Vulnerabilities > CVE-2013-6449 - Cryptographic Issues vulnerability in Openssl

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN

Summary

The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2 obtains a certain version number from an incorrect data structure, which allows remote attackers to cause a denial of service (daemon crash) via crafted traffic from a TLS 1.2 client.

Vulnerable Configurations

Part Description Count
Application
Openssl
145

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

Nessus

  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2014-0416.NASL
    descriptionUpdated rhevm-spice-client packages that fix multiple security issues are now available for Red Hat Enterprise Virtualization Manager 3. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Red Hat Enterprise Virtualization Manager provides access to virtual machines using SPICE. These SPICE client packages provide the SPICE client and usbclerk service for both Windows 32-bit operating systems and Windows 64-bit operating systems. The rhevm-spice-client package includes the mingw-virt-viewer Windows SPICE client. OpenSSL, a general purpose cryptography library with a TLS implementation, is bundled with mingw-virt-viewer. The mingw-virt-viewer package has been updated to correct the following issues : An information disclosure flaw was found in the way OpenSSL handled TLS and DTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server could send a specially crafted TLS or DTLS Heartbeat packet to disclose a limited portion of memory per request from a connected client or server. Note that the disclosed portions of memory could potentially include sensitive information such as private keys. (CVE-2014-0160) It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2013-0169) A NULL pointer dereference flaw was found in the way OpenSSL handled TLS/SSL protocol handshake packets. A specially crafted handshake packet could cause a TLS/SSL client using OpenSSL to crash. (CVE-2013-4353) It was discovered that the TLS/SSL protocol could leak information about plain text when optional compression was used. An attacker able to control part of the plain text sent over an encrypted TLS/SSL connection could possibly use this flaw to recover other portions of the plain text. (CVE-2012-4929) Red Hat would like to thank the OpenSSL project for reporting CVE-2014-0160. Upstream acknowledges Neel Mehta of Google Security as the original reporter. The updated mingw-virt-viewer Windows SPICE client further includes OpenSSL security fixes that have no security impact on mingw-virt-viewer itself. The security fixes included in this update address the following CVE numbers : CVE-2013-6449, CVE-2013-6450, CVE-2012-2686, and CVE-2013-0166 All Red Hat Enterprise Virtualization Manager users are advised to upgrade to these updated packages, which address these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id79013
    published2014-11-08
    reporterThis script is Copyright (C) 2014-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/79013
    titleRHEL 6 : rhevm-spice-client (RHSA-2014:0416)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2014:0416. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(79013);
      script_version("1.9");
      script_cvs_date("Date: 2019/10/24 15:35:38");
    
      script_cve_id("CVE-2012-2686", "CVE-2012-4929", "CVE-2013-0166", "CVE-2013-0169", "CVE-2013-4353", "CVE-2013-6449", "CVE-2013-6450", "CVE-2014-0160");
      script_bugtraq_id(55704, 57755, 57778, 60268, 64530, 64618, 64691, 66690);
      script_xref(name:"RHSA", value:"2014:0416");
    
      script_name(english:"RHEL 6 : rhevm-spice-client (RHSA-2014:0416)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated rhevm-spice-client packages that fix multiple security issues
    are now available for Red Hat Enterprise Virtualization Manager 3.
    
    The Red Hat Security Response Team has rated this update as having
    Important security impact. Common Vulnerability Scoring System (CVSS)
    base scores, which give detailed severity ratings, are available for
    each vulnerability from the CVE links in the References section.
    
    Red Hat Enterprise Virtualization Manager provides access to virtual
    machines using SPICE. These SPICE client packages provide the SPICE
    client and usbclerk service for both Windows 32-bit operating systems
    and Windows 64-bit operating systems.
    
    The rhevm-spice-client package includes the mingw-virt-viewer Windows
    SPICE client. OpenSSL, a general purpose cryptography library with a
    TLS implementation, is bundled with mingw-virt-viewer. The
    mingw-virt-viewer package has been updated to correct the following
    issues :
    
    An information disclosure flaw was found in the way OpenSSL handled
    TLS and DTLS Heartbeat Extension packets. A malicious TLS or DTLS
    client or server could send a specially crafted TLS or DTLS Heartbeat
    packet to disclose a limited portion of memory per request from a
    connected client or server. Note that the disclosed portions of memory
    could potentially include sensitive information such as private keys.
    (CVE-2014-0160)
    
    It was discovered that OpenSSL leaked timing information when
    decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode
    cipher suites were used. A remote attacker could possibly use this
    flaw to retrieve plain text from the encrypted packets by using a
    TLS/SSL or DTLS server as a padding oracle. (CVE-2013-0169)
    
    A NULL pointer dereference flaw was found in the way OpenSSL handled
    TLS/SSL protocol handshake packets. A specially crafted handshake
    packet could cause a TLS/SSL client using OpenSSL to crash.
    (CVE-2013-4353)
    
    It was discovered that the TLS/SSL protocol could leak information
    about plain text when optional compression was used. An attacker able
    to control part of the plain text sent over an encrypted TLS/SSL
    connection could possibly use this flaw to recover other portions of
    the plain text. (CVE-2012-4929)
    
    Red Hat would like to thank the OpenSSL project for reporting
    CVE-2014-0160. Upstream acknowledges Neel Mehta of Google Security as
    the original reporter.
    
    The updated mingw-virt-viewer Windows SPICE client further includes
    OpenSSL security fixes that have no security impact on
    mingw-virt-viewer itself. The security fixes included in this update
    address the following CVE numbers :
    
    CVE-2013-6449, CVE-2013-6450, CVE-2012-2686, and CVE-2013-0166
    
    All Red Hat Enterprise Virtualization Manager users are advised to
    upgrade to these updated packages, which address these issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://rhn.redhat.com/errata/RHSA-2014-0416.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.redhat.com/security/data/cve/CVE-2013-0169.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.redhat.com/security/data/cve/CVE-2012-4929.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.redhat.com/security/data/cve/CVE-2013-4353.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.redhat.com/security/data/cve/CVE-2014-0160.html"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
    script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rhevm-spice-client-x64-cab");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rhevm-spice-client-x64-msi");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rhevm-spice-client-x86-cab");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rhevm-spice-client-x86-msi");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/09/14");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/04/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/08");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2019 Tenable Network Security, Inc.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = eregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    flag = 0;
    if (rpm_exists(rpm:"rhevm-spice-client-x64-cab-3\.3-", release:"RHEL6") && rpm_check(release:"RHEL6", reference:"rhevm-spice-client-x64-cab-3.3-12.el6_5")) flag++;
    if (rpm_exists(rpm:"rhevm-spice-client-x64-msi-3\.3-", release:"RHEL6") && rpm_check(release:"RHEL6", reference:"rhevm-spice-client-x64-msi-3.3-12.el6_5")) flag++;
    if (rpm_exists(rpm:"rhevm-spice-client-x86-cab-3\.3-", release:"RHEL6") && rpm_check(release:"RHEL6", reference:"rhevm-spice-client-x86-cab-3.3-12.el6_5")) flag++;
    if (rpm_exists(rpm:"rhevm-spice-client-x86-msi-3\.3-", release:"RHEL6") && rpm_check(release:"RHEL6", reference:"rhevm-spice-client-x86-msi-3.3-12.el6_5")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "rhevm-spice-client-x64-cab-3.3 / rhevm-spice-client-x64-msi-3.3 / etc");
    }
    
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2014-0032.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - fix CVE-2014-3567 - memory leak when handling session tickets - fix CVE-2014-3513 - memory leak in srtp support - add support for fallback SCSV to partially mitigate (CVE-2014-3566) (padding attack on SSL3) - add ECC TLS extensions to DTLS (#1119800) - fix CVE-2014-3505 - doublefree in DTLS packet processing - fix CVE-2014-3506 - avoid memory exhaustion in DTLS - fix CVE-2014-3507 - avoid memory leak in DTLS - fix CVE-2014-3508 - fix OID handling to avoid information leak - fix CVE-2014-3509 - fix race condition when parsing server hello - fix CVE-2014-3510 - fix DoS in anonymous (EC)DH handling in DTLS - fix CVE-2014-3511 - disallow protocol downgrade via fragmentation - fix CVE-2014-0224 fix that broke EAP-FAST session resumption support - drop EXPORT, RC2, and DES from the default cipher list (#1057520) - print ephemeral key size negotiated in TLS handshake (#1057715) - do not include ECC ciphersuites in SSLv2 client hello (#1090952) - properly detect encryption failure in BIO (#1100819) - fail on hmac integrity check if the .hmac file is empty (#1105567) - FIPS mode: make the limitations on DSA, DH, and RSA keygen length enforced only if OPENSSL_ENFORCE_MODULUS_BITS environment variable is set - fix CVE-2010-5298 - possible use of memory after free - fix CVE-2014-0195 - buffer overflow via invalid DTLS fragment - fix CVE-2014-0198 - possible NULL pointer dereference - fix CVE-2014-0221 - DoS from invalid DTLS handshake packet - fix CVE-2014-0224 - SSL/TLS MITM vulnerability - fix CVE-2014-3470 - client-side DoS when using anonymous ECDH - add back support for secp521r1 EC curve - fix CVE-2014-0160 - information disclosure in TLS heartbeat extension - use 2048 bit RSA key in FIPS selftests - add DH_compute_key_padded needed for FIPS CAVS testing - make 3des strength to be 128 bits instead of 168 (#1056616) - FIPS mode: do not generate DSA keys and DH parameters < 2048 bits - FIPS mode: use approved RSA keygen (allows only 2048 and 3072 bit keys) - FIPS mode: add DH selftest - FIPS mode: reseed DRBG properly on RAND_add - FIPS mode: add RSA encrypt/decrypt selftest - FIPS mode: add hard limit for 2^32 GCM block encryptions with the same key - use the key length from configuration file if req -newkey rsa is invoked - fix CVE-2013-4353 - Invalid TLS handshake crash - fix CVE-2013-6450 - possible MiTM attack on DTLS1 - fix CVE-2013-6449 - crash when version in SSL structure is incorrect - add back some no-op symbols that were inadvertently dropped
    last seen2020-06-01
    modified2020-06-02
    plugin id79547
    published2014-11-26
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79547
    titleOracleVM 3.3 : openssl (OVMSA-2014-0032) (Heartbleed) (POODLE)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The package checks in this plugin were extracted from OracleVM
    # Security Advisory OVMSA-2014-0032.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(79547);
      script_version("1.21");
      script_cvs_date("Date: 2019/11/12");
    
      script_cve_id("CVE-2010-5298", "CVE-2013-4353", "CVE-2013-6449", "CVE-2013-6450", "CVE-2014-0160", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-0221", "CVE-2014-0224", "CVE-2014-3470", "CVE-2014-3505", "CVE-2014-3506", "CVE-2014-3507", "CVE-2014-3508", "CVE-2014-3509", "CVE-2014-3510", "CVE-2014-3511", "CVE-2014-3513", "CVE-2014-3566", "CVE-2014-3567");
      script_bugtraq_id(64530, 64618, 64691, 66690, 66801, 67193, 67898, 67899, 67900, 67901, 69075, 69076, 69078, 69079, 69081, 69082, 69084, 70574, 70584, 70586);
    
      script_name(english:"OracleVM 3.3 : openssl (OVMSA-2014-0032) (Heartbleed) (POODLE)");
      script_summary(english:"Checks the RPM output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote OracleVM host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote OracleVM system is missing necessary patches to address
    critical security updates :
    
      - fix CVE-2014-3567 - memory leak when handling session
        tickets
    
      - fix CVE-2014-3513 - memory leak in srtp support
    
      - add support for fallback SCSV to partially mitigate
        (CVE-2014-3566) (padding attack on SSL3)
    
      - add ECC TLS extensions to DTLS (#1119800)
    
      - fix CVE-2014-3505 - doublefree in DTLS packet processing
    
      - fix CVE-2014-3506 - avoid memory exhaustion in DTLS
    
      - fix CVE-2014-3507 - avoid memory leak in DTLS
    
      - fix CVE-2014-3508 - fix OID handling to avoid
        information leak
    
      - fix CVE-2014-3509 - fix race condition when parsing
        server hello
    
      - fix CVE-2014-3510 - fix DoS in anonymous (EC)DH handling
        in DTLS
    
      - fix CVE-2014-3511 - disallow protocol downgrade via
        fragmentation
    
      - fix CVE-2014-0224 fix that broke EAP-FAST session
        resumption support
    
      - drop EXPORT, RC2, and DES from the default cipher list
        (#1057520)
    
      - print ephemeral key size negotiated in TLS handshake
        (#1057715)
    
      - do not include ECC ciphersuites in SSLv2 client hello
        (#1090952)
    
      - properly detect encryption failure in BIO (#1100819)
    
      - fail on hmac integrity check if the .hmac file is empty
        (#1105567)
    
      - FIPS mode: make the limitations on DSA, DH, and RSA
        keygen length enforced only if
        OPENSSL_ENFORCE_MODULUS_BITS environment variable is set
    
      - fix CVE-2010-5298 - possible use of memory after free
    
      - fix CVE-2014-0195 - buffer overflow via invalid DTLS
        fragment
    
      - fix CVE-2014-0198 - possible NULL pointer dereference
    
      - fix CVE-2014-0221 - DoS from invalid DTLS handshake
        packet
    
      - fix CVE-2014-0224 - SSL/TLS MITM vulnerability
    
      - fix CVE-2014-3470 - client-side DoS when using anonymous
        ECDH
    
      - add back support for secp521r1 EC curve
    
      - fix CVE-2014-0160 - information disclosure in TLS
        heartbeat extension
    
      - use 2048 bit RSA key in FIPS selftests
    
      - add DH_compute_key_padded needed for FIPS CAVS testing
    
      - make 3des strength to be 128 bits instead of 168
        (#1056616)
    
      - FIPS mode: do not generate DSA keys and DH parameters <
        2048 bits
    
      - FIPS mode: use approved RSA keygen (allows only 2048 and
        3072 bit keys)
    
      - FIPS mode: add DH selftest
    
      - FIPS mode: reseed DRBG properly on RAND_add
    
      - FIPS mode: add RSA encrypt/decrypt selftest
    
      - FIPS mode: add hard limit for 2^32 GCM block encryptions
        with the same key
    
      - use the key length from configuration file if req
        -newkey rsa is invoked
    
      - fix CVE-2013-4353 - Invalid TLS handshake crash
    
      - fix CVE-2013-6450 - possible MiTM attack on DTLS1
    
      - fix CVE-2013-6449 - crash when version in SSL structure
        is incorrect
    
      - add back some no-op symbols that were inadvertently
        dropped"
      );
      # https://oss.oracle.com/pipermail/oraclevm-errata/2014-November/000240.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?e1e2973b"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected openssl package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:openssl");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:vm_server:3.3");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/12/23");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/11/06");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/26");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"OracleVM Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleVM/release", "Host/OracleVM/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/OracleVM/release");
    if (isnull(release) || "OVS" >!< release) audit(AUDIT_OS_NOT, "OracleVM");
    if (! preg(pattern:"^OVS" + "3\.3" + "(\.[0-9]|$)", string:release)) audit(AUDIT_OS_NOT, "OracleVM 3.3", "OracleVM " + release);
    if (!get_kb_item("Host/OracleVM/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "OracleVM", cpu);
    if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    flag = 0;
    if (rpm_check(release:"OVS3.3", reference:"openssl-1.0.1e-30.el6_6.2")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openssl");
    }
    
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_LIBREOFFICE_423.NASL
    descriptionA version of LibreOffice 4.2.x prior to 4.2.3 is installed on the remote Mac OS X host. This version of LibreOffice is bundled with a version of OpenSSL affected by multiple vulnerabilities : - An error exists in the function
    last seen2020-06-01
    modified2020-06-02
    plugin id76511
    published2014-07-15
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76511
    titleLibreOffice 4.2.x < 4.2.3 OpenSSL Multiple Vulnerabilities (Mac OS X) (Heartbleed)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(76511);
      script_version("1.12");
      script_cvs_date("Date: 2019/11/26");
    
      script_cve_id(
        "CVE-2010-5298",
        "CVE-2013-4353",
        "CVE-2013-6449",
        "CVE-2013-6450",
        "CVE-2014-0160",
        "CVE-2014-0195",
        "CVE-2014-0198",
        "CVE-2014-0221",
        "CVE-2014-0224",
        "CVE-2014-3470"
      );
      script_bugtraq_id(
        64530,
        64618,
        64691,
        66690,
        66801,
        67193,
        67898,
        67899,
        67900,
        67901
      );
      script_xref(name:"CERT", value:"720951");
      script_xref(name:"CERT", value:"978508");
      script_xref(name:"EDB-ID", value:"32745");
      script_xref(name:"EDB-ID", value:"32764");
      script_xref(name:"EDB-ID", value:"32791");
      script_xref(name:"EDB-ID", value:"32998");
    
      script_name(english:"LibreOffice 4.2.x < 4.2.3 OpenSSL Multiple Vulnerabilities (Mac OS X) (Heartbleed)");
      script_summary(english:"Checks the version of LibreOffice.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote host contains an application that is affected by an
    information disclosure vulnerability.");
      script_set_attribute(attribute:"description", value:
    "A version of LibreOffice 4.2.x prior to 4.2.3 is installed on the
    remote Mac OS X host. This version of LibreOffice is bundled with a
    version of OpenSSL affected by multiple vulnerabilities :
    
      - An error exists in the function 'ssl3_read_bytes'
        that could allow data to be injected into other
        sessions or allow denial of service attacks. Note
        this issue is only exploitable if
        'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2010-5298)
    
      - An error exists in the 'ssl3_take_mac' function in the
        file 'ssl/s3_both.c' related to handling TLS handshake
        traffic that could lead to denial of service attacks.
        (CVE-2013-4353)
    
      - An error exists in the 'ssl_get_algorithm2' function in
        the file 'ssl/s3_lib.c' related to handling TLS 1.2
        traffic that could lead to denial of service attacks.
        (CVE-2013-6449)
    
      - An error exists related to the handling of DTLS
        retransmission processes that could lead to denial of
        service attacks. (CVE-2013-6450)
    
      - An out-of-bounds read error, known as the 'Heartbleed
        Bug', exists related to handling TLS heartbeat
        extensions that could allow an attacker to obtain
        sensitive information such as primary key material,
        secondary key material, and other protected content.
        (CVE-2014-0160)
    
      - A buffer overflow error exists related to invalid DTLS
        fragment handling that could lead to execution of
        arbitrary code. Note this issue only affects OpenSSL
        when used as a DTLS client or server. (CVE-2014-0195)
    
      - An error exists in the function 'do_ssl3_write' that
        could allow a NULL pointer to be dereferenced leading
        to denial of service attacks. Note this issue is
        exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is
        enabled. (CVE-2014-0198)
    
      - An error exists related to DTLS handshake handling that
        could lead to denial of service attacks. Note this
        issue only affects OpenSSL when used as a DTLS client.
        (CVE-2014-0221)
    
      - An unspecified error exists that could allow an
        attacker to cause usage of weak keying material
        leading to simplified man-in-the-middle attacks.
        (CVE-2014-0224)
    
      - An unspecified error exists related to anonymous ECDH
        cipher suites that could allow denial of service
        attacks. Note this issue only affects OpenSSL TLS
        clients. (CVE-2014-3470)
    
    Note that Nessus has not attempted to exploit these issues, but has
    instead relied only on the application's self-reported version number.");
      script_set_attribute(attribute:"see_also", value:"http://www.libreoffice.org/about-us/security/advisories/cve-2014-0160/");
      script_set_attribute(attribute:"see_also", value:"http://www.heartbleed.com");
      script_set_attribute(attribute:"see_also", value:"https://eprint.iacr.org/2014/140");
      script_set_attribute(attribute:"see_also", value:"https://www.openssl.org/news/vulnerabilities.html#2014-0160");
      script_set_attribute(attribute:"see_also", value:"https://www.openssl.org/news/secadv/20140407.txt");
      script_set_attribute(attribute:"see_also", value:"https://www.openssl.org/news/secadv/20140605.txt");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to LibreOffice version 4.2.3 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-0195");
    
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"in_the_news", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/02/24");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/04/14");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/07/15");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:libreoffice:libreoffice");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"MacOS X Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("macosx_libreoffice_installed.nasl");
      script_require_keys("MacOSX/LibreOffice/Version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    
    kb_base = "MacOSX/LibreOffice";
    get_kb_item_or_exit(kb_base+"/Installed");
    path = get_kb_item_or_exit(kb_base+"/Path", exit_code:1);
    version = get_kb_item_or_exit(kb_base+"/Version", exit_code:1);
    
    # Versions 4.2 up to and not including 4.2.3 are vulnerable
    if (version =~ "^4\.2\.[0-2]($|[^0-9])")
    {
      if (report_verbosity > 0)
      {
        report =
          '\n  Path              : ' + path +
          '\n  Installed version : ' + version +
          '\n  Fixed version     : 4.2.3' +
          '\n';
        security_warning(port:0, extra:report);
      }
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_INST_PATH_NOT_VULN, "LibreOffice", version, path);
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2014-10.NASL
    description - Fixed bnc#856687, openssl: crash when using TLS 1.2 Add file: CVE-2013-6449.patch - compression_methods_switch.patch: setenv might not be successful if a surrounding library or application filters it, like e.g. sudo. As setenv() does not seem to be useful anyway, remove it. bnc#849377
    last seen2020-06-05
    modified2014-06-13
    plugin id75247
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75247
    titleopenSUSE Security Update : openssl (openSUSE-SU-2014:0012-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2014-10.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(75247);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2013-6449");
      script_bugtraq_id(64530);
    
      script_name(english:"openSUSE Security Update : openssl (openSUSE-SU-2014:0012-1)");
      script_summary(english:"Check for the openSUSE-2014-10 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "  - Fixed bnc#856687, openssl: crash when using TLS 1.2 Add
        file: CVE-2013-6449.patch
    
      - compression_methods_switch.patch: setenv might not be
        successful if a surrounding library or application
        filters it, like e.g. sudo. As setenv() does not seem to
        be useful anyway, remove it. bnc#849377"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=849377"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=856687"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.opensuse.org/opensuse-updates/2014-01/msg00006.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected openssl packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libopenssl-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libopenssl-devel-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libopenssl1_0_0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libopenssl1_0_0-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openssl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openssl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openssl-debugsource");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.3");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2013/12/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE12\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.3", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE12.3", reference:"libopenssl-devel-1.0.1e-1.17.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"libopenssl1_0_0-1.0.1e-1.17.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"libopenssl1_0_0-debuginfo-1.0.1e-1.17.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"openssl-1.0.1e-1.17.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"openssl-debuginfo-1.0.1e-1.17.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"openssl-debugsource-1.0.1e-1.17.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"libopenssl-devel-32bit-1.0.1e-1.17.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"libopenssl1_0_0-32bit-1.0.1e-1.17.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"libopenssl1_0_0-debuginfo-32bit-1.0.1e-1.17.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libopenssl-devel / libopenssl-devel-32bit / libopenssl1_0_0 / etc");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2014-0015.NASL
    descriptionUpdated openssl packages that fix three security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. A flaw was found in the way OpenSSL determined which hashing algorithm to use when TLS protocol version 1.2 was enabled. This could possibly cause OpenSSL to use an incorrect hashing algorithm, leading to a crash of an application using the library. (CVE-2013-6449) It was discovered that the Datagram Transport Layer Security (DTLS) protocol implementation in OpenSSL did not properly maintain encryption and digest contexts during renegotiation. A lost or discarded renegotiation handshake packet could cause a DTLS client or server using OpenSSL to crash. (CVE-2013-6450) A NULL pointer dereference flaw was found in the way OpenSSL handled TLS/SSL protocol handshake packets. A specially crafted handshake packet could cause a TLS/SSL client using OpenSSL to crash. (CVE-2013-4353) All OpenSSL users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
    last seen2020-06-01
    modified2020-06-02
    plugin id71877
    published2014-01-09
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/71877
    titleRHEL 6 : openssl (RHSA-2014:0015)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2014:0015. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(71877);
      script_version("1.12");
      script_cvs_date("Date: 2019/10/24 15:35:37");
    
      script_cve_id("CVE-2013-4353", "CVE-2013-6449", "CVE-2013-6450");
      script_xref(name:"RHSA", value:"2014:0015");
    
      script_name(english:"RHEL 6 : openssl (RHSA-2014:0015)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated openssl packages that fix three security issues are now
    available for Red Hat Enterprise Linux 6.
    
    The Red Hat Security Response Team has rated this update as having
    important security impact. Common Vulnerability Scoring System (CVSS)
    base scores, which give detailed severity ratings, are available for
    each vulnerability from the CVE links in the References section.
    
    OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL
    v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a
    full-strength, general purpose cryptography library.
    
    A flaw was found in the way OpenSSL determined which hashing algorithm
    to use when TLS protocol version 1.2 was enabled. This could possibly
    cause OpenSSL to use an incorrect hashing algorithm, leading to a
    crash of an application using the library. (CVE-2013-6449)
    
    It was discovered that the Datagram Transport Layer Security (DTLS)
    protocol implementation in OpenSSL did not properly maintain
    encryption and digest contexts during renegotiation. A lost or
    discarded renegotiation handshake packet could cause a DTLS client or
    server using OpenSSL to crash. (CVE-2013-6450)
    
    A NULL pointer dereference flaw was found in the way OpenSSL handled
    TLS/SSL protocol handshake packets. A specially crafted handshake
    packet could cause a TLS/SSL client using OpenSSL to crash.
    (CVE-2013-4353)
    
    All OpenSSL users are advised to upgrade to these updated packages,
    which contain backported patches to correct these issues. For the
    update to take effect, all services linked to the OpenSSL library must
    be restarted, or the system rebooted."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2014:0015"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2013-6450"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2013-6449"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2013-4353"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openssl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openssl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openssl-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openssl-perl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openssl-static");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6.5");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/12/23");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/01/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/01/09");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2014:0015";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL6", reference:"openssl-1.0.1e-16.el6_5.4")) flag++;
    
      if (rpm_check(release:"RHEL6", reference:"openssl-debuginfo-1.0.1e-16.el6_5.4")) flag++;
    
      if (rpm_check(release:"RHEL6", reference:"openssl-devel-1.0.1e-16.el6_5.4")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"openssl-perl-1.0.1e-16.el6_5.4")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"openssl-perl-1.0.1e-16.el6_5.4")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"openssl-perl-1.0.1e-16.el6_5.4")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"openssl-static-1.0.1e-16.el6_5.4")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"openssl-static-1.0.1e-16.el6_5.4")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"openssl-static-1.0.1e-16.el6_5.4")) flag++;
    
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openssl / openssl-debuginfo / openssl-devel / openssl-perl / etc");
      }
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2014-9308.NASL
    descriptionMultiple moderate issues fixed. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2014-08-10
    plugin id77108
    published2014-08-10
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77108
    titleFedora 20 : openssl-1.0.1e-39.fc20 (2014-9308) (Heartbleed)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2014-9308.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(77108);
      script_version("1.11");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2010-5298", "CVE-2013-4353", "CVE-2013-6449", "CVE-2013-6450", "CVE-2014-0160", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-0221", "CVE-2014-0224", "CVE-2014-3470", "CVE-2014-3505", "CVE-2014-3506", "CVE-2014-3507", "CVE-2014-3508", "CVE-2014-3509", "CVE-2014-3510", "CVE-2014-3511");
      script_bugtraq_id(69075, 69076, 69078, 69079, 69081, 69082, 69084);
      script_xref(name:"FEDORA", value:"2014-9308");
    
      script_name(english:"Fedora 20 : openssl-1.0.1e-39.fc20 (2014-9308) (Heartbleed)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Multiple moderate issues fixed.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1127490"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1127498"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1127499"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1127500"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1127502"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1127503"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1127504"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?2c32fca8"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected openssl package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:openssl");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:20");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/12/23");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/08/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/08/10");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^20([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 20.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC20", reference:"openssl-1.0.1e-39.fc20")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openssl");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2833.NASL
    descriptionMultiple security issues have been fixed in OpenSSL: The TLS 1.2 support was susceptible to denial of service and retransmission of DTLS messages was fixed. In addition this update disables the insecure Dual_EC_DRBG algorithm (which was unused anyway, see http://marc.info/?l=openssl-announce&m=138747119822324&w=2 for further information) and no longer uses the RdRand feature available on some Intel CPUs as a sole source of entropy unless explicitly requested.
    last seen2020-03-17
    modified2014-01-02
    plugin id71781
    published2014-01-02
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/71781
    titleDebian DSA-2833-1 : openssl - several vulnerabilities
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2014-1560.NASL
    descriptionSynced patches with native openssl-1.0.1e-38.fc21 which fixes various CVE
    last seen2020-03-17
    modified2014-02-04
    plugin id72270
    published2014-02-04
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/72270
    titleFedora 19 : mingw-openssl-1.0.1e-5.fc19 (2014-1560)
  • NASL familyWeb Servers
    NASL idHPSMH_7_3_2.NASL
    descriptionAccording to the web server
    last seen2020-06-01
    modified2020-06-02
    plugin id73639
    published2014-04-18
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/73639
    titleHP System Management Homepage OpenSSL Multiple Vulnerabilities (Heartbleed)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2014-0041.NASL
    descriptionAn updated rhev-hypervisor6 package that fixes multiple security issues is now available. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. Upgrade Note: If you upgrade Red Hat Enterprise Virtualization Hypervisor 6.4 to version 6.5 through the 3.3 Manager administration portal, configuration of the previous system appears to be lost when reported in the TUI. However, this is an issue in the TUI itself, not in the upgrade process; the configuration of the system is not affected. A flaw was found in the way NSS handled invalid handshake packets. A remote attacker could use this flaw to cause a TLS/SSL client using NSS to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2013-5605) A flaw was found in the way OpenSSL determined which hashing algorithm to use when TLS protocol version 1.2 was enabled. This could possibly cause OpenSSL to use an incorrect hashing algorithm, leading to a crash of an application using the library. (CVE-2013-6449) A NULL pointer dereference flaw was found in the way OpenSSL handled TLS/SSL protocol handshake packets. A specially crafted handshake packet could cause a TLS/SSL client using OpenSSL to crash. (CVE-2013-4353) It was discovered that NSS did not reject certificates with incompatible key usage constraints when validating them while the verifyLog feature was enabled. An application using the NSS certificate validation API could accept an invalid certificate. (CVE-2013-5606) Red Hat would like to thank the Mozilla project for reporting CVE-2013-5606. Upstream acknowledges Camilo Viecco as the original reporter of CVE-2013-5606. This updated package provides updated components that include fixes for various security issues. These issues have no security impact on Red Hat Enterprise Virtualization Hypervisor itself, however. The security fixes included in this update address the following CVE numbers : CVE-2013-6462 (libXfont issue) CVE-2013-6629, and CVE-2013-6630 (libjpeg-turbo issues) CVE-2013-1739, CVE-2013-1741, and CVE-2013-5607 (nss, nspr issues) CVE-2013-6450 (openssl issue) CVE-2013-6425 (pixman issue) Users of the Red Hat Enterprise Virtualization Hypervisor are advised to upgrade to this updated package, which corrects these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id78994
    published2014-11-08
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78994
    titleRHEL 6 : rhev-hypervisor6 (RHSA-2014:0041)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201412-39.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201412-39 (OpenSSL: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced below for details. Impact : A remote attacker may be able to cause a Denial of Service condition, perform Man-in-the-Middle attacks, obtain sensitive information, or bypass security restrictions. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id80244
    published2014-12-26
    reporterThis script is Copyright (C) 2014-2015 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/80244
    titleGLSA-201412-39 : OpenSSL: Multiple vulnerabilities
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_5AAA257E772D11E3A65A3C970E169BC2.NASL
    descriptionOpenSSL development team reports : Major changes between OpenSSL 1.0.1e and OpenSSL 1.0.1f [6 Jan 2014] : - Fix for TLS record tampering bug [CVE-2013-4353] - Fix for TLS version checking bug [CVE-2013-6449] - Fix for DTLS retransmission bug [CVE-2013-6450]
    last seen2020-06-01
    modified2020-06-02
    plugin id71808
    published2014-01-07
    reporterThis script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/71808
    titleFreeBSD : openssl -- multiple vulnerabilities (5aaa257e-772d-11e3-a65a-3c970e169bc2)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2079-1.NASL
    descriptionAnton Johansson discovered that OpenSSL incorrectly handled certain invalid TLS handshakes. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2013-4353) Ron Barber discovered that OpenSSL used an incorrect data structure to obtain a version number. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2013-6449) Dmitry Sobinov discovered that OpenSSL incorrectly handled certain DTLS retransmissions. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2013-6450) This update also disables the default use of the RdRand feature of certain Intel CPUs as the sole source of entropy. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-18
    modified2014-01-10
    plugin id71896
    published2014-01-10
    reporterUbuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/71896
    titleUbuntu 12.04 LTS / 12.10 / 13.04 / 13.10 : openssl vulnerabilities (USN-2079-1)
  • NASL familyF5 Networks Local Security Checks
    NASL idF5_BIGIP_SOL15147.NASL
    descriptionThe ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2 obtains a certain version number from an incorrect data structure, which allows remote attackers to cause a denial of service (daemon crash) via crafted traffic from a TLS 1.2 client.
    last seen2020-06-01
    modified2020-06-02
    plugin id78161
    published2014-10-10
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78161
    titleF5 Networks BIG-IP : OpenSSL vulnerability (SOL15147)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2013-23794.NASL
    descriptionThis update fixes important security issue (DoS) CVE-2013-6449. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2013-12-23
    plugin id71602
    published2013-12-23
    reporterThis script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/71602
    titleFedora 19 : openssl-1.0.1e-36.fc19 (2013-23794)
  • NASL familyWeb Servers
    NASL idOPENSSL_1_0_1F.NASL
    descriptionAccording to its banner, the remote web server is running a version of OpenSSL 1.0.1 prior to 1.0.1f. The OpenSSL library is, therefore, reportedly affected by the following vulnerabilities : - An error exists in the
    last seen2020-06-01
    modified2020-06-02
    plugin id71857
    published2014-01-08
    reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/71857
    titleOpenSSL 1.0.1 < 1.0.1f Multiple Vulnerabilities
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2013-23788.NASL
    descriptionThis update fixes important security issue (DoS) CVE-2013-6449. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2013-12-23
    plugin id71601
    published2013-12-23
    reporterThis script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/71601
    titleFedora 20 : openssl-1.0.1e-36.fc20 (2013-23788)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2014-4.NASL
    description - Fixed bnc#856687, openssl: crash when using TLS 1.2 Add file: CVE-2013-6449.patch
    last seen2020-06-05
    modified2014-06-13
    plugin id75392
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75392
    titleopenSUSE Security Update : openssl (openSUSE-SU-2014:0015-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2014-11.NASL
    description - Fixed bnc#856687, openssl: crash when using TLS 1.2 Add file: CVE-2013-6449.patch - compression_methods_switch.patch: setenv might not be successful if a surrounding library or application filters it, like e.g. sudo. As setenv() does not seem to be useful anyway, remove it. bnc#849377
    last seen2020-06-05
    modified2014-06-13
    plugin id75254
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75254
    titleopenSUSE Security Update : openssl (openSUSE-SU-2014:0018-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2014-27.NASL
    descriptionThis update of openssl fixes several security issues. - Fixed bnc#857203, openssl: crash in DTLS renegotiation after packet loss Add file: CVE-2013-6450.patch - Fixed bnc#856687, openssl: crash when using TLS 1.2 Add file: CVE-2013-6449.patch
    last seen2020-06-05
    modified2014-06-13
    plugin id75317
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75317
    titleopenSUSE Security Update : openssl (openSUSE-SU-2014:0048-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2013-23768.NASL
    descriptionThis update fixes important security issue (DoS) CVE-2013-6449. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2013-12-23
    plugin id71600
    published2013-12-23
    reporterThis script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/71600
    titleFedora 18 : openssl-1.0.1e-36.fc18 (2013-23768)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2014-9301.NASL
    descriptionMultiple moderate issues fixed. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2014-08-10
    plugin id77107
    published2014-08-10
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77107
    titleFedora 19 : openssl-1.0.1e-39.fc19 (2014-9301)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20140108_OPENSSL_ON_SL6_X.NASL
    descriptionA flaw was found in the way OpenSSL determined which hashing algorithm to use when TLS protocol version 1.2 was enabled. This could possibly cause OpenSSL to use an incorrect hashing algorithm, leading to a crash of an application using the library. (CVE-2013-6449) It was discovered that the Datagram Transport Layer Security (DTLS) protocol implementation in OpenSSL did not properly maintain encryption and digest contexts during renegotiation. A lost or discarded renegotiation handshake packet could cause a DTLS client or server using OpenSSL to crash. (CVE-2013-6450) A NULL pointer dereference flaw was found in the way OpenSSL handled TLS/SSL protocol handshake packets. A specially crafted handshake packet could cause a TLS/SSL client using OpenSSL to crash. (CVE-2013-4353) For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
    last seen2020-03-18
    modified2014-01-10
    plugin id71894
    published2014-01-10
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/71894
    titleScientific Linux Security Update : openssl on SL6.x i386/x86_64 (20140108)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0033_OPENSSL.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has openssl packages installed that are affected by multiple vulnerabilities: - OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an error state mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error. OpenSSL version 1.0.2b-1.0.2m are affected. Fixed in OpenSSL 1.0.2n. OpenSSL 1.1.0 is not affected. (CVE-2017-3737) - There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH1024 are considered just feasible, because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701. This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th generation). Note: The impact from this issue is similar to CVE-2017-3736, CVE-2017-3732 and CVE-2015-3193. OpenSSL version 1.0.2-1.0.2m and 1.1.0-1.1.0g are affected. Fixed in OpenSSL 1.0.2n. Due to the low severity of this issue we are not issuing a new release of OpenSSL 1.1.0 at this time. The fix will be included in OpenSSL 1.1.0h when it becomes available. The fix is also available in commit e502cc86d in the OpenSSL git repository. (CVE-2017-3738) - There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen. (CVE-2017-3736) - OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition. (CVE-2006-2937) - OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) public exponent or (2) public modulus values in X.509 certificates that require extra time to process when using RSA signature verification. (CVE-2006-2940) - Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers. (CVE-2006-3738) - OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1. (CVE-2006-4339) - The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference. (CVE-2006-4343) - The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and earlier does not properly perform Montgomery multiplication, which might allow local users to conduct a side-channel attack and retrieve RSA private keys. (CVE-2007-3108) - Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f allows remote attackers to execute arbitrary code via unspecified vectors. (CVE-2007-4995) - Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result of a fix for CVE-2006-3738. As of 20071012, it is unknown whether code execution is possible. (CVE-2007-5135) - Double free vulnerability in OpenSSL 0.9.8f and 0.9.8g, when the TLS server name extensions are enabled, allows remote attackers to cause a denial of service (crash) via a malformed Client Hello packet. NOTE: some of these details are obtained from third party information. (CVE-2008-0891) - OpenSSL 0.9.8f and 0.9.8g allows remote attackers to cause a denial of service (crash) via a TLS handshake that omits the Server Key Exchange message and uses particular cipher suites, which triggers a NULL pointer dereference. (CVE-2008-1672) - The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service (memory consumption) via a large series of future epoch DTLS records that are buffered in a queue, aka DTLS record buffer limitation bug. (CVE-2009-1377) - Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka DTLS fragment handling memory leak. (CVE-2009-1378) - Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) and possibly have unspecified other impact via a DTLS packet, as demonstrated by a packet from a server that uses a crafted server certificate. (CVE-2009-1379) - The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post- renegotiation context, related to a plaintext injection attack, aka the Project Mogul issue. (CVE-2009-3555) - Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678. (CVE-2009-4355) - The Cryptographic Message Syntax (CMS) implementation in crypto/cms/cms_asn1.c in OpenSSL before 0.9.8o and 1.x before 1.0.0a does not properly handle structures that contain OriginatorInfo, which allows context-dependent attackers to modify invalid memory locations or conduct double-free attacks, and possibly execute arbitrary code, via unspecified vectors. (CVE-2010-0742) - RSA verification recovery in the EVP_PKEY_verify_recover function in OpenSSL 1.x before 1.0.0a, as used by pkeyutl and possibly other applications, returns uninitialized memory upon failure, which might allow context-dependent attackers to bypass intended key requirements or obtain sensitive information via unspecified vectors. NOTE: some of these details are obtained from third party information. (CVE-2010-1633) - Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, when multi- threading and internal caching are enabled on a TLS server, might allow remote attackers to execute arbitrary code via client data that triggers a heap- based buffer overflow, related to (1) the TLS server name extension and (2) elliptic curve cryptography. (CVE-2010-3864) - OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier. (CVE-2010-4180) - ssl/t1_lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c allows remote attackers to cause a denial of service (crash), and possibly obtain sensitive information in applications that use OpenSSL, via a malformed ClientHello handshake message that triggers an out-of-bounds memory access, aka OCSP stapling vulnerability. (CVE-2011-0014) - crypto/x509/x509_vfy.c in OpenSSL 1.0.x before 1.0.0e does not initialize certain structure members, which makes it easier for remote attackers to bypass CRL validation by using a nextUpdate value corresponding to a time in the past. (CVE-2011-3207) - OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications, which allows remote attackers to cause a denial of service (crash) via unspecified vectors related to an out-of-bounds read. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4108. (CVE-2012-0050) - The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key. (CVE-2012-2110) - The ssl3_take_mac function in ssl/s3_both.c in OpenSSL 1.0.1 before 1.0.1f allows remote TLS servers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Next Protocol Negotiation record in a TLS handshake. (CVE-2013-4353) - The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2 obtains a certain version number from an incorrect data structure, which allows remote attackers to cause a denial of service (daemon crash) via crafted traffic from a TLS 1.2 client. (CVE-2013-6449) - The DTLS retransmission implementation in OpenSSL 1.0.0 before 1.0.0l and 1.0.1 before 1.0.1f does not properly maintain data structures for digest and encryption contexts, which might allow man-in-the-middle attackers to trigger the use of a different context and cause a denial of service (application crash) by interfering with packet delivery, related to ssl/d1_both.c and ssl/t1_enc.c. (CVE-2013-6450) - An information disclosure flaw was found in the way OpenSSL handled TLS and DTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server could send a specially crafted TLS or DTLS Heartbeat packet to disclose a limited portion of memory per request from a connected client or server. Note that the disclosed portions of memory could potentially include sensitive information such as private keys. (CVE-2014-0160) - A flaw was found in the way SSL 3.0 handled padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. This flaw allows a man-in-the-middle (MITM) attacker to decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. (CVE-2014-3566) - A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id127201
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127201
    titleNewStart CGSL CORE 5.04 / MAIN 5.04 : openssl Multiple Vulnerabilities (NS-SA-2019-0033)
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS11_OPENSSL_20140731.NASL
    descriptionThe remote Solaris system is missing necessary patches to address security updates : - The ssl3_take_mac function in ssl/s3_both.c in OpenSSL 1.0.1 before 1.0.1f allows remote TLS servers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Next Protocol Negotiation record in a TLS handshake. (CVE-2013-4353) - The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2 obtains a certain version number from an incorrect data structure, which allows remote attackers to cause a denial of service (daemon crash) via crafted traffic from a TLS 1.2 client. (CVE-2013-6449) - The DTLS retransmission implementation in OpenSSL 1.0.0 before 1.0.0l and 1.0.1 before 1.0.1f does not properly maintain data structures for digest and encryption contexts, which might allow man-in-the-middle attackers to trigger the use of a different context and cause a denial of service (application crash) by interfering with packet delivery, related to ssl/d1_both.c and ssl/ t1_enc.c. (CVE-2013-6450) - The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack. (CVE-2014-0076) - The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug. (CVE-2014-0160)
    last seen2020-06-01
    modified2020-06-02
    plugin id80721
    published2015-01-19
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/80721
    titleOracle Solaris Third-Party Patch Update : openssl (multiple_vulnerabilities_in_openssl4) (Heartbleed)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2014-0015.NASL
    descriptionUpdated openssl packages that fix three security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. A flaw was found in the way OpenSSL determined which hashing algorithm to use when TLS protocol version 1.2 was enabled. This could possibly cause OpenSSL to use an incorrect hashing algorithm, leading to a crash of an application using the library. (CVE-2013-6449) It was discovered that the Datagram Transport Layer Security (DTLS) protocol implementation in OpenSSL did not properly maintain encryption and digest contexts during renegotiation. A lost or discarded renegotiation handshake packet could cause a DTLS client or server using OpenSSL to crash. (CVE-2013-6450) A NULL pointer dereference flaw was found in the way OpenSSL handled TLS/SSL protocol handshake packets. A specially crafted handshake packet could cause a TLS/SSL client using OpenSSL to crash. (CVE-2013-4353) All OpenSSL users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
    last seen2020-06-01
    modified2020-06-02
    plugin id71865
    published2014-01-09
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/71865
    titleCentOS 6 : openssl (CESA-2014:0015)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2014-013-02.NASL
    descriptionNew openssl packages are available for Slackware 14.0, 14.1, and -current to fix security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id71930
    published2014-01-14
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/71930
    titleSlackware 14.0 / 14.1 / current : openssl (SSA:2014-013-02)
  • NASL familyFirewalls
    NASL idPFSENSE_SA-14_03.NASL
    descriptionAccording to its self-reported version number, the remote pfSense install is prior to 2.1.1. It is, therefore, affected by multiple vulnerabilities as stated in the referenced vendor advisories.
    last seen2020-06-01
    modified2020-06-02
    plugin id106488
    published2018-01-31
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/106488
    titlepfSense < 2.1.1 Multiple Vulnerabilities (SA-14_02 / SA-14_03)
  • NASL familyAIX Local Security Checks
    NASL idAIX_OPENSSL_ADVISORY6.NASL
    descriptionThe version of OpenSSL running on the remote host is affected by the following vulnerabilities : - A carefully crafted invalid TLS handshake could crash OpenSSL with a NULL pointer exception. A malicious server could use this flaw to crash a connecting client. This issue only affected OpenSSL 1.0.1 versions. (CVE-2013-4353) - A flaw in DTLS handling can cause an application using OpenSSL and DTLS to crash. This is not a vulnerability for OpenSSL prior to 1.0.0. OpenSSL is vulnerable to a denial of service, caused by the failure to properly maintain data structures for digest and encryption contexts by the DTLS retransmission implementation. A remote attacker could exploit this vulnerability to cause the daemon to crash. (CVE-2013-6450) - A flaw in OpenSSL can cause an application using OpenSSL to crash when using TLS version 1.2. This issue only affected OpenSSL 1.0.1 versions. OpenSSL is vulnerable to a denial of service, caused by an error in the ssl_get_algorithm2 function. A remote attacker could exploit this vulnerability using specially crafted traffic from a TLS 1.2 client to cause the daemon to crash. (CVE-2013-6449)
    last seen2020-06-01
    modified2020-06-02
    plugin id73564
    published2014-04-16
    reporterThis script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/73564
    titleAIX OpenSSL Advisory : openssl_advisory6.asc
  • NASL familyWindows
    NASL idLIBREOFFICE_423.NASL
    descriptionA version of LibreOffice 4.2.x prior to 4.2.3 is installed on the remote Windows host. This version of LibreOffice is bundled with a version of OpenSSL affected by multiple vulnerabilities : - An error exists in the function
    last seen2020-06-01
    modified2020-06-02
    plugin id76510
    published2014-07-15
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76510
    titleLibreOffice 4.2.x < 4.2.3 OpenSSL Multiple Vulnerabilities (Heartbleed)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2014-0015.NASL
    descriptionFrom Red Hat Security Advisory 2014:0015 : Updated openssl packages that fix three security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. A flaw was found in the way OpenSSL determined which hashing algorithm to use when TLS protocol version 1.2 was enabled. This could possibly cause OpenSSL to use an incorrect hashing algorithm, leading to a crash of an application using the library. (CVE-2013-6449) It was discovered that the Datagram Transport Layer Security (DTLS) protocol implementation in OpenSSL did not properly maintain encryption and digest contexts during renegotiation. A lost or discarded renegotiation handshake packet could cause a DTLS client or server using OpenSSL to crash. (CVE-2013-6450) A NULL pointer dereference flaw was found in the way OpenSSL handled TLS/SSL protocol handshake packets. A specially crafted handshake packet could cause a TLS/SSL client using OpenSSL to crash. (CVE-2013-4353) All OpenSSL users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
    last seen2020-06-01
    modified2020-06-02
    plugin id71875
    published2014-01-09
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/71875
    titleOracle Linux 6 : openssl (ELSA-2014-0015)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2014-1567.NASL
    descriptionSynced patches with native openssl-1.0.1e-38.fc21 which fixes various CVE
    last seen2020-03-17
    modified2014-01-28
    plugin id72154
    published2014-01-28
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/72154
    titleFedora 20 : mingw-openssl-1.0.1e-5.fc20 (2014-1567)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2014-273.NASL
    descriptionA flaw was found in the way OpenSSL determined which hashing algorithm to use when TLS protocol version 1.2 was enabled. This could possibly cause OpenSSL to use an incorrect hashing algorithm, leading to a crash of an application using the library. (CVE-2013-6449) It was discovered that the Datagram Transport Layer Security (DTLS) protocol implementation in OpenSSL did not properly maintain encryption and digest contexts during renegotiation. A lost or discarded renegotiation handshake packet could cause a DTLS client or server using OpenSSL to crash. (CVE-2013-6450) A NULL pointer dereference flaw was found in the way OpenSSL handled TLS/SSL protocol handshake packets. A specially crafted handshake packet could cause a TLS/SSL client using OpenSSL to crash. (CVE-2013-4353)
    last seen2020-06-01
    modified2020-06-02
    plugin id72291
    published2014-02-05
    reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/72291
    titleAmazon Linux AMI : openssl (ALAS-2014-273)
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS11_OPENSSL_20140623.NASL
    descriptionThe remote Solaris system is missing necessary patches to address security updates : - Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment. (CVE-2010-5298) - The ssl3_take_mac function in ssl/s3_both.c in OpenSSL 1.0.1 before 1.0.1f allows remote TLS servers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Next Protocol Negotiation record in a TLS handshake. (CVE-2013-4353) - The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2 obtains a certain version number from an incorrect data structure, which allows remote attackers to cause a denial of service (daemon crash) via crafted traffic from a TLS 1.2 client. (CVE-2013-6449) - The DTLS retransmission implementation in OpenSSL 1.0.0 before 1.0.0l and 1.0.1 before 1.0.1f does not properly maintain data structures for digest and encryption contexts, which might allow man-in-the-middle attackers to trigger the use of a different context and cause a denial of service (application crash) by interfering with packet delivery, related to ssl/d1_both.c and ssl/ t1_enc.c. (CVE-2013-6450) - The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack. (CVE-2014-0076) - The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment. (CVE-2014-0195) - The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition. (CVE-2014-0198) - The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake. (CVE-2014-0221) - The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value. (CVE-2014-3470)
    last seen2020-06-01
    modified2020-06-02
    plugin id80720
    published2015-01-19
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/80720
    titleOracle Solaris Third-Party Patch Update : openssl (cve_2010_5298_race_conditions)

Redhat

advisories
  • rhsa
    idRHSA-2014:0015
  • rhsa
    idRHSA-2014:0041
rpms
  • openssl-0:1.0.1e-16.el6_5.4
  • openssl-debuginfo-0:1.0.1e-16.el6_5.4
  • openssl-devel-0:1.0.1e-16.el6_5.4
  • openssl-perl-0:1.0.1e-16.el6_5.4
  • openssl-static-0:1.0.1e-16.el6_5.4
  • rhev-hypervisor6-0:6.5-20140112.0.el6ev

References