Vulnerabilities > CVE-2013-0169 - Cryptographic Issues vulnerability in multiple products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Signature Spoofing by Key Recreation An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Nessus
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2014-0416.NASL description Updated rhevm-spice-client packages that fix multiple security issues are now available for Red Hat Enterprise Virtualization Manager 3. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Red Hat Enterprise Virtualization Manager provides access to virtual machines using SPICE. These SPICE client packages provide the SPICE client and usbclerk service for both Windows 32-bit operating systems and Windows 64-bit operating systems. The rhevm-spice-client package includes the mingw-virt-viewer Windows SPICE client. OpenSSL, a general purpose cryptography library with a TLS implementation, is bundled with mingw-virt-viewer. The mingw-virt-viewer package has been updated to correct the following issues : An information disclosure flaw was found in the way OpenSSL handled TLS and DTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server could send a specially crafted TLS or DTLS Heartbeat packet to disclose a limited portion of memory per request from a connected client or server. Note that the disclosed portions of memory could potentially include sensitive information such as private keys. (CVE-2014-0160) It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2013-0169) A NULL pointer dereference flaw was found in the way OpenSSL handled TLS/SSL protocol handshake packets. A specially crafted handshake packet could cause a TLS/SSL client using OpenSSL to crash. (CVE-2013-4353) It was discovered that the TLS/SSL protocol could leak information about plain text when optional compression was used. An attacker able to control part of the plain text sent over an encrypted TLS/SSL connection could possibly use this flaw to recover other portions of the plain text. (CVE-2012-4929) Red Hat would like to thank the OpenSSL project for reporting CVE-2014-0160. Upstream acknowledges Neel Mehta of Google Security as the original reporter. The updated mingw-virt-viewer Windows SPICE client further includes OpenSSL security fixes that have no security impact on mingw-virt-viewer itself. The security fixes included in this update address the following CVE numbers : CVE-2013-6449, CVE-2013-6450, CVE-2012-2686, and CVE-2013-0166 All Red Hat Enterprise Virtualization Manager users are advised to upgrade to these updated packages, which address these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 79013 published 2014-11-08 reporter This script is Copyright (C) 2014-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/79013 title RHEL 6 : rhevm-spice-client (RHSA-2014:0416) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2014:0416. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(79013); script_version("1.9"); script_cvs_date("Date: 2019/10/24 15:35:38"); script_cve_id("CVE-2012-2686", "CVE-2012-4929", "CVE-2013-0166", "CVE-2013-0169", "CVE-2013-4353", "CVE-2013-6449", "CVE-2013-6450", "CVE-2014-0160"); script_bugtraq_id(55704, 57755, 57778, 60268, 64530, 64618, 64691, 66690); script_xref(name:"RHSA", value:"2014:0416"); script_name(english:"RHEL 6 : rhevm-spice-client (RHSA-2014:0416)"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated rhevm-spice-client packages that fix multiple security issues are now available for Red Hat Enterprise Virtualization Manager 3. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Red Hat Enterprise Virtualization Manager provides access to virtual machines using SPICE. These SPICE client packages provide the SPICE client and usbclerk service for both Windows 32-bit operating systems and Windows 64-bit operating systems. The rhevm-spice-client package includes the mingw-virt-viewer Windows SPICE client. OpenSSL, a general purpose cryptography library with a TLS implementation, is bundled with mingw-virt-viewer. The mingw-virt-viewer package has been updated to correct the following issues : An information disclosure flaw was found in the way OpenSSL handled TLS and DTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server could send a specially crafted TLS or DTLS Heartbeat packet to disclose a limited portion of memory per request from a connected client or server. Note that the disclosed portions of memory could potentially include sensitive information such as private keys. (CVE-2014-0160) It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2013-0169) A NULL pointer dereference flaw was found in the way OpenSSL handled TLS/SSL protocol handshake packets. A specially crafted handshake packet could cause a TLS/SSL client using OpenSSL to crash. (CVE-2013-4353) It was discovered that the TLS/SSL protocol could leak information about plain text when optional compression was used. An attacker able to control part of the plain text sent over an encrypted TLS/SSL connection could possibly use this flaw to recover other portions of the plain text. (CVE-2012-4929) Red Hat would like to thank the OpenSSL project for reporting CVE-2014-0160. Upstream acknowledges Neel Mehta of Google Security as the original reporter. The updated mingw-virt-viewer Windows SPICE client further includes OpenSSL security fixes that have no security impact on mingw-virt-viewer itself. The security fixes included in this update address the following CVE numbers : CVE-2013-6449, CVE-2013-6450, CVE-2012-2686, and CVE-2013-0166 All Red Hat Enterprise Virtualization Manager users are advised to upgrade to these updated packages, which address these issues." ); script_set_attribute( attribute:"see_also", value:"http://rhn.redhat.com/errata/RHSA-2014-0416.html" ); script_set_attribute( attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2013-0169.html" ); script_set_attribute( attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2012-4929.html" ); script_set_attribute( attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2013-4353.html" ); script_set_attribute( attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2014-0160.html" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:N"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rhevm-spice-client-x64-cab"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rhevm-spice-client-x64-msi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rhevm-spice-client-x86-cab"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rhevm-spice-client-x86-msi"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/09/14"); script_set_attribute(attribute:"patch_publication_date", value:"2014/04/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/08"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 Tenable Network Security, Inc."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = eregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! ereg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); flag = 0; if (rpm_exists(rpm:"rhevm-spice-client-x64-cab-3\.3-", release:"RHEL6") && rpm_check(release:"RHEL6", reference:"rhevm-spice-client-x64-cab-3.3-12.el6_5")) flag++; if (rpm_exists(rpm:"rhevm-spice-client-x64-msi-3\.3-", release:"RHEL6") && rpm_check(release:"RHEL6", reference:"rhevm-spice-client-x64-msi-3.3-12.el6_5")) flag++; if (rpm_exists(rpm:"rhevm-spice-client-x86-cab-3\.3-", release:"RHEL6") && rpm_check(release:"RHEL6", reference:"rhevm-spice-client-x86-cab-3.3-12.el6_5")) flag++; if (rpm_exists(rpm:"rhevm-spice-client-x86-msi-3\.3-", release:"RHEL6") && rpm_check(release:"RHEL6", reference:"rhevm-spice-client-x86-msi-3.3-12.el6_5")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "rhevm-spice-client-x64-cab-3.3 / rhevm-spice-client-x64-msi-3.3 / etc"); }
NASL family Web Servers NASL id WEBSPHERE_7_0_0_29.NASL description IBM WebSphere Application Server 7.0 before Fix Pack 29 appears to be running on the remote host. It is, therefore, potentially affected by the following vulnerabilities : - The TLS protocol in the GSKIT component is vulnerable to a plaintext recovery attack. (CVE-2013-0169, PM85211) - The WS-Security run time contains a flaw that could be triggered by a specially crafted SOAP request to execute arbitrary code. (CVE-2013-0482, PM76582) - A denial of service vulnerability exists, caused by a buffer overflow on localOS registry when using WebSphere Identity Manager (WIM). (CVE-2013-0541, PM74909) - An unspecified cross-site scripting vulnerability exists related to the administrative console. (CVE-2013-0542, CVE-2013-2967, PM78614, PM81846) - A validation flaw exists relating to last seen 2020-06-01 modified 2020-06-02 plugin id 68982 published 2013-07-19 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68982 title IBM WebSphere Application Server 7.0 < Fix Pack 29 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(68982); script_version("1.9"); script_cvs_date("Date: 2019/11/27"); script_cve_id( "CVE-2013-0169", "CVE-2013-0482", "CVE-2013-0541", "CVE-2013-0542", "CVE-2013-0543", "CVE-2013-0544", "CVE-2013-0597", "CVE-2013-1768", "CVE-2013-2967", "CVE-2013-2976", "CVE-2013-3029" ); script_bugtraq_id( 57778, 59247, 59248, 59250, 59251, 59650, 60534, 60724 ); script_name(english:"IBM WebSphere Application Server 7.0 < Fix Pack 29 Multiple Vulnerabilities"); script_summary(english:"Reads the version number from the SOAP port"); script_set_attribute(attribute:"synopsis", value: "The remote application server is potentially affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "IBM WebSphere Application Server 7.0 before Fix Pack 29 appears to be running on the remote host. It is, therefore, potentially affected by the following vulnerabilities : - The TLS protocol in the GSKIT component is vulnerable to a plaintext recovery attack. (CVE-2013-0169, PM85211) - The WS-Security run time contains a flaw that could be triggered by a specially crafted SOAP request to execute arbitrary code. (CVE-2013-0482, PM76582) - A denial of service vulnerability exists, caused by a buffer overflow on localOS registry when using WebSphere Identity Manager (WIM). (CVE-2013-0541, PM74909) - An unspecified cross-site scripting vulnerability exists related to the administrative console. (CVE-2013-0542, CVE-2013-2967, PM78614, PM81846) - A validation flaw exists relating to 'Local OS registries' that may allow a remote attacker to bypass security. (CVE-2013-0543, PM75582) - A directory traversal vulnerability exists in the administrative console via the 'PARAMETER' parameter. (CVE-2013-0544, PM82468) - A flaw exists relating to OAuth that could allow a remote attacker to obtain someone else's credentials. (CVE-2013-0597, PM85834, PM87131) - A flaw exists relating to OpenJPA that is triggered during deserialization that may allow a remote attacker to write to the file system and potentially execute arbitrary code. (CVE-2013-1768, PM86780, PM86786, PM86788, PM86791) - An information disclosure issue exists relating to incorrect caching by the administrative console. (CVE-2013-2976, PM79992) - A user-supplied input validation error exists that could allow cross-site request (CSRF) attacks to be carried out. (CVE-2013-3029, PM88746)"); # https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_potential_security_vulnerabilities_fixed_in_ibm_websphere_application_server_7_0_0_29?lang=en_us script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0379569f"); script_set_attribute(attribute:"see_also", value:"https://www-304.ibm.com/support/docview.wss?uid=swg21640799"); script_set_attribute(attribute:"solution", value: "If using WebSphere Application Server, apply Fix Pack 29 (7.0.0.29) or later. Otherwise, if using embedded WebSphere Application Server packaged with Tivoli Directory Server, apply the latest recommended eWAS fix pack."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-1768"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990); script_set_attribute(attribute:"vuln_publication_date", value:"2013/02/04"); script_set_attribute(attribute:"patch_publication_date", value:"2013/06/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/19"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:websphere_application_server"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Web Servers"); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("websphere_detect.nasl"); script_require_keys("www/WebSphere"); script_require_ports("Services/www", 8880, 8881); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); port = get_http_port(default:8880, embedded:0); version = get_kb_item_or_exit("www/WebSphere/"+port+"/version"); if (version =~ "^[0-9]+(\.[0-9]+)?$") exit(1, "Failed to extract a granular version from the IBM WebSphere Application Server " + version + " instance listening on port " + port + "."); ver = split(version, sep:'.', keep:FALSE); for (i=0; i<max_index(ver); i++) ver[i] = int(ver[i]); if (ver[0] == 7 && ver[1] == 0 && ver[2] == 0 && ver[3] < 29) { set_kb_item(name:'www/'+port+'/XSS', value:TRUE); set_kb_item(name:'www/'+port+'/XSRF', value:TRUE); if (report_verbosity > 0) { source = get_kb_item_or_exit("www/WebSphere/"+port+"/source"); report = '\n Version source : ' + source + '\n Installed version : ' + version + '\n Fixed version : 7.0.0.29' + '\n'; security_hole(port:port, extra:report); } else security_hole(port); exit(0); } else audit(AUDIT_LISTEN_NOT_VULN, "WebSphere", port, version);
NASL family SuSE Local Security Checks NASL id OPENSUSE-2016-294.NASL description This update for libopenssl0_9_8 fixes the following issues : - CVE-2016-0800 aka the last seen 2020-06-05 modified 2016-03-04 plugin id 89651 published 2016-03-04 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/89651 title openSUSE Security Update : libopenssl0_9_8 (openSUSE-2016-294) (DROWN) (FREAK) (POODLE) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2016-294. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(89651); script_version("1.20"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2013-0166", "CVE-2013-0169", "CVE-2014-0076", "CVE-2014-0195", "CVE-2014-0221", "CVE-2014-0224", "CVE-2014-3470", "CVE-2014-3505", "CVE-2014-3506", "CVE-2014-3507", "CVE-2014-3508", "CVE-2014-3510", "CVE-2014-3566", "CVE-2014-3567", "CVE-2014-3568", "CVE-2014-3569", "CVE-2014-3570", "CVE-2014-3571", "CVE-2014-3572", "CVE-2014-8275", "CVE-2015-0204", "CVE-2015-0209", "CVE-2015-0286", "CVE-2015-0287", "CVE-2015-0288", "CVE-2015-0289", "CVE-2015-0293", "CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-3195", "CVE-2015-3197", "CVE-2016-0797", "CVE-2016-0799", "CVE-2016-0800"); script_name(english:"openSUSE Security Update : libopenssl0_9_8 (openSUSE-2016-294) (DROWN) (FREAK) (POODLE)"); script_summary(english:"Check for the openSUSE-2016-294 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for libopenssl0_9_8 fixes the following issues : - CVE-2016-0800 aka the 'DROWN' attack (bsc#968046): OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA padding oracle. This update changes the openssl library to : - Disable SSLv2 protocol support by default. This can be overridden by setting the environment variable 'OPENSSL_ALLOW_SSL2' or by using SSL_CTX_clear_options using the SSL_OP_NO_SSLv2 flag. Note that various services and clients had already disabled SSL protocol 2 by default previously. - Disable all weak EXPORT ciphers by default. These can be reenabled if required by old legacy software using the environment variable 'OPENSSL_ALLOW_EXPORT'. - CVE-2016-0797 (bnc#968048): The BN_hex2bn() and BN_dec2bn() functions had a bug that could result in an attempt to de-reference a NULL pointer leading to crashes. This could have security consequences if these functions were ever called by user applications with large untrusted hex/decimal data. Also, internal usage of these functions in OpenSSL uses data from config files or application command line arguments. If user developed applications generated config file data based on untrusted data, then this could have had security consequences as well. - CVE-2016-0799 (bnc#968374) On many 64 bit systems, the internal fmtstr() and doapr_outch() functions could miscalculate the length of a string and attempt to access out-of-bounds memory locations. These problems could have enabled attacks where large amounts of untrusted data is passed to the BIO_*printf functions. If applications use these functions in this way then they could have been vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could have been vulnerable if the data is from untrusted sources. OpenSSL command line applications could also have been vulnerable when they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable. - The package was updated to 0.9.8zh : - fixes many security vulnerabilities (not separately listed): CVE-2015-3195, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1792, CVE-2015-1791, CVE-2015-0286, CVE-2015-0287, CVE-2015-0289, CVE-2015-0293, CVE-2015-0209, CVE-2015-0288, CVE-2014-3571, CVE-2014-3569, CVE-2014-3572, CVE-2015-0204, CVE-2014-8275, CVE-2014-3570, CVE-2014-3567, CVE-2014-3568, CVE-2014-3566, CVE-2014-3510, CVE-2014-3507, CVE-2014-3506, CVE-2014-3505, CVE-2014-3508, CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-3470, CVE-2014-0076, CVE-2013-0169, CVE-2013-0166 - avoid running OPENSSL_config twice. This avoids breaking engine loading. (boo#952871, boo#967787) - fix CVE-2015-3197 (boo#963415) - SSLv2 doesn't block disabled ciphers" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=952871" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=963415" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=967787" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=968046" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=968048" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=968374" ); script_set_attribute( attribute:"solution", value:"Update the affected libopenssl0_9_8 packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libopenssl0_9_8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libopenssl0_9_8-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libopenssl0_9_8-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libopenssl0_9_8-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libopenssl0_9_8-debugsource"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.1"); script_set_attribute(attribute:"patch_publication_date", value:"2016/03/03"); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/03/04"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE13\.2|SUSE42\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.2 / 42.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE13.2", reference:"libopenssl0_9_8-0.9.8zh-9.3.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"libopenssl0_9_8-debuginfo-0.9.8zh-9.3.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"libopenssl0_9_8-debugsource-0.9.8zh-9.3.1") ) flag++; if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libopenssl0_9_8-32bit-0.9.8zh-9.3.1") ) flag++; if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libopenssl0_9_8-debuginfo-32bit-0.9.8zh-9.3.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libopenssl0_9_8-0.9.8zh-14.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libopenssl0_9_8-debuginfo-0.9.8zh-14.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libopenssl0_9_8-debugsource-0.9.8zh-14.1") ) flag++; if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"libopenssl0_9_8-32bit-0.9.8zh-14.1") ) flag++; if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"libopenssl0_9_8-debuginfo-32bit-0.9.8zh-14.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libopenssl0_9_8 / libopenssl0_9_8-32bit / libopenssl0_9_8-debuginfo / etc"); }
NASL family F5 Networks Local Security Checks NASL id F5_BIGIP_SOL15637.NASL description The _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in GnuTLS 2.12.23 allows remote attackers to cause a denial of service (buffer over-read and crash) via a crafted padding length. NOTE: this might be due to an incorrect fix for CVE-2013-0169. last seen 2020-06-01 modified 2020-06-02 plugin id 78199 published 2014-10-10 reporter This script is Copyright (C) 2014 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/78199 title F5 Networks BIG-IP : GnuTLS vulnerability (SOL15637) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from F5 Networks BIG-IP Solution SOL15637. # # The text description of this plugin is (C) F5 Networks. # include("compat.inc"); if (description) { script_id(78199); script_version("$Revision: 1.1 $"); script_cvs_date("$Date: 2014/10/10 15:46:57 $"); script_cve_id("CVE-2013-0169", "CVE-2013-2116"); script_bugtraq_id(57778, 60215); script_name(english:"F5 Networks BIG-IP : GnuTLS vulnerability (SOL15637)"); script_summary(english:"Checks the BIG-IP version."); script_set_attribute( attribute:"synopsis", value:"The remote device is missing a vendor-supplied security patch." ); script_set_attribute( attribute:"description", value: "The _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in GnuTLS 2.12.23 allows remote attackers to cause a denial of service (buffer over-read and crash) via a crafted padding length. NOTE: this might be due to an incorrect fix for CVE-2013-0169." ); # http://support.f5.com/kb/en-us/solutions/public/15000/600/sol15637.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?86d6ebf4" ); script_set_attribute( attribute:"solution", value: "Upgrade to one of the non-vulnerable versions listed in the F5 Solution SOL15637." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip:acceleration_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip:access_policy_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip:advanced_firewall_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip:application_security_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip:application_visibility_and_reporting"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip:global_traffic_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip:link_controller"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip:local_traffic_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip:policy_enforcement_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip:protocol_security_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip:wan_optimization_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip:web_accelerator_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip"); script_set_attribute(attribute:"patch_publication_date", value:"2014/10/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/10/10"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014 Tenable Network Security, Inc."); script_family(english:"F5 Networks Local Security Checks"); script_dependencies("f5_bigip_detect.nbin"); script_require_keys("Host/local_checks_enabled", "Host/BIG-IP/hotfix", "Host/BIG-IP/modules", "Host/BIG-IP/version"); exit(0); } include("f5_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); version = get_kb_item("Host/BIG-IP/version"); if ( ! version ) audit(AUDIT_OS_NOT, "F5 Networks BIG-IP"); if ( isnull(get_kb_item("Host/BIG-IP/hotfix")) ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/hotfix"); if ( ! get_kb_item("Host/BIG-IP/modules") ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/modules"); sol = "SOL15637"; vmatrix = make_array(); # AFM vmatrix["AFM"] = make_array(); vmatrix["AFM"]["affected" ] = make_list("11.3.0-11.4.1"); vmatrix["AFM"]["unaffected"] = make_list("11.5.0-11.6.0"); # AVR vmatrix["AVR"] = make_array(); vmatrix["AVR"]["affected" ] = make_list("11.0.0-11.4.1"); vmatrix["AVR"]["unaffected"] = make_list("11.5.0-11.6.0"); # LC vmatrix["LC"] = make_array(); vmatrix["LC"]["affected" ] = make_list("11.0.0-11.4.1","10.0.0-10.2.4"); vmatrix["LC"]["unaffected"] = make_list("11.5.0-11.6.0"); # APM vmatrix["APM"] = make_array(); vmatrix["APM"]["affected" ] = make_list("11.0.0-11.4.1","10.1.0-10.2.4"); vmatrix["APM"]["unaffected"] = make_list("11.5.0-11.6.0"); # GTM vmatrix["GTM"] = make_array(); vmatrix["GTM"]["affected" ] = make_list("11.0.0-11.4.1","10.0.0-10.2.4"); vmatrix["GTM"]["unaffected"] = make_list("11.5.0-11.6.0"); # LTM vmatrix["LTM"] = make_array(); vmatrix["LTM"]["affected" ] = make_list("11.0.0-11.4.1","10.0.0-10.2.4"); vmatrix["LTM"]["unaffected"] = make_list("11.5.0-11.6.0"); # PEM vmatrix["PEM"] = make_array(); vmatrix["PEM"]["affected" ] = make_list("11.3.0-11.4.1"); vmatrix["PEM"]["unaffected"] = make_list("11.5.0-11.6.0"); # ASM vmatrix["ASM"] = make_array(); vmatrix["ASM"]["affected" ] = make_list("11.0.0-11.4.1","10.0.0-10.2.4"); vmatrix["ASM"]["unaffected"] = make_list("11.5.0-11.6.0"); # AM vmatrix["AM"] = make_array(); vmatrix["AM"]["affected" ] = make_list("11.4.0-11.4.1"); vmatrix["AM"]["unaffected"] = make_list("11.5.0-11.6.0"); if (bigip_is_affected(vmatrix:vmatrix, sol:sol)) { if (report_verbosity > 0) security_warning(port:0, extra:bigip_report_get()); else security_warning(0); exit(0); } else { tested = bigip_get_tested_modules(); audit_extra = "For BIG-IP module(s) " + tested + ","; if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version); else audit(AUDIT_HOST_NOT, "running any of the affected modules"); }
NASL family Web Servers NASL id OPENSSL_0_9_8Y.NASL description According to its banner, the remote web server is running a version of OpenSSL prior to 0.9.8y. The OpenSSL library is, therefore, reportedly affected by the following vulnerabilities : - An error exists related to the handling of OCSP response verification that could allow denial of service attacks. (CVE-2013-0166) - An error exists related to the SSL/TLS/DTLS protocols, CBC mode encryption and response time. An attacker could obtain plaintext contents of encrypted traffic via timing attacks. (CVE-2013-0169) last seen 2020-06-01 modified 2020-06-02 plugin id 64532 published 2013-02-09 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/64532 title OpenSSL < 0.9.8y Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(64532); script_version("1.16"); script_cvs_date("Date: 2019/12/04"); script_cve_id("CVE-2013-0166", "CVE-2013-0169"); script_bugtraq_id(57778, 60268); script_name(english:"OpenSSL < 0.9.8y Multiple Vulnerabilities"); script_summary(english:"Does a banner check"); script_set_attribute(attribute:"synopsis", value: "The remote host may be affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "According to its banner, the remote web server is running a version of OpenSSL prior to 0.9.8y. The OpenSSL library is, therefore, reportedly affected by the following vulnerabilities : - An error exists related to the handling of OCSP response verification that could allow denial of service attacks. (CVE-2013-0166) - An error exists related to the SSL/TLS/DTLS protocols, CBC mode encryption and response time. An attacker could obtain plaintext contents of encrypted traffic via timing attacks. (CVE-2013-0169)"); script_set_attribute(attribute:"see_also", value:"https://www.openssl.org/news/secadv/20130204.txt"); script_set_attribute(attribute:"solution", value: "Upgrade to OpenSSL 0.9.8y or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-0169"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/02/04"); script_set_attribute(attribute:"patch_publication_date", value:"2013/02/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/02/09"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:openssl:openssl"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Web Servers"); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("openssl_version.nasl"); script_require_keys("openssl/port"); exit(0); } include("openssl_version.inc"); openssl_check_version(fixed:'0.9.8y', severity:SECURITY_NOTE);
NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0033_NSS.NASL description The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has nss packages installed that are affected by multiple vulnerabilities: - A flaw was found in the way NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. A man-in-the-middle attacker could use this flaw in a passive replay attack. (CVE-2018-12384) - The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side- channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169. (CVE-2013-1620) - Mozilla Network Security Services (NSS) before 3.15.2 does not ensure that data structures are initialized before read operations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a decryption failure. (CVE-2013-1739) - A flaw was found in the way TLS False Start was implemented in NSS. An attacker could use this flaw to potentially return unencrypted information from the server. (CVE-2013-1740) - Integer overflow in Mozilla Network Security Services (NSS) 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large size value. (CVE-2013-1741) - Mozilla Network Security Services (NSS) 3.14 before 3.14.5 and 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via invalid handshake packets. (CVE-2013-5605) - The CERT_VerifyCert function in lib/certhigh/certvfy.c in Mozilla Network Security Services (NSS) 3.15 before 3.15.3 provides an unexpected return value for an incompatible key-usage certificate when the CERTVerifyLog argument is valid, which might allow remote attackers to bypass intended access restrictions via a crafted certificate. (CVE-2013-5606) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 127200 published 2019-08-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127200 title NewStart CGSL CORE 5.04 / MAIN 5.04 : nss Multiple Vulnerabilities (NS-SA-2019-0033) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from ZTE advisory NS-SA-2019-0033. The text # itself is copyright (C) ZTE, Inc. include("compat.inc"); if (description) { script_id(127200); script_version("1.2"); script_cvs_date("Date: 2019/10/17 14:31:04"); script_cve_id( "CVE-2013-1620", "CVE-2013-1739", "CVE-2013-1740", "CVE-2013-1741", "CVE-2013-5605", "CVE-2013-5606", "CVE-2018-12384" ); script_name(english:"NewStart CGSL CORE 5.04 / MAIN 5.04 : nss Multiple Vulnerabilities (NS-SA-2019-0033)"); script_set_attribute(attribute:"synopsis", value: "The remote machine is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has nss packages installed that are affected by multiple vulnerabilities: - A flaw was found in the way NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. A man-in-the-middle attacker could use this flaw in a passive replay attack. (CVE-2018-12384) - The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side- channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169. (CVE-2013-1620) - Mozilla Network Security Services (NSS) before 3.15.2 does not ensure that data structures are initialized before read operations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a decryption failure. (CVE-2013-1739) - A flaw was found in the way TLS False Start was implemented in NSS. An attacker could use this flaw to potentially return unencrypted information from the server. (CVE-2013-1740) - Integer overflow in Mozilla Network Security Services (NSS) 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large size value. (CVE-2013-1741) - Mozilla Network Security Services (NSS) 3.14 before 3.14.5 and 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via invalid handshake packets. (CVE-2013-5605) - The CERT_VerifyCert function in lib/certhigh/certvfy.c in Mozilla Network Security Services (NSS) 3.15 before 3.15.3 provides an unexpected return value for an incompatible key-usage certificate when the CERTVerifyLog argument is valid, which might allow remote attackers to bypass intended access restrictions via a crafted certificate. (CVE-2013-5606) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"http://security.gd-linux.com/notice/NS-SA-2019-0033"); script_set_attribute(attribute:"solution", value: "Upgrade the vulnerable CGSL nss packages. Note that updated packages may not be available yet. Please contact ZTE for more information."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-5605"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/02/08"); script_set_attribute(attribute:"patch_publication_date", value:"2019/07/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/12"); script_set_attribute(attribute:"plugin_type", value:"local"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"NewStart CGSL Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/ZTE-CGSL/release", "Host/ZTE-CGSL/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/ZTE-CGSL/release"); if (isnull(release) || release !~ "^CGSL (MAIN|CORE)") audit(AUDIT_OS_NOT, "NewStart Carrier Grade Server Linux"); if (release !~ "CGSL CORE 5.04" && release !~ "CGSL MAIN 5.04") audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04'); if (!get_kb_item("Host/ZTE-CGSL/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "NewStart Carrier Grade Server Linux", cpu); flag = 0; pkgs = { "CGSL CORE 5.04": [ "nss-3.36.0-7.el7_5.cgslv5lite.0.1.gadf9d62", "nss-debuginfo-3.36.0-7.el7_5.cgslv5lite.0.1.gadf9d62", "nss-devel-3.36.0-7.el7_5.cgslv5lite.0.1.gadf9d62", "nss-pkcs11-devel-3.36.0-7.el7_5.cgslv5lite.0.1.gadf9d62", "nss-sysinit-3.36.0-7.el7_5.cgslv5lite.0.1.gadf9d62", "nss-tools-3.36.0-7.el7_5.cgslv5lite.0.1.gadf9d62" ], "CGSL MAIN 5.04": [ "nss-3.36.0-7.el7_5.cgslv5", "nss-debuginfo-3.36.0-7.el7_5.cgslv5", "nss-devel-3.36.0-7.el7_5.cgslv5", "nss-pkcs11-devel-3.36.0-7.el7_5.cgslv5", "nss-sysinit-3.36.0-7.el7_5.cgslv5", "nss-tools-3.36.0-7.el7_5.cgslv5" ] }; pkg_list = pkgs[release]; foreach (pkg in pkg_list) if (rpm_check(release:"ZTE " + release, reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "nss"); }
NASL family Web Servers NASL id WEBSPHERE_8_5_5.NASL description IBM WebSphere Application Server 8.5 before Fix Pack 8.5.5 appears to be running on the remote host and is, therefore, potentially affected by the following vulnerabilities : - The TLS protocol in the GSKIT component is vulnerable to a plaintext recovery attack. (CVE-2013-0169, PM85211) - The WS-Security run time contains a flaw that could be triggered by a specially crafted SOAP request to execute arbitrary code. (CVE-2013-0482, PM76582) - A flaw exists relating to OAuth that could allow a remote attacker to obtain someone else last seen 2020-06-01 modified 2020-06-02 plugin id 69021 published 2013-07-23 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/69021 title IBM WebSphere Application Server 8.5 < Fix Pack 8.5.5 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(69021); script_version("1.8"); script_cvs_date("Date: 2019/11/27"); script_cve_id( "CVE-2013-0169", "CVE-2013-0482", "CVE-2013-0597", "CVE-2013-1768", "CVE-2013-2967", "CVE-2013-2975", "CVE-2013-2976", "CVE-2013-3024" ); script_bugtraq_id( 57778, 59650, 60534, 60724 ); script_name(english:"IBM WebSphere Application Server 8.5 < Fix Pack 8.5.5 Multiple Vulnerabilities"); script_summary(english:"Reads the version number from the SOAP port"); script_set_attribute(attribute:"synopsis", value: "The remote application server may be affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "IBM WebSphere Application Server 8.5 before Fix Pack 8.5.5 appears to be running on the remote host and is, therefore, potentially affected by the following vulnerabilities : - The TLS protocol in the GSKIT component is vulnerable to a plaintext recovery attack. (CVE-2013-0169, PM85211) - The WS-Security run time contains a flaw that could be triggered by a specially crafted SOAP request to execute arbitrary code. (CVE-2013-0482, PM76582) - A flaw exists relating to OAuth that could allow a remote attacker to obtain someone else's credentials. (CVE-2013-0597, PM85834, PM87131) - A flaw exists relating to OpenJPA that is triggered during deserialization, which could allow a remote attacker to write to the file system and potentially execute arbitrary code. (CVE-2013-1768, PM86780, PM86786, PM86788, PM86791) - An unspecified cross-site scripting vulnerability exists related to the administrative console. (CVE-2013-2967, PM78614) - An unspecified vulnerability exists. (CVE-2013-2975) - An information disclosure vulnerability exists relating to incorrect caching by the administrative console. (CVE-2013-2976, PM79992) - An improper process initialization flaw exists on UNIX platforms that could allow a local attacker to execute arbitrary commands. (CVE-2013-3024, PM86245)"); script_set_attribute(attribute:"see_also", value:"https://www-304.ibm.com/support/docview.wss?&uid=swg21639553"); # https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_potential_security_vulnerabilities_fixed_in_ibm_websphere_application_server_8_5_5?lang=en_us script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?aa3b02e5"); script_set_attribute(attribute:"solution", value: "Apply Fix Pack 8.5.5 for version 8.5 (8.5.5.0) or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-1768"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990); script_set_attribute(attribute:"vuln_publication_date", value:"2013/02/04"); script_set_attribute(attribute:"patch_publication_date", value:"2013/07/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/23"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:websphere_application_server"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Web Servers"); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("websphere_detect.nasl"); script_require_keys("www/WebSphere"); script_require_ports("Services/www", 8880, 8881); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); port = get_http_port(default:8880, embedded:0); version = get_kb_item_or_exit("www/WebSphere/"+port+"/version"); source = get_kb_item_or_exit("www/WebSphere/"+port+"/source"); if (version !~ "^8\.5([^0-9]|$)") exit(0, "The version of the IBM WebSphere Application Server instance listening on port "+port+" is "+version+", not 8.5."); if (version =~ "^[0-9]+(\.[0-9]+)?$") exit(1, "Failed to extract a granular version from the IBM WebSphere Application Server instance listening on port " + port + "."); ver = split(version, sep:'.', keep:FALSE); for (i=0; i<max_index(ver); i++) ver[i] = int(ver[i]); if (ver[0] == 8 && ver[1] == 5 && ver[2] < 5) { set_kb_item(name:'www/'+port+'/XSS', value:TRUE); if (report_verbosity > 0) { report = '\n Version source : ' + source + '\n Installed version : ' + version + '\n Fixed version : 8.5.5' + '\n'; security_hole(port:port, extra:report); } else security_hole(port); exit(0); } else audit(AUDIT_LISTEN_NOT_VULN, "WebSphere", port, version);
NASL family Scientific Linux Local Security Checks NASL id SL_20130304_OPENSSL_ON_SL5_X.NASL description It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2013-0169) A NULL pointer dereference flaw was found in the OCSP response verification in OpenSSL. A malicious OCSP server could use this flaw to crash applications performing OCSP verification by sending a specially- crafted response. (CVE-2013-0166) It was discovered that the TLS/SSL protocol could leak information about plain text when optional compression was used. An attacker able to control part of the plain text sent over an encrypted TLS/SSL connection could possibly use this flaw to recover other portions of the plain text. (CVE-2012-4929) Note: This update disables zlib compression, which was previously enabled in OpenSSL by default. Applications using OpenSSL now need to explicitly enable zlib compression to use it. It was found that OpenSSL read certain environment variables even when used by a privileged (setuid or setgid) application. A local attacker could use this flaw to escalate their privileges. No application shipped with Scientific Linux 5 and 6 was affected by this problem. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. last seen 2020-03-18 modified 2013-03-05 plugin id 65022 published 2013-03-05 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/65022 title Scientific Linux Security Update : openssl on SL5.x, SL6.x i386/x86_64 (20130304) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text is (C) Scientific Linux. # include("compat.inc"); if (description) { script_id(65022); script_version("1.10"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2012-4929", "CVE-2013-0166", "CVE-2013-0169"); script_name(english:"Scientific Linux Security Update : openssl on SL5.x, SL6.x i386/x86_64 (20130304)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Scientific Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2013-0169) A NULL pointer dereference flaw was found in the OCSP response verification in OpenSSL. A malicious OCSP server could use this flaw to crash applications performing OCSP verification by sending a specially- crafted response. (CVE-2013-0166) It was discovered that the TLS/SSL protocol could leak information about plain text when optional compression was used. An attacker able to control part of the plain text sent over an encrypted TLS/SSL connection could possibly use this flaw to recover other portions of the plain text. (CVE-2012-4929) Note: This update disables zlib compression, which was previously enabled in OpenSSL by default. Applications using OpenSSL now need to explicitly enable zlib compression to use it. It was found that OpenSSL read certain environment variables even when used by a privileged (setuid or setgid) application. A local attacker could use this flaw to escalate their privileges. No application shipped with Scientific Linux 5 and 6 was affected by this problem. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted." ); # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1303&L=scientific-linux-errata&T=0&P=1414 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?de223d65" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:openssl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:openssl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:openssl-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:openssl-perl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:openssl-static"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/09/15"); script_set_attribute(attribute:"patch_publication_date", value:"2013/03/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/03/05"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Scientific Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux"); os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 6.x", "Scientific Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu); flag = 0; if (rpm_check(release:"SL5", reference:"openssl-0.9.8e-26.el5_9.1")) flag++; if (rpm_check(release:"SL5", reference:"openssl-debuginfo-0.9.8e-26.el5_9.1")) flag++; if (rpm_check(release:"SL5", reference:"openssl-devel-0.9.8e-26.el5_9.1")) flag++; if (rpm_check(release:"SL5", reference:"openssl-perl-0.9.8e-26.el5_9.1")) flag++; if (rpm_check(release:"SL6", reference:"openssl-1.0.0-27.el6_4.2")) flag++; if (rpm_check(release:"SL6", reference:"openssl-debuginfo-1.0.0-27.el6_4.2")) flag++; if (rpm_check(release:"SL6", reference:"openssl-devel-1.0.0-27.el6_4.2")) flag++; if (rpm_check(release:"SL6", reference:"openssl-perl-1.0.0-27.el6_4.2")) flag++; if (rpm_check(release:"SL6", reference:"openssl-static-1.0.0-27.el6_4.2")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openssl / openssl-debuginfo / openssl-devel / openssl-perl / etc"); }
NASL family Misc. NASL id JUNOS_PULSE_JSA10591.NASL description According to its self-reported version, the version of IVE / UAC OS running on the remote host may be affected by multiple vulnerabilities : - Remote attackers may be able to trigger buffer overflow vulnerabilities on the OpenSSL libraries by sending specially crafted DER data, resulting in memory corruption. (CVE-2012-2131) - A weakness in the OpenSSL library leaves it vulnerable to an attack that could allow a third party to recover (fully or partially) the plaintext from encrypted traffic. (CVE-2013-0169) - A flaw in OCSP signature verification in the OpenSSL library allows remote OCSP servers to cause a denial of service condition with an invalid key. (CVE-2013-0166) last seen 2020-06-01 modified 2020-06-02 plugin id 69987 published 2013-09-19 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/69987 title Junos Pulse Secure IVE / UAC OS Multiple SSL Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(69987); script_version("2.10"); script_cvs_date("Date: 2018/07/12 19:01:15"); script_cve_id("CVE-2012-2131", "CVE-2013-0166", "CVE-2013-0169"); script_bugtraq_id(53212, 57778, 60268); script_name(english:"Junos Pulse Secure IVE / UAC OS Multiple SSL Vulnerabilities"); script_summary(english:"Checks IVE/UAC OS version"); script_set_attribute( attribute:"synopsis", value:"The remote device is missing a vendor-supplied security patch." ); script_set_attribute( attribute:"description", value: "According to its self-reported version, the version of IVE / UAC OS running on the remote host may be affected by multiple vulnerabilities : - Remote attackers may be able to trigger buffer overflow vulnerabilities on the OpenSSL libraries by sending specially crafted DER data, resulting in memory corruption. (CVE-2012-2131) - A weakness in the OpenSSL library leaves it vulnerable to an attack that could allow a third party to recover (fully or partially) the plaintext from encrypted traffic. (CVE-2013-0169) - A flaw in OCSP signature verification in the OpenSSL library allows remote OCSP servers to cause a denial of service condition with an invalid key. (CVE-2013-0166)" ); script_set_attribute(attribute:"see_also", value:"https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10591"); script_set_attribute( attribute:"solution", value: "Upgrade to Juniper IVE/UAC OS version 7.1r15 / 7.2r11 / 7.3r6 / 7.4r3 / 4.1r8.1 / 4.2r5.1 / 4.3r6 / 4.4r3 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/04/24"); script_set_attribute(attribute:"patch_publication_date", value:"2013/09/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/09/19"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/o:juniper:ive_os"); script_set_attribute(attribute:"cpe", value:"cpe:/a:juniper:junos_pulse_access_control_service"); script_set_attribute(attribute:"cpe", value:"cpe:/a:juniper:junos_pulse_secure_access_service"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Misc."); script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/Juniper/IVE OS/Version", "Settings/ParanoidReport"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); version = get_kb_item_or_exit('Host/Juniper/IVE OS/Version'); match = eregmatch(string:version, pattern:"^([\d.]+)[Rr]([0-9.]+)"); if (isnull(match)) exit(1, 'Error parsing version: ' + version); release = match[1]; build = match[2]; # check report paranoia settings in order to avoid false positives, # since a workaround is possible, and only devices with SSL acceleration # cards are vulnerable if (report_paranoia < 2) audit(AUDIT_PARANOID); fix = ''; # IVE-SA if (release == '7.1' && ver_compare(ver:build, fix:'15', strict:FALSE) == -1) fix = '7.1r15'; if (release == '7.2' && ver_compare(ver:build, fix:'11', strict:FALSE) == -1) fix = '7.2r11'; if (release == '7.3' && ver_compare(ver:build, fix:'6', strict:FALSE) == -1) fix = '7.3r6'; if (release == '7.4' && ver_compare(ver:build, fix:'3', strict:FALSE) == -1) fix = '7.4r3'; # IVE-IC (UAC OS) if (release == '4.1' && ver_compare(ver:build, fix:'8.1', strict:FALSE) == -1) fix = '4.1r8.1'; if (release == '4.2' && ver_compare(ver:build, fix:'5.1', strict:FALSE) == -1) fix = '4.2r5.1'; if (release == '4.3' && ver_compare(ver:build, fix:'6', strict:FALSE) == -1) fix = '4.3r6'; if (release == '4.4' && ver_compare(ver:build, fix:'3', strict:FALSE) == -1) fix = '4.4r3'; if (fix != '') { if (report_verbosity > 0) { report = '\n Installed version : ' + version + '\n Fixed version : ' + fix + '\n'; security_hole(port:0, extra:report); } else security_hole(0); } else audit(AUDIT_INST_VER_NOT_VULN, 'IVE/UAC OS', version);
NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2013-0274.NASL description Updated java-1.6.0-openjdk packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. An improper permission check issue was discovered in the JMX component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2013-1486) It was discovered that OpenJDK leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding oracle. (CVE-2013-0169) This erratum also upgrades the OpenJDK package to IcedTea6 1.11.8. Refer to the NEWS file, linked to in the References, for further information. All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 64896 published 2013-02-27 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/64896 title CentOS 5 : java-1.6.0-openjdk (CESA-2013:0274) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2013:0274 and # CentOS Errata and Security Advisory 2013:0274 respectively. # include("compat.inc"); if (description) { script_id(64896); script_version("1.16"); script_cvs_date("Date: 2020/01/06"); script_cve_id("CVE-2013-0169", "CVE-2013-1486"); script_xref(name:"RHSA", value:"2013:0274"); script_name(english:"CentOS 5 : java-1.6.0-openjdk (CESA-2013:0274)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated java-1.6.0-openjdk packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. An improper permission check issue was discovered in the JMX component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2013-1486) It was discovered that OpenJDK leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding oracle. (CVE-2013-0169) This erratum also upgrades the OpenJDK package to IcedTea6 1.11.8. Refer to the NEWS file, linked to in the References, for further information. All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect." ); # https://lists.centos.org/pipermail/centos-announce/2013-February/019255.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?2590176d" ); script_set_attribute( attribute:"solution", value:"Update the affected java-1.6.0-openjdk packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-1486"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-1.6.0-openjdk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-1.6.0-openjdk-demo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-1.6.0-openjdk-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-1.6.0-openjdk-javadoc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-1.6.0-openjdk-src"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:5"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/02/08"); script_set_attribute(attribute:"patch_publication_date", value:"2013/02/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/02/27"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 5.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-5", reference:"java-1.6.0-openjdk-1.6.0.0-1.35.1.11.8.el5_9")) flag++; if (rpm_check(release:"CentOS-5", reference:"java-1.6.0-openjdk-demo-1.6.0.0-1.35.1.11.8.el5_9")) flag++; if (rpm_check(release:"CentOS-5", reference:"java-1.6.0-openjdk-devel-1.6.0.0-1.35.1.11.8.el5_9")) flag++; if (rpm_check(release:"CentOS-5", reference:"java-1.6.0-openjdk-javadoc-1.6.0.0-1.35.1.11.8.el5_9")) flag++; if (rpm_check(release:"CentOS-5", reference:"java-1.6.0-openjdk-src-1.6.0.0-1.35.1.11.8.el5_9")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1.6.0-openjdk / java-1.6.0-openjdk-demo / etc"); }
NASL family Windows NASL id STUNNEL_4_55.NASL description The version of stunnel installed on the remote host is a version after 4.21 and prior to 4.55. It is, therefore, affected by the following vulnerabilities : - The bundled version of OpenSSL contains an error related to CBC-mode and timing that allows an attacker to recover plaintext from encrypted communications. (CVE-2013-0169) - A buffer overflow condition exists related to NTLM authentication. Note this issue does not affect 32-bit builds.(CVE-2013-1762) last seen 2020-06-01 modified 2020-06-02 plugin id 65690 published 2013-03-26 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/65690 title stunnel 4.21 - 4.54 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(65690); script_version("1.18"); script_cvs_date("Date: 2019/11/27"); script_cve_id("CVE-2013-0169", "CVE-2013-1762"); script_bugtraq_id(57778, 58277); script_name(english:"stunnel 4.21 - 4.54 Multiple Vulnerabilities"); script_summary(english:"Checks version of stunnel.exe."); script_set_attribute(attribute:"synopsis", value: "The remote Windows host contains a program that is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of stunnel installed on the remote host is a version after 4.21 and prior to 4.55. It is, therefore, affected by the following vulnerabilities : - The bundled version of OpenSSL contains an error related to CBC-mode and timing that allows an attacker to recover plaintext from encrypted communications. (CVE-2013-0169) - A buffer overflow condition exists related to NTLM authentication. Note this issue does not affect 32-bit builds.(CVE-2013-1762)"); script_set_attribute(attribute:"see_also", value:"https://www.stunnel.org/?page=sdf_ChangeLog"); # http://www.stunnel.org/pipermail/stunnel-announce/2013-March/000072.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0bf4f9d5"); script_set_attribute(attribute:"see_also", value:"https://www.stunnel.org/CVE-2013-1762.html"); script_set_attribute(attribute:"solution", value: "Upgrade to stunnel version 4.55 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-1762"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/02/04"); script_set_attribute(attribute:"patch_publication_date", value:"2013/03/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/03/26"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:stunnel:stunnel"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("stunnel_installed.nasl"); script_require_keys("installed_sw/stunnel"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("install_func.inc"); app = 'stunnel'; install = get_single_install(app_name:app, exit_if_unknown_ver:TRUE); version = install["version"]; path = install["path"]; # Affected 4.21 >= stunnel < 4.55 if (version =~ "^4\.(2[1-9]|[34][0-9]|5[0-4])($|[^0-9])") { port = get_kb_item("SMB/transport"); if (!port) port = 445; report = '\n Path : ' + path + '\n Installed version : ' + version + '\n Fixed version : 4.55\n'; security_report_v4(severity:SECURITY_WARNING, port:port, extra:report); } else audit(AUDIT_INST_PATH_NOT_VULN, app, version, path);
NASL family Solaris Local Security Checks NASL id SOLARIS11_OPENSSL_20130716.NASL description The remote Solaris system is missing necessary patches to address security updates : - OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key. (CVE-2013-0166) - The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the last seen 2020-06-01 modified 2020-06-02 plugin id 80719 published 2015-01-19 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/80719 title Oracle Solaris Third-Party Patch Update : openssl (lucky_thirteen_vulnerability_in_solaris) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the Oracle Third Party software advisories. # include("compat.inc"); if (description) { script_id(80719); script_version("1.2"); script_cvs_date("Date: 2018/11/15 20:50:24"); script_cve_id("CVE-2013-0166", "CVE-2013-0169"); script_name(english:"Oracle Solaris Third-Party Patch Update : openssl (lucky_thirteen_vulnerability_in_solaris)"); script_summary(english:"Check for the 'entire' version."); script_set_attribute( attribute:"synopsis", value: "The remote Solaris system is missing a security patch for third-party software." ); script_set_attribute( attribute:"description", value: "The remote Solaris system is missing necessary patches to address security updates : - OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key. (CVE-2013-0166) - The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the 'Lucky Thirteen' issue. (CVE-2013-0169)" ); # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?4a913f44" ); # https://blogs.oracle.com/sunsecurity/lucky-thirteen-vulnerability-in-solaris-openssl script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?2d8ba7ad" ); script_set_attribute(attribute:"solution", value:"Upgrade to Solaris 11.1.7.5.0."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:11.1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:openssl"); script_set_attribute(attribute:"patch_publication_date", value:"2013/07/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/01/19"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris11/release", "Host/Solaris11/pkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("solaris.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Solaris11/release"); if (isnull(release)) audit(AUDIT_OS_NOT, "Solaris11"); pkg_list = solaris_pkg_list_leaves(); if (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, "Solaris pkg-list packages"); if (empty_or_null(egrep(string:pkg_list, pattern:"^openssl$"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "openssl"); flag = 0; if (solaris_check_release(release:"0.5.11-0.175.1.7.0.5.0", sru:"SRU 11.1.7.5.0") > 0) flag++; if (flag) { error_extra = 'Affected package : openssl\n' + solaris_get_report2(); error_extra = ereg_replace(pattern:"version", replace:"OS version", string:error_extra); if (report_verbosity > 0) security_warning(port:0, extra:error_extra); else security_warning(0); exit(0); } else audit(AUDIT_PACKAGE_NOT_AFFECTED, "openssl");
NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0020_OPENSSL098E.NASL description The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has openssl098e packages installed that are affected by multiple vulnerabilities: - OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition. (CVE-2006-2937) - OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) public exponent or (2) public modulus values in X.509 certificates that require extra time to process when using RSA signature verification. (CVE-2006-2940) - Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers. (CVE-2006-3738) - OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1. (CVE-2006-4339) - The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference. (CVE-2006-4343) - The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and earlier does not properly perform Montgomery multiplication, which might allow local users to conduct a side-channel attack and retrieve RSA private keys. (CVE-2007-3108) - Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f allows remote attackers to execute arbitrary code via unspecified vectors. (CVE-2007-4995) - Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result of a fix for CVE-2006-3738. As of 20071012, it is unknown whether code execution is possible. (CVE-2007-5135) - OpenSSL 0.9.8i and earlier does not properly check the return value from the EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys. (CVE-2008-5077) - The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length. (CVE-2009-0590) - The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service (memory consumption) via a large series of future epoch DTLS records that are buffered in a queue, aka DTLS record buffer limitation bug. (CVE-2009-1377) - Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka DTLS fragment handling memory leak. (CVE-2009-1378) - Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) and possibly have unspecified other impact via a DTLS packet, as demonstrated by a packet from a server that uses a crafted server certificate. (CVE-2009-1379) - ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello. (CVE-2009-1386) - The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of- sequence DTLS handshake message, related to a fragment bug. (CVE-2009-1387) - The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large. (CVE-2009-2409) - OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls in (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, and (4) engines/e_ubsec.c, which has unspecified impact and context-dependent attack vectors. (CVE-2009-3245) - The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post- renegotiation context, related to a plaintext injection attack, aka the Project Mogul issue. (CVE-2009-3555) - Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678. (CVE-2009-4355) - The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot. (CVE-2010-0433) - The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key. (CVE-2012-2110) - The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the- middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a CRIME attack. (CVE-2012-4929) - OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key. (CVE-2013-0166) - The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side- channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the Lucky Thirteen issue. (CVE-2013-0169) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 127177 published 2019-08-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127177 title NewStart CGSL CORE 5.04 / MAIN 5.04 : openssl098e Multiple Vulnerabilities (NS-SA-2019-0020) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from ZTE advisory NS-SA-2019-0020. The text # itself is copyright (C) ZTE, Inc. include("compat.inc"); if (description) { script_id(127177); script_version("1.3"); script_cvs_date("Date: 2019/09/24 11:01:33"); script_cve_id( "CVE-2006-2937", "CVE-2006-2940", "CVE-2006-3738", "CVE-2006-4339", "CVE-2006-4343", "CVE-2007-3108", "CVE-2007-4995", "CVE-2007-5135", "CVE-2008-5077", "CVE-2009-0590", "CVE-2009-1377", "CVE-2009-1378", "CVE-2009-1379", "CVE-2009-1386", "CVE-2009-1387", "CVE-2009-2409", "CVE-2009-3245", "CVE-2009-3555", "CVE-2009-4355", "CVE-2010-0433", "CVE-2012-2110", "CVE-2012-4929", "CVE-2013-0166", "CVE-2013-0169" ); script_name(english:"NewStart CGSL CORE 5.04 / MAIN 5.04 : openssl098e Multiple Vulnerabilities (NS-SA-2019-0020)"); script_set_attribute(attribute:"synopsis", value: "The remote machine is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has openssl098e packages installed that are affected by multiple vulnerabilities: - OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition. (CVE-2006-2937) - OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) public exponent or (2) public modulus values in X.509 certificates that require extra time to process when using RSA signature verification. (CVE-2006-2940) - Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers. (CVE-2006-3738) - OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1. (CVE-2006-4339) - The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference. (CVE-2006-4343) - The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and earlier does not properly perform Montgomery multiplication, which might allow local users to conduct a side-channel attack and retrieve RSA private keys. (CVE-2007-3108) - Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f allows remote attackers to execute arbitrary code via unspecified vectors. (CVE-2007-4995) - Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result of a fix for CVE-2006-3738. As of 20071012, it is unknown whether code execution is possible. (CVE-2007-5135) - OpenSSL 0.9.8i and earlier does not properly check the return value from the EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys. (CVE-2008-5077) - The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length. (CVE-2009-0590) - The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service (memory consumption) via a large series of future epoch DTLS records that are buffered in a queue, aka DTLS record buffer limitation bug. (CVE-2009-1377) - Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka DTLS fragment handling memory leak. (CVE-2009-1378) - Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) and possibly have unspecified other impact via a DTLS packet, as demonstrated by a packet from a server that uses a crafted server certificate. (CVE-2009-1379) - ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello. (CVE-2009-1386) - The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of- sequence DTLS handshake message, related to a fragment bug. (CVE-2009-1387) - The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large. (CVE-2009-2409) - OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls in (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, and (4) engines/e_ubsec.c, which has unspecified impact and context-dependent attack vectors. (CVE-2009-3245) - The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post- renegotiation context, related to a plaintext injection attack, aka the Project Mogul issue. (CVE-2009-3555) - Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678. (CVE-2009-4355) - The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot. (CVE-2010-0433) - The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key. (CVE-2012-2110) - The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the- middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a CRIME attack. (CVE-2012-4929) - OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key. (CVE-2013-0166) - The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side- channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the Lucky Thirteen issue. (CVE-2013-0169) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"http://security.gd-linux.com/notice/NS-SA-2019-0020"); script_set_attribute(attribute:"solution", value: "Upgrade the vulnerable CGSL openssl098e packages. Note that updated packages may not be available yet. Please contact ZTE for more information."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2009-3245"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_cwe_id(20, 119, 189, 310, 399); script_set_attribute(attribute:"vuln_publication_date", value:"2006/09/05"); script_set_attribute(attribute:"patch_publication_date", value:"2019/07/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/12"); script_set_attribute(attribute:"plugin_type", value:"local"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"NewStart CGSL Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/ZTE-CGSL/release", "Host/ZTE-CGSL/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/ZTE-CGSL/release"); if (isnull(release) || release !~ "^CGSL (MAIN|CORE)") audit(AUDIT_OS_NOT, "NewStart Carrier Grade Server Linux"); if (release !~ "CGSL CORE 5.04" && release !~ "CGSL MAIN 5.04") audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04'); if (!get_kb_item("Host/ZTE-CGSL/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "NewStart Carrier Grade Server Linux", cpu); flag = 0; pkgs = { "CGSL CORE 5.04": [ "openssl098e-0.9.8e-29.el7.centos.3", "openssl098e-debuginfo-0.9.8e-29.el7.centos.3" ], "CGSL MAIN 5.04": [ "openssl098e-0.9.8e-29.el7.centos.3", "openssl098e-debuginfo-0.9.8e-29.el7.centos.3" ] }; pkg_list = pkgs[release]; foreach (pkg in pkg_list) if (rpm_check(release:"ZTE " + release, reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openssl098e"); }
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2013-0833.NASL description The version of JBoss Enterprise Application Platform 6.0.1 running on the remote system is vulnerable to the following issues: - A man-in-the-middle attack is possible when applications running on JBoss Web use the COOKIE session tracking method. The flaw is in the org.apache.catalina.connector.Response.encodeURL() method. By making use of this, an attacker could obtain a user last seen 2020-06-01 modified 2020-06-02 plugin id 66971 published 2013-06-24 reporter This script is Copyright (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/66971 title JBoss Enterprise Application Platform 6.1.0 Update (RHSA-2013:0833) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(66971); script_version("1.16"); script_cvs_date("Date: 2019/10/24 15:35:37"); script_cve_id( "CVE-2012-4529", "CVE-2012-4572", "CVE-2012-5575", "CVE-2013-0166", "CVE-2013-0169", "CVE-2013-0218", "CVE-2013-2067" ); script_bugtraq_id(57652, 57778, 59799, 60040, 60043, 60045, 60268); script_xref(name:"RHSA", value:"2013:0833"); script_name(english:"JBoss Enterprise Application Platform 6.1.0 Update (RHSA-2013:0833)"); script_summary(english:"Checks for the installed versions of JBoss Enterprise Application Platform"); script_set_attribute(attribute:"synopsis", value:"The remote Red Hat host is missing a security update."); script_set_attribute(attribute:"description", value: "The version of JBoss Enterprise Application Platform 6.0.1 running on the remote system is vulnerable to the following issues: - A man-in-the-middle attack is possible when applications running on JBoss Web use the COOKIE session tracking method. The flaw is in the org.apache.catalina.connector.Response.encodeURL() method. By making use of this, an attacker could obtain a user's jsessionid and hijack their session. (CVE-2012-4529) - If multiple applications used the same custom authorization module class name, a local attacker could deploy a malicious application authorization module that would permit or deny user access. (CVE-2012-4572) - XML encryption backwards compatibility attacks could allow an attacker to force a server to use insecure legacy cryptosystems. (CVE-2012-5575) - A NULL pointer dereference flaw could allow a malicious OCSP to crash applications performing OCSP verification. (CVE-2013-0166) - An OpenSSL leaks timing information issue exists that could allow a remote attacker to retrieve plaintext from the encrypted packets. (CVE-2013-0169) - The JBoss Enterprise Application Platform administrator password and the sucker password are stored in a world- readable, auto-install XML file created by the GUI installer. (CVE-2013-0218) - Tomcat incorrectly handles certain authentication requests. A remote attacker could use this flaw to inject a request that would get executed with a victim's credentials. (CVE-2013-2067)"); script_set_attribute(attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2012-4529.html"); script_set_attribute(attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2012-4572.html"); script_set_attribute(attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2012-5575.html"); script_set_attribute(attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2013-0166.html"); script_set_attribute(attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2013-0169.html"); script_set_attribute(attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2013-0218.html"); script_set_attribute(attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2013-2067.html"); # https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform&downloadType=distributions script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c7770d98"); script_set_attribute(attribute:"solution", value: "Upgrade the installed JBoss Enterprise Application Platform 6.0.1 to 6.1.0 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/10/10"); script_set_attribute(attribute:"patch_publication_date", value:"2013/05/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/06/24"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:jboss_enterprise_application_platform:6.0.1"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Red Hat Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2013-2019 Tenable Network Security, Inc."); script_dependencies("ssh_get_info.nasl", "jboss_detect.nbin"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); # We are only interested in Red Hat systems if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); info = ""; jboss = 0; installs = get_kb_list_or_exit("Host/JBoss/EAP"); if(!isnull(installs)) jboss = 1; foreach install (make_list(installs)) { match = eregmatch(string:install, pattern:"([^:]+):(.*)"); if (!isnull(match)) { ver = match[1]; path = match[2]; if (ver =~ "^6.0.1([^0-9]|$)") { info += '\n' + ' Path : ' + path+ '\n'; info += ' Version : ' + ver + '\n'; } } } # Report what we found. if (info) { if (report_verbosity > 0) { if (max_index(split(info)) > 3) s = 's of the JBoss Enterprise Application Platform are'; else s = ' of the JBoss Enterprise Application Platform is'; report = '\n' + 'The following instance'+s+' out of date and\nshould be upgraded to 6.1.0 or later :\n' + info; security_hole(port:0, extra:report); } else security_hole(port:0); } else if ( (!info) && (jboss) ) { exit(0, "The JBoss Enterprise Application Platform version installed is not affected."); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2013-162.NASL description Multiple improper permission check issues were discovered in the JMX and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2013-1486 , CVE-2013-1484) An improper permission check issue was discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2013-1485) It was discovered that OpenJDK leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding oracle. (CVE-2013-0169) last seen 2020-06-01 modified 2020-06-02 plugin id 69721 published 2013-09-04 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/69721 title Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2013-162) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Amazon Linux AMI Security Advisory ALAS-2013-162. # include("compat.inc"); if (description) { script_id(69721); script_version("1.8"); script_cvs_date("Date: 2018/04/18 15:09:34"); script_cve_id("CVE-2013-0169", "CVE-2013-1485", "CVE-2013-1486"); script_xref(name:"ALAS", value:"2013-162"); script_xref(name:"RHSA", value:"2013:0275"); script_name(english:"Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2013-162)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Amazon Linux AMI host is missing a security update." ); script_set_attribute( attribute:"description", value: "Multiple improper permission check issues were discovered in the JMX and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2013-1486 , CVE-2013-1484) An improper permission check issue was discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2013-1485) It was discovered that OpenJDK leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding oracle. (CVE-2013-0169)" ); script_set_attribute( attribute:"see_also", value:"https://alas.aws.amazon.com/ALAS-2013-162.html" ); script_set_attribute( attribute:"solution", value:"Run 'yum update java-1.7.0-openjdk' to update your system." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:java-1.7.0-openjdk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:java-1.7.0-openjdk-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:java-1.7.0-openjdk-demo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:java-1.7.0-openjdk-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:java-1.7.0-openjdk-javadoc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:java-1.7.0-openjdk-src"); script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2013/03/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/09/04"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc."); script_family(english:"Amazon Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/AmazonLinux/release"); if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux"); os_ver = pregmatch(pattern: "^AL(A|\d)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux"); os_ver = os_ver[1]; if (os_ver != "A") { if (os_ver == 'A') os_ver = 'AMI'; audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver); } if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (rpm_check(release:"ALA", reference:"java-1.7.0-openjdk-1.7.0.9-2.3.7.1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.7.1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"java-1.7.0-openjdk-demo-1.7.0.9-2.3.7.1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"java-1.7.0-openjdk-devel-1.7.0.9-2.3.7.1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.7.1.20.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"java-1.7.0-openjdk-src-1.7.0.9-2.3.7.1.20.amzn1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1.7.0-openjdk / java-1.7.0-openjdk-debuginfo / etc"); }
NASL family Misc. NASL id ORACLE_JAVA_CPU_FEB_2013_1_UNIX.NASL description The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is earlier than 7 Update 15, 6 Update 41, 5 Update 40 or 1.4.2 Update 42. It is, therefore, potentially affected by security issues in the following components : - Deployment - JMX - JSSE - Libraries last seen 2020-06-01 modified 2020-06-02 plugin id 64851 published 2013-02-22 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/64851 title Oracle Java SE Multiple Vulnerabilities (February 2013 CPU Update 1) (Unix) code # # (C) Tenable Network Security, Inc. # include('compat.inc'); if (description) { script_id(64851); script_version("1.14"); script_cvs_date("Date: 2018/11/15 20:50:23"); script_cve_id( "CVE-2013-0169", "CVE-2013-1484", "CVE-2013-1485", "CVE-2013-1486", "CVE-2013-1487" ); script_bugtraq_id(57778, 58027, 58028, 58029, 58031); script_name(english:"Oracle Java SE Multiple Vulnerabilities (February 2013 CPU Update 1) (Unix)"); script_summary(english:"Checks version of the JRE"); script_set_attribute(attribute:"synopsis", value: "The remote Unix host contains a programming platform that is potentially affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is earlier than 7 Update 15, 6 Update 41, 5 Update 40 or 1.4.2 Update 42. It is, therefore, potentially affected by security issues in the following components : - Deployment - JMX - JSSE - Libraries"); script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-13-041/"); script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-13-042/"); # https://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?31376144"); script_set_attribute(attribute:"see_also", value:"http://www.isg.rhul.ac.uk/tls/"); script_set_attribute(attribute:"see_also", value:"http://www.oracle.com/technetwork/java/eol-135779.html"); script_set_attribute(attribute:"solution", value: "Update to JDK / JRE 7 Update 15, 6 Update 41, 5 Update 40, 1.4.2 Update 42 or later and, if necessary, remove any affected versions. Note that an Extended Support contract with Oracle is needed to obtain JDK / JRE 5 Update 40 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/02/19"); script_set_attribute(attribute:"patch_publication_date", value:"2013/02/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/02/22"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:jre"); script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:jdk"); script_set_attribute(attribute:"agent", value:"unix"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Misc."); script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc."); script_dependencies("sun_java_jre_installed_unix.nasl"); script_require_keys("Host/Java/JRE/Installed"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); # Check each installed JRE. installs = get_kb_list_or_exit("Host/Java/JRE/Unmanaged/*"); info = ""; vuln = 0; vuln2 = 0; installed_versions = ""; granular = ""; foreach install (list_uniq(keys(installs))) { ver = install - "Host/Java/JRE/Unmanaged/"; if (ver !~ "^[0-9.]+") continue; installed_versions = installed_versions + " & " + ver; if ( ver =~ '^1\\.4\\.([01]_|2_([0-9]|[0-3][0-9]|4[01]))([^0-9]|$)' || ver =~ '^1\\.5\\.0_([0-9]|[0-2][0-9]|3[0-9])([^0-9]|$)' || ver =~ '^1\\.6\\.0_([0-9]|[0-2][0-9]|3[0-9])([^0-9]|$)' || ver =~ '^1\\.7\\.0_(0[0-9]|1[0-3])([^0-9]|$)' ) { dirs = make_list(get_kb_list(install)); vuln += max_index(dirs); foreach dir (dirs) info += '\n Path : ' + dir; info += '\n Installed version : ' + ver; info += '\n Fixed version : 1.4.2_42 / 1.5.0_40 / 1.6.0_41 / 1.7.0_15\n'; } else if (ver =~ "^[\d\.]+$") { dirs = make_list(get_kb_list(install)); foreach dir (dirs) granular += "The Oracle Java version "+ver+" at "+dir+" is not granular enough to make a determination."+'\n'; } else { dirs = make_list(get_kb_list(install)); vuln2 += max_index(dirs); } } # Report if any were found to be vulnerable. if (info) { if (report_verbosity > 0) { if (vuln > 1) s = "s of Java are"; else s = " of Java is"; report = '\n' + 'The following vulnerable instance'+s+' installed on the\n' + 'remote host :\n' + info; security_hole(port:0, extra:report); } else security_hole(0); if (granular) exit(0, granular); } else { if (granular) exit(0, granular); installed_versions = substr(installed_versions, 3); if (vuln2 > 1) exit(0, "The Java "+installed_versions+" installs on the remote host are not affected."); else exit(0, "The Java "+installed_versions+" install on the remote host is not affected."); }
NASL family SuSE Local Security Checks NASL id SUSE_11_LIBOPENSSL-DEVEL-130325.NASL description OpenSSL has been updated to fix several security issues : - Avoid the openssl CRIME attack by disabling SSL compression by default. Setting the environment variable last seen 2020-06-05 modified 2013-03-28 plugin id 65718 published 2013-03-28 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/65718 title SuSE 11.2 Security Update : OpenSSL (SAT Patch Number 7548) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SuSE 11 update information. The text itself is # copyright (C) Novell, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(65718); script_version("1.8"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2012-4929", "CVE-2013-0166", "CVE-2013-0169"); script_name(english:"SuSE 11.2 Security Update : OpenSSL (SAT Patch Number 7548)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 11 host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "OpenSSL has been updated to fix several security issues : - Avoid the openssl CRIME attack by disabling SSL compression by default. Setting the environment variable 'OPENSSL_NO_DEFAULT_ZLIB' to 'no' enables compression again. (CVE-2012-4929) - Timing attacks against TLS could be used by physically local attackers to gain access to transmitted plain text or private keymaterial. This issue is also known as the 'Lucky-13' issue. (CVE-2013-0169) - A OCSP invalid key denial of service issue was fixed. (CVE-2013-0166)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=779952" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=802648" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=802746" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-4929.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-0166.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-0169.html" ); script_set_attribute(attribute:"solution", value:"Apply SAT patch number 7548."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libopenssl0_9_8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libopenssl0_9_8-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libopenssl0_9_8-hmac"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libopenssl0_9_8-hmac-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:openssl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:openssl-doc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"patch_publication_date", value:"2013/03/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/03/28"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11"); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu); pl = get_kb_item("Host/SuSE/patchlevel"); if (isnull(pl) || int(pl) != 2) audit(AUDIT_OS_NOT, "SuSE 11.2"); flag = 0; if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"libopenssl0_9_8-0.9.8j-0.50.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"openssl-0.9.8j-0.50.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"libopenssl0_9_8-0.9.8j-0.50.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"libopenssl0_9_8-32bit-0.9.8j-0.50.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"openssl-0.9.8j-0.50.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"libopenssl0_9_8-0.9.8j-0.50.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"libopenssl0_9_8-hmac-0.9.8j-0.50.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"openssl-0.9.8j-0.50.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"openssl-doc-0.9.8j-0.50.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"libopenssl0_9_8-32bit-0.9.8j-0.50.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"libopenssl0_9_8-hmac-32bit-0.9.8j-0.50.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"libopenssl0_9_8-32bit-0.9.8j-0.50.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"libopenssl0_9_8-hmac-32bit-0.9.8j-0.50.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2013-0531.NASL description Updated java-1.6.0-sun packages that fix three security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes three vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2013-0169, CVE-2013-1486, CVE-2013-1487) All users of java-1.6.0-sun are advised to upgrade to these updated packages, which provide Oracle Java 6 Update 41. All running instances of Oracle Java must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 64774 published 2013-02-21 reporter This script is Copyright (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/64774 title RHEL 5 / 6 : java-1.6.0-sun (RHSA-2013:0531) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2013:0531. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(64774); script_version("1.22"); script_cvs_date("Date: 2019/10/24 15:35:36"); script_cve_id("CVE-2013-0169", "CVE-2013-1486", "CVE-2013-1487"); script_xref(name:"RHSA", value:"2013:0531"); script_name(english:"RHEL 5 / 6 : java-1.6.0-sun (RHSA-2013:0531)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated java-1.6.0-sun packages that fix three security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes three vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2013-0169, CVE-2013-1486, CVE-2013-1487) All users of java-1.6.0-sun are advised to upgrade to these updated packages, which provide Oracle Java 6 Update 41. All running instances of Oracle Java must be restarted for the update to take effect." ); script_set_attribute( attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2013-0169.html" ); script_set_attribute( attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2013-1486.html" ); script_set_attribute( attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2013-1487.html" ); script_set_attribute( attribute:"see_also", value:"http://www.oracle.com/technetwork/topics/security/" ); script_set_attribute( attribute:"see_also", value:"http://rhn.redhat.com/errata/RHSA-2013-0531.html" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-demo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-jdbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-plugin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-src"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6.3"); script_set_attribute(attribute:"patch_publication_date", value:"2013/02/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/02/21"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 Tenable Network Security, Inc."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = eregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! ereg(pattern:"^(5|6)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x / 6.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); flag = 0; if (rpm_check(release:"RHEL5", cpu:"i586", reference:"java-1.6.0-sun-1.6.0.41-1jpp.1.el5_9")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.6.0-sun-1.6.0.41-1jpp.1.el5_9")) flag++; if (rpm_check(release:"RHEL5", cpu:"i586", reference:"java-1.6.0-sun-demo-1.6.0.41-1jpp.1.el5_9")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.6.0-sun-demo-1.6.0.41-1jpp.1.el5_9")) flag++; if (rpm_check(release:"RHEL5", cpu:"i586", reference:"java-1.6.0-sun-devel-1.6.0.41-1jpp.1.el5_9")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.6.0-sun-devel-1.6.0.41-1jpp.1.el5_9")) flag++; if (rpm_check(release:"RHEL5", cpu:"i586", reference:"java-1.6.0-sun-jdbc-1.6.0.41-1jpp.1.el5_9")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.6.0-sun-jdbc-1.6.0.41-1jpp.1.el5_9")) flag++; if (rpm_check(release:"RHEL5", cpu:"i586", reference:"java-1.6.0-sun-plugin-1.6.0.41-1jpp.1.el5_9")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.6.0-sun-plugin-1.6.0.41-1jpp.1.el5_9")) flag++; if (rpm_check(release:"RHEL5", cpu:"i586", reference:"java-1.6.0-sun-src-1.6.0.41-1jpp.1.el5_9")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.6.0-sun-src-1.6.0.41-1jpp.1.el5_9")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.6.0-sun-1.6.0.41-1jpp.1.el6_3")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.6.0-sun-1.6.0.41-1jpp.1.el6_3")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.6.0-sun-demo-1.6.0.41-1jpp.1.el6_3")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.6.0-sun-demo-1.6.0.41-1jpp.1.el6_3")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.6.0-sun-devel-1.6.0.41-1jpp.1.el6_3")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.6.0-sun-devel-1.6.0.41-1jpp.1.el6_3")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.6.0-sun-jdbc-1.6.0.41-1jpp.1.el6_3")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.6.0-sun-jdbc-1.6.0.41-1jpp.1.el6_3")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.6.0-sun-plugin-1.6.0.41-1jpp.1.el6_3")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.6.0-sun-plugin-1.6.0.41-1jpp.1.el6_3")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.6.0-sun-src-1.6.0.41-1jpp.1.el6_3")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.6.0-sun-src-1.6.0.41-1jpp.1.el6_3")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1.6.0-sun / java-1.6.0-sun-demo / java-1.6.0-sun-devel / etc"); }
NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2013-052.NASL description Multiple vulnerabilities has been found and corrected in openssl : OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key (CVE-2013-0166). The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the Lucky Thirteen issue (CVE-2013-0169). The updated packages have been upgraded to the 1.0.0k version which is not vulnerable to these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 66066 published 2013-04-20 reporter This script is Copyright (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/66066 title Mandriva Linux Security Advisory : openssl (MDVSA-2013:052) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandriva Linux Security Advisory MDVSA-2013:052. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(66066); script_version("1.16"); script_cvs_date("Date: 2019/08/02 13:32:55"); script_cve_id("CVE-2013-0166", "CVE-2013-0169"); script_bugtraq_id(57778, 60268); script_xref(name:"MDVSA", value:"2013:052"); script_name(english:"Mandriva Linux Security Advisory : openssl (MDVSA-2013:052)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandriva Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Multiple vulnerabilities has been found and corrected in openssl : OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key (CVE-2013-0166). The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the Lucky Thirteen issue (CVE-2013-0169). The updated packages have been upgraded to the 1.0.0k version which is not vulnerable to these issues." ); script_set_attribute( attribute:"see_also", value:"https://www.openssl.org/news/secadv/20130204.txt" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64openssl-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64openssl-engines1.0.0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64openssl-static-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64openssl1.0.0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:openssl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:1"); script_set_attribute(attribute:"patch_publication_date", value:"2013/04/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/04/20"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64openssl-devel-1.0.0k-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64openssl-engines1.0.0-1.0.0k-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64openssl-static-devel-1.0.0k-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64openssl1.0.0-1.0.0k-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"openssl-1.0.0k-1.mbs1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Misc. NASL id IPSWITCH_IMAIL_12_3.NASL description The remote host appears to be running Ipswitch IMail Server 11.x or 12.x older than version 12.3 and is, therefore, affected by an information disclosure vulnerability due to the included OpenSSL version. An error exists related to the SSL/TLS/DTLS protocols, CBC mode encryption and response time. An attacker could obtain plaintext contents of encrypted traffic via timing attacks. last seen 2020-06-01 modified 2020-06-02 plugin id 76489 published 2014-07-14 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/76489 title Ipswitch IMail Server 11.x / 12.x < 12.3 Information Disclosure code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(76489); script_version("1.6"); script_cvs_date("Date: 2018/11/15 20:50:23"); script_cve_id("CVE-2013-0169"); script_bugtraq_id(57778); script_xref(name:"CERT", value:" 737740"); script_name(english:"Ipswitch IMail Server 11.x / 12.x < 12.3 Information Disclosure"); script_summary(english:"Checks versions of Ipswitch IMail services"); script_set_attribute(attribute:"synopsis", value: "The remote mail server is affected by an information disclosure vulnerability."); script_set_attribute(attribute:"description", value: "The remote host appears to be running Ipswitch IMail Server 11.x or 12.x older than version 12.3 and is, therefore, affected by an information disclosure vulnerability due to the included OpenSSL version. An error exists related to the SSL/TLS/DTLS protocols, CBC mode encryption and response time. An attacker could obtain plaintext contents of encrypted traffic via timing attacks."); # https://docs.ipswitch.com/_Messaging/IMailServer/v12.3/ReleaseNotes/index.htm script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?9b35fe05"); script_set_attribute(attribute:"see_also", value:"https://www.imailserver.com/imail-software-upgrades"); script_set_attribute(attribute:"see_also", value:"https://www.openssl.org/news/secadv/20130205.txt"); script_set_attribute(attribute:"solution", value:"Upgrade to Ipswitch IMail Server version 12.3 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/02/04"); script_set_attribute(attribute:"patch_publication_date", value:"2013/04/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/07/14"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:ipswitch:imail"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Misc."); script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc."); script_dependencies("smtpserver_detect.nasl", "popserver_detect.nasl","imap4_banner.nasl"); script_require_ports("Services/smtp", 25, "Services/pop3", 110, "Services/imap", 143); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); include("imap_func.inc"); include("pop3_func.inc"); include("smtp_func.inc"); ver = NULL; service = NULL; source = NULL; # - SMTP. ports = get_kb_list("Services/smtp"); if (isnull(ports)) ports = make_list(25); foreach port (ports) { if (get_port_state(port) && !get_kb_item('SMTP/'+port+'/broken')) { banner = get_smtp_banner(port:port); # At least keep trying to find a banner if (isnull(banner) || strlen(banner) == 0) continue; if (" (IMail " >< banner) { pat = "^[0-9][0-9][0-9] .+ \(IMail ([0-9.]+) [0-9]+-[0-9]+\) NT-ESMTP Server"; matches = egrep(pattern:pat, string:banner); if (matches) { foreach match (split(matches, keep:FALSE)) { item = eregmatch(pattern:pat, string:match); if (!isnull(item)) { ver = item[1]; service = "SMTP"; source = match; break; } } } if (isnull(ver) && !thorough_tests) audit(AUDIT_SERVICE_VER_FAIL, "IMail SMTP", port); } else if (!thorough_tests) audit(AUDIT_NOT_LISTEN, "IMail SMTP", port); } } # - IMAP. if (isnull(ver)) { ports = get_kb_list("Services/imap"); if (isnull(ports)) ports = make_list(143); foreach port (ports) { if (get_port_state(port)) { banner = get_imap_banner(port:port); # At least keep trying to find a banner if (isnull(banner) || strlen(banner) == 0) continue; if (" (IMail " >< banner) { pat = "IMAP4 Server[^(]+\(IMail ([0-9.]+) *([0-9]+-[0-9]+)?\)"; matches = egrep(pattern:pat, string:banner); if (matches) { foreach match (split(matches, keep:FALSE)) { item = eregmatch(pattern:pat, string:match); if (!isnull(item)) { ver = item[1]; service = "IMAP"; source = match; break; } } } if (isnull(ver) && !thorough_tests) audit(AUDIT_SERVICE_VER_FAIL, "IMail IMAP", port); } else if (!thorough_tests) audit(AUDIT_NOT_LISTEN, "IMail IMAP", port); } } } # - POP3 if (isnull(ver)) { ports = get_kb_list("Services/pop3"); if (isnull(ports)) ports = make_list(110); foreach port (ports) { if (get_port_state(port)) { banner = get_pop3_banner(port:port); # At least keep trying to find a banner if (isnull(banner) || strlen(banner) == 0) continue; if (" (IMail " >< banner) { pat = "NT-POP3 Server .+ \(IMail ([0-9.]+) [0-9]+-[0-9]+\)"; matches = egrep(pattern:pat, string:banner); if (matches) { foreach match (split(matches, keep:FALSE)) { item = eregmatch(pattern:pat, string:match); if (!isnull(item)) { ver = item[1]; service = "POP3"; source = match; break; } } } if (isnull(ver) && !thorough_tests) audit(AUDIT_SERVICE_VER_FAIL, "IMail POP3", port); } else if (!thorough_tests) audit(AUDIT_NOT_LISTEN, "IMail POP3", port); } } } if (isnull(ver)) audit(AUDIT_SERVICE_VER_FAIL, "Ipswitch IMail Server", port); # There's a problem if the version is < 12.3 if ( ver =~ "^(11|12)\." && ver_compare(ver:ver, fix:'12.3', strict:FALSE) < 0 ) { if (report_verbosity > 0) { report = '\n Service : ' + service + '\n Version source : ' + source + '\n Installed version : ' + ver + '\n Fixed version : 12.3' + '\n'; security_note(port:port,extra:report); } else security_note(port); exit(0); } else audit(AUDIT_LISTEN_NOT_VULN, "Ipswitch IMail Server", port, ver);
NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2013-163.NASL description An improper permission check issue was discovered in the JMX component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2013-1486) It was discovered that OpenJDK leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding oracle. (CVE-2013-0169) last seen 2020-06-01 modified 2020-06-02 plugin id 69722 published 2013-09-04 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/69722 title Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2013-163) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Amazon Linux AMI Security Advisory ALAS-2013-163. # include("compat.inc"); if (description) { script_id(69722); script_version("1.8"); script_cvs_date("Date: 2018/04/18 15:09:34"); script_cve_id("CVE-2013-0169", "CVE-2013-1486"); script_xref(name:"ALAS", value:"2013-163"); script_xref(name:"RHSA", value:"2013:0273"); script_name(english:"Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2013-163)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Amazon Linux AMI host is missing a security update." ); script_set_attribute( attribute:"description", value: "An improper permission check issue was discovered in the JMX component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2013-1486) It was discovered that OpenJDK leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding oracle. (CVE-2013-0169)" ); script_set_attribute( attribute:"see_also", value:"https://alas.aws.amazon.com/ALAS-2013-163.html" ); script_set_attribute( attribute:"solution", value:"Run 'yum update java-1.6.0-openjdk' to update your system." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:java-1.6.0-openjdk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:java-1.6.0-openjdk-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:java-1.6.0-openjdk-demo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:java-1.6.0-openjdk-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:java-1.6.0-openjdk-javadoc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:java-1.6.0-openjdk-src"); script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2013/03/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/09/04"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc."); script_family(english:"Amazon Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/AmazonLinux/release"); if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux"); os_ver = pregmatch(pattern: "^AL(A|\d)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux"); os_ver = os_ver[1]; if (os_ver != "A") { if (os_ver == 'A') os_ver = 'AMI'; audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver); } if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (rpm_check(release:"ALA", reference:"java-1.6.0-openjdk-1.6.0.0-56.1.11.8.51.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"java-1.6.0-openjdk-debuginfo-1.6.0.0-56.1.11.8.51.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"java-1.6.0-openjdk-demo-1.6.0.0-56.1.11.8.51.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"java-1.6.0-openjdk-devel-1.6.0.0-56.1.11.8.51.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"java-1.6.0-openjdk-javadoc-1.6.0.0-56.1.11.8.51.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"java-1.6.0-openjdk-src-1.6.0.0-56.1.11.8.51.amzn1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1.6.0-openjdk / java-1.6.0-openjdk-debuginfo / etc"); }
NASL family CGI abuses NASL id SPLUNK_503.NASL description According to its version number, the Splunk Web hosted on the remote web server is affected by multiple vulnerabilities : - The application is affected by an unspecified cross-site scripting vulnerability. An attacker can exploit this issue to inject arbitrary HTML and script code into a user last seen 2020-06-01 modified 2020-06-02 plugin id 66835 published 2013-06-06 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/66835 title Splunk 5.0.x < 5.0.3 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(66835); script_version("1.15"); script_cvs_date("Date: 2019/11/27"); script_cve_id("CVE-2012-6447", "CVE-2013-0166", "CVE-2013-0169"); script_bugtraq_id(57778, 60226, 60268); script_name(english:"Splunk 5.0.x < 5.0.3 Multiple Vulnerabilities"); script_summary(english:"Checks the version of Splunk."); script_set_attribute(attribute:"synopsis", value: "The remote web server contains an application that is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "According to its version number, the Splunk Web hosted on the remote web server is affected by multiple vulnerabilities : - The application is affected by an unspecified cross-site scripting vulnerability. An attacker can exploit this issue to inject arbitrary HTML and script code into a user's browser to be executed within the security context of the affected site. (CVE-2012-6447) - The version of OpenSSL included with Splunk 5.x is affected by multiple vulnerabilities including a denial of service and a plaintext recovery attack. (CVE-2013-0166, CVE-2013-0169) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"https://www.splunk.com/view/SP-CAAAHXG"); script_set_attribute(attribute:"see_also", value:"http://docs.splunk.com/Special:SpecialLatestDoc?t=Documentation/Splunk/latest/ReleaseNotes/5.0.3"); script_set_attribute(attribute:"solution", value: "Upgrade to Splunk 5.0.3 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-6447"); script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990); script_set_attribute(attribute:"vuln_publication_date", value:"2013/05/28"); script_set_attribute(attribute:"patch_publication_date", value:"2013/05/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/06/06"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:splunk:splunk"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CGI abuses"); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("splunkd_detect.nasl", "splunk_web_detect.nasl"); script_require_keys("installed_sw/Splunk"); script_require_ports("Services/www", 8089, 8000); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); include("install_func.inc"); app = "Splunk"; get_install_count(app_name:app, exit_if_zero:TRUE); port = get_http_port(default:8000, embedded:TRUE); install = get_single_install( app_name : app, port : port, exit_if_unknown_ver : TRUE ); dir = install['path']; ver = install['version']; install_url = build_url(qs:dir, port:port); if (ver =~ "^5\.0\." && ver_compare(ver:ver,fix:"5.0.3",strict:FALSE) < 0) { set_kb_item(name:"www/"+port+"/XSS", value:TRUE); if (report_verbosity > 0) { report = '\n URL : ' +install_url+ '\n Installed version : ' +ver+ '\n Fixed version : 5.0.3\n'; security_warning(port:port, extra:report); } else security_warning(port); } else audit(AUDIT_WEB_APP_NOT_AFFECTED, app, install_url, ver);
NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2013-004.NASL description The remote host is running a version of Mac OS X 10.6 or 10.7 that does not have Security Update 2013-004 applied. This update contains several security-related fixes for the following component : - Apache - Bind - Certificate Trust Policy - ClamAV - Installer - IPSec - Mobile Device Management - OpenSSL - PHP - PostgreSQL - QuickTime - sudo Note that successful exploitation of the most serious issues could result in arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 69878 published 2013-09-13 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/69878 title Mac OS X Multiple Vulnerabilities (Security Update 2013-004) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(69878); script_version("1.18"); script_cvs_date("Date: 2018/07/14 1:59:36"); script_cve_id( "CVE-2012-0883", "CVE-2012-2686", "CVE-2012-2687", "CVE-2012-3499", "CVE-2012-3817", "CVE-2012-4244", "CVE-2012-4558", "CVE-2012-5166", "CVE-2012-5688", "CVE-2013-0166", "CVE-2013-0169", "CVE-2013-1027", "CVE-2013-1028", "CVE-2013-1030", "CVE-2013-1032", "CVE-2013-1635", "CVE-2013-1643", "CVE-2013-1775", "CVE-2013-1824", "CVE-2013-1899", "CVE-2013-1900", "CVE-2013-1901", "CVE-2013-1902", "CVE-2013-1903", "CVE-2013-2020", "CVE-2013-2021", "CVE-2013-2110", "CVE-2013-2266" ); script_bugtraq_id( 53046, 54658, 55131, 55522, 55852, 56817, 57755, 57778, 58165, 58203, 58224, 58736, 58766, 58876, 58877, 58878, 58879, 58882, 59434, 60118, 60268, 60411, 62370, 62371, 62373, 62375, 62377 ); script_xref(name:"APPLE-SA", value:"APPLE-SA-2013-09-12-1"); script_name(english:"Mac OS X Multiple Vulnerabilities (Security Update 2013-004)"); script_summary(english:"Check for the presence of Security Update 2013-004"); script_set_attribute( attribute:"synopsis", value: "The remote host is missing a Mac OS X update that fixes several security issues." ); script_set_attribute( attribute:"description", value: "The remote host is running a version of Mac OS X 10.6 or 10.7 that does not have Security Update 2013-004 applied. This update contains several security-related fixes for the following component : - Apache - Bind - Certificate Trust Policy - ClamAV - Installer - IPSec - Mobile Device Management - OpenSSL - PHP - PostgreSQL - QuickTime - sudo Note that successful exploitation of the most serious issues could result in arbitrary code execution." ); script_set_attribute(attribute:"see_also", value:"http://support.apple.com/kb/HT5880"); script_set_attribute(attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html"); script_set_attribute(attribute:"see_also", value:"http://www.securityfocus.com/archive/1/528594/30/0/threaded"); script_set_attribute(attribute:"solution", value:"Install Security Update 2013-004 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Mac OS X Sudo Password Bypass'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990); script_set_attribute(attribute:"vuln_publication_date", value:"2012/04/16"); script_set_attribute(attribute:"patch_publication_date", value:"2013/09/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/09/13"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/MacOSX/Version", "Host/MacOSX/packages/boms"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); os = get_kb_item("Host/MacOSX/Version"); if (!os) audit(AUDIT_OS_NOT, "Mac OS X"); if (!ereg(pattern:"Mac OS X 10\.[67]([^0-9]|$)", string:os)) audit(AUDIT_OS_NOT, "Mac OS X 10.6 / 10.7"); else if ("Mac OS X 10.6" >< os && !ereg(pattern:"Mac OS X 10\.6($|\.[0-8]([^0-9]|$))", string:os)) exit(0, "The remote host uses a version of Mac OS X Snow Leopard later than 10.6.8."); else if ("Mac OS X 10.7" >< os && !ereg(pattern:"Mac OS X 10\.7($|\.[0-5]([^0-9]|$))", string:os)) exit(0, "The remote host uses a version of Mac OS X Lion later than 10.7.5."); packages = get_kb_item_or_exit("Host/MacOSX/packages/boms", exit_code:1); if ( egrep(pattern:"^com\.apple\.pkg\.update\.security(\.10\.[6-8]\..+)?\.(2013\.00[4-9]|201[4-9]\.[0-9]+)(\.(snowleopard[0-9.]*|lion))?\.bom", string:packages) ) exit(0, "The host has Security Update 2013-004 or later installed and is therefore not affected."); else { set_kb_item(name:"www/0/XSS", value:TRUE); if (report_verbosity > 0) { security_boms = egrep(pattern:"^com\.apple\.pkg\.update\.security", string:packages); report = '\n Installed security BOMs : '; if (security_boms) report += str_replace(find:'\n', replace:'\n ', string:security_boms); else report += 'n/a'; report += '\n'; security_hole(port:0, extra:report); } else security_hole(0); }
NASL family Databases NASL id DB2_101FP3A.NASL description According to its version, the installation of IBM DB2 10.1 running on the remote host is prior to Fix Pack 3a. It is, therefore, affected by one or more of the following vulnerabilities : - The included version of GSKit contains an error related to CBC-mode and timing that could allow an attacker to recover plaintext from encrypted communications. (CVE-2013-0169) - An unspecified error exists related to handling malformed certificate chains that could allow denial of service attacks. (CVE-2013-6747) - A build error exists related to libraries in insecure locations that could allow a local user to carry out privilege escalation attacks. Note this issue does not affect the application when running on Microsoft Windows operating systems. (CVE-2014-0907) - An unspecified error exists related to the TLS implementation that could allow certain error cases to cause 100% CPU utilization. (CVE-2014-0963) last seen 2020-06-01 modified 2020-06-02 plugin id 76110 published 2014-06-18 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76110 title IBM DB2 10.1 < Fix Pack 3a Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(76110); script_version("1.9"); script_cvs_date("Date: 2019/11/26"); script_cve_id( "CVE-2013-0169", "CVE-2013-6747", "CVE-2014-0907", "CVE-2014-0963" ); script_bugtraq_id( 57778, 65156, 67238, 67617 ); script_name(english:"IBM DB2 10.1 < Fix Pack 3a Multiple Vulnerabilities"); script_summary(english:"Checks DB2 signature."); script_set_attribute(attribute:"synopsis", value: "The remote database server is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "According to its version, the installation of IBM DB2 10.1 running on the remote host is prior to Fix Pack 3a. It is, therefore, affected by one or more of the following vulnerabilities : - The included version of GSKit contains an error related to CBC-mode and timing that could allow an attacker to recover plaintext from encrypted communications. (CVE-2013-0169) - An unspecified error exists related to handling malformed certificate chains that could allow denial of service attacks. (CVE-2013-6747) - A build error exists related to libraries in insecure locations that could allow a local user to carry out privilege escalation attacks. Note this issue does not affect the application when running on Microsoft Windows operating systems. (CVE-2014-0907) - An unspecified error exists related to the TLS implementation that could allow certain error cases to cause 100% CPU utilization. (CVE-2014-0963)"); script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg21672100"); script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg21671732"); script_set_attribute(attribute:"see_also", value:"https://www-01.ibm.com/support/docview.wss?uid=swg21610582"); script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg24037557"); script_set_attribute(attribute:"solution", value: "Apply IBM DB2 version 10.1 Fix Pack 3a or Fix Pack 4 or later. Note that the vendor has posted a workaround for the build error issue (CVE-2014-0907) involving the command 'sqllib/bin/db2chglibpath'. Please consult the advisory for detailed instructions."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-0907"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/01/24"); script_set_attribute(attribute:"patch_publication_date", value:"2014/06/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/18"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:db2"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Databases"); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("db2_das_detect.nasl"); script_require_ports("Services/db2das", 523); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("db2_report_func.inc"); port = get_service(svc:"db2das", default:523, exit_on_fail:TRUE); level = get_kb_item_or_exit("DB2/" + port + "/Level"); if (level !~ "^10\.1\.") audit(AUDIT_NOT_LISTEN, "DB2 10.1", port); platform = get_kb_item_or_exit("DB2/"+port+"/Platform"); platform_name = get_kb_item("DB2/"+port+"/Platform_Name"); if (isnull(platform_name)) { platform_name = platform; report_phrase = "platform " + platform; } else report_phrase = platform_name; vuln = FALSE; # Windows 32-bit/64-bit if (platform == 5 || platform == 23) { fixed_level = '10.1.301.770'; if (ver_compare(ver:level, fix:fixed_level) == -1) vuln = TRUE; } # Others else if ( # Linux, 2.6 kernel 32/64-bit platform == 18 || platform == 30 || # AIX platform == 20 ) { fixed_level = '10.1.0.3'; if (ver_compare(ver:level, fix:fixed_level) <= 0) vuln = TRUE; # If not paranoid and at 10.1.0.3 already, # do not report - we cannot tell if FP3a is there. if (level == fixed_level && report_paranoia < 2) exit(1, "Nessus is unable to determine if the patch has been applied or not."); } else { info = 'Nessus does not support version checks against ' + report_phrase + '.\n' + 'To help us better identify vulnerable versions, please send the platform\n' + 'number along with details about the platform, including the operating system\n' + 'version, CPU architecture, and DB2 version to [email protected].\n'; exit(1, info); } if (vuln) { report_db2( severity : SECURITY_HOLE, port : port, platform_name : platform_name, installed_level : level, fixed_level : fixed_level); } else audit(AUDIT_LISTEN_NOT_VULN, "DB2", port, level);
NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2013-171.NASL description It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2013-0169) A NULL pointer dereference flaw was found in the OCSP response verification in OpenSSL. A malicious OCSP server could use this flaw to crash applications performing OCSP verification by sending a specially crafted response. (CVE-2013-0166) It was discovered that the TLS/SSL protocol could leak information about plain text when optional compression was used. An attacker able to control part of the plain text sent over an encrypted TLS/SSL connection could possibly use this flaw to recover other portions of the plain text. (CVE-2012-4929) Note: This update disables zlib compression, which was previously enabled in OpenSSL by default. Applications using OpenSSL now need to explicitly enable zlib compression to use it. last seen 2020-06-01 modified 2020-06-02 plugin id 69730 published 2013-09-04 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/69730 title Amazon Linux AMI : openssl (ALAS-2013-171) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Amazon Linux AMI Security Advisory ALAS-2013-171. # include("compat.inc"); if (description) { script_id(69730); script_version("1.9"); script_cvs_date("Date: 2018/04/18 15:09:35"); script_cve_id("CVE-2012-4929", "CVE-2013-0166", "CVE-2013-0169"); script_xref(name:"ALAS", value:"2013-171"); script_xref(name:"RHSA", value:"2013:0587"); script_name(english:"Amazon Linux AMI : openssl (ALAS-2013-171)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Amazon Linux AMI host is missing a security update." ); script_set_attribute( attribute:"description", value: "It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2013-0169) A NULL pointer dereference flaw was found in the OCSP response verification in OpenSSL. A malicious OCSP server could use this flaw to crash applications performing OCSP verification by sending a specially crafted response. (CVE-2013-0166) It was discovered that the TLS/SSL protocol could leak information about plain text when optional compression was used. An attacker able to control part of the plain text sent over an encrypted TLS/SSL connection could possibly use this flaw to recover other portions of the plain text. (CVE-2012-4929) Note: This update disables zlib compression, which was previously enabled in OpenSSL by default. Applications using OpenSSL now need to explicitly enable zlib compression to use it." ); script_set_attribute( attribute:"see_also", value:"https://alas.aws.amazon.com/ALAS-2013-171.html" ); script_set_attribute( attribute:"solution", value:"Run 'yum update openssl' to update your system." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:openssl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:openssl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:openssl-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:openssl-perl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:openssl-static"); script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2013/03/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/09/04"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc."); script_family(english:"Amazon Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/AmazonLinux/release"); if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux"); os_ver = pregmatch(pattern: "^AL(A|\d)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux"); os_ver = os_ver[1]; if (os_ver != "A") { if (os_ver == 'A') os_ver = 'AMI'; audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver); } if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (rpm_check(release:"ALA", reference:"openssl-1.0.0k-1.48.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"openssl-debuginfo-1.0.0k-1.48.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"openssl-devel-1.0.0k-1.48.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"openssl-perl-1.0.0k-1.48.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"openssl-static-1.0.0k-1.48.amzn1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openssl / openssl-debuginfo / openssl-devel / openssl-perl / etc"); }
NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_00B0D8CD709711E298D9003067C2616F.NASL description OpenSSL security team reports : A flaw in the OpenSSL handling of CBC mode ciphersuites in TLS 1.1 and TLS 1.2 on AES-NI supporting platforms can be exploited in a DoS attack. A flaw in the OpenSSL handling of OCSP response verification can be exploited in a denial of service attack. last seen 2020-06-01 modified 2020-06-02 plugin id 64488 published 2013-02-07 reporter This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/64488 title FreeBSD : OpenSSL -- TLS 1.1, 1.2 denial of service (00b0d8cd-7097-11e2-98d9-003067c2616f) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2018 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # include("compat.inc"); if (description) { script_id(64488); script_version("1.19"); script_cvs_date("Date: 2018/11/21 10:46:30"); script_cve_id("CVE-2012-2686", "CVE-2013-0166", "CVE-2013-0169"); script_name(english:"FreeBSD : OpenSSL -- TLS 1.1, 1.2 denial of service (00b0d8cd-7097-11e2-98d9-003067c2616f)"); script_summary(english:"Checks for updated package in pkg_info output"); script_set_attribute( attribute:"synopsis", value:"The remote FreeBSD host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "OpenSSL security team reports : A flaw in the OpenSSL handling of CBC mode ciphersuites in TLS 1.1 and TLS 1.2 on AES-NI supporting platforms can be exploited in a DoS attack. A flaw in the OpenSSL handling of OCSP response verification can be exploited in a denial of service attack." ); # http://www.openssl.org/news/secadv/20120510.txt script_set_attribute( attribute:"see_also", value:"https://www.openssl.org/news/secadv/20120510.txt" ); # https://vuxml.freebsd.org/freebsd/00b0d8cd-7097-11e2-98d9-003067c2616f.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?5b6afcf7" ); script_set_attribute(attribute:"solution", value:"Update the affected package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:openssl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/02/05"); script_set_attribute(attribute:"patch_publication_date", value:"2013/02/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/02/07"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (pkg_test(save_report:TRUE, pkg:"openssl<1.0.1_6")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Misc. NASL id VMWARE_ESX_VMSA-2013-0009_REMOTE.NASL description The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several third-party libraries : - GnuTLS - Kernel - OpenSSL last seen 2020-06-01 modified 2020-06-02 plugin id 89666 published 2016-03-04 reporter This script is Copyright (C) 2016-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/89666 title VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2013-0009) (remote check) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(89666); script_version("1.4"); script_cvs_date("Date: 2018/11/15 20:50:24"); script_cve_id( "CVE-2013-0166", "CVE-2013-0169", "CVE-2013-0268", "CVE-2013-0338", "CVE-2013-0871", "CVE-2013-2116" ); script_bugtraq_id( 57778, 57838, 57986, 58180, 60268, 60215 ); script_xref(name:"VMSA", value:"2013-0009"); script_xref(name:"CERT", value:"737740"); script_xref(name:"EDB-ID", value:"27297"); script_name(english:"VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2013-0009) (remote check)"); script_summary(english:"Checks the version and build numbers of the remote host."); script_set_attribute(attribute:"synopsis", value: "The remote VMware ESX / ESXi host is missing a security-related patch."); script_set_attribute(attribute:"description", value: "The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several third-party libraries : - GnuTLS - Kernel - OpenSSL"); script_set_attribute(attribute:"see_also", value:"https://www.vmware.com/security/advisories/VMSA-2013-0009.html"); script_set_attribute(attribute:"solution", value: "Apply the appropriate patch according to the vendor advisory that pertains to ESX version 4.0 / 4.1 or ESXi version 4.0 / 4.1."); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_set_attribute(attribute:"vuln_publication_date", value:"2013/02/04"); script_set_attribute(attribute:"patch_publication_date", value:"2013/07/31"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/03/04"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Misc."); script_copyright(english:"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc."); script_dependencies("vmware_vsphere_detect.nbin"); script_require_keys("Host/VMware/version", "Host/VMware/release"); script_require_ports("Host/VMware/vsphere"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); ver = get_kb_item_or_exit("Host/VMware/version"); rel = get_kb_item_or_exit("Host/VMware/release"); port = get_kb_item_or_exit("Host/VMware/vsphere"); esx = ''; build = 0; fix = FALSE; if ("ESX" >!< rel) audit(AUDIT_OS_NOT, "VMware ESX/ESXi"); extract = eregmatch(pattern:"^(ESXi?) (\d\.\d).*$", string:ver); if (empty_or_null(extract)) audit(AUDIT_UNKNOWN_APP_VER, "VMware ESX/ESXi"); esx = extract[1]; ver = extract[2]; extract = eregmatch(pattern:'^VMware ESXi?.* build-([0-9]+)$', string:rel); if (isnull(extract)) audit(AUDIT_UNKNOWN_BUILD, "VMware " + esx, ver); build = int(extract[1]); fixes = make_array( "4.1", 1198252, "4.0", 1335992 ); fix = fixes[ver]; if (!fix) audit(AUDIT_INST_VER_NOT_VULN, esx, ver, build); if (build < fix) { report = '\n Version : ' + esx + " " + ver + '\n Installed build : ' + build + '\n Fixed build : ' + fix + '\n'; security_report_v4(port:port, severity:SECURITY_WARNING, extra:report); exit(0); } else audit(AUDIT_INST_VER_NOT_VULN, "VMware " + esx, ver, build);
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2013-0274.NASL description Updated java-1.6.0-openjdk packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. An improper permission check issue was discovered in the JMX component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2013-1486) It was discovered that OpenJDK leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding oracle. (CVE-2013-0169) This erratum also upgrades the OpenJDK package to IcedTea6 1.11.8. Refer to the NEWS file, linked to in the References, for further information. All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 64747 published 2013-02-21 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/64747 title RHEL 5 : java-1.6.0-openjdk (RHSA-2013:0274) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2013:0274. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(64747); script_version("1.25"); script_cvs_date("Date: 2019/10/24 15:35:36"); script_cve_id("CVE-2013-0169", "CVE-2013-1486"); script_xref(name:"RHSA", value:"2013:0274"); script_name(english:"RHEL 5 : java-1.6.0-openjdk (RHSA-2013:0274)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated java-1.6.0-openjdk packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. An improper permission check issue was discovered in the JMX component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2013-1486) It was discovered that OpenJDK leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding oracle. (CVE-2013-0169) This erratum also upgrades the OpenJDK package to IcedTea6 1.11.8. Refer to the NEWS file, linked to in the References, for further information. All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect." ); # http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.8/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?501e0ece" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2013:0274" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2013-0169" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2013-1486" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-demo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-javadoc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-src"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5.9"); script_set_attribute(attribute:"patch_publication_date", value:"2013/02/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/02/21"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = eregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! ereg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2013:0274"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"java-1.6.0-openjdk-1.6.0.0-1.35.1.11.8.el5_9")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.6.0-openjdk-1.6.0.0-1.35.1.11.8.el5_9")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"java-1.6.0-openjdk-debuginfo-1.6.0.0-1.35.1.11.8.el5_9")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.6.0-openjdk-debuginfo-1.6.0.0-1.35.1.11.8.el5_9")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"java-1.6.0-openjdk-demo-1.6.0.0-1.35.1.11.8.el5_9")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.6.0-openjdk-demo-1.6.0.0-1.35.1.11.8.el5_9")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"java-1.6.0-openjdk-devel-1.6.0.0-1.35.1.11.8.el5_9")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.6.0-openjdk-devel-1.6.0.0-1.35.1.11.8.el5_9")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"java-1.6.0-openjdk-javadoc-1.6.0.0-1.35.1.11.8.el5_9")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.6.0-openjdk-javadoc-1.6.0.0-1.35.1.11.8.el5_9")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"java-1.6.0-openjdk-src-1.6.0.0-1.35.1.11.8.el5_9")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.6.0-openjdk-src-1.6.0.0-1.35.1.11.8.el5_9")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1.6.0-openjdk / java-1.6.0-openjdk-debuginfo / etc"); } }
NASL family MacOS X Local Security Checks NASL id MACOSX_10_8_5.NASL description The remote host is running a version of Mac OS X 10.8.x that is prior to 10.8.5. The newer version contains multiple security-related fixes for the following components : - Apache - Bind - Certificate Trust Policy - CoreGraphics - ImageIO - Installer - IPSec - Kernel - Mobile Device Management - OpenSSL - PHP - PostgreSQL - Power Management - QuickTime - Screen Lock - sudo This update also addresses an issue in which certain Unicode strings could cause applications to unexpectedly quit. Note that successful exploitation of the most serious issues could result in arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 69877 published 2013-09-13 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/69877 title Mac OS X 10.8.x < 10.8.5 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(69877); script_version("1.18"); script_cvs_date("Date: 2018/07/14 1:59:36"); script_cve_id( "CVE-2012-0883", "CVE-2012-2686", "CVE-2012-2687", "CVE-2012-3499", "CVE-2012-3817", "CVE-2012-4244", "CVE-2012-4558", "CVE-2012-5166", "CVE-2012-5688", "CVE-2013-0166", "CVE-2013-0169", "CVE-2013-1025", "CVE-2013-1026", "CVE-2013-1027", "CVE-2013-1028", "CVE-2013-1029", "CVE-2013-1030", "CVE-2013-1031", "CVE-2013-1032", "CVE-2013-1033", "CVE-2013-1635", "CVE-2013-1643", "CVE-2013-1775", "CVE-2013-1824", "CVE-2013-1899", "CVE-2013-1900", "CVE-2013-1901", "CVE-2013-1902", "CVE-2013-1903", "CVE-2013-2110", "CVE-2013-2266" ); script_bugtraq_id( 53046, 54658, 55131, 55522, 55852, 56817, 57755, 57778, 58165, 58203, 58224, 58736, 58766, 58876, 58877, 58878, 58879, 58882, 60268, 60411, 62368, 62369, 62370, 62371, 62373, 62374, 62375, 62377, 62378, 62381, 62382 ); script_xref(name:"APPLE-SA", value:"APPLE-SA-2013-09-12-1"); script_name(english:"Mac OS X 10.8.x < 10.8.5 Multiple Vulnerabilities"); script_summary(english:"Check the version of Mac OS X"); script_set_attribute( attribute:"synopsis", value: "The remote host is missing a Mac OS X update that fixes several security issues." ); script_set_attribute( attribute:"description", value: "The remote host is running a version of Mac OS X 10.8.x that is prior to 10.8.5. The newer version contains multiple security-related fixes for the following components : - Apache - Bind - Certificate Trust Policy - CoreGraphics - ImageIO - Installer - IPSec - Kernel - Mobile Device Management - OpenSSL - PHP - PostgreSQL - Power Management - QuickTime - Screen Lock - sudo This update also addresses an issue in which certain Unicode strings could cause applications to unexpectedly quit. Note that successful exploitation of the most serious issues could result in arbitrary code execution." ); script_set_attribute(attribute:"see_also", value:"http://support.apple.com/kb/HT5880"); script_set_attribute(attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html"); script_set_attribute(attribute:"see_also", value:"http://www.securityfocus.com/archive/1/528594/30/0/threaded"); script_set_attribute(attribute:"solution", value:"Upgrade to Mac OS X 10.8.5 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Mac OS X Sudo Password Bypass'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990); script_set_attribute(attribute:"vuln_publication_date", value:"2012/04/16"); script_set_attribute(attribute:"patch_publication_date", value:"2013/09/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/09/13"); script_set_attribute(attribute:"plugin_type", value:"combined"); script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc."); script_dependencies("ssh_get_info.nasl", "os_fingerprint.nasl"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); os = get_kb_item("Host/MacOSX/Version"); if (!os) { os = get_kb_item_or_exit("Host/OS"); if ("Mac OS X" >!< os) audit(AUDIT_OS_NOT, "Mac OS X"); c = get_kb_item("Host/OS/Confidence"); if (c <= 70) exit(1, "Can't determine the host's OS with sufficient confidence."); } if (!os) audit(AUDIT_OS_NOT, "Mac OS X"); if (ereg(pattern:"Mac OS X 10\.8($|\.[0-4]([^0-9]|$))", string:os)) { set_kb_item(name:"www/0/XSS", value:TRUE); security_hole(0); } else exit(0, "The host is not affected as it is running "+os+".");
NASL family Web Servers NASL id OPENSSL_1_0_0K.NASL description According to its banner, the remote web server is running a version of OpenSSL 1.0.0 prior to 1.0.0k. The OpenSSL library is, therefore, reportedly affected by the following vulnerabilities : - An error exists related to the handling of OCSP response verification that could allow denial of service attacks. (CVE-2013-0166) - An error exists related to the SSL/TLS/DTLS protocols, CBC mode encryption and response time. An attacker could obtain plaintext contents of encrypted traffic via timing attacks. (CVE-2013-0169) last seen 2020-06-01 modified 2020-06-02 plugin id 64533 published 2013-02-09 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/64533 title OpenSSL 1.0.0 < 1.0.0k Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(64533); script_version("1.16"); script_cvs_date("Date: 2019/12/04"); script_cve_id("CVE-2013-0166", "CVE-2013-0169"); script_bugtraq_id(57778, 60268); script_name(english:"OpenSSL 1.0.0 < 1.0.0k Multiple Vulnerabilities"); script_summary(english:"Does a banner check"); script_set_attribute(attribute:"synopsis", value: "The remote host may be affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "According to its banner, the remote web server is running a version of OpenSSL 1.0.0 prior to 1.0.0k. The OpenSSL library is, therefore, reportedly affected by the following vulnerabilities : - An error exists related to the handling of OCSP response verification that could allow denial of service attacks. (CVE-2013-0166) - An error exists related to the SSL/TLS/DTLS protocols, CBC mode encryption and response time. An attacker could obtain plaintext contents of encrypted traffic via timing attacks. (CVE-2013-0169)"); script_set_attribute(attribute:"see_also", value:"https://www.openssl.org/news/secadv/20130204.txt"); script_set_attribute(attribute:"solution", value: "Upgrade to OpenSSL 1.0.0k or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-0169"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/02/04"); script_set_attribute(attribute:"patch_publication_date", value:"2013/02/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/02/09"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:openssl:openssl"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Web Servers"); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("openssl_version.nasl"); script_require_keys("openssl/port"); exit(0); } include("openssl_version.inc"); openssl_check_version(fixed:'1.0.0k', min:"1.0.0", severity:SECURITY_NOTE);
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2013-0587.NASL description Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2013-0169) A NULL pointer dereference flaw was found in the OCSP response verification in OpenSSL. A malicious OCSP server could use this flaw to crash applications performing OCSP verification by sending a specially crafted response. (CVE-2013-0166) It was discovered that the TLS/SSL protocol could leak information about plain text when optional compression was used. An attacker able to control part of the plain text sent over an encrypted TLS/SSL connection could possibly use this flaw to recover other portions of the plain text. (CVE-2012-4929) Note: This update disables zlib compression, which was previously enabled in OpenSSL by default. Applications using OpenSSL now need to explicitly enable zlib compression to use it. It was found that OpenSSL read certain environment variables even when used by a privileged (setuid or setgid) application. A local attacker could use this flaw to escalate their privileges. No application shipped with Red Hat Enterprise Linux 5 and 6 was affected by this problem. (BZ#839735) All OpenSSL users should upgrade to these updated packages, which contain backported patches to resolve these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. last seen 2020-06-01 modified 2020-06-02 plugin id 65004 published 2013-03-05 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/65004 title RHEL 5 / 6 : openssl (RHSA-2013:0587) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2013-040-01.NASL description New openssl packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 64535 published 2013-02-11 reporter This script is Copyright (C) 2013-2015 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/64535 title Slackware 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / 14.0 / current : openssl (SSA:2013-040-01) NASL family SuSE Local Security Checks NASL id OPENSUSE-2013-154.NASL description openssl was updated to 1.0.1e, fixing bugs and security issues : o Fix renegotiation in TLS 1.1, 1.2 by using the correct TLS version. o Include the fips configuration module. o Fix OCSP bad key DoS attack CVE-2013-0166 bnc#802746 o Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169 bnc#802184 o Fix for TLS AESNI record handling flaw CVE-2012-2686 Also the following buyg was fixed: bnc#757773 - c_rehash to accept more filename extensions last seen 2020-06-05 modified 2014-06-13 plugin id 74902 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74902 title openSUSE Security Update : openssl (openSUSE-SU-2013:0337-1) NASL family Fedora Local Security Checks NASL id FEDORA_2013-2793.NASL description Multiple security and bug fixes update from upstream. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-03-08 plugin id 65081 published 2013-03-08 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/65081 title Fedora 17 : openssl-1.0.0k-1.fc17 (2013-2793) NASL family General NASL id IBM_TSM_SERVER_5_5_X.NASL description The version of IBM Tivoli Storage Manager installed on the remote host is 5.5 running on Windows or AIX. It is, therefore, potentially affected by multiple flaws in its bundled SSL library: - A flaw that could allow a remote attacker to cause a denial of service via a specially crafted last seen 2020-06-01 modified 2020-06-02 plugin id 77116 published 2014-08-11 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77116 title IBM Tivoli Storage Manager Server 5.5.x Multiple Vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_11_JAVA-1_7_0-IBM-130415.NASL description IBM Java 7 was updated to SR4-FP1, fixing bugs and security issues. More information can be found on : http://www.ibm.com/developerworks/java/jdk/alerts/ and on : http://www.ibm.com/developerworks/java/jdk/aix/j764/Java7_64.fixes.htm l#SR4FP1 last seen 2020-06-05 modified 2013-04-19 plugin id 66031 published 2013-04-19 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/66031 title SuSE 11.2 Security Update : java-1_7_0-ibm (SAT Patch Number 7623) NASL family CGI abuses NASL id IBM_TEM_8_2_1372.NASL description The remote host is running a version of IBM Tivoli Endpoint Manager Server prior to 8.2.1372. It is, therefore, affected by multiple vulnerabilities : - Multiple SSL related denial of service vulnerabilities exist. (CVE-2012-2686, CVE-2013-0166) - An SSL side-channel timing analysis attack allows full or partial plaintext recovery by a third-party listener. (CVE-2013-0169) - A cross-site request forgery vulnerability exists in the Use Analysis Application that can be exploited via a specially crafted AMF message. (CVE-2013-0452) - An unspecified cross-site scripting vulnerability exists in IBM Tivoli Endpoint Manager Web Reports. (CVE-2013-0453) last seen 2020-06-01 modified 2020-06-02 plugin id 66270 published 2013-04-30 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/66270 title IBM Tivoli Endpoint Manager Server < 8.2.1372 Multiple Vulnerabilities NASL family General NASL id IBM_GSKIT_SWG21638270.NASL description The version of IBM Global Security Kit (GSKit) installed on the remote host is 7.0.x prior to 7.0.4.45 or 8.0.14.x prior to 8.0.14.27. It is, therefore, affected by an information disclosure vulnerability. The Transport Layer Security (TLS) protocol does not properly consider timing side-channel attacks, which allows remote attackers to conduct distinguishing attacks and plain-text recovery attacks via statistical analysis of timing data for crafted packets. This type of exploitation is known as the last seen 2020-06-01 modified 2020-06-02 plugin id 67231 published 2013-07-10 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/67231 title IBM GSKit 7.x < 7.0.4.45 / 8.0.14.x < 8.0.14.27 TLS Side-Channel Timing Information Disclosure NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2013-0636.NASL description An updated rhev-hypervisor6 package that fixes several security issues and various bugs is now available. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A flaw was found in the way QEMU-KVM emulated the e1000 network interface card when the host was configured to accept jumbo network frames, and a guest using the e1000 emulated driver was not. A remote attacker could use this flaw to crash the guest or, potentially, execute arbitrary code with root privileges in the guest. (CVE-2012-6075) It was discovered that GnuTLS leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding oracle. (CVE-2013-1619) It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2013-0169) A NULL pointer dereference flaw was found in the OCSP response verification in OpenSSL. A malicious OCSP server could use this flaw to crash applications performing OCSP verification by sending a specially crafted response. (CVE-2013-0166) It was discovered that the TLS/SSL protocol could leak information about plain text when optional compression was used. An attacker able to control part of the plain text sent over an encrypted TLS/SSL connection could possibly use this flaw to recover other portions of the plain text. (CVE-2012-4929) This updated package provides updated components that include fixes for various security issues. These issues have no security impact on Red Hat Enterprise Virtualization Hypervisor itself, however. The security fixes included in this update address the following CVE numbers : CVE-2013-0292 (dbus-glib issue) CVE-2013-0228, CVE-2013-0268, and CVE-2013-0871 (kernel issues) CVE-2013-0338 (libxml2 issue) This update contains the builds from the following errata : ovirt-node: RHBA-2013:0634 https://rhn.redhat.com/errata/RHBA-2013-0634.html kernel: RHSA-2013:0630 https://rhn.redhat.com/errata/RHSA-2013-0630.html dbus-glib: RHSA-2013:0568 https://rhn.redhat.com/errata/RHSA-2013-0568.html libcgroup: RHBA-2013:0560 https://rhn.redhat.com/errata/RHBA-2013-0560.html vdsm: RHBA-2013:0635 https://rhn.redhat.com/errata/RHBA-2013-0635.html selinux-policy: RHBA-2013:0618 https://rhn.redhat.com/errata/RHBA-2013-0618.html qemu-kvm-rhev: RHSA-2013:0610 https://rhn.redhat.com/errata/RHSA-2013-0610.html glusterfs: RHBA-2013:0620 https://rhn.redhat.com/errata/RHBA-2013-0620.html gnutls: RHSA-2013:0588 https://rhn.redhat.com/errata/RHSA-2013-0588.html ipmitool: RHBA-2013:0572 https://rhn.redhat.com/errata/RHBA-2013-0572.html libxml2: RHSA-2013:0581 https://rhn.redhat.com/errata/RHSA-2013-0581.html openldap: RHBA-2013:0598 https://rhn.redhat.com/errata/RHBA-2013-0598.html openssl: RHSA-2013:0587 https://rhn.redhat.com/errata/RHSA-2013-0587.html Users of the Red Hat Enterprise Virtualization Hypervisor are advised to upgrade to this updated package, which fixes these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 78952 published 2014-11-08 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78952 title RHEL 6 : rhev-hypervisor6 (RHSA-2013:0636) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2013-0822.NASL description Updated java-1.7.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2013-0169, CVE-2013-0401, CVE-2013-1488, CVE-2013-1491, CVE-2013-1537, CVE-2013-1540, CVE-2013-1557, CVE-2013-1558, CVE-2013-1563, CVE-2013-1569, CVE-2013-2383, CVE-2013-2384, CVE-2013-2394, CVE-2013-2415, CVE-2013-2416, CVE-2013-2417, CVE-2013-2418, CVE-2013-2419, CVE-2013-2420, CVE-2013-2422, CVE-2013-2423, CVE-2013-2424, CVE-2013-2426, CVE-2013-2429, CVE-2013-2430, CVE-2013-2432, CVE-2013-2433, CVE-2013-2434, CVE-2013-2435, CVE-2013-2436, CVE-2013-2438, CVE-2013-2440) All users of java-1.7.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 7 SR4-FP2 release. All running instances of IBM Java must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 66439 published 2013-05-15 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/66439 title RHEL 5 / 6 : java-1.7.0-ibm (RHSA-2013:0822) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2013-0273.NASL description From Red Hat Security Advisory 2013:0273 : Updated java-1.6.0-openjdk packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. An improper permission check issue was discovered in the JMX component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2013-1486) It was discovered that OpenJDK leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding oracle. (CVE-2013-0169) Note: If the web browser plug-in provided by the icedtea-web package was installed, CVE-2013-1486 could have been exploited without user interaction if a user visited a malicious website. This erratum also upgrades the OpenJDK package to IcedTea6 1.11.8. Refer to the NEWS file, linked to in the References, for further information. All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 68734 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68734 title Oracle Linux 6 : java-1.6.0-openjdk (ELSA-2013-0273) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2013-0275.NASL description From Red Hat Security Advisory 2013:0275 : Updated java-1.7.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. Multiple improper permission check issues were discovered in the JMX and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2013-1486, CVE-2013-1484) An improper permission check issue was discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2013-1485) It was discovered that OpenJDK leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding oracle. (CVE-2013-0169) This erratum also upgrades the OpenJDK package to IcedTea7 2.3.7. Refer to the NEWS file, linked to in the References, for further information. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 68736 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68736 title Oracle Linux 5 / 6 : java-1.7.0-openjdk (ELSA-2013-0275) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2013-0275.NASL description Updated java-1.7.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. Multiple improper permission check issues were discovered in the JMX and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2013-1486, CVE-2013-1484) An improper permission check issue was discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2013-1485) It was discovered that OpenJDK leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding oracle. (CVE-2013-0169) This erratum also upgrades the OpenJDK package to IcedTea7 2.3.7. Refer to the NEWS file, linked to in the References, for further information. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 64731 published 2013-02-21 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/64731 title CentOS 5 / 6 : java-1.7.0-openjdk (CESA-2013:0275) NASL family Windows NASL id ORACLE_JAVA_CPU_FEB_2013_1.NASL description The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is earlier than 7 Update 15, 6 Update 41, 5 Update 40 or 1.4.2 Update 42. It is, therefore, potentially affected by security issues in the following components : - Deployment - JMX - JSSE - Libraries last seen 2020-06-01 modified 2020-06-02 plugin id 64790 published 2013-02-21 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/64790 title Oracle Java SE Multiple Vulnerabilities (February 2013 CPU Update 1) NASL family Web Servers NASL id WEBSPHERE_8_5_0_2.NASL description IBM WebSphere Application Server 8.5 before Fix Pack 2 appears to be running on the remote host and is, therefore, potentially affected by the following vulnerabilities : - The included Java SDK contains several errors that affect the application directly. (CVE-2013-0169, CVE-2013-0440, CVE-2013-0443) - Input validation errors exist related to the administration console that could allow cross-site scripting attacks. (CVE-2013-0458 / PM71139, CVE-2013-0461 / PM71389, CVE-2013-0542 / PM81846, CVE-2013-0565 / PM83402) - An input validation error exists related to the administration console that could allow cross-site scripting attacks. Note that this issue affects only the application when running on z/OS operating systems. (CVE-2013-0459 / PM72536) - An unspecified error could allow security bypass for authenticated users. (CVE-2013-0462 / PM76886 or PM79937) - An error exists related to last seen 2020-06-01 modified 2020-06-02 plugin id 66375 published 2013-05-10 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/66375 title IBM WebSphere Application Server 8.5 < Fix Pack 2 Multiple Vulnerabilities NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201310-10.NASL description The remote host is affected by the vulnerability described in GLSA-201310-10 (PolarSSL: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in PolarSSL. Please review the CVE identifiers referenced below for details. Impact : A remote attacker might be able to cause Denial of Service, conduct a man-in-the middle attack, compromise an encrypted communication channel, or obtain sensitive information. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 70486 published 2013-10-18 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/70486 title GLSA-201310-10 : PolarSSL: Multiple vulnerabilities NASL family SuSE Local Security Checks NASL id OPENSUSE-2013-164.NASL description java-1_6_0-openjdk was updated to IcedTea 1.12.3 (bnc#804654) containing security and bugfixes : - Security fixes - S8006446: Restrict MBeanServer access (CVE-2013-1486) - S8006777: Improve TLS handling of invalid messages Lucky 13 (CVE-2013-0169) - S8007688: Blacklist known bad certificate (issued by DigiCert) - Backports - S8007393: Possible race condition after JDK-6664509 - S8007611: logging behavior in applet changed - Bug fixes - PR1319: Support GIF lib v5. last seen 2020-06-05 modified 2014-06-13 plugin id 74906 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74906 title openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2013:0375-1) NASL family Misc. NASL id VMWARE_ESXI_5_0_BUILD_1311177_REMOTE.NASL description The remote VMware ESXi 5.0 host is affected by the following security vulnerabilities : - Multiple errors exist related to OpenSSL that could allow information disclosure or denial of service attacks. (CVE-2013-0166, CVE-2013-0169) - An error exists in the libxml2 library related to the expansion of XML internal entities. An attacker can exploit this to cause a denial of service. (CVE-2013-0338) - An unspecified error exists related to last seen 2020-06-01 modified 2020-06-02 plugin id 70879 published 2013-11-13 reporter This script is (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/70879 title ESXi 5.0 < Build 1311175 Multiple Vulnerabilities (remote check) NASL family Solaris Local Security Checks NASL id SOLARIS11_NSS_20140809.NASL description The remote Solaris system is missing necessary patches to address security updates : - The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169. (CVE-2013-1620) last seen 2020-06-01 modified 2020-06-02 plugin id 80713 published 2015-01-19 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/80713 title Oracle Solaris Third-Party Patch Update : nss (cve_2013_1620_lucky_thirteen) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2621.NASL description Multiple vulnerabilities have been found in OpenSSL. The Common Vulnerabilities and Exposures project identifies the following issues : - CVE-2013-0166 OpenSSL does not properly perform signature verification for OCSP responses, which allows remote attackers to cause a denial of service via an invalid key. - CVE-2013-0169 A timing side channel attack has been found in CBC padding allowing an attacker to recover pieces of plaintext via statistical analysis of crafted packages, known as the last seen 2020-03-17 modified 2013-02-14 plugin id 64623 published 2013-02-14 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/64623 title Debian DSA-2621-1 : openssl - several vulnerabilities NASL family Windows NASL id TIVOLI_DIRECTORY_SVR_SWG21638270.NASL description The remote host is running a version of IBM Tivoli Directory Server and a version of IBM Global Security Kit (GSKit) that is affected by an information disclosure vulnerability. The Transport Layer Security (TLS) protocol does not properly consider timing side-channel attacks, which allows remote attackers to conduct distinguishing attacks and plain-text recovery attacks via statistical analysis of timing data for crafted packets. This type of exploitation is known as the last seen 2020-06-01 modified 2020-06-02 plugin id 80481 published 2015-01-13 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/80481 title IBM Tivoli Directory Server < 6.0.0.72 / 6.1.0.55 / 6.2.0.30 / 6.3.0.22 with GSKit < 7.0.4.45 / 8.0.14.27 TLS Side-Channel Timing Information Disclosure NASL family General NASL id IBM_TSM_SERVER_6_3_4_200.NASL description The version of IBM Tivoli Storage Manager installed on the remote host is 6.3.x prior to 6.3.4.200. It is, therefore, affected by a vulnerability that could allow a remote attacker to perform a statistical timing attack known as last seen 2020-06-01 modified 2020-06-02 plugin id 77120 published 2014-08-11 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/77120 title IBM Tivoli Storage Manager Server 6.3.x < 6.3.4.200 Information Disclosure NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2014-0008.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - fix for CVE-2014-0224 - SSL/TLS MITM vulnerability - replace expired GlobalSign Root CA certificate in ca-bundle.crt - fix for CVE-2013-0169 - SSL/TLS CBC timing attack (#907589) - fix for CVE-2013-0166 - DoS in OCSP signatures checking (#908052) - enable compression only if explicitly asked for or OPENSSL_DEFAULT_ZLIB environment variable is set (fixes CVE-2012-4929 #857051) - use __secure_getenv everywhere instead of getenv (#839735) - fix for CVE-2012-2333 - improper checking for record length in DTLS (#820686) - fix for CVE-2012-2110 - memory corruption in asn1_d2i_read_bio (#814185) - fix problem with the SGC restart patch that might terminate handshake incorrectly - fix for CVE-2012-0884 - MMA weakness in CMS and PKCS#7 code (#802725) - fix for CVE-2012-1165 - NULL read dereference on bad MIME headers (#802489) - fix for CVE-2011-4108 & CVE-2012-0050 - DTLS plaintext recovery vulnerability and additional DTLS fixes (#771770) - fix for CVE-2011-4109 - double free in policy checks (#771771) - fix for CVE-2011-4576 - uninitialized SSL 3.0 padding (#771775) - fix for CVE-2011-4619 - SGC restart DoS attack (#771780) - add known answer test for SHA2 algorithms (#740866) - make default private key length in certificate Makefile 2048 bits (can be changed with PRIVATE_KEY_BITS setting) (#745410) - fix incorrect return value in parse_yesno (#726593) - added DigiCert CA certificates to ca-bundle (#735819) - added a new section about error states to README.FIPS (#628976) - add missing DH_check_pub_key call when DH key is computed (#698175) - presort list of ciphers available in SSL (#688901) - accept connection in s_server even if getaddrinfo fails (#561260) - point to openssl dgst for list of supported digests (#608639) - fix handling of future TLS versions (#599112) - added VeriSign Class 3 Public Primary Certification Authority - G5 and StartCom Certification Authority certs to ca-bundle (#675671, #617856) - upstream fixes for the CHIL engine (#622003, #671484) - add SHA-2 hashes in SSL_library_init (#676384) - fix CVE-2010-4180 - completely disable code for SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG (#659462) - fix CVE-2009-3245 - add missing bn_wexpand return checks (#570924) - fix CVE-2010-0433 - do not pass NULL princ to krb5_kt_get_entry which in the RHEL-5 and newer versions will crash in such case (#569774) - fix CVE-2009-3555 - support the safe renegotiation extension and do not allow legacy renegotiation on the server by default (#533125) - fix CVE-2009-2409 - drop MD2 algorithm from EVP tables (#510197) - fix CVE-2009-4355 - do not leak memory when CRYPTO_cleanup_all_ex_data is called prematurely by application (#546707) last seen 2020-06-01 modified 2020-06-02 plugin id 79532 published 2014-11-26 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79532 title OracleVM 3.2 : onpenssl (OVMSA-2014-0008) NASL family Web Servers NASL id WEBSPHERE_8_0_0_6.NASL description IBM WebSphere Application Server 8.0 before Fix Pack 6 appears to be running on the remote host. It is, therefore, potentially affected by the following vulnerabilities : - An input validation error exists that could allow cross-site request forgery (CSRF) attacks. (CVE-2012-4853 / PM62920) - The included Java SDK contains several errors that affect the application directly. (CVE-2013-0169, CVE-2013-0440, CVE-2013-0443) - Input validation errors exist related to the administration console that could allow cross-site scripting attacks. (CVE-2013-0458 / PM71139, CVE-2013-0461 / PM71389, CVE-2013-0542 / PM81846) - An input validation error exists related to the administration console that could allow cross-site scripting attacks. Note that this issue affects only the application when running on z/OS operating systems. (CVE-2013-0459 / PM72536) - An unspecified error could allow security bypass for authenticated users. (CVE-2013-0462 / PM76886 or PM79937) - An error exists related to last seen 2020-06-01 modified 2020-06-02 plugin id 66374 published 2013-05-10 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/66374 title IBM WebSphere Application Server 8.0 < Fix Pack 6 Multiple Vulnerabilities NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201401-30.NASL description The remote host is affected by the vulnerability described in GLSA-201401-30 (Oracle JRE/JDK: Multiple vulnerabilities) Multiple vulnerabilities have been reported in the Oracle Java implementation. Please review the CVE identifiers referenced below for details. Impact : An unauthenticated, remote attacker could exploit these vulnerabilities to execute arbitrary code. Furthermore, a local or remote attacker could exploit these vulnerabilities to cause unspecified impact, possibly including remote execution of arbitrary code. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 72139 published 2014-01-27 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/72139 title GLSA-201401-30 : Oracle JRE/JDK: Multiple vulnerabilities (ROBOT) NASL family F5 Networks Local Security Checks NASL id F5_BIGIP_SOL15630.NASL description The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169. (CVE-2013-1620) last seen 2020-06-01 modified 2020-06-02 plugin id 78198 published 2014-10-10 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78198 title F5 Networks BIG-IP : TLS in Mozilla NSS vulnerability (K15630) NASL family AIX Local Security Checks NASL id AIX_OPENSSL_ADVISORY5.NASL description The version of OpenSSL running on the remote host is affected by the following vulnerabilities : - The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side- channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the last seen 2020-06-01 modified 2020-06-02 plugin id 73563 published 2014-04-16 reporter This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/73563 title AIX OpenSSL Advisory : openssl_advisory5.asc NASL family F5 Networks Local Security Checks NASL id F5_BIGIP_SOL93600123.NASL description The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session, NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169. (CVE-2016-2107) last seen 2020-06-01 modified 2020-06-02 plugin id 94986 published 2016-11-21 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/94986 title F5 Networks BIG-IP : OpenSSL vulnerability (K93600123) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1547.NASL description According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A NULL pointer dereference flaw was found in OpenSSL last seen 2020-06-01 modified 2020-06-02 plugin id 125000 published 2019-05-14 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125000 title EulerOS Virtualization 3.0.1.0 : openssl (EulerOS-SA-2019-1547) NASL family SuSE Local Security Checks NASL id SUSE_OPENSSL-8517.NASL description OpenSSL has been updated to fix several security issues : - Avoid the openssl CRIME attack by disabling SSL compression by default. Setting the environment variable last seen 2020-06-05 modified 2013-03-28 plugin id 65719 published 2013-03-28 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/65719 title SuSE 10 Security Update : OpenSSL (ZYPP Patch Number 8517) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1732-1.NASL description Adam Langley and Wolfgang Ettlingers discovered that OpenSSL incorrectly handled certain crafted CBC data when used with AES-NI. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 12.10. (CVE-2012-2686) Stephen Henson discovered that OpenSSL incorrectly performed signature verification for OCSP responses. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2013-0166) Nadhem Alfardan and Kenny Paterson discovered that the TLS protocol as used in OpenSSL was vulnerable to a timing side-channel attack known as the last seen 2020-06-01 modified 2020-06-02 plugin id 64798 published 2013-02-22 reporter Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/64798 title Ubuntu 8.04 LTS / 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : openssl vulnerabilities (USN-1732-1) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2013-0275.NASL description Updated java-1.7.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. Multiple improper permission check issues were discovered in the JMX and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2013-1486, CVE-2013-1484) An improper permission check issue was discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2013-1485) It was discovered that OpenJDK leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding oracle. (CVE-2013-0169) This erratum also upgrades the OpenJDK package to IcedTea7 2.3.7. Refer to the NEWS file, linked to in the References, for further information. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 64748 published 2013-02-21 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/64748 title RHEL 5 / 6 : java-1.7.0-openjdk (RHSA-2013:0275) NASL family Databases NASL id DB2_97FP9.NASL description According to its version, the installation of IBM DB2 9.7 running on the remote host is prior to Fix Pack 9. It is, therefore, affected by one or more of the following vulnerabilities : - The included software, GSKit, contains several errors related to SSL and TLS that can result in denial of service, information disclosures, or unauthorized insertion of an arbitrary root Certification Authority certificate. (CVE-2012-2190, CVE-2012-2191, CVE-2012-2203, CVE-2013-0169 / IC90395) - A stack-based buffer overflow exists related to last seen 2020-06-01 modified 2020-06-02 plugin id 71519 published 2013-12-18 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/71519 title IBM DB2 9.7 < Fix Pack 9 Multiple Vulnerabilities NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2013-050.NASL description Google reported to Mozilla that TURKTRUST, a certificate authority in Mozillas root program, had mis-issued two intermediate certificates to customers. The issue was not specific to Firefox but there was evidence that one of the certificates was used for man-in-the-middle (MITM) traffic management of domain names that the customer did not legitimately own or control. This issue was resolved by revoking the trust for these specific mis-issued certificates (CVE-2013-0743). The rootcerts package has been upgraded to address this flaw and the Mozilla NSS package has been rebuilt to pickup the changes. The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169 (CVE-2013-1620). The NSPR package has been upgraded to the 4.9.5 version due to dependecies of newer NSS. The NSS package has been upgraded to the 3.14.3 version which is not vulnerable to this issue. The sqlite3 update addresses a crash when using svn commit after export MALLOC_CHECK_=3. last seen 2020-06-01 modified 2020-06-02 plugin id 66064 published 2013-04-20 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/66064 title Mandriva Linux Security Advisory : nss (MDVSA-2013:050) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1732-2.NASL description USN-1732-1 fixed vulnerabilities in OpenSSL. The fix for CVE-2013-0166 and CVE-2012-2686 introduced a regression causing decryption failures on hardware supporting AES-NI. This update temporarily reverts the security fix pending further investigation. We apologize for the inconvenience. Adam Langley and Wolfgang Ettlingers discovered that OpenSSL incorrectly handled certain crafted CBC data when used with AES-NI. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 12.10. (CVE-2012-2686) Nadhem Alfardan and Kenny Paterson discovered that the TLS protocol as used in OpenSSL was vulnerable to a timing side-channel attack known as the last seen 2020-06-01 modified 2020-06-02 plugin id 64968 published 2013-03-01 reporter Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/64968 title Ubuntu 12.04 LTS / 12.10 : openssl regression (USN-1732-2) NASL family Web Servers NASL id OPENSSL_1_0_1E.NASL description According to its banner, the remote web server is running a version of OpenSSL 1.0.1 prior to 1.0.1e. The OpenSSL library is, therefore, reportedly affected by an incomplete fix for CVE-2013-0169. An error exists related to the SSL/TLS/DTLS protocols, CBC mode encryption and response time. An attacker could obtain plaintext contents of encrypted traffic via timing attacks. last seen 2020-06-01 modified 2020-06-02 plugin id 64620 published 2013-02-13 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/64620 title OpenSSL 1.0.1 < 1.0.1e Information Disclosure NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2014-0007.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - fix for CVE-2014-0224 - SSL/TLS MITM vulnerability - replace expired GlobalSign Root CA certificate in ca-bundle.crt - fix for CVE-2013-0169 - SSL/TLS CBC timing attack (#907589) - fix for CVE-2013-0166 - DoS in OCSP signatures checking (#908052) - enable compression only if explicitly asked for or OPENSSL_DEFAULT_ZLIB environment variable is set (fixes CVE-2012-4929 #857051) - use __secure_getenv everywhere instead of getenv (#839735) - fix for CVE-2012-2333 - improper checking for record length in DTLS (#820686) - fix for CVE-2012-2110 - memory corruption in asn1_d2i_read_bio (#814185) - fix problem with the SGC restart patch that might terminate handshake incorrectly - fix for CVE-2012-0884 - MMA weakness in CMS and PKCS#7 code (#802725) - fix for CVE-2012-1165 - NULL read dereference on bad MIME headers (#802489) - fix for CVE-2011-4108 & CVE-2012-0050 - DTLS plaintext recovery vulnerability and additional DTLS fixes (#771770) - fix for CVE-2011-4109 - double free in policy checks (#771771) - fix for CVE-2011-4576 - uninitialized SSL 3.0 padding (#771775) - fix for CVE-2011-4619 - SGC restart DoS attack (#771780) - add known answer test for SHA2 algorithms (#740866) - make default private key length in certificate Makefile 2048 bits (can be changed with PRIVATE_KEY_BITS setting) (#745410) - fix incorrect return value in parse_yesno (#726593) - added DigiCert CA certificates to ca-bundle (#735819) - added a new section about error states to README.FIPS (#628976) - add missing DH_check_pub_key call when DH key is computed (#698175) - presort list of ciphers available in SSL (#688901) - accept connection in s_server even if getaddrinfo fails (#561260) - point to openssl dgst for list of supported digests (#608639) - fix handling of future TLS versions (#599112) - added VeriSign Class 3 Public Primary Certification Authority - G5 and StartCom Certification Authority certs to ca-bundle (#675671, #617856) - upstream fixes for the CHIL engine (#622003, #671484) - add SHA-2 hashes in SSL_library_init (#676384) - fix CVE-2010-4180 - completely disable code for SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG (#659462) - fix CVE-2009-3245 - add missing bn_wexpand return checks (#570924) - fix CVE-2010-0433 - do not pass NULL princ to krb5_kt_get_entry which in the RHEL-5 and newer versions will crash in such case (#569774) - fix CVE-2009-3555 - support the safe renegotiation extension and do not allow legacy renegotiation on the server by default (#533125) - fix CVE-2009-2409 - drop MD2 algorithm from EVP tables (#510197) - fix CVE-2009-4355 - do not leak memory when CRYPTO_cleanup_all_ex_data is called prematurely by application (#546707) last seen 2020-06-01 modified 2020-06-02 plugin id 79531 published 2014-11-26 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79531 title OracleVM 2.2 : openssl (OVMSA-2014-0007) NASL family Solaris Local Security Checks NASL id SOLARIS11_GNUTLS_20130924.NASL description The remote Solaris system is missing necessary patches to address security updates : - The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169. (CVE-2013-1619) - The _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in GnuTLS 2.12.23 allows remote attackers to cause a denial of service (buffer over-read and crash) via a crafted padding length. NOTE: this might be due to an incorrect fix for CVE-2013-0169. (CVE-2013-2116) last seen 2020-06-01 modified 2020-06-02 plugin id 80630 published 2015-01-19 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/80630 title Oracle Solaris Third-Party Patch Update : gnutls (cve_2013_1619_cryptographic_issues) NASL family General NASL id IBM_TSM_SERVER_6_1_X.NASL description The version of IBM Tivoli Storage Manager installed on the remote host is 6.1 running on Windows or AIX. It is, therefore, potentially affected by multiple flaws in its bundled SSL library: - A flaw that could allow a remote attacker to cause a denial of service via a specially crafted last seen 2020-06-01 modified 2020-06-02 plugin id 77117 published 2014-08-11 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77117 title IBM Tivoli Storage Manager Server 6.1.x Multiple Vulnerabilities NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2013-0587.NASL description Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2013-0169) A NULL pointer dereference flaw was found in the OCSP response verification in OpenSSL. A malicious OCSP server could use this flaw to crash applications performing OCSP verification by sending a specially crafted response. (CVE-2013-0166) It was discovered that the TLS/SSL protocol could leak information about plain text when optional compression was used. An attacker able to control part of the plain text sent over an encrypted TLS/SSL connection could possibly use this flaw to recover other portions of the plain text. (CVE-2012-4929) Note: This update disables zlib compression, which was previously enabled in OpenSSL by default. Applications using OpenSSL now need to explicitly enable zlib compression to use it. It was found that OpenSSL read certain environment variables even when used by a privileged (setuid or setgid) application. A local attacker could use this flaw to escalate their privileges. No application shipped with Red Hat Enterprise Linux 5 and 6 was affected by this problem. (BZ#839735) All OpenSSL users should upgrade to these updated packages, which contain backported patches to resolve these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. last seen 2020-06-01 modified 2020-06-02 plugin id 65061 published 2013-03-07 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/65061 title CentOS 5 / 6 : openssl (CESA-2013:0587) NASL family Web Servers NASL id WEBSPHERE_8_0_0_7.NASL description IBM WebSphere Application Server 8.0 before Fix Pack 7 appears to be running on the remote host. It is, therefore, potentially affected by the following vulnerabilities : - A flaw exists related to Apache Ant and file compression that could lead to denial of service conditions. (CVE-2012-2098 / PM90088) - The TLS protocol in the GSKIT component is vulnerable to a plaintext recovery attack. (CVE-2013-0169 / PM85211) - A flaw exists relating to OAuth that could allow a remote attacker to obtain someone else last seen 2020-06-01 modified 2020-06-02 plugin id 69449 published 2013-08-23 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/69449 title IBM WebSphere Application Server 8.0 < Fix Pack 7 Multiple Vulnerabilities NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_69BFC8529BD011E2A7BE8C705AF55518.NASL description A flaw in the OpenSSL handling of OCSP response verification could be exploited to cause a denial of service attack. OpenSSL has a weakness in the handling of CBC ciphersuites in SSL, TLS and DTLS. The weakness could reveal plaintext in a timing attack. last seen 2020-06-01 modified 2020-06-02 plugin id 65842 published 2013-04-08 reporter This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/65842 title FreeBSD : FreeBSD -- OpenSSL multiple vulnerabilities (69bfc852-9bd0-11e2-a7be-8c705af55518) NASL family SuSE Local Security Checks NASL id OPENSUSE-2013-153.NASL description openssl was updated to 1.0.0k security release to fix bugs and security issues. (bnc#802648 bnc#802746) The version was upgraded to avoid backporting the large fixes for SSL, TLS and DTLS Plaintext Recovery Attack (CVE-2013-0169) TLS 1.1 and 1.2 AES-NI crash (CVE-2012-2686) OCSP invalid key DoS issue (CVE-2013-0166) Also the following bugfix was included: bnc#757773 - c_rehash to accept more filename extensions last seen 2020-06-05 modified 2014-06-13 plugin id 74901 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74901 title openSUSE Security Update : openssl (openSUSE-SU-2013:0336-1) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2013-1456.NASL description Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Network Satellite Server 5.5. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. This update corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of Red Hat Network Satellite Server 5.5. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. Several flaws were fixed in the IBM Java 2 Runtime Environment. (CVE-2012-0547, CVE-2012-0551, CVE-2012-1531, CVE-2012-1532, CVE-2012-1533, CVE-2012-1541, CVE-2012-1682, CVE-2012-1713, CVE-2012-1716, CVE-2012-1717, CVE-2012-1718, CVE-2012-1719, CVE-2012-1721, CVE-2012-1722, CVE-2012-1725, CVE-2012-3143, CVE-2012-3159, CVE-2012-3213, CVE-2012-3216, CVE-2012-3342, CVE-2012-4820, CVE-2012-4822, CVE-2012-4823, CVE-2012-5068, CVE-2012-5069, CVE-2012-5071, CVE-2012-5072, CVE-2012-5073, CVE-2012-5075, CVE-2012-5079, CVE-2012-5081, CVE-2012-5083, CVE-2012-5084, CVE-2012-5089, CVE-2013-0169, CVE-2013-0351, CVE-2013-0401, CVE-2013-0409, CVE-2013-0419, CVE-2013-0423, CVE-2013-0424, CVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428, CVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0435, CVE-2013-0438, CVE-2013-0440, CVE-2013-0441, CVE-2013-0442, CVE-2013-0443, CVE-2013-0445, CVE-2013-0446, CVE-2013-0450, CVE-2013-0809, CVE-2013-1473, CVE-2013-1476, CVE-2013-1478, CVE-2013-1480, CVE-2013-1481, CVE-2013-1486, CVE-2013-1487, CVE-2013-1491, CVE-2013-1493, CVE-2013-1500, CVE-2013-1537, CVE-2013-1540, CVE-2013-1557, CVE-2013-1563, CVE-2013-1569, CVE-2013-1571, CVE-2013-2383, CVE-2013-2384, CVE-2013-2394, CVE-2013-2407, CVE-2013-2412, CVE-2013-2417, CVE-2013-2418, CVE-2013-2419, CVE-2013-2420, CVE-2013-2422, CVE-2013-2424, CVE-2013-2429, CVE-2013-2430, CVE-2013-2432, CVE-2013-2433, CVE-2013-2435, CVE-2013-2437, CVE-2013-2440, CVE-2013-2442, CVE-2013-2443, CVE-2013-2444, CVE-2013-2446, CVE-2013-2447, CVE-2013-2448, CVE-2013-2450, CVE-2013-2451, CVE-2013-2452, CVE-2013-2453, CVE-2013-2454, CVE-2013-2455, CVE-2013-2456, CVE-2013-2457, CVE-2013-2459, CVE-2013-2463, CVE-2013-2464, CVE-2013-2465, CVE-2013-2466, CVE-2013-2468, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, CVE-2013-2473, CVE-2013-3743) Users of Red Hat Network Satellite Server 5.5 are advised to upgrade to these updated packages, which contain the IBM Java SE 6 SR14 release. For this update to take effect, Red Hat Network Satellite Server must be restarted ( last seen 2020-06-01 modified 2020-06-02 plugin id 78976 published 2014-11-08 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78976 title RHEL 5 / 6 : IBM Java Runtime in Satellite Server (RHSA-2013:1456) (ROBOT) NASL family Junos Local Security Checks NASL id JUNIPER_SPACE_JSA10659.NASL description According to its self-reported version number, the remote Junos Space version is prior to 14.1R1. It is, therefore, affected by multiple vulnerabilities in bundled third party software components : - Multiple vulnerabilities in the bundled OpenSSL CentOS package. (CVE-2011-4109, CVE-2011-4576, CVE-2011-4619, CVE-2012-0884, CVE-2012-2110, CVE-2012-2333, CVE-2013-0166, CVE-2013-0169, CVE-2014-0224) - Multiple vulnerabilities in Oracle MySQL. (CVE-2013-5908) - Multiple vulnerabilities in the Oracle Java runtime. (CVE-2014-0411, CVE-2014-0423, CVE-2014-4244, CVE-2014-0453, CVE-2014-0460, CVE-2014-4263, CVE-2014-4264) last seen 2020-06-01 modified 2020-06-02 plugin id 80197 published 2014-12-22 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/80197 title Juniper Junos Space < 14.1R1 Multiple Vulnerabilities (JSA10659) NASL family SuSE Local Security Checks NASL id SUSE_11_COMPAT-OPENSSL097G-141202.NASL description The SLES 9 compatibility package compat-openssl097g received a roll up update fixing various security issues : - Build option no-ssl3 is incomplete. (CVE-2014-3568) - Add support for TLS_FALLBACK_SCSV. (CVE-2014-3566) - Information leak in pretty printing functions. (CVE-2014-3508) - OCSP bad key DoS attack. (CVE-2013-0166) - SSL/TLS CBC plaintext recovery attack. (CVE-2013-0169) - Anonymous ECDH denial of service. (CVE-2014-3470) - SSL/TLS MITM vulnerability (CVE-2014-0224) last seen 2020-06-05 modified 2014-12-05 plugin id 79738 published 2014-12-05 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/79738 title SuSE 11.3 Security Update : compat-openssl097g (SAT Patch Number 10033) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2013-014.NASL description Multiple security issues were identified and fixed in OpenJDK (icedtea6) : - S8006446: Restrict MBeanServer access - S8006777: Improve TLS handling of invalid messages - S8007688: Blacklist known bad certificate - S7123519: problems with certification path - S8007393: Possible race condition after JDK-6664509 - S8007611: logging behavior in applet changed The updated packages provides icedtea6-1.11.8 which is not vulnerable to these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 64861 published 2013-02-24 reporter This script is Copyright (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/64861 title Mandriva Linux Security Advisory : java-1.6.0-openjdk (MDVSA-2013:014) NASL family Junos Local Security Checks NASL id JUNIPER_JSA10575.NASL description According to its self-reported version number, the remote Junos device is using an outdated version of OpenSSL, which has multiple vulnerabilities including (but not limited to) : - An error exists related to the handling of OCSP response verification that could allow denial of service attacks. (CVE-2013-0166) - An error exists related to the SSL/TLS/DTLS protocols, CBC mode encryption and response time. An attacker could obtain plaintext contents of encrypted traffic via timing attacks. (CVE-2013-0169) last seen 2020-06-01 modified 2020-06-02 plugin id 68908 published 2013-07-16 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/68908 title Juniper Junos OpenSSL Multiple Vulnerabilities (JSA10575) NASL family General NASL id IBM_TSM_SERVER_6_2_6_0.NASL description The version of IBM Tivoli Storage Manager installed on the remote host is 6.2.x prior to 6.2.6.0. It is, therefore, potentially affected by multiple flaws in its bundled SSL library: - A flaw that could allow a remote attacker to cause a denial of service via a specially crafted last seen 2020-06-01 modified 2020-06-02 plugin id 77118 published 2014-08-11 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77118 title IBM Tivoli Storage Manager Server 6.2.x < 6.2.6.0 Multiple Vulnerabilities NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1735-1.NASL description Nadhem Alfardan and Kenny Paterson discovered that the TLS protocol as used in OpenJDK was vulnerable to a timing side-channel attack known as the last seen 2020-06-01 modified 2020-06-02 plugin id 64801 published 2013-02-22 reporter Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/64801 title Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : openjdk-6, openjdk-7 vulnerabilities (USN-1735-1) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201406-32.NASL description The remote host is affected by the vulnerability described in GLSA-201406-32 (IcedTea JDK: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in the IcedTea JDK. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, bypass intended security policies, or have other unspecified impact. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 76303 published 2014-06-30 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76303 title GLSA-201406-32 : IcedTea JDK: Multiple vulnerabilities (BEAST) (ROBOT) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1518.NASL description Two vulnerabilities were discovered in polarssl, a lightweight crypto and SSL/TLS library (nowadays continued under the name mbedtls) which could result in plain text recovery via side-channel attacks. Two other minor vulnerabilities were discovered in polarssl which could result in arithmetic overflow errors. CVE-2018-0497 As a protection against the Lucky Thirteen attack, the TLS code for CBC decryption in encrypt-then-MAC mode performs extra MAC calculations to compensate for variations in message size due to padding. The amount of extra MAC calculation to perform was based on the assumption that the bulk of the time is spent in processing 64-byte blocks, which is correct for most supported hashes but not for SHA-384. Correct the amount of extra work for SHA-384 (and SHA-512 which is currently not used in TLS, and MD2 although no one should care about that). This is a regression fix for what CVE-2013-0169 had been fixed this. CVE-2018-0498 The basis for the Lucky 13 family of attacks is for an attacker to be able to distinguish between (long) valid TLS-CBC padding and invalid TLS-CBC padding. Since our code sets padlen = 0 for invalid padding, the length of the input to the HMAC function gives information about that. Information about this length (modulo the MD/SHA block size) can be deduced from how much MD/SHA padding (this is distinct from TLS-CBC padding) is used. If MD/SHA padding is read from a (static) buffer, a local attacker could get information about how much is used via a cache attack targeting that buffer. Let last seen 2020-06-01 modified 2020-06-02 plugin id 117711 published 2018-09-27 reporter This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/117711 title Debian DLA-1518-1 : polarssl security update NASL family Fedora Local Security Checks NASL id FEDORA_2013-2834.NASL description Multiple security and bug fixes update from upstream. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-03-04 plugin id 64982 published 2013-03-04 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/64982 title Fedora 18 : openssl-1.0.1e-3.fc18 (2013-2834) NASL family VMware ESX Local Security Checks NASL id VMWARE_VMSA-2013-0009.NASL description a. vCenter Server and ESX userworld update for OpenSSL library The userworld OpenSSL library is updated to version openssl-0.9.8y to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2013-0169 and CVE-2013-0166 to these issues. b. Service Console (COS) update for OpenSSL library The Service Console updates for OpenSSL library is updated to version openssl-0.9.8e-26.el5_9.1 to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2013-0169 and CVE-2013-0166 to these issues. c. ESX Userworld and Service Console (COS) update for libxml2 library The ESX Userworld and Service Console libxml2 library is updated to version libxml2-2.6.26-2.1.21.el5_9.1 and libxml2-python-2.6.26-2.1.21.el5_9.1. to resolve a security issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2013-0338 to this issue. d. Service Console (COS) update for GnuTLS library The ESX service console GnuTLS RPM is updated to version gnutls-1.4.1-10.el5_9.1 to resolve a security issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2013-2116 to this issue. e. ESX third-party update for Service Console kernel The ESX Service Console Operating System (COS) kernel is updated to kernel-2.6.18-348.3.1.el5 which addresses several security issues in the COS kernel. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2013-0268 and CVE-2013-0871 to these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 69193 published 2013-08-02 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/69193 title VMSA-2013-0009 : VMware vSphere, ESX and ESXi updates to third-party libraries NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2013-0273.NASL description Updated java-1.6.0-openjdk packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. An improper permission check issue was discovered in the JMX component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2013-1486) It was discovered that OpenJDK leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding oracle. (CVE-2013-0169) Note: If the web browser plug-in provided by the icedtea-web package was installed, CVE-2013-1486 could have been exploited without user interaction if a user visited a malicious website. This erratum also upgrades the OpenJDK package to IcedTea6 1.11.8. Refer to the NEWS file, linked to in the References, for further information. All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 64730 published 2013-02-21 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/64730 title CentOS 6 : java-1.6.0-openjdk (CESA-2013:0273) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2013-0274.NASL description From Red Hat Security Advisory 2013:0274 : Updated java-1.6.0-openjdk packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. An improper permission check issue was discovered in the JMX component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2013-1486) It was discovered that OpenJDK leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding oracle. (CVE-2013-0169) This erratum also upgrades the OpenJDK package to IcedTea6 1.11.8. Refer to the NEWS file, linked to in the References, for further information. All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 68735 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68735 title Oracle Linux 5 : java-1.6.0-openjdk (ELSA-2013-0274) NASL family Web Servers NASL id WEBSPHERE_6_1_0_47.NASL description IBM WebSphere Application Server 6.1 before Fix Pack 47 appears to be running on the remote host. As such, it is potentially affected by the following vulnerabilities : - A remote attacker can bypass authentication because of improper user validation on Linux, Solaris, and HP-UX platforms that use a LocalOS registry. (CVE-2013-0543, PM75582) - A denial of service can be caused by the way Apache Ant uses bzip2 to compress files. This can be exploited by a local attacker passing specially crafted input. (CVE-2012-2098, PM90088) - A local attacker can cause a denial of service on Windows platforms with a LocalOS registry using WebSphere Identity Manager. (CVE-2013-0541, PM74909) - Remote attackers can traverse directories by deploying a specially crafted application file to overwrite files outside of the application deployment directory. (CVE-2012-3305, PM62467) - The TLS protocol implementation is susceptible to plaintext-recovery attacks via statistical analysis of timing data for crafted packets. (CVE-2013-0169, PM85211) - Terminal escape sequences are not properly filtered from logs. Remote attackers could execute arbitrary commands via an HTTP request containing an escape sequence. (CVE-2013-1862, PM87808) - Improper validation of user input allows for cross-site request forgery. By persuading an authenticated user to visit a malicious website, a remote attacker could exploit this vulnerability to obtain sensitive information. (CVE-2012-4853, CVE-2013-3029, PM62920, PM88746) - Improper validation of user input in the administrative console allows for multiple cross-site scripting attacks. (CVE-2013-0458, CVE-2013-0459, CVE-2013-0461, CVE-2013-0542, CVE-2013-0596, CVE-2013-2967, CVE-2013-4005, CVE-2013-4052, PM71139, PM72536, PM71389, PM73445, PM78614, PM81846, PM88208, PM91892) - Improper validation of portlets in the administrative console allows for cross-site request forgery, which could allow an attacker to obtain sensitive information. (CVE-2013-0460, PM72275) - Remote, authenticated attackers can traverse directories on Linux and UNIX systems running the application. (CVE-2013-0544, PM82468) - A denial of service attack is possible if the optional mod_dav module is being used. (CVE-2013-1896, PM89996) - Sensitive information can be obtained by a local attacker because of incorrect caching by the administrative console. (CVE-2013-2976, PM79992) - An attacker may gain elevated privileges because of improper certificate checks. WS-Security and XML Digital Signatures must be enabled. (CVE-2013-4053, PM90949, PM91521) - Deserialization of a maliciously crafted OpenJPA object can result in an executable file being written to the file system. WebSphere is NOT vulnerable to this issue but the vendor suggests upgrading to be proactive. (CVE-2013-1768, PM86780, PM86786, PM86788, PM86791) last seen 2020-06-01 modified 2020-06-02 plugin id 70022 published 2013-09-20 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/70022 title IBM WebSphere Application Server 6.1 < Fix Pack 47 Multiple Vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_JAVA-1_6_0-IBM-8544.NASL description IBM Java 6 was updated to SR13 FP1, fixing bugs and security issues. More information can be found on : http://www.ibm.com/developerworks/java/jdk/alerts/ and on : http://www.ibm.com/developerworks/java/jdk/aix/j664/Java6_64.fixes.htm l#SR13FP1 Security issues: - CVE-2013-0485- CVE-2013-0809 - CVE-2013-0169. (CVE-2013-1493) last seen 2020-06-05 modified 2013-04-24 plugin id 66198 published 2013-04-24 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/66198 title SuSE 10 Security Update : java-1_6_0-ibm (ZYPP Patch Number 8544) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2013-0587.NASL description From Red Hat Security Advisory 2013:0587 : Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2013-0169) A NULL pointer dereference flaw was found in the OCSP response verification in OpenSSL. A malicious OCSP server could use this flaw to crash applications performing OCSP verification by sending a specially crafted response. (CVE-2013-0166) It was discovered that the TLS/SSL protocol could leak information about plain text when optional compression was used. An attacker able to control part of the plain text sent over an encrypted TLS/SSL connection could possibly use this flaw to recover other portions of the plain text. (CVE-2012-4929) Note: This update disables zlib compression, which was previously enabled in OpenSSL by default. Applications using OpenSSL now need to explicitly enable zlib compression to use it. It was found that OpenSSL read certain environment variables even when used by a privileged (setuid or setgid) application. A local attacker could use this flaw to escalate their privileges. No application shipped with Red Hat Enterprise Linux 5 and 6 was affected by this problem. (BZ#839735) All OpenSSL users should upgrade to these updated packages, which contain backported patches to resolve these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. last seen 2020-06-01 modified 2020-06-02 plugin id 68768 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68768 title Oracle Linux 5 / 6 : openssl (ELSA-2013-0587) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2013-095.NASL description Updated java-1.7.0-openjdk packages fix security vulnerabilities : Two improper permission check issues were discovered in the reflection API in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions (CVE-2012-3174, CVE-2013-0422). Multiple improper permission check issues were discovered in the AWT, CORBA, JMX, Libraries, and Beans components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions (CVE-2013-0442, CVE-2013-0445, CVE-2013-0441, CVE-2013-1475, CVE-2013-1476, CVE-2013-0429, CVE-2013-0450, CVE-2013-0425, CVE-2013-0426, CVE-2013-0428, CVE-2013-0444). Multiple flaws were found in the way image parsers in the 2D and AWT components handled image raster parameters. A specially crafted image could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the virtual machine privileges (CVE-2013-1478, CVE-2013-1480). A flaw was found in the AWT component last seen 2020-06-01 modified 2020-06-02 plugin id 66107 published 2013-04-20 reporter This script is Copyright (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/66107 title Mandriva Linux Security Advisory : java-1.7.0-openjdk (MDVSA-2013:095) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1732-3.NASL description USN-1732-1 fixed vulnerabilities in OpenSSL. The fix for CVE-2013-0169 and CVE-2012-2686 was reverted in USN-1732-2 because of a regression. This update restores the security fix, and includes an extra fix from upstream to address the AES-NI regression. We apologize for the inconvenience. Adam Langley and Wolfgang Ettlingers discovered that OpenSSL incorrectly handled certain crafted CBC data when used with AES-NI. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 12.10. (CVE-2012-2686) Nadhem Alfardan and Kenny Paterson discovered that the TLS protocol as used in OpenSSL was vulnerable to a timing side-channel attack known as the last seen 2020-06-01 modified 2020-06-02 plugin id 65684 published 2013-03-26 reporter Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/65684 title Ubuntu 12.04 LTS / 12.10 : openssl vulnerability (USN-1732-3) NASL family Misc. NASL id JUNIPER_NSM_JSA10642.NASL description The remote host has one or more instances of NSM (Network and Security Manager) Server running, with version(s) prior to 2012.2R9. It is, therefore, affected by multiple vulnerabilities related to its Java and Apache installations. last seen 2020-06-01 modified 2020-06-02 plugin id 77326 published 2014-08-22 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/77326 title Juniper NSM < 2012.2R9 Multiple Java and Apache Vulnerabilities (JSA10642) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2622.NASL description Multiple vulnerabilities have been found in PolarSSL. The Common Vulnerabilities and Exposures project identifies the following issues : - CVE-2013-0169 A timing side channel attack has been found in CBC padding allowing an attacker to recover pieces of plaintext via statistical analysis of crafted packages, known as the last seen 2020-03-17 modified 2013-02-14 plugin id 64624 published 2013-02-14 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/64624 title Debian DSA-2622-1 : polarssl - several vulnerabilities NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2013-0273.NASL description Updated java-1.6.0-openjdk packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. An improper permission check issue was discovered in the JMX component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2013-1486) It was discovered that OpenJDK leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding oracle. (CVE-2013-0169) Note: If the web browser plug-in provided by the icedtea-web package was installed, CVE-2013-1486 could have been exploited without user interaction if a user visited a malicious website. This erratum also upgrades the OpenJDK package to IcedTea6 1.11.8. Refer to the NEWS file, linked to in the References, for further information. All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 64746 published 2013-02-21 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/64746 title RHEL 6 : java-1.6.0-openjdk (RHSA-2013:0273) NASL family Web Servers NASL id OPENSSL_1_0_1D.NASL description According to its banner, the remote web server is running a version of OpenSSL 1.0.1 prior to 1.0.1d. The OpenSSL library is, therefore, reportedly affected by the following vulnerabilities : - An error exists related to AES-NI, TLS 1.1, TLS 1.2 and the handling of CBC ciphersuites that could allow denial of service attacks. Note that platforms and versions that do not support AES-NI, TLS 1.1, or TLS 1.2 are not affected. (CVE-2012-2686) - An error exists related to the handling of OCSP response verification that could allow denial of service attacks. (CVE-2013-0166) - An error exists related to the SSL/TLS/DTLS protocols, CBC mode encryption and response time. An attacker could obtain plaintext contents of encrypted traffic via timing attacks. (CVE-2013-0169) last seen 2020-06-01 modified 2020-06-02 plugin id 64534 published 2013-02-09 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/64534 title OpenSSL 1.0.1 < 1.0.1d Multiple Vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_11_JAVA-1_6_0-OPENJDK-130221.NASL description java-1_6_0-openjdk has been updated to IcedTea 1.12.3 (bnc#804654) which contains security and bugfixes : - Security fixes - S8006446: Restrict MBeanServer access. (CVE-2013-1486) - S8006777: Improve TLS handling of invalid messages Lucky 13. (CVE-2013-0169) - S8007688: Blacklist known bad certificate (issued by DigiCert) - Backports - S8007393: Possible race condition after JDK-6664509 - S8007611: logging behavior in applet changed - Bug fixes - PR1319: Support GIF lib v5. last seen 2020-06-05 modified 2013-02-24 plugin id 64863 published 2013-02-24 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/64863 title SuSE 11.2 Security Update : Java (SAT Patch Number 7385) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2013-0855.NASL description Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2013-0169, CVE-2013-0401, CVE-2013-1491, CVE-2013-1537, CVE-2013-1557, CVE-2013-1569, CVE-2013-2383, CVE-2013-2384, CVE-2013-2394, CVE-2013-2417, CVE-2013-2419, CVE-2013-2420, CVE-2013-2424, CVE-2013-2429, CVE-2013-2430, CVE-2013-2432) All users of java-1.5.0-ibm are advised to upgrade to these updated packages, containing the IBM J2SE 5.0 SR16-FP2 release. All running instances of IBM Java must be restarted for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 66550 published 2013-05-23 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/66550 title RHEL 5 / 6 : java-1.5.0-ibm (RHSA-2013:0855) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2013-0823.NASL description Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2013-0169, CVE-2013-0401, CVE-2013-1491, CVE-2013-1537, CVE-2013-1540, CVE-2013-1557, CVE-2013-1563, CVE-2013-1569, CVE-2013-2383, CVE-2013-2384, CVE-2013-2394, CVE-2013-2417, CVE-2013-2418, CVE-2013-2419, CVE-2013-2420, CVE-2013-2422, CVE-2013-2424, CVE-2013-2429, CVE-2013-2430, CVE-2013-2432, CVE-2013-2433, CVE-2013-2435, CVE-2013-2440) All users of java-1.6.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 6 SR13-FP2 release. All running instances of IBM Java must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 66440 published 2013-05-15 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/66440 title RHEL 5 / 6 : java-1.6.0-ibm (RHSA-2013:0823) NASL family SuSE Local Security Checks NASL id SUSE_11_JAVA-1_6_0-IBM-130416.NASL description IBM Java 6 has been updated to SR13 FP1 which fixes bugs and security issues. More information can be found on : http://www.ibm.com/developerworks/java/jdk/alerts/ and on : http://www.ibm.com/developerworks/java/jdk/aix/j664/Java6_64.fixes.htm l#SR13FP1 CVEs fixed: CVE-2013-0485 / CVE-2013-0809 / CVE-2013-1493 / CVE-2013-0169 last seen 2020-06-05 modified 2013-04-24 plugin id 66194 published 2013-04-24 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/66194 title SuSE 11.2 Security Update : IBM Java (SAT Patch Number 7627) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2013-1455.NASL description Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Network Satellite Server 5.4. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. This update corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of Red Hat Network Satellite Server 5.4. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. Several flaws were fixed in the IBM Java 2 Runtime Environment. (CVE-2011-0802, CVE-2011-0814, CVE-2011-0862, CVE-2011-0863, CVE-2011-0865, CVE-2011-0867, CVE-2011-0868, CVE-2011-0869, CVE-2011-0871, CVE-2011-0873, CVE-2011-3389, CVE-2011-3516, CVE-2011-3521, CVE-2011-3544, CVE-2011-3545, CVE-2011-3546, CVE-2011-3547, CVE-2011-3548, CVE-2011-3549, CVE-2011-3550, CVE-2011-3551, CVE-2011-3552, CVE-2011-3553, CVE-2011-3554, CVE-2011-3556, CVE-2011-3557, CVE-2011-3560, CVE-2011-3561, CVE-2011-3563, CVE-2011-5035, CVE-2012-0497, CVE-2012-0498, CVE-2012-0499, CVE-2012-0500, CVE-2012-0501, CVE-2012-0502, CVE-2012-0503, CVE-2012-0505, CVE-2012-0506, CVE-2012-0507, CVE-2012-0547, CVE-2012-0551, CVE-2012-1531, CVE-2012-1532, CVE-2012-1533, CVE-2012-1541, CVE-2012-1682, CVE-2012-1713, CVE-2012-1716, CVE-2012-1717, CVE-2012-1718, CVE-2012-1719, CVE-2012-1721, CVE-2012-1722, CVE-2012-1725, CVE-2012-3143, CVE-2012-3159, CVE-2012-3213, CVE-2012-3216, CVE-2012-3342, CVE-2012-4820, CVE-2012-4822, CVE-2012-4823, CVE-2012-5068, CVE-2012-5069, CVE-2012-5071, CVE-2012-5072, CVE-2012-5073, CVE-2012-5075, CVE-2012-5079, CVE-2012-5081, CVE-2012-5083, CVE-2012-5084, CVE-2012-5089, CVE-2013-0169, CVE-2013-0351, CVE-2013-0401, CVE-2013-0409, CVE-2013-0419, CVE-2013-0423, CVE-2013-0424, CVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428, CVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0435, CVE-2013-0438, CVE-2013-0440, CVE-2013-0441, CVE-2013-0442, CVE-2013-0443, CVE-2013-0445, CVE-2013-0446, CVE-2013-0450, CVE-2013-0809, CVE-2013-1473, CVE-2013-1476, CVE-2013-1478, CVE-2013-1480, CVE-2013-1481, CVE-2013-1486, CVE-2013-1487, CVE-2013-1491, CVE-2013-1493, CVE-2013-1500, CVE-2013-1537, CVE-2013-1540, CVE-2013-1557, CVE-2013-1563, CVE-2013-1569, CVE-2013-1571, CVE-2013-2383, CVE-2013-2384, CVE-2013-2394, CVE-2013-2407, CVE-2013-2412, CVE-2013-2417, CVE-2013-2418, CVE-2013-2419, CVE-2013-2420, CVE-2013-2422, CVE-2013-2424, CVE-2013-2429, CVE-2013-2430, CVE-2013-2432, CVE-2013-2433, CVE-2013-2435, CVE-2013-2437, CVE-2013-2440, CVE-2013-2442, CVE-2013-2443, CVE-2013-2444, CVE-2013-2446, CVE-2013-2447, CVE-2013-2448, CVE-2013-2450, CVE-2013-2451, CVE-2013-2452, CVE-2013-2453, CVE-2013-2454, CVE-2013-2455, CVE-2013-2456, CVE-2013-2457, CVE-2013-2459, CVE-2013-2463, CVE-2013-2464, CVE-2013-2465, CVE-2013-2466, CVE-2013-2468, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, CVE-2013-2473, CVE-2013-3743) Users of Red Hat Network Satellite Server 5.4 are advised to upgrade to these updated packages, which contain the IBM Java SE 6 SR14 release. For this update to take effect, Red Hat Network Satellite Server must be restarted ( last seen 2020-06-01 modified 2020-06-02 plugin id 78975 published 2014-11-08 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78975 title RHEL 5 / 6 : IBM Java Runtime in Satellite Server (RHSA-2013:1455) (BEAST) (ROBOT) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2013-0532.NASL description Updated java-1.7.0-oracle packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2013-0169, CVE-2013-1484, CVE-2013-1485, CVE-2013-1486, CVE-2013-1487) All users of java-1.7.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 7 Update 15 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 64775 published 2013-02-21 reporter This script is Copyright (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/64775 title RHEL 5 / 6 : java-1.7.0-oracle (RHSA-2013:0532) NASL family Databases NASL id ORACLE_RDBMS_CPU_OCT_2013.NASL description The remote Oracle database server is missing the October 2013 Critical Patch Update (CPU). It is, therefore, affected by multiple security vulnerabilities in the following components : - Core RDBMS - Oracle Security service - XML Parser last seen 2020-06-02 modified 2013-10-16 plugin id 70460 published 2013-10-16 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/70460 title Oracle Database Multiple Vulnerabilities (October 2013 CPU) (BEAST) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201312-03.NASL description The remote host is affected by the vulnerability described in GLSA-201312-03 (OpenSSL: Multiple Vulnerabilities) Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced below for details. Impact : Remote attackers can determine private keys, decrypt data, cause a Denial of Service or possibly have other unspecified impact. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 71169 published 2013-12-03 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/71169 title GLSA-201312-03 : OpenSSL: Multiple Vulnerabilities NASL family Fedora Local Security Checks NASL id FEDORA_2013-4403.NASL description Update to 1.0.1e Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-04-03 plugin id 65776 published 2013-04-03 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/65776 title Fedora 18 : mingw-openssl-1.0.1e-1.fc18 (2013-4403) NASL family F5 Networks Local Security Checks NASL id F5_BIGIP_SOL14190.NASL description A vulnerability exists in the TLS and DTLS protocols that may allow an attacker to recover plaintext from TLS/DTLS connections that use CBC-mode encryption. (CVE-2013-0169) Note: Stream ciphers, such as RC4, are not vulnerable to this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 78142 published 2014-10-10 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78142 title F5 Networks BIG-IP : TLS/DTLS 'Lucky 13' vulnerability (K14190) NASL family Misc. NASL id VMWARE_ESXI_5_1_BUILD_1483097_REMOTE.NASL description The remote VMware ESXi 5.1 host is affected by the following vulnerabilities : - A denial of service vulnerability exists in the bundled OpenSSL library that is triggered when handling OCSP response verification. A remote attacker can exploit this to crash the program. (CVE-2013-0166) - An error exists related to the SSL/TLS/DTLS protocols, CBC mode encryption and response time. An attacker can obtain plaintext contents of encrypted traffic via timing attacks. (CVE-2013-0169) - An error exists in the libxml2 library related to the expansion of XML internal entities that could allow denial of service attacks. (CVE-2013-0338) - A NULL pointer dereference flaw exists in the handling of Network File Copy (NFC) traffic. An attacker can exploit this by intercepting and modifying NFC traffic, to cause a denial of service condition. (CVE-2014-1207) - A denial of service vulnerability exists in the handling of invalid ports that could allow a guest user to crash the VMX process. (CVE-2014-1208) last seen 2020-06-01 modified 2020-06-02 plugin id 72037 published 2014-01-20 reporter This script is (C) 2014-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/72037 title ESXi 5.1 < Build 1483097 Multiple Vulnerabilities (remote check)
Oval
accepted 2015-04-20T04:00:46.294-04:00 class vulnerability contributors name Ganesh Manal organization Hewlett-Packard name Sushant Kumar Singh organization Hewlett-Packard name Sushant Kumar Singh organization Hewlett-Packard name Prashant Kumar organization Hewlett-Packard name Mike Cokus organization The MITRE Corporation
description The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue. family unix id oval:org.mitre.oval:def:18841 status accepted submitted 2013-11-22T11:43:28.000-05:00 title HP-UX Running OpenSSL, Remote Denial of Service (DoS) and Unauthorized Disclosure version 49 accepted 2015-05-04T04:00:13.938-04:00 class vulnerability contributors name Sergey Artykhov organization ALTX-SOFT name Maria Mikhno organization ALTX-SOFT
definition_extensions comment VisualSVN Server is installed oval oval:org.mitre.oval:def:18636 description The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue. family windows id oval:org.mitre.oval:def:19016 status accepted submitted 2013-10-02T13:00:00 title OpenSSL vulnerability before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d in VisualSVN Server (CVE-2013-0169) version 9 accepted 2015-04-20T04:01:16.047-04:00 class vulnerability contributors name Ganesh Manal organization Hewlett-Packard name Sushant Kumar Singh organization Hewlett-Packard name Prashant Kumar organization Hewlett-Packard name Mike Cokus organization The MITRE Corporation
description The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue. family unix id oval:org.mitre.oval:def:19424 status accepted submitted 2013-11-22T11:43:28.000-05:00 title HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities version 48 accepted 2015-04-20T04:01:27.840-04:00 class vulnerability contributors name Ganesh Manal organization Hewlett-Packard name Sushant Kumar Singh organization Hewlett-Packard name Sushant Kumar Singh organization Hewlett-Packard name Prashant Kumar organization Hewlett-Packard name Mike Cokus organization The MITRE Corporation
description The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue. family unix id oval:org.mitre.oval:def:19540 status accepted submitted 2013-11-22T11:43:28.000-05:00 title HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities version 49 accepted 2014-01-20T04:00:21.328-05:00 class vulnerability contributors name Chandan M C organization Hewlett-Packard name Chandan M C organization Hewlett-Packard
definition_extensions comment IBM AIX 5.3 is installed oval oval:org.mitre.oval:def:5325 comment IBM AIX 6.1 is installed oval oval:org.mitre.oval:def:5267 comment IBM AIX 7.1 is installed oval oval:org.mitre.oval:def:18828 comment IBM AIX 5.3 is installed oval oval:org.mitre.oval:def:5325 comment IBM AIX 6.1 is installed oval oval:org.mitre.oval:def:5267 comment IBM AIX 7.1 is installed oval oval:org.mitre.oval:def:18828
description The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue. family unix id oval:org.mitre.oval:def:19608 status accepted submitted 2013-11-18T10:06:56.357-05:00 title Multiple OpenSSL vulnerabilities version 50
Redhat
advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
rpms |
|
References
- http://www.openssl.org/news/secadv_20130204.txt
- https://polarssl.org/tech-updates/releases/polarssl-1.2.5-released
- http://openwall.com/lists/oss-security/2013/02/05/24
- http://www.isg.rhul.ac.uk/tls/TLStiming.pdf
- http://www.matrixssl.org/news.html
- http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html
- http://www.ubuntu.com/usn/USN-1735-1
- http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00000.html
- http://www.debian.org/security/2013/dsa-2621
- http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00020.html
- http://rhn.redhat.com/errata/RHSA-2013-0587.html
- http://www.debian.org/security/2013/dsa-2622
- http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00002.html
- http://www.us-cert.gov/cas/techalerts/TA13-051A.html
- http://rhn.redhat.com/errata/RHSA-2013-0783.html
- http://marc.info/?l=bugtraq&m=136396549913849&w=2
- http://marc.info/?l=bugtraq&m=136439120408139&w=2
- http://marc.info/?l=bugtraq&m=136733161405818&w=2
- http://rhn.redhat.com/errata/RHSA-2013-0782.html
- http://www-01.ibm.com/support/docview.wss?uid=swg21644047
- http://www.kb.cert.org/vuls/id/737740
- http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html
- http://support.apple.com/kb/HT5880
- http://secunia.com/advisories/55139
- http://secunia.com/advisories/55108
- http://secunia.com/advisories/55351
- http://secunia.com/advisories/55350
- http://www.securitytracker.com/id/1029190
- http://secunia.com/advisories/55322
- http://rhn.redhat.com/errata/RHSA-2013-1455.html
- http://rhn.redhat.com/errata/RHSA-2013-0833.html
- http://rhn.redhat.com/errata/RHSA-2013-1456.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101366.html
- http://marc.info/?l=bugtraq&m=137545771702053&w=2
- http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00020.html
- http://www.splunk.com/view/SP-CAAAHXG
- http://secunia.com/advisories/53623
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:095
- https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0084
- http://blog.fuseyism.com/index.php/2013/02/20/security-icedtea-2-1-6-2-2-6-2-3-7-for-openjdk-7-released/
- http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html
- http://security.gentoo.org/glsa/glsa-201406-32.xml
- http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html
- http://marc.info/?l=bugtraq&m=136432043316835&w=2
- http://www.securityfocus.com/bid/57778
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19608
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19540
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19424
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19016
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18841
- https://puppet.com/security/cve/cve-2013-0169
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03883001
- https://lists.debian.org/debian-lts-announce/2018/09/msg00029.html
- https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf