX/ESXi"); extract = eregmatch(pattern:"^(ESXi?) (\d\.\d).*$", string:ver); if (empty_or_null(extract)) audit(AUDIT_UNKNOWN_APP_VER, "VMware ESX/ESXi"); esx = extract[1]; ver = extract[2]; extract = eregmatch(pattern:'^VMware ESXi?.* build-([0-9]+)$', string:rel); if (isnull(extract)) audit(AUDIT_UNKNOWN_BUILD, "VMware " + esx, ver); build = int(extract[1]); fixes = make_array( "4.1", 1198252, "4.0", 1335992 ); fix = fixes[ver]; if (!fix) audit(AUDIT_INST_VER_NOT_VULN, esx, ver, build); if (build < fix) { report = '\n Version : ' + esx + " " + ver + '\n Installed build : ' + build + '\n Fixed build : ' + fix + '\n'; security_report_v4(port:port, severity:SECURITY_WARNING, extra:report); exit(0); } else audit(AUDIT_INST_VER_NOT_VULN, "VMware " + esx, ver, build);
NASL family MacOS X Local Security Checks NASL id MACOSX_10_8_5.NASL description The remote host is running a version of Mac OS X 10.8.x that is prior to 10.8.5. The newer version contains multiple security-related fixes for the following components : - Apache - Bind - Certificate Trust Policy - CoreGraphics - ImageIO - Installer - IPSec - Kernel - Mobile Device Management - OpenSSL - PHP - PostgreSQL - Power Management - QuickTime - Screen Lock - sudo This update also addresses an issue in which certain Unicode strings could cause applications to unexpectedly quit. Note that successful exploitation of the most serious issues could result in arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 69877 published 2013-09-13 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/69877 title Mac OS X 10.8.x < 10.8.5 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(69877); script_version("1.18"); script_cvs_date("Date: 2018/07/14 1:59:36"); script_cve_id( "CVE-2012-0883", "CVE-2012-2686", "CVE-2012-2687", "CVE-2012-3499", "CVE-2012-3817", "CVE-2012-4244", "CVE-2012-4558", "CVE-2012-5166", "CVE-2012-5688", "CVE-2013-0166", "CVE-2013-0169", "CVE-2013-1025", "CVE-2013-1026", "CVE-2013-1027", "CVE-2013-1028", "CVE-2013-1029", "CVE-2013-1030", "CVE-2013-1031", "CVE-2013-1032", "CVE-2013-1033", "CVE-2013-1635", "CVE-2013-1643", "CVE-2013-1775", "CVE-2013-1824", "CVE-2013-1899", "CVE-2013-1900", "CVE-2013-1901", "CVE-2013-1902", "CVE-2013-1903", "CVE-2013-2110", "CVE-2013-2266" ); script_bugtraq_id( 53046, 54658, 55131, 55522, 55852, 56817, 57755, 57778, 58165, 58203, 58224, 58736, 58766, 58876, 58877, 58878, 58879, 58882, 60268, 60411, 62368, 62369, 62370, 62371, 62373, 62374, 62375, 62377, 62378, 62381, 62382 ); script_xref(name:"APPLE-SA", value:"APPLE-SA-2013-09-12-1"); script_name(english:"Mac OS X 10.8.x < 10.8.5 Multiple Vulnerabilities"); script_summary(english:"Check the version of Mac OS X"); script_set_attribute( attribute:"synopsis", value: "The remote host is missing a Mac OS X update that fixes several security issues." ); script_set_attribute( attribute:"description", value: "The remote host is running a version of Mac OS X 10.8.x that is prior to 10.8.5. The newer version contains multiple security-related fixes for the following components : - Apache - Bind - Certificate Trust Policy - CoreGraphics - ImageIO - Installer - IPSec - Kernel - Mobile Device Management - OpenSSL - PHP - PostgreSQL - Power Management - QuickTime - Screen Lock - sudo This update also addresses an issue in which certain Unicode strings could cause applications to unexpectedly quit. Note that successful exploitation of the most serious issues could result in arbitrary code execution." ); script_set_attribute(attribute:"see_also", value:"http://support.apple.com/kb/HT5880"); script_set_attribute(attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html"); script_set_attribute(attribute:"see_also", value:"http://www.securityfocus.com/archive/1/528594/30/0/threaded"); script_set_attribute(attribute:"solution", value:"Upgrade to Mac OS X 10.8.5 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Mac OS X Sudo Password Bypass'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990); script_set_attribute(attribute:"vuln_publication_date", value:"2012/04/16"); script_set_attribute(attribute:"patch_publication_date", value:"2013/09/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/09/13"); script_set_attribute(attribute:"plugin_type", value:"combined"); script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc."); script_dependencies("ssh_get_info.nasl", "os_fingerprint.nasl"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); os = get_kb_item("Host/MacOSX/Version"); if (!os) { os = get_kb_item_or_exit("Host/OS"); if ("Mac OS X" >!< os) audit(AUDIT_OS_NOT, "Mac OS X"); c = get_kb_item("Host/OS/Confidence"); if (c <= 70) exit(1, "Can't determine the host's OS with sufficient confidence."); } if (!os) audit(AUDIT_OS_NOT, "Mac OS X"); if (ereg(pattern:"Mac OS X 10\.8($|\.[0-4]([^0-9]|$))", string:os)) { set_kb_item(name:"www/0/XSS", value:TRUE); security_hole(0); } else exit(0, "The host is not affected as it is running "+os+".");
NASL family Web Servers NASL id OPENSSL_1_0_0K.NASL description According to its banner, the remote web server is running a version of OpenSSL 1.0.0 prior to 1.0.0k. The OpenSSL library is, therefore, reportedly affected by the following vulnerabilities : - An error exists related to the handling of OCSP response verification that could allow denial of service attacks. (CVE-2013-0166) - An error exists related to the SSL/TLS/DTLS protocols, CBC mode encryption and response time. An attacker could obtain plaintext contents of encrypted traffic via timing attacks. (CVE-2013-0169) last seen 2020-06-01 modified 2020-06-02 plugin id 64533 published 2013-02-09 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/64533 title OpenSSL 1.0.0 < 1.0.0k Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(64533); script_version("1.16"); script_cvs_date("Date: 2019/12/04"); script_cve_id("CVE-2013-0166", "CVE-2013-0169"); script_bugtraq_id(57778, 60268); script_name(english:"OpenSSL 1.0.0 < 1.0.0k Multiple Vulnerabilities"); script_summary(english:"Does a banner check"); script_set_attribute(attribute:"synopsis", value: "The remote host may be affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "According to its banner, the remote web server is running a version of OpenSSL 1.0.0 prior to 1.0.0k. The OpenSSL library is, therefore, reportedly affected by the following vulnerabilities : - An error exists related to the handling of OCSP response verification that could allow denial of service attacks. (CVE-2013-0166) - An error exists related to the SSL/TLS/DTLS protocols, CBC mode encryption and response time. An attacker could obtain plaintext contents of encrypted traffic via timing attacks. (CVE-2013-0169)"); script_set_attribute(attribute:"see_also", value:"https://www.openssl.org/news/secadv/20130204.txt"); script_set_attribute(attribute:"solution", value: "Upgrade to OpenSSL 1.0.0k or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-0169"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/02/04"); script_set_attribute(attribute:"patch_publication_date", value:"2013/02/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/02/09"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:openssl:openssl"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Web Servers"); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("openssl_version.nasl"); script_require_keys("openssl/port"); exit(0); } include("openssl_version.inc"); openssl_check_version(fixed:'1.0.0k', min:"1.0.0", severity:SECURITY_NOTE);
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2013-0587.NASL description Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2013-0169) A NULL pointer dereference flaw was found in the OCSP response verification in OpenSSL. A malicious OCSP server could use this flaw to crash applications performing OCSP verification by sending a specially crafted response. (CVE-2013-0166) It was discovered that the TLS/SSL protocol could leak information about plain text when optional compression was used. An attacker able to control part of the plain text sent over an encrypted TLS/SSL connection could possibly use this flaw to recover other portions of the plain text. (CVE-2012-4929) Note: This update disables zlib compression, which was previously enabled in OpenSSL by default. Applications using OpenSSL now need to explicitly enable zlib compression to use it. It was found that OpenSSL read certain environment variables even when used by a privileged (setuid or setgid) application. A local attacker could use this flaw to escalate their privileges. No application shipped with Red Hat Enterprise Linux 5 and 6 was affected by this problem. (BZ#839735) All OpenSSL users should upgrade to these updated packages, which contain backported patches to resolve these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. last seen 2020-06-01 modified 2020-06-02 plugin id 65004 published 2013-03-05 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/65004 title RHEL 5 / 6 : openssl (RHSA-2013:0587) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2013-040-01.NASL description New openssl packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 64535 published 2013-02-11 reporter This script is Copyright (C) 2013-2015 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/64535 title Slackware 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / 14.0 / current : openssl (SSA:2013-040-01) NASL family SuSE Local Security Checks NASL id OPENSUSE-2013-154.NASL description openssl was updated to 1.0.1e, fixing bugs and security issues : o Fix renegotiation in TLS 1.1, 1.2 by using the correct TLS version. o Include the fips configuration module. o Fix OCSP bad key DoS attack CVE-2013-0166 bnc#802746 o Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169 bnc#802184 o Fix for TLS AESNI record handling flaw CVE-2012-2686 Also the following buyg was fixed: bnc#757773 - c_rehash to accept more filename extensions last seen 2020-06-05 modified 2014-06-13 plugin id 74902 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74902 title openSUSE Security Update : openssl (openSUSE-SU-2013:0337-1) NASL family Fedora Local Security Checks NASL id FEDORA_2013-2793.NASL description Multiple security and bug fixes update from upstream. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-03-08 plugin id 65081 published 2013-03-08 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/65081 title Fedora 17 : openssl-1.0.0k-1.fc17 (2013-2793) NASL family CGI abuses NASL id IBM_TEM_8_2_1372.NASL description The remote host is running a version of IBM Tivoli Endpoint Manager Server prior to 8.2.1372. It is, therefore, affected by multiple vulnerabilities : - Multiple SSL related denial of service vulnerabilities exist. (CVE-2012-2686, CVE-2013-0166) - An SSL side-channel timing analysis attack allows full or partial plaintext recovery by a third-party listener. (CVE-2013-0169) - A cross-site request forgery vulnerability exists in the Use Analysis Application that can be exploited via a specially crafted AMF message. (CVE-2013-0452) - An unspecified cross-site scripting vulnerability exists in IBM Tivoli Endpoint Manager Web Reports. (CVE-2013-0453) last seen 2020-06-01 modified 2020-06-02 plugin id 66270 published 2013-04-30 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/66270 title IBM Tivoli Endpoint Manager Server < 8.2.1372 Multiple Vulnerabilities NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2013-0636.NASL description An updated rhev-hypervisor6 package that fixes several security issues and various bugs is now available. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A flaw was found in the way QEMU-KVM emulated the e1000 network interface card when the host was configured to accept jumbo network frames, and a guest using the e1000 emulated driver was not. A remote attacker could use this flaw to crash the guest or, potentially, execute arbitrary code with root privileges in the guest. (CVE-2012-6075) It was discovered that GnuTLS leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding oracle. (CVE-2013-1619) It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2013-0169) A NULL pointer dereference flaw was found in the OCSP response verification in OpenSSL. A malicious OCSP server could use this flaw to crash applications performing OCSP verification by sending a specially crafted response. (CVE-2013-0166) It was discovered that the TLS/SSL protocol could leak information about plain text when optional compression was used. An attacker able to control part of the plain text sent over an encrypted TLS/SSL connection could possibly use this flaw to recover other portions of the plain text. (CVE-2012-4929) This updated package provides updated components that include fixes for various security issues. These issues have no security impact on Red Hat Enterprise Virtualization Hypervisor itself, however. The security fixes included in this update address the following CVE numbers : CVE-2013-0292 (dbus-glib issue) CVE-2013-0228, CVE-2013-0268, and CVE-2013-0871 (kernel issues) CVE-2013-0338 (libxml2 issue) This update contains the builds from the following errata : ovirt-node: RHBA-2013:0634 https://rhn.redhat.com/errata/RHBA-2013-0634.html kernel: RHSA-2013:0630 https://rhn.redhat.com/errata/RHSA-2013-0630.html dbus-glib: RHSA-2013:0568 https://rhn.redhat.com/errata/RHSA-2013-0568.html libcgroup: RHBA-2013:0560 https://rhn.redhat.com/errata/RHBA-2013-0560.html vdsm: RHBA-2013:0635 https://rhn.redhat.com/errata/RHBA-2013-0635.html selinux-policy: RHBA-2013:0618 https://rhn.redhat.com/errata/RHBA-2013-0618.html qemu-kvm-rhev: RHSA-2013:0610 https://rhn.redhat.com/errata/RHSA-2013-0610.html glusterfs: RHBA-2013:0620 https://rhn.redhat.com/errata/RHBA-2013-0620.html gnutls: RHSA-2013:0588 https://rhn.redhat.com/errata/RHSA-2013-0588.html ipmitool: RHBA-2013:0572 https://rhn.redhat.com/errata/RHBA-2013-0572.html libxml2: RHSA-2013:0581 https://rhn.redhat.com/errata/RHSA-2013-0581.html openldap: RHBA-2013:0598 https://rhn.redhat.com/errata/RHBA-2013-0598.html openssl: RHSA-2013:0587 https://rhn.redhat.com/errata/RHSA-2013-0587.html Users of the Red Hat Enterprise Virtualization Hypervisor are advised to upgrade to this updated package, which fixes these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 78952 published 2014-11-08 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78952 title RHEL 6 : rhev-hypervisor6 (RHSA-2013:0636) NASL family Misc. NASL id VMWARE_ESXI_5_0_BUILD_1311177_REMOTE.NASL description The remote VMware ESXi 5.0 host is affected by the following security vulnerabilities : - Multiple errors exist related to OpenSSL that could allow information disclosure or denial of service attacks. (CVE-2013-0166, CVE-2013-0169) - An error exists in the libxml2 library related to the expansion of XML internal entities. An attacker can exploit this to cause a denial of service. (CVE-2013-0338) - An unspecified error exists related to last seen 2020-06-01 modified 2020-06-02 plugin id 70879 published 2013-11-13 reporter This script is (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/70879 title ESXi 5.0 < Build 1311175 Multiple Vulnerabilities (remote check) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2621.NASL description Multiple vulnerabilities have been found in OpenSSL. The Common Vulnerabilities and Exposures project identifies the following issues : - CVE-2013-0166 OpenSSL does not properly perform signature verification for OCSP responses, which allows remote attackers to cause a denial of service via an invalid key. - CVE-2013-0169 A timing side channel attack has been found in CBC padding allowing an attacker to recover pieces of plaintext via statistical analysis of crafted packages, known as the last seen 2020-03-17 modified 2013-02-14 plugin id 64623 published 2013-02-14 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/64623 title Debian DSA-2621-1 : openssl - several vulnerabilities NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2014-0008.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - fix for CVE-2014-0224 - SSL/TLS MITM vulnerability - replace expired GlobalSign Root CA certificate in ca-bundle.crt - fix for CVE-2013-0169 - SSL/TLS CBC timing attack (#907589) - fix for CVE-2013-0166 - DoS in OCSP signatures checking (#908052) - enable compression only if explicitly asked for or OPENSSL_DEFAULT_ZLIB environment variable is set (fixes CVE-2012-4929 #857051) - use __secure_getenv everywhere instead of getenv (#839735) - fix for CVE-2012-2333 - improper checking for record length in DTLS (#820686) - fix for CVE-2012-2110 - memory corruption in asn1_d2i_read_bio (#814185) - fix problem with the SGC restart patch that might terminate handshake incorrectly - fix for CVE-2012-0884 - MMA weakness in CMS and PKCS#7 code (#802725) - fix for CVE-2012-1165 - NULL read dereference on bad MIME headers (#802489) - fix for CVE-2011-4108 & CVE-2012-0050 - DTLS plaintext recovery vulnerability and additional DTLS fixes (#771770) - fix for CVE-2011-4109 - double free in policy checks (#771771) - fix for CVE-2011-4576 - uninitialized SSL 3.0 padding (#771775) - fix for CVE-2011-4619 - SGC restart DoS attack (#771780) - add known answer test for SHA2 algorithms (#740866) - make default private key length in certificate Makefile 2048 bits (can be changed with PRIVATE_KEY_BITS setting) (#745410) - fix incorrect return value in parse_yesno (#726593) - added DigiCert CA certificates to ca-bundle (#735819) - added a new section about error states to README.FIPS (#628976) - add missing DH_check_pub_key call when DH key is computed (#698175) - presort list of ciphers available in SSL (#688901) - accept connection in s_server even if getaddrinfo fails (#561260) - point to openssl dgst for list of supported digests (#608639) - fix handling of future TLS versions (#599112) - added VeriSign Class 3 Public Primary Certification Authority - G5 and StartCom Certification Authority certs to ca-bundle (#675671, #617856) - upstream fixes for the CHIL engine (#622003, #671484) - add SHA-2 hashes in SSL_library_init (#676384) - fix CVE-2010-4180 - completely disable code for SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG (#659462) - fix CVE-2009-3245 - add missing bn_wexpand return checks (#570924) - fix CVE-2010-0433 - do not pass NULL princ to krb5_kt_get_entry which in the RHEL-5 and newer versions will crash in such case (#569774) - fix CVE-2009-3555 - support the safe renegotiation extension and do not allow legacy renegotiation on the server by default (#533125) - fix CVE-2009-2409 - drop MD2 algorithm from EVP tables (#510197) - fix CVE-2009-4355 - do not leak memory when CRYPTO_cleanup_all_ex_data is called prematurely by application (#546707) last seen 2020-06-01 modified 2020-06-02 plugin id 79532 published 2014-11-26 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79532 title OracleVM 3.2 : onpenssl (OVMSA-2014-0008) NASL family AIX Local Security Checks NASL id AIX_OPENSSL_ADVISORY5.NASL description The version of OpenSSL running on the remote host is affected by the following vulnerabilities : - The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side- channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the last seen 2020-06-01 modified 2020-06-02 plugin id 73563 published 2014-04-16 reporter This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/73563 title AIX OpenSSL Advisory : openssl_advisory5.asc NASL family SuSE Local Security Checks NASL id SUSE_OPENSSL-8517.NASL description OpenSSL has been updated to fix several security issues : - Avoid the openssl CRIME attack by disabling SSL compression by default. Setting the environment variable last seen 2020-06-05 modified 2013-03-28 plugin id 65719 published 2013-03-28 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/65719 title SuSE 10 Security Update : OpenSSL (ZYPP Patch Number 8517) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1732-1.NASL description Adam Langley and Wolfgang Ettlingers discovered that OpenSSL incorrectly handled certain crafted CBC data when used with AES-NI. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 12.10. (CVE-2012-2686) Stephen Henson discovered that OpenSSL incorrectly performed signature verification for OCSP responses. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2013-0166) Nadhem Alfardan and Kenny Paterson discovered that the TLS protocol as used in OpenSSL was vulnerable to a timing side-channel attack known as the last seen 2020-06-01 modified 2020-06-02 plugin id 64798 published 2013-02-22 reporter Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/64798 title Ubuntu 8.04 LTS / 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : openssl vulnerabilities (USN-1732-1) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1732-2.NASL description USN-1732-1 fixed vulnerabilities in OpenSSL. The fix for CVE-2013-0166 and CVE-2012-2686 introduced a regression causing decryption failures on hardware supporting AES-NI. This update temporarily reverts the security fix pending further investigation. We apologize for the inconvenience. Adam Langley and Wolfgang Ettlingers discovered that OpenSSL incorrectly handled certain crafted CBC data when used with AES-NI. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 12.10. (CVE-2012-2686) Nadhem Alfardan and Kenny Paterson discovered that the TLS protocol as used in OpenSSL was vulnerable to a timing side-channel attack known as the last seen 2020-06-01 modified 2020-06-02 plugin id 64968 published 2013-03-01 reporter Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/64968 title Ubuntu 12.04 LTS / 12.10 : openssl regression (USN-1732-2) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2014-0007.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - fix for CVE-2014-0224 - SSL/TLS MITM vulnerability - replace expired GlobalSign Root CA certificate in ca-bundle.crt - fix for CVE-2013-0169 - SSL/TLS CBC timing attack (#907589) - fix for CVE-2013-0166 - DoS in OCSP signatures checking (#908052) - enable compression only if explicitly asked for or OPENSSL_DEFAULT_ZLIB environment variable is set (fixes CVE-2012-4929 #857051) - use __secure_getenv everywhere instead of getenv (#839735) - fix for CVE-2012-2333 - improper checking for record length in DTLS (#820686) - fix for CVE-2012-2110 - memory corruption in asn1_d2i_read_bio (#814185) - fix problem with the SGC restart patch that might terminate handshake incorrectly - fix for CVE-2012-0884 - MMA weakness in CMS and PKCS#7 code (#802725) - fix for CVE-2012-1165 - NULL read dereference on bad MIME headers (#802489) - fix for CVE-2011-4108 & CVE-2012-0050 - DTLS plaintext recovery vulnerability and additional DTLS fixes (#771770) - fix for CVE-2011-4109 - double free in policy checks (#771771) - fix for CVE-2011-4576 - uninitialized SSL 3.0 padding (#771775) - fix for CVE-2011-4619 - SGC restart DoS attack (#771780) - add known answer test for SHA2 algorithms (#740866) - make default private key length in certificate Makefile 2048 bits (can be changed with PRIVATE_KEY_BITS setting) (#745410) - fix incorrect return value in parse_yesno (#726593) - added DigiCert CA certificates to ca-bundle (#735819) - added a new section about error states to README.FIPS (#628976) - add missing DH_check_pub_key call when DH key is computed (#698175) - presort list of ciphers available in SSL (#688901) - accept connection in s_server even if getaddrinfo fails (#561260) - point to openssl dgst for list of supported digests (#608639) - fix handling of future TLS versions (#599112) - added VeriSign Class 3 Public Primary Certification Authority - G5 and StartCom Certification Authority certs to ca-bundle (#675671, #617856) - upstream fixes for the CHIL engine (#622003, #671484) - add SHA-2 hashes in SSL_library_init (#676384) - fix CVE-2010-4180 - completely disable code for SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG (#659462) - fix CVE-2009-3245 - add missing bn_wexpand return checks (#570924) - fix CVE-2010-0433 - do not pass NULL princ to krb5_kt_get_entry which in the RHEL-5 and newer versions will crash in such case (#569774) - fix CVE-2009-3555 - support the safe renegotiation extension and do not allow legacy renegotiation on the server by default (#533125) - fix CVE-2009-2409 - drop MD2 algorithm from EVP tables (#510197) - fix CVE-2009-4355 - do not leak memory when CRYPTO_cleanup_all_ex_data is called prematurely by application (#546707) last seen 2020-06-01 modified 2020-06-02 plugin id 79531 published 2014-11-26 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79531 title OracleVM 2.2 : openssl (OVMSA-2014-0007) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1546.NASL description According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.(CVE-2018-0495) - OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key.(CVE-2013-0166) - OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an last seen 2020-06-01 modified 2020-06-02 plugin id 124999 published 2019-05-14 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124999 title EulerOS Virtualization 3.0.1.0 : openssl (EulerOS-SA-2019-1546) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2013-0587.NASL description Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2013-0169) A NULL pointer dereference flaw was found in the OCSP response verification in OpenSSL. A malicious OCSP server could use this flaw to crash applications performing OCSP verification by sending a specially crafted response. (CVE-2013-0166) It was discovered that the TLS/SSL protocol could leak information about plain text when optional compression was used. An attacker able to control part of the plain text sent over an encrypted TLS/SSL connection could possibly use this flaw to recover other portions of the plain text. (CVE-2012-4929) Note: This update disables zlib compression, which was previously enabled in OpenSSL by default. Applications using OpenSSL now need to explicitly enable zlib compression to use it. It was found that OpenSSL read certain environment variables even when used by a privileged (setuid or setgid) application. A local attacker could use this flaw to escalate their privileges. No application shipped with Red Hat Enterprise Linux 5 and 6 was affected by this problem. (BZ#839735) All OpenSSL users should upgrade to these updated packages, which contain backported patches to resolve these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. last seen 2020-06-01 modified 2020-06-02 plugin id 65061 published 2013-03-07 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/65061 title CentOS 5 / 6 : openssl (CESA-2013:0587) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_69BFC8529BD011E2A7BE8C705AF55518.NASL description A flaw in the OpenSSL handling of OCSP response verification could be exploited to cause a denial of service attack. OpenSSL has a weakness in the handling of CBC ciphersuites in SSL, TLS and DTLS. The weakness could reveal plaintext in a timing attack. last seen 2020-06-01 modified 2020-06-02 plugin id 65842 published 2013-04-08 reporter This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/65842 title FreeBSD : FreeBSD -- OpenSSL multiple vulnerabilities (69bfc852-9bd0-11e2-a7be-8c705af55518) NASL family SuSE Local Security Checks NASL id OPENSUSE-2013-153.NASL description openssl was updated to 1.0.0k security release to fix bugs and security issues. (bnc#802648 bnc#802746) The version was upgraded to avoid backporting the large fixes for SSL, TLS and DTLS Plaintext Recovery Attack (CVE-2013-0169) TLS 1.1 and 1.2 AES-NI crash (CVE-2012-2686) OCSP invalid key DoS issue (CVE-2013-0166) Also the following bugfix was included: bnc#757773 - c_rehash to accept more filename extensions last seen 2020-06-05 modified 2014-06-13 plugin id 74901 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74901 title openSUSE Security Update : openssl (openSUSE-SU-2013:0336-1) NASL family Junos Local Security Checks NASL id JUNIPER_SPACE_JSA10659.NASL description According to its self-reported version number, the remote Junos Space version is prior to 14.1R1. It is, therefore, affected by multiple vulnerabilities in bundled third party software components : - Multiple vulnerabilities in the bundled OpenSSL CentOS package. (CVE-2011-4109, CVE-2011-4576, CVE-2011-4619, CVE-2012-0884, CVE-2012-2110, CVE-2012-2333, CVE-2013-0166, CVE-2013-0169, CVE-2014-0224) - Multiple vulnerabilities in Oracle MySQL. (CVE-2013-5908) - Multiple vulnerabilities in the Oracle Java runtime. (CVE-2014-0411, CVE-2014-0423, CVE-2014-4244, CVE-2014-0453, CVE-2014-0460, CVE-2014-4263, CVE-2014-4264) last seen 2020-06-01 modified 2020-06-02 plugin id 80197 published 2014-12-22 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/80197 title Juniper Junos Space < 14.1R1 Multiple Vulnerabilities (JSA10659) NASL family SuSE Local Security Checks NASL id SUSE_11_COMPAT-OPENSSL097G-141202.NASL description The SLES 9 compatibility package compat-openssl097g received a roll up update fixing various security issues : - Build option no-ssl3 is incomplete. (CVE-2014-3568) - Add support for TLS_FALLBACK_SCSV. (CVE-2014-3566) - Information leak in pretty printing functions. (CVE-2014-3508) - OCSP bad key DoS attack. (CVE-2013-0166) - SSL/TLS CBC plaintext recovery attack. (CVE-2013-0169) - Anonymous ECDH denial of service. (CVE-2014-3470) - SSL/TLS MITM vulnerability (CVE-2014-0224) last seen 2020-06-05 modified 2014-12-05 plugin id 79738 published 2014-12-05 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/79738 title SuSE 11.3 Security Update : compat-openssl097g (SAT Patch Number 10033) NASL family Junos Local Security Checks NASL id JUNIPER_JSA10575.NASL description According to its self-reported version number, the remote Junos device is using an outdated version of OpenSSL, which has multiple vulnerabilities including (but not limited to) : - An error exists related to the handling of OCSP response verification that could allow denial of service attacks. (CVE-2013-0166) - An error exists related to the SSL/TLS/DTLS protocols, CBC mode encryption and response time. An attacker could obtain plaintext contents of encrypted traffic via timing attacks. (CVE-2013-0169) last seen 2020-06-01 modified 2020-06-02 plugin id 68908 published 2013-07-16 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/68908 title Juniper Junos OpenSSL Multiple Vulnerabilities (JSA10575) NASL family Fedora Local Security Checks NASL id FEDORA_2013-2834.NASL description Multiple security and bug fixes update from upstream. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-03-04 plugin id 64982 published 2013-03-04 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/64982 title Fedora 18 : openssl-1.0.1e-3.fc18 (2013-2834) NASL family VMware ESX Local Security Checks NASL id VMWARE_VMSA-2013-0009.NASL description a. vCenter Server and ESX userworld update for OpenSSL library The userworld OpenSSL library is updated to version openssl-0.9.8y to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2013-0169 and CVE-2013-0166 to these issues. b. Service Console (COS) update for OpenSSL library The Service Console updates for OpenSSL library is updated to version openssl-0.9.8e-26.el5_9.1 to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2013-0169 and CVE-2013-0166 to these issues. c. ESX Userworld and Service Console (COS) update for libxml2 library The ESX Userworld and Service Console libxml2 library is updated to version libxml2-2.6.26-2.1.21.el5_9.1 and libxml2-python-2.6.26-2.1.21.el5_9.1. to resolve a security issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2013-0338 to this issue. d. Service Console (COS) update for GnuTLS library The ESX service console GnuTLS RPM is updated to version gnutls-1.4.1-10.el5_9.1 to resolve a security issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2013-2116 to this issue. e. ESX third-party update for Service Console kernel The ESX Service Console Operating System (COS) kernel is updated to kernel-2.6.18-348.3.1.el5 which addresses several security issues in the COS kernel. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2013-0268 and CVE-2013-0871 to these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 69193 published 2013-08-02 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/69193 title VMSA-2013-0009 : VMware vSphere, ESX and ESXi updates to third-party libraries NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2013-0587.NASL description From Red Hat Security Advisory 2013:0587 : Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2013-0169) A NULL pointer dereference flaw was found in the OCSP response verification in OpenSSL. A malicious OCSP server could use this flaw to crash applications performing OCSP verification by sending a specially crafted response. (CVE-2013-0166) It was discovered that the TLS/SSL protocol could leak information about plain text when optional compression was used. An attacker able to control part of the plain text sent over an encrypted TLS/SSL connection could possibly use this flaw to recover other portions of the plain text. (CVE-2012-4929) Note: This update disables zlib compression, which was previously enabled in OpenSSL by default. Applications using OpenSSL now need to explicitly enable zlib compression to use it. It was found that OpenSSL read certain environment variables even when used by a privileged (setuid or setgid) application. A local attacker could use this flaw to escalate their privileges. No application shipped with Red Hat Enterprise Linux 5 and 6 was affected by this problem. (BZ#839735) All OpenSSL users should upgrade to these updated packages, which contain backported patches to resolve these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. last seen 2020-06-01 modified 2020-06-02 plugin id 68768 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68768 title Oracle Linux 5 / 6 : openssl (ELSA-2013-0587) NASL family Web Servers NASL id OPENSSL_1_0_1D.NASL description According to its banner, the remote web server is running a version of OpenSSL 1.0.1 prior to 1.0.1d. The OpenSSL library is, therefore, reportedly affected by the following vulnerabilities : - An error exists related to AES-NI, TLS 1.1, TLS 1.2 and the handling of CBC ciphersuites that could allow denial of service attacks. Note that platforms and versions that do not support AES-NI, TLS 1.1, or TLS 1.2 are not affected. (CVE-2012-2686) - An error exists related to the handling of OCSP response verification that could allow denial of service attacks. (CVE-2013-0166) - An error exists related to the SSL/TLS/DTLS protocols, CBC mode encryption and response time. An attacker could obtain plaintext contents of encrypted traffic via timing attacks. (CVE-2013-0169) last seen 2020-06-01 modified 2020-06-02 plugin id 64534 published 2013-02-09 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/64534 title OpenSSL 1.0.1 < 1.0.1d Multiple Vulnerabilities NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201312-03.NASL description The remote host is affected by the vulnerability described in GLSA-201312-03 (OpenSSL: Multiple Vulnerabilities) Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced below for details. Impact : Remote attackers can determine private keys, decrypt data, cause a Denial of Service or possibly have other unspecified impact. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 71169 published 2013-12-03 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/71169 title GLSA-201312-03 : OpenSSL: Multiple Vulnerabilities NASL family Misc. NASL id VMWARE_ESXI_5_1_BUILD_1483097_REMOTE.NASL description The remote VMware ESXi 5.1 host is affected by the following vulnerabilities : - A denial of service vulnerability exists in the bundled OpenSSL library that is triggered when handling OCSP response verification. A remote attacker can exploit this to crash the program. (CVE-2013-0166) - An error exists related to the SSL/TLS/DTLS protocols, CBC mode encryption and response time. An attacker can obtain plaintext contents of encrypted traffic via timing attacks. (CVE-2013-0169) - An error exists in the libxml2 library related to the expansion of XML internal entities that could allow denial of service attacks. (CVE-2013-0338) - A NULL pointer dereference flaw exists in the handling of Network File Copy (NFC) traffic. An attacker can exploit this by intercepting and modifying NFC traffic, to cause a denial of service condition. (CVE-2014-1207) - A denial of service vulnerability exists in the handling of invalid ports that could allow a guest user to crash the VMX process. (CVE-2014-1208) last seen 2020-06-01 modified 2020-06-02 plugin id 72037 published 2014-01-20 reporter This script is (C) 2014-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/72037 title ESXi 5.1 < Build 1483097 Multiple Vulnerabilities (remote check)
Oval
accepted 2014-03-24T04:00:41.262-04:00 class vulnerability contributors name Ganesh Manal organization Hewlett-Packard name Sushant Kumar Singh organization Hewlett-Packard
description OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key. family unix id oval:org.mitre.oval:def:18754 status accepted submitted 2013-11-22T11:43:28.000-05:00 title HP-UX Apache Web Server, Remote Denial of Service (DoS) version 42 accepted 2015-05-04T04:00:14.599-04:00 class vulnerability contributors name Sergey Artykhov organization ALTX-SOFT name Maria Mikhno organization ALTX-SOFT
definition_extensions comment VisualSVN Server is installed oval oval:org.mitre.oval:def:18636 description OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key. family windows id oval:org.mitre.oval:def:19081 status accepted submitted 2013-10-02T13:00:00 title OpenSSL vulnerability before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d in VisualSVN Server (CVE-2013-0166) version 9 accepted 2014-01-20T04:00:20.018-05:00 class vulnerability contributors name Chandan M C organization Hewlett-Packard name Chandan M C organization Hewlett-Packard
definition_extensions comment IBM AIX 5.3 is installed oval oval:org.mitre.oval:def:5325 comment IBM AIX 6.1 is installed oval oval:org.mitre.oval:def:5267 comment IBM AIX 7.1 is installed oval oval:org.mitre.oval:def:18828 comment IBM AIX 5.3 is installed oval oval:org.mitre.oval:def:5325 comment IBM AIX 6.1 is installed oval oval:org.mitre.oval:def:5267 comment IBM AIX 7.1 is installed oval oval:org.mitre.oval:def:18828
description OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key. family unix id oval:org.mitre.oval:def:19360 status accepted submitted 2013-11-18T10:06:56.357-05:00 title Multiple OpenSSL vulnerabilities version 50 accepted 2015-04-20T04:01:22.549-04:00 class vulnerability contributors name Ganesh Manal organization Hewlett-Packard name Sushant Kumar Singh organization Hewlett-Packard name Sushant Kumar Singh organization Hewlett-Packard name Prashant Kumar organization Hewlett-Packard name Mike Cokus organization The MITRE Corporation
description OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key. family unix id oval:org.mitre.oval:def:19487 status accepted submitted 2013-11-22T11:43:28.000-05:00 title HP-UX Running OpenSSL, Remote Denial of Service (DoS) and Unauthorized Disclosure version 49
Redhat
advisories |
| ||||||||||||||||
rpms |
|
References
- http://www.openssl.org/news/secadv_20130204.txt
- https://bugzilla.redhat.com/show_bug.cgi?id=908052
- http://www.debian.org/security/2013/dsa-2621
- http://rhn.redhat.com/errata/RHSA-2013-0587.html
- http://rhn.redhat.com/errata/RHSA-2013-0783.html
- http://marc.info/?l=bugtraq&m=136396549913849&w=2
- http://rhn.redhat.com/errata/RHSA-2013-0782.html
- http://www.kb.cert.org/vuls/id/737740
- http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html
- http://support.apple.com/kb/HT5880
- http://secunia.com/advisories/55139
- http://secunia.com/advisories/55108
- http://rhn.redhat.com/errata/RHSA-2013-0833.html
- http://marc.info/?l=bugtraq&m=137545771702053&w=2
- http://www.splunk.com/view/SP-CAAAHXG
- http://secunia.com/advisories/53623
- http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html
- http://marc.info/?l=bugtraq&m=136432043316835&w=2
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19487
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19360
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19081
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18754
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03883001
- http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=66e8211c0b1347970096e04b18aa52567c325200
- http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=62e4506a7d4cec1c8e1ff687f6b220f6a62a57c7
- http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=ebc71865f0506a293242bd4aec97cdc7a8ef24b0