Vulnerabilities > CVE-2014-0224 - Inadequate Encryption Strength vulnerability in multiple products

047910
CVSS 7.4 - HIGH
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
NONE

Summary

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability.

Vulnerable Configurations

Part Description Count
Application
Openssl
131
Application
Redhat
5
Application
Filezilla-Project
22
Application
Mariadb
13
Application
Python
36
Application
Nodejs
406
OS
Redhat
3
OS
Fedoraproject
2
OS
Opensuse
2
OS
Siemens
4
Hardware
Siemens
4

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Brute Force
    In this attack, some asset (information, functionality, identity, etc.) is protected by a finite secret value. The attacker attempts to gain access to this asset by using trial-and-error to exhaustively explore all the possible secret values in the hope of finding the secret (or a value that is functionally equivalent) that will unlock the asset. Examples of secrets can include, but are not limited to, passwords, encryption keys, database lookup keys, and initial values to one-way functions. The key factor in this attack is the attackers' ability to explore the possible secret space rapidly. This, in turn, is a function of the size of the secret space and the computational power the attacker is able to bring to bear on the problem. If the attacker has modest resources and the secret space is large, the challenge facing the attacker is intractable. While the defender cannot control the resources available to an attacker, they can control the size of the secret space. Creating a large secret space involves selecting one's secret from as large a field of equally likely alternative secrets as possible and ensuring that an attacker is unable to reduce the size of this field using available clues or cryptanalysis. Doing this is more difficult than it sounds since elimination of patterns (which, in turn, would provide an attacker clues that would help them reduce the space of potential secrets) is difficult to do using deterministic machines, such as computers. Assuming a finite secret space, a brute force attack will eventually succeed. The defender must rely on making sure that the time and resources necessary to do so will exceed the value of the information. For example, a secret space that will likely take hundreds of years to explore is likely safe from raw-brute force attacks.
  • Encryption Brute Forcing
    An attacker, armed with the cipher text and the encryption algorithm used, performs an exhaustive (brute force) search on the key space to determine the key that decrypts the cipher text to obtain the plaintext.

Metasploit

descriptionThis module checks for the OpenSSL ChangeCipherSpec (CCS) Injection vulnerability. The problem exists in the handling of early CCS messages during session negotiation. Vulnerable installations of OpenSSL accepts them, while later implementations do not. If successful, an attacker can leverage this vulnerability to perform a man-in-the-middle (MITM) attack by downgrading the cipher spec between a client and server. This issue was first reported in early June, 2014.
idMSF:AUXILIARY/SCANNER/SSL/OPENSSL_CCS
last seen2020-05-15
modified2017-07-24
published2014-06-09
references
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/scanner/ssl/openssl_ccs.rb
titleOpenSSL Server-Side ChangeCipherSpec Injection Scanner

Nessus

  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-294.NASL
    descriptionThis update for libopenssl0_9_8 fixes the following issues : - CVE-2016-0800 aka the
    last seen2020-06-05
    modified2016-03-04
    plugin id89651
    published2016-03-04
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/89651
    titleopenSUSE Security Update : libopenssl0_9_8 (openSUSE-2016-294) (DROWN) (FREAK) (POODLE)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2016-294.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(89651);
      script_version("1.20");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2013-0166", "CVE-2013-0169", "CVE-2014-0076", "CVE-2014-0195", "CVE-2014-0221", "CVE-2014-0224", "CVE-2014-3470", "CVE-2014-3505", "CVE-2014-3506", "CVE-2014-3507", "CVE-2014-3508", "CVE-2014-3510", "CVE-2014-3566", "CVE-2014-3567", "CVE-2014-3568", "CVE-2014-3569", "CVE-2014-3570", "CVE-2014-3571", "CVE-2014-3572", "CVE-2014-8275", "CVE-2015-0204", "CVE-2015-0209", "CVE-2015-0286", "CVE-2015-0287", "CVE-2015-0288", "CVE-2015-0289", "CVE-2015-0293", "CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-3195", "CVE-2015-3197", "CVE-2016-0797", "CVE-2016-0799", "CVE-2016-0800");
    
      script_name(english:"openSUSE Security Update : libopenssl0_9_8 (openSUSE-2016-294) (DROWN) (FREAK) (POODLE)");
      script_summary(english:"Check for the openSUSE-2016-294 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for libopenssl0_9_8 fixes the following issues :
    
      - CVE-2016-0800 aka the 'DROWN' attack (bsc#968046):
        OpenSSL was vulnerable to a cross-protocol attack that
        could lead to decryption of TLS sessions by using a
        server supporting SSLv2 and EXPORT cipher suites as a
        Bleichenbacher RSA padding oracle.
    
        This update changes the openssl library to :
    
      - Disable SSLv2 protocol support by default.
    
        This can be overridden by setting the environment
        variable 'OPENSSL_ALLOW_SSL2' or by using
        SSL_CTX_clear_options using the SSL_OP_NO_SSLv2 flag.
    
        Note that various services and clients had already
        disabled SSL protocol 2 by default previously.
    
      - Disable all weak EXPORT ciphers by default. These can be
        reenabled if required by old legacy software using the
        environment variable 'OPENSSL_ALLOW_EXPORT'.
    
      - CVE-2016-0797 (bnc#968048): The BN_hex2bn() and
        BN_dec2bn() functions had a bug that could result in an
        attempt to de-reference a NULL pointer leading to
        crashes. This could have security consequences if these
        functions were ever called by user applications with
        large untrusted hex/decimal data. Also, internal usage
        of these functions in OpenSSL uses data from config
        files or application command line arguments. If user
        developed applications generated config file data based
        on untrusted data, then this could have had security
        consequences as well.
    
      - CVE-2016-0799 (bnc#968374) On many 64 bit systems, the
        internal fmtstr() and doapr_outch() functions could
        miscalculate the length of a string and attempt to
        access out-of-bounds memory locations. These problems
        could have enabled attacks where large amounts of
        untrusted data is passed to the BIO_*printf functions.
        If applications use these functions in this way then
        they could have been vulnerable. OpenSSL itself uses
        these functions when printing out human-readable dumps
        of ASN.1 data. Therefore applications that print this
        data could have been vulnerable if the data is from
        untrusted sources. OpenSSL command line applications
        could also have been vulnerable when they print out
        ASN.1 data, or if untrusted data is passed as command
        line arguments. Libssl is not considered directly
        vulnerable.
    
      - The package was updated to 0.9.8zh :
    
      - fixes many security vulnerabilities (not separately
        listed): CVE-2015-3195, CVE-2015-1788, CVE-2015-1789,
        CVE-2015-1790, CVE-2015-1792, CVE-2015-1791,
        CVE-2015-0286, CVE-2015-0287, CVE-2015-0289,
        CVE-2015-0293, CVE-2015-0209, CVE-2015-0288,
        CVE-2014-3571, CVE-2014-3569, CVE-2014-3572,
        CVE-2015-0204, CVE-2014-8275, CVE-2014-3570,
        CVE-2014-3567, CVE-2014-3568, CVE-2014-3566,
        CVE-2014-3510, CVE-2014-3507, CVE-2014-3506,
        CVE-2014-3505, CVE-2014-3508, CVE-2014-0224,
        CVE-2014-0221, CVE-2014-0195, CVE-2014-3470,
        CVE-2014-0076, CVE-2013-0169, CVE-2013-0166
    
      - avoid running OPENSSL_config twice. This avoids breaking
        engine loading. (boo#952871, boo#967787)
    
      - fix CVE-2015-3197 (boo#963415)
    
      - SSLv2 doesn't block disabled ciphers"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=952871"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=963415"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=967787"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=968046"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=968048"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=968374"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected libopenssl0_9_8 packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libopenssl0_9_8");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libopenssl0_9_8-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libopenssl0_9_8-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libopenssl0_9_8-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libopenssl0_9_8-debugsource");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.2");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2016/03/03");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/03/04");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE13\.2|SUSE42\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.2 / 42.1", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE13.2", reference:"libopenssl0_9_8-0.9.8zh-9.3.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"libopenssl0_9_8-debuginfo-0.9.8zh-9.3.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"libopenssl0_9_8-debugsource-0.9.8zh-9.3.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libopenssl0_9_8-32bit-0.9.8zh-9.3.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libopenssl0_9_8-debuginfo-32bit-0.9.8zh-9.3.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"libopenssl0_9_8-0.9.8zh-14.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"libopenssl0_9_8-debuginfo-0.9.8zh-14.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"libopenssl0_9_8-debugsource-0.9.8zh-14.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"libopenssl0_9_8-32bit-0.9.8zh-14.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"libopenssl0_9_8-debuginfo-32bit-0.9.8zh-14.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libopenssl0_9_8 / libopenssl0_9_8-32bit / libopenssl0_9_8-debuginfo / etc");
    }
    
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2014-0032.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - fix CVE-2014-3567 - memory leak when handling session tickets - fix CVE-2014-3513 - memory leak in srtp support - add support for fallback SCSV to partially mitigate (CVE-2014-3566) (padding attack on SSL3) - add ECC TLS extensions to DTLS (#1119800) - fix CVE-2014-3505 - doublefree in DTLS packet processing - fix CVE-2014-3506 - avoid memory exhaustion in DTLS - fix CVE-2014-3507 - avoid memory leak in DTLS - fix CVE-2014-3508 - fix OID handling to avoid information leak - fix CVE-2014-3509 - fix race condition when parsing server hello - fix CVE-2014-3510 - fix DoS in anonymous (EC)DH handling in DTLS - fix CVE-2014-3511 - disallow protocol downgrade via fragmentation - fix CVE-2014-0224 fix that broke EAP-FAST session resumption support - drop EXPORT, RC2, and DES from the default cipher list (#1057520) - print ephemeral key size negotiated in TLS handshake (#1057715) - do not include ECC ciphersuites in SSLv2 client hello (#1090952) - properly detect encryption failure in BIO (#1100819) - fail on hmac integrity check if the .hmac file is empty (#1105567) - FIPS mode: make the limitations on DSA, DH, and RSA keygen length enforced only if OPENSSL_ENFORCE_MODULUS_BITS environment variable is set - fix CVE-2010-5298 - possible use of memory after free - fix CVE-2014-0195 - buffer overflow via invalid DTLS fragment - fix CVE-2014-0198 - possible NULL pointer dereference - fix CVE-2014-0221 - DoS from invalid DTLS handshake packet - fix CVE-2014-0224 - SSL/TLS MITM vulnerability - fix CVE-2014-3470 - client-side DoS when using anonymous ECDH - add back support for secp521r1 EC curve - fix CVE-2014-0160 - information disclosure in TLS heartbeat extension - use 2048 bit RSA key in FIPS selftests - add DH_compute_key_padded needed for FIPS CAVS testing - make 3des strength to be 128 bits instead of 168 (#1056616) - FIPS mode: do not generate DSA keys and DH parameters < 2048 bits - FIPS mode: use approved RSA keygen (allows only 2048 and 3072 bit keys) - FIPS mode: add DH selftest - FIPS mode: reseed DRBG properly on RAND_add - FIPS mode: add RSA encrypt/decrypt selftest - FIPS mode: add hard limit for 2^32 GCM block encryptions with the same key - use the key length from configuration file if req -newkey rsa is invoked - fix CVE-2013-4353 - Invalid TLS handshake crash - fix CVE-2013-6450 - possible MiTM attack on DTLS1 - fix CVE-2013-6449 - crash when version in SSL structure is incorrect - add back some no-op symbols that were inadvertently dropped
    last seen2020-06-01
    modified2020-06-02
    plugin id79547
    published2014-11-26
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79547
    titleOracleVM 3.3 : openssl (OVMSA-2014-0032) (Heartbleed) (POODLE)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The package checks in this plugin were extracted from OracleVM
    # Security Advisory OVMSA-2014-0032.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(79547);
      script_version("1.21");
      script_cvs_date("Date: 2019/11/12");
    
      script_cve_id("CVE-2010-5298", "CVE-2013-4353", "CVE-2013-6449", "CVE-2013-6450", "CVE-2014-0160", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-0221", "CVE-2014-0224", "CVE-2014-3470", "CVE-2014-3505", "CVE-2014-3506", "CVE-2014-3507", "CVE-2014-3508", "CVE-2014-3509", "CVE-2014-3510", "CVE-2014-3511", "CVE-2014-3513", "CVE-2014-3566", "CVE-2014-3567");
      script_bugtraq_id(64530, 64618, 64691, 66690, 66801, 67193, 67898, 67899, 67900, 67901, 69075, 69076, 69078, 69079, 69081, 69082, 69084, 70574, 70584, 70586);
    
      script_name(english:"OracleVM 3.3 : openssl (OVMSA-2014-0032) (Heartbleed) (POODLE)");
      script_summary(english:"Checks the RPM output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote OracleVM host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote OracleVM system is missing necessary patches to address
    critical security updates :
    
      - fix CVE-2014-3567 - memory leak when handling session
        tickets
    
      - fix CVE-2014-3513 - memory leak in srtp support
    
      - add support for fallback SCSV to partially mitigate
        (CVE-2014-3566) (padding attack on SSL3)
    
      - add ECC TLS extensions to DTLS (#1119800)
    
      - fix CVE-2014-3505 - doublefree in DTLS packet processing
    
      - fix CVE-2014-3506 - avoid memory exhaustion in DTLS
    
      - fix CVE-2014-3507 - avoid memory leak in DTLS
    
      - fix CVE-2014-3508 - fix OID handling to avoid
        information leak
    
      - fix CVE-2014-3509 - fix race condition when parsing
        server hello
    
      - fix CVE-2014-3510 - fix DoS in anonymous (EC)DH handling
        in DTLS
    
      - fix CVE-2014-3511 - disallow protocol downgrade via
        fragmentation
    
      - fix CVE-2014-0224 fix that broke EAP-FAST session
        resumption support
    
      - drop EXPORT, RC2, and DES from the default cipher list
        (#1057520)
    
      - print ephemeral key size negotiated in TLS handshake
        (#1057715)
    
      - do not include ECC ciphersuites in SSLv2 client hello
        (#1090952)
    
      - properly detect encryption failure in BIO (#1100819)
    
      - fail on hmac integrity check if the .hmac file is empty
        (#1105567)
    
      - FIPS mode: make the limitations on DSA, DH, and RSA
        keygen length enforced only if
        OPENSSL_ENFORCE_MODULUS_BITS environment variable is set
    
      - fix CVE-2010-5298 - possible use of memory after free
    
      - fix CVE-2014-0195 - buffer overflow via invalid DTLS
        fragment
    
      - fix CVE-2014-0198 - possible NULL pointer dereference
    
      - fix CVE-2014-0221 - DoS from invalid DTLS handshake
        packet
    
      - fix CVE-2014-0224 - SSL/TLS MITM vulnerability
    
      - fix CVE-2014-3470 - client-side DoS when using anonymous
        ECDH
    
      - add back support for secp521r1 EC curve
    
      - fix CVE-2014-0160 - information disclosure in TLS
        heartbeat extension
    
      - use 2048 bit RSA key in FIPS selftests
    
      - add DH_compute_key_padded needed for FIPS CAVS testing
    
      - make 3des strength to be 128 bits instead of 168
        (#1056616)
    
      - FIPS mode: do not generate DSA keys and DH parameters <
        2048 bits
    
      - FIPS mode: use approved RSA keygen (allows only 2048 and
        3072 bit keys)
    
      - FIPS mode: add DH selftest
    
      - FIPS mode: reseed DRBG properly on RAND_add
    
      - FIPS mode: add RSA encrypt/decrypt selftest
    
      - FIPS mode: add hard limit for 2^32 GCM block encryptions
        with the same key
    
      - use the key length from configuration file if req
        -newkey rsa is invoked
    
      - fix CVE-2013-4353 - Invalid TLS handshake crash
    
      - fix CVE-2013-6450 - possible MiTM attack on DTLS1
    
      - fix CVE-2013-6449 - crash when version in SSL structure
        is incorrect
    
      - add back some no-op symbols that were inadvertently
        dropped"
      );
      # https://oss.oracle.com/pipermail/oraclevm-errata/2014-November/000240.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?e1e2973b"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected openssl package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:openssl");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:vm_server:3.3");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/12/23");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/11/06");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/26");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"OracleVM Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleVM/release", "Host/OracleVM/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/OracleVM/release");
    if (isnull(release) || "OVS" >!< release) audit(AUDIT_OS_NOT, "OracleVM");
    if (! preg(pattern:"^OVS" + "3\.3" + "(\.[0-9]|$)", string:release)) audit(AUDIT_OS_NOT, "OracleVM 3.3", "OracleVM " + release);
    if (!get_kb_item("Host/OracleVM/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "OracleVM", cpu);
    if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    flag = 0;
    if (rpm_check(release:"OVS3.3", reference:"openssl-1.0.1e-30.el6_6.2")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openssl");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idHP_VCA_SSRT101614-SLES.NASL
    descriptionThe RPM installation of HP Version Control Agent (VCA) on the remote Linux host is a version prior to 7.3.3. It is, therefore, affected by multiple vulnerabilities in the bundled version of SSL : - An error exists in the
    last seen2020-06-01
    modified2020-06-02
    plugin id77152
    published2014-08-12
    reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/77152
    titleHP Version Control Agent (VCA) < 7.3.3 Multiple SSL Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(77152);
      script_version("1.8");
      script_cvs_date("Date: 2018/09/17 21:46:53");
    
      script_cve_id(
        "CVE-2010-5298",
        "CVE-2014-0076",
        "CVE-2014-0195",
        "CVE-2014-0198",
        "CVE-2014-0221",
        "CVE-2014-0224",
        "CVE-2014-3470"
      );
      script_bugtraq_id(
        66801,
        66363,
        67900,
        67193,
        67901,
        67899,
        67898
      );
      script_xref(name:"CERT", value:"978508");
      script_xref(name:"HP", value:"SSRT101614");
      script_xref(name:"HP", value:"HPSBMU03057");
      script_xref(name:"HP", value:"emr_na-c04349897");
    
      script_name(english:"HP Version Control Agent (VCA) < 7.3.3 Multiple SSL Vulnerabilities");
      script_summary(english:"Checks the version of VCA installed.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote host contains software that is affected by multiple
    vulnerabilities related to SSL.");
      script_set_attribute(attribute:"description", value:
    "The RPM installation of HP Version Control Agent (VCA) on the remote
    Linux host is a version prior to 7.3.3. It is, therefore, affected by
    multiple vulnerabilities in the bundled version of SSL :
    
      - An error exists in the 'ssl3_read_bytes' function
        that permits data to be injected into other sessions
        or allows denial of service attacks. Note that this
        issue is exploitable only if SSL_MODE_RELEASE_BUFFERS
        is enabled. (CVE-2010-5298)
    
      - A flaw in the ECDS Algorithm implementation can
        be triggered using a FLUSH+RELOAD cache side-channel
        attack which may allow a malicious process to recover
        ECDSA nonces. (CVE-2014-0076)
    
      - A buffer overflow error exists related to invalid DTLS
        fragment handling that permits the execution of
        arbitrary code or allows denial of service attacks.
        Note that this issue only affects OpenSSL when used
        as a DTLS client or server. (CVE-2014-0195)
    
      - An error exists in the 'do_ssl3_write' function that
        permits a NULL pointer to be dereferenced, which could
        allow denial of service attacks. Note that this issue
        is exploitable only if SSL_MODE_RELEASE_BUFFERS is
        enabled. (CVE-2014-0198)
    
      - An error exists related to DTLS handshake handling that
        could allow denial of service attacks. Note that this
        issue only affects OpenSSL when used as a DTLS client.
        (CVE-2014-0221)
    
      - An error exists in the processing of ChangeCipherSpec
        messages that allows the usage of weak keying material.
        This permits simplified man-in-the-middle attacks to be
        done. (CVE-2014-0224)
    
      - An error exists in the 'dtls1_get_message_fragment'
        function related to anonymous ECDH cipher suites. This
        could allow denial of service attacks. Note that this
        issue only affects OpenSSL TLS clients. (CVE-2014-3470)");
      script_set_attribute(attribute:"solution", value:"Upgrade to VCA 7.3.3 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      # https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04349897-1
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d0e53fea");
      script_set_attribute(attribute:"see_also", value:"http://www.securityfocus.com/archive/1/532577/30/0/threaded");
    script_set_attribute(attribute:"vuln_publication_date", value:"2014/04/14");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/06/27");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/08/12");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:hp:version_control_agent");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"SuSE Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^SLES") audit(AUDIT_OS_NOT, "SuSE Linux Enterprise Server");
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    # These are the only versions the software is supported
    # however you can install it on later versions. So
    # only check non-supported versions if paranoia is on.
    if (
      report_paranoia < 2 &&
      !ereg(pattern:"SLES(8|9|10|11)($|[^0-9])", string:release)
    ) audit(AUDIT_OS_NOT, "SuSE Linux Enterprise Server 8 / 9 / 10 / 11");
    
    rpms = get_kb_item_or_exit("Host/SuSE/rpm-list");
    if ("hpvca-" >!< rpms) audit(AUDIT_PACKAGE_NOT_INSTALLED,"HP Version Control Agent");
    
    # Get the RPM version
    match = eregmatch(string:rpms, pattern:"(^|\n)hpvca-(\d+\.\d+\.\d+-\d+)");
    if (isnull(match)) audit(AUDIT_VER_FAIL,"HP Version Control Agent");
    
    version = match[2];
    version = ereg_replace(string:version, replace:".", pattern:"-");
    
    fix = "7.3.3.0";
    if (ver_compare(ver:version,fix:fix,strict:FALSE) < 0)
    {
      if (report_verbosity > 0)
      {
        report =
         '\n  Installed version : ' + version +
         '\n  Fixed version     : ' + fix +
         '\n';
        security_hole(port:0, extra:report);
      }
      else security_hole(0);
    }
    else audit(AUDIT_PACKAGE_NOT_AFFECTED, "HP Version Control Agent");
    
  • NASL familyMisc.
    NASL idMCAFEE_WEB_GATEWAY_SB10075.NASL
    descriptionThe remote host is running a version of McAfee Web Gateway (MWG) that is affected by multiple vulnerabilities due to flaws in the OpenSSL library : - An error exists in the function
    last seen2020-06-01
    modified2020-06-02
    plugin id76146
    published2014-06-19
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76146
    titleMcAfee Web Gateway Multiple OpenSSL Vulnerabilities (SB10075)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(76146);
      script_version("1.10");
      script_cvs_date("Date: 2019/11/26");
    
      script_cve_id(
        "CVE-2010-5298",
        "CVE-2014-0076",
        "CVE-2014-0195",
        "CVE-2014-0198",
        "CVE-2014-0221",
        "CVE-2014-0224",
        "CVE-2014-3470"
      );
      script_bugtraq_id(
        66363,
        66801,
        67193,
        67898,
        67899,
        67900,
        67901
      );
      script_xref(name:"CERT", value:"978508");
      script_xref(name:"IAVB", value:"2014-B-0077");
      script_xref(name:"MCAFEE-SB", value:"SB10075");
    
      script_name(english:"McAfee Web Gateway Multiple OpenSSL Vulnerabilities (SB10075)");
      script_summary(english:"Checks version of MWG.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote host is affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The remote host is running a version of McAfee Web Gateway (MWG) that
    is affected by multiple vulnerabilities due to flaws in the OpenSSL
    library :
    
      - An error exists in the function 'ssl3_read_bytes'
        that could allow data to be injected into other
        sessions or allow denial of service attacks. Note
        this issue is only exploitable if
        'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2010-5298)
    
      - An error exists related to the implementation of the
        Elliptic Curve Digital Signature Algorithm (ECDSA) that
        could allow nonce disclosure via the 'FLUSH+RELOAD'
        cache side-channel attack. (CVE-2014-0076)
    
      - A buffer overflow error exists related to invalid DTLS
        fragment handling that could lead to execution of
        arbitrary code. Note this issue only affects OpenSSL
        when used as a DTLS client or server. (CVE-2014-0195)
    
      - An error exists in the function 'do_ssl3_write' that
        could allow a NULL pointer to be dereferenced leading
        to denial of service attacks. Note this issue is
        exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is
        enabled. (CVE-2014-0198)
    
      - An error exists related to DTLS handshake handling that
        could lead to denial of service attacks. Note this
        issue only affects OpenSSL when used as a DTLS client.
        (CVE-2014-0221)
    
      - An unspecified error exists that could allow an
        attacker to cause usage of weak keying material
        leading to simplified man-in-the-middle attacks.
        (CVE-2014-0224)
    
      - An unspecified error exists related to anonymous ECDH
        ciphersuites that could allow denial of service
        attacks. Note this issue only affects OpenSSL TLS
        clients. (CVE-2014-3470)");
      script_set_attribute(attribute:"see_also", value:"https://kc.mcafee.com/corporate/index?page=content&id=SB10075");
      script_set_attribute(attribute:"see_also", value:"https://www.openssl.org/news/secadv/20140605.txt");
      script_set_attribute(attribute:"see_also", value:"http://www.openssl.org/news/vulnerabilities.html#CVE-2010-5298");
      script_set_attribute(attribute:"see_also", value:"https://www.openssl.org/news/vulnerabilities.html#2014-0076");
      script_set_attribute(attribute:"see_also", value:"http://www.openssl.org/news/vulnerabilities.html#CVE-2014-0198");
      script_set_attribute(attribute:"see_also", value:"https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0221");
      script_set_attribute(attribute:"see_also", value:"http://www.openssl.org/news/vulnerabilities.html#CVE-2014-0224");
      script_set_attribute(attribute:"see_also", value:"http://www.openssl.org/news/vulnerabilities.html#CVE-2014-3470");
      script_set_attribute(attribute:"solution", value:
    "Apply the relevant patch per the vendor advisory.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-0195");
    
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/06/05");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/06/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/19");
    
      script_set_attribute(attribute:"plugin_type", value:"combined");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:mcafee:web_gateway");
      script_set_attribute(attribute:"stig_severity", value:"I");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Misc.");
    
      script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("mcafee_web_gateway_detect.nbin");
      script_require_keys("Host/McAfee Web Gateway/Version", "Host/McAfee Web Gateway/Display Version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    
    app_name = "McAfee Web Gateway";
    version = get_kb_item_or_exit("Host/McAfee Web Gateway/Version");
    version_display = get_kb_item_or_exit("Host/McAfee Web Gateway/Display Version");
    fix = FALSE;
    
    if (version =~ "^7\.3\.")
    {
      fix = "7.3.2.10.0.17286";
      fix_display = "7.3.2.10 Build 17286";
    }
    else if (version =~ "^7\.4\.")
    {
      fix = "7.4.2.1.0.17293";
      fix_display = "7.4.2.1 Build 17293";
    }
    
    if (fix && ver_compare(ver:version, fix:fix, strict:FALSE) == -1)
    {
      if (report_verbosity > 0)
      {
        report =
          '\n  Installed version : ' + version_display +
          '\n  Fixed version     : ' + fix_display +
          '\n';
          security_warning(extra:report, port:0);
      }
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_INST_VER_NOT_VULN, app_name, version_display);
    
  • NASL familyWeb Servers
    NASL idTOMCAT_6_0_43.NASL
    descriptionAccording to its self-reported version number, the Apache Tomcat service listening on the remote host is 6.0.x prior to 6.0.43. It is, therefore, affected by the following vulnerabilities : - An error exists in the function
    last seen2020-03-18
    modified2015-03-05
    plugin id81649
    published2015-03-05
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81649
    titleApache Tomcat 6.0.x < 6.0.43 Multiple Vulnerabilities (POODLE)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(81649);
      script_version("1.14");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/11");
    
      script_cve_id(
        "CVE-2010-5298",
        "CVE-2014-0195",
        "CVE-2014-0198",
        "CVE-2014-0221",
        "CVE-2014-0224",
        "CVE-2014-3470",
        "CVE-2014-3505",
        "CVE-2014-3506",
        "CVE-2014-3507",
        "CVE-2014-3508",
        "CVE-2014-3509",
        "CVE-2014-3510",
        "CVE-2014-3511",
        "CVE-2014-3512",
        "CVE-2014-3513",
        "CVE-2014-3566",
        "CVE-2014-3567",
        "CVE-2014-3568",
        "CVE-2014-5139"
      );
      script_bugtraq_id(
        66801,
        67193,
        67898,
        67899,
        67900,
        67901,
        69075,
        69076,
        69077,
        69078,
        69079,
        69081,
        69082,
        69083,
        69084,
        70574,
        70584,
        70585,
        70586
      );
      script_xref(name:"CERT", value:"978508");
      script_xref(name:"CERT", value:"577193");
    
      script_name(english:"Apache Tomcat 6.0.x < 6.0.43 Multiple Vulnerabilities (POODLE)");
      script_summary(english:"Checks the Apache Tomcat Version.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Apache Tomcat server is affected by multiple
    vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "According to its self-reported version number, the Apache Tomcat
    service listening on the remote host is 6.0.x prior to 6.0.43. It is,
    therefore, affected by the following vulnerabilities :
    
      - An error exists in the function 'ssl3_read_bytes' that
        can allow data to be injected into other sessions or
        allow denial of service attacks. Note that this issue is
        exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is
        enabled. (CVE-2010-5298)
    
      - A buffer overflow error exists related to invalid DTLS
        fragment handling that can lead to the execution of
        arbitrary code. Note that this issue only affects
        OpenSSL when used as a DTLS client or server.
        (CVE-2014-0195)
    
      - An error exists in the function 'do_ssl3_write' that
        can allow a NULL pointer to be dereferenced leading to
        denial of service attacks. Note that this issue is
        exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is
        enabled. (CVE-2014-0198)
    
      - An error exists related to DTLS handshake handling that
        can lead to denial of service attacks. Note that this
        issue only affects OpenSSL when used as a DTLS client.
        (CVE-2014-0221)
    
      - An unspecified error exists in how ChangeCipherSpec
        messages are processed that can allow an attacker to
        cause usage of weak keying material, leading to
        simplified man-in-the-middle attacks. (CVE-2014-0224)
    
      - An unspecified error exists related to anonymous ECDH
        cipher suites that can allow denial of service attacks.
        Note that this issue only affects OpenSSL TLS clients.
        (CVE-2014-3470)
    
      - A memory double-free error exists in 'd1_both.c' related
        to handling DTLS packets that allows denial of service
        attacks. (CVE-2014-3505)
    
      - An unspecified error exists in 'd1_both.c' related to
        handling DTLS handshake messages that allows denial of
        service attacks due to large amounts of memory being
        consumed. (CVE-2014-3506)
    
      - A memory leak error exists in 'd1_both.c' related to
        handling specially crafted DTLS packets that allows
        denial of service attacks. (CVE-2014-3507)
    
      - An error exists in the 'OBJ_obj2txt' function when
        various 'X509_name_*' pretty printing functions are
        used, which leak process stack data, resulting in an
        information disclosure. (CVE-2014-3508)
    
      - An error exists related to 'ec point format extension'
        handling and multithreaded clients that allows freed
        memory to be overwritten during a resumed session.
        (CVE-2014-3509)
    
      - A NULL pointer dereference error exists related to
        handling anonymous ECDH cipher suites and crafted
        handshake messages that allows denial of service attacks
        against clients. (CVE-2014-3510)
    
      - An error exists related to handling fragmented
        'ClientHello' messages that allows a man-in-the-middle
        attacker to force usage of TLS 1.0 regardless of higher
        protocol levels being supported by both the server and
        the client. (CVE-2014-3511)
    
      - Buffer overflow errors exist in 'srp_lib.c' related to
        handling Secure Remote Password protocol (SRP)
        parameters, which can allow a denial of service or have
        other unspecified impact. (CVE-2014-3512)
    
      - A memory leak issue exists in 'd1_srtp.c' related to
        the DTLS SRTP extension handling and specially crafted
        handshake messages that can allow denial of service
        attacks. (CVE-2014-3513)
    
      - An error exists related to the way SSL 3.0 handles
        padding bytes when decrypting messages encrypted using
        block ciphers in cipher block chaining (CBC) mode.
        Man-in-the-middle attackers can decrypt a selected byte
        of a cipher text in as few as 256 tries if they are able
        to force a victim application to repeatedly send the
        same data over newly created SSL 3.0 connections. This
        is also known as the 'POODLE' issue. (CVE-2014-3566)
    
      - A memory leak issue exists in 't1_lib.c' related to
        session ticket handling that can allow denial of service
        attacks. (CVE-2014-3567)
    
      - An error exists related to the build configuration
        process and the 'no-ssl3' build option that allows
        servers and clients to process insecure SSL 3.0
        handshake messages. (CVE-2014-3568)
    
      - A NULL pointer dereference error exists in 't1_lib.c',
        related to handling Secure Remote Password protocol
        (SRP) ServerHello messages, which allows a malicious
        server to crash a client, resulting in a denial of
        service. (CVE-2014-5139)
    
    Note that Nessus has not attempted to exploit these issues but has
    instead relied only on the application's self-reported version number.");
      script_set_attribute(attribute:"see_also", value:"http://tomcat.apache.org/tomcat-6.0-doc/changelog.html");
      script_set_attribute(attribute:"see_also", value:"https://www.imperialviolet.org/2014/10/14/poodle.html");
      script_set_attribute(attribute:"see_also", value:"https://www.openssl.org/~bodo/ssl-poodle.pdf");
      script_set_attribute(attribute:"see_also", value:"https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00");
      script_set_attribute(attribute:"solution", value:"Update to Apache Tomcat version 6.0.43 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-3512");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/04/11");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/11/14");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/05");
    
      script_set_attribute(attribute:"plugin_type", value:"combined");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:apache:tomcat");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"agent", value:"all");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Web Servers");
    
      script_copyright(english:"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("tomcat_error_version.nasl", "os_fingerprint.nasl", "tomcat_win_installed.nbin", "apache_tomcat_nix_installed.nbin");
      script_require_keys("installed_sw/Apache Tomcat");
    
      exit(0);
    }
    
    include("tomcat_version.inc");
    
    tc_paranoia = FALSE;
    
    # Only fire on Windows if low paranoia
    if (report_paranoia < 2)
    {
      os = get_kb_item_or_exit("Host/OS");
      if ("Windows" >!< os) audit(AUDIT_OS_NOT, "Microsoft Windows");
      tc_paranoia = TRUE;
    }
    
    tomcat_check_version(fixed:"6.0.43", min:"6.0.0", severity:SECURITY_HOLE, granularity_regex:"^6(\.0)?$", paranoid:tc_paranoia);
    
    
  • NASL familyFTP
    NASL idCERBERUS_FTP_7_0_0_3.NASL
    descriptionThe version of Cerberus FTP Server on the remote host is version 6.x prior to 6.0.10.0 or version 7.x prior to 7.0.0.3. It is, therefore, affected by the following OpenSSL vulnerabilities : - An error exists in the
    last seen2020-06-01
    modified2020-06-02
    plugin id77004
    published2014-08-05
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77004
    titleCerberus FTP Server 6.x < 6.0.10.0 / 7.x < 7.0.0.3 Multiple OpenSSL Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(77004);
      script_version("1.9");
      script_cvs_date("Date: 2019/11/25");
    
      script_cve_id(
        "CVE-2010-5298",
        "CVE-2014-0195",
        "CVE-2014-0198",
        "CVE-2014-0221",
        "CVE-2014-0224",
        "CVE-2014-3470"
      );
      script_bugtraq_id(
        66801,
        67193,
        67898,
        67899,
        67900,
        67901
      );
      script_xref(name:"CERT", value:"978508");
    
      script_name(english:"Cerberus FTP Server 6.x < 6.0.10.0 / 7.x < 7.0.0.3 Multiple OpenSSL Vulnerabilities");
      script_summary(english:"Checks the version of the Cerberus FTP Server.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The FTP server installed on the remote Windows host is affected by
    multiple OpenSSL vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of Cerberus FTP Server on the remote host is version 6.x
    prior to 6.0.10.0 or version 7.x prior to 7.0.0.3. It is, therefore,
    affected by the following OpenSSL vulnerabilities :
    
      - An error exists in the 'ssl3_read_bytes' function
        that permits data to be injected into other sessions
        or allows denial of service attacks. Note that this
        issue is exploitable only if SSL_MODE_RELEASE_BUFFERS
        is enabled. (CVE-2010-5298)
    
      - A buffer overflow error exists related to invalid DTLS
        fragment handling that permits the execution of
        arbitrary code or allows denial of service attacks.
        Note that this issue only affects OpenSSL when used
        as a DTLS client or server. (CVE-2014-0195)
    
      - An error exists in the 'do_ssl3_write' function that
        permits a NULL pointer to be dereferenced, which could
        allow denial of service attacks. Note that this issue
        is exploitable only if SSL_MODE_RELEASE_BUFFERS is
        enabled. (CVE-2014-0198)
    
      - An error exists related to DTLS handshake handling that
        could allow denial of service attacks. Note that this
        issue only affects OpenSSL when used as a DTLS client.
        (CVE-2014-0221)
    
      - An error exists in the processing of ChangeCipherSpec
        messages that allows the usage of weak keying material.
        This permits simplified man-in-the-middle attacks to be
        done. (CVE-2014-0224)
    
      - An error exists in the 'dtls1_get_message_fragment'
        function related to anonymous ECDH cipher suites. This
        could allow denial of service attacks. Note that this
        issue only affects OpenSSL TLS clients. (CVE-2014-3470)");
      script_set_attribute(attribute:"see_also", value:"https://www.cerberusftp.com/products/releasenotes/");
      script_set_attribute(attribute:"see_also", value:"https://www.openssl.org/news/secadv/20140605.txt");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Cerberus FTP Server 6.0.10.0 / 7.0.0.3 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-0195");
    
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/06/05");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/06/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/08/05");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:cerberusftp:ftp_server");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"FTP");
    
      script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("cerberus_ftp_installed.nasl");
      script_require_keys("SMB/CerberusFTP/Installed");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    
    get_kb_item_or_exit("SMB/CerberusFTP/Installed");
    installs = get_kb_list_or_exit("SMB/CerberusFTP/*/version");
    
    kb_entry = branch(keys(installs));
    kb_base = kb_entry - "/version";
    
    ver  = get_kb_item_or_exit(kb_entry);
    file_name = get_kb_item_or_exit(kb_base + "/file");
    
    kb_pieces = split(kb_base, sep:"/");
    file = kb_pieces[2] + "\" + file_name;
    
    if (ver =~ "^7\." && ver_compare(ver:ver, fix:'7.0.0.3', strict:FALSE) < 0)
      fix = '7.0.0.3';
    else if (ver =~ "^6\." && ver_compare(ver:ver, fix:'6.0.10.0', strict:FALSE) < 0)
      fix = '6.0.10.0';
    else audit(AUDIT_INST_PATH_NOT_VULN, "Cerberus FTP Server", ver, file);
    
    port = get_kb_item("SMB/transport");
    if (!port) port = 445;
    
    if (report_verbosity > 0)
    {
      report =
        '\n  File              : ' + file +
        '\n  Installed version : ' + ver  +
        '\n  Fixed version     : ' + fix  +
        '\n';
      security_warning(port:port, extra:report);
    }
    else security_warning(port);
    
  • NASL familyMisc.
    NASL idHP_LASERJET_HPSBPI03107.NASL
    descriptionThe remote HP printer is affected by a security bypass vulnerability. The included OpenSSL library has a security bypass flaw in the handshake process. By using a specially crafted handshake, a remote attacker can force the use of weak keying material. This could be leveraged for a man-in-the-middle attack.
    last seen2020-06-01
    modified2020-06-02
    plugin id78110
    published2014-10-09
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78110
    titleHP Printers Security Bypass (HPSBPI03107)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(78110);
      script_version("1.7");
      script_cvs_date("Date: 2019/11/25");
    
      script_cve_id("CVE-2014-0224");
      script_bugtraq_id(67899);
      script_xref(name:"CERT", value:"978508");
      script_xref(name:"HP", value:"emr_na-c04451722");
      script_xref(name:"HP", value:"HPSBPI03107");
    
      script_name(english:"HP Printers Security Bypass (HPSBPI03107)");
      script_summary(english:"Checks the firmware datecode.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote printer is affected by a security bypass vulnerability.");
      script_set_attribute(attribute:"description", value:
    "The remote HP printer is affected by a security bypass vulnerability.
    The included OpenSSL library has a security bypass flaw in the
    handshake process. By using a specially crafted handshake, a remote
    attacker can force the use of weak keying material. This could be
    leveraged for a man-in-the-middle attack.");
      # https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c04451722
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f055628e");
      script_set_attribute(attribute:"solution", value:
    "Upgrade the firmware in accordance with the vendor's advisory.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-0224");
    
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/06/03");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/07/22");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/10/09");
    
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:hp:laserjet");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Misc.");
    
      script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("hp_pjl_version.nbin", "hp_laserjet_detect.nasl");
      script_require_ports("www/hp_laserjet/pname", "pjl/model");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    
    # Remove and fix words in the printer's name that don't match the list
    # on the Web site (designed to reduce false negatives). Also convert the
    # name to uppercase and remove spaces to make it as unlikely as possible that
    # we miss anything.
    function normalize_model(model)
    {
      local_var series_to_remove, series, words_to_remove, word;
    
      model = toupper(model);
    
      #Remove any the generic series number from product name
      series_to_remove = make_list(' 100 ', ' 300 ', ' 400 ', ' 500 ', ' 600 ', ' 700 ');
      foreach series(series_to_remove)
        model = str_replace(string:model, find:series, replace:' ');
    
      words_to_remove = make_list( 'COLOR', 'EDGELINE', 'ENTERPRISE', 'FLOW', 'HP', 'HOTSPOT', 'LASERJET', 'MFP', 'MULTIFUNCTION', 'PRINTER', 'PROFESSIONAL', 'PRO', 'SERIES', 'SCANJET', 'TOPSHOT', 'WITH', 'ALL', 'IN', 'ONE', 'DIGITAL', 'SENDER', '-', 'FN1', 'DOCUMENT', 'CAPTURE', 'WORKSTATION' );
      foreach word(words_to_remove)
        model = str_replace(string:model, find:word, replace:'');
    
      model = str_replace(string:model, find:' ', replace:'');
    
      return model;
    }
    
    port = get_service(svc:"jetdirect", exit_on_fail:TRUE);
    
    model = get_kb_item('pjl/model');
    if (!model) model = get_kb_item('www/hp_laserjet/pname');
    if (!model) exit(1, "Failed to get the HP model number.");
    
    firmware = int(get_kb_item('pjl/firmware'));
    if (!firmware) firmware = int(get_kb_item('www/hp_laserjet/fw'));
    if (!firmware) exit(1, "Failed to get the HP firmware version.");
    
    serial = get_kb_item('www/hp_laserjet/serial');
    if (!serial) serial = get_kb_item('pjl/serial');
    if (!serial) serial = "unknown";
    
    
    # From support.hp.com searches
    signing_firmware = make_array(
     #"HP LaserJet 400 MFP M425dn",     20140731, # <---- uncomment for testing
      "HP Color LaserJet CM4540 MFP",                                  20140731,
      "HP Color LaserJet CM4540f MFP",                                 20140731,
      "HP Color LaserJet CM4540fskm MFP",                              20140731,
      "HP Color LaserJet CP5525n",                                     20140731,
      "HP Color LaserJet CP5525dn",                                    20140731,
      "HP Color LaserJet CP5525xh",                                    20140731,
      "HP Color LaserJet Enterprise M750n",                            20140731,
      "HP Color LaserJet Enterprise M750dn",                           20140731,
      "HP Color LaserJet Enterprise M750xh",                           20140731,
      "HP Color LaserJet M651n",                                       20140731,
      "HP Color LaserJet M651dn",                                      20140731,
      "HP Color LaserJet M651xh",                                      20140731,
      "HP Color LaserJet M680f",                                       20140731,
      "HP Color LaserJet M680dn",                                      20140731,
      "HP Color LaserJet Flow M680z",                                  20140731,
      "HP LaserJet Enterprise 500 color MFP M575f",                    20140731,
      "HP LaserJet Enterprise 500 color MFP M575dn",                   20140731,
      "HP LaserJet Enterprise 500 MFP M525f",                          20140731,
      "HP LaserJet Enterprise 500 MFP M525dn",                         20140731,
      "HP LaserJet Enterprise 600 M601n",                              20140731,
      "HP LaserJet Enterprise 600 M601dn",                             20140731,
      "HP LaserJet Enterprise 600 M602n",                              20140731,
      "HP LaserJet Enterprise 600 M602dn",                             20140731,
      "HP LaserJet Enterprise 600 M602x",                              20140731,
      "HP LaserJet Enterprise 600 M603n",                              20140731,
      "HP LaserJet Enterprise 600 M603dn",                             20140731,
      "HP LaserJet Enterprise 600 M603xh",                             20140731,
      "HP LaserJet Enterprise MFP M630dn",                             20140731,
      "HP LaserJet Enterprise MFP M630f",                              20140731,
      "HP LaserJet Enterprise MFP M630h",                              20140731,
      "HP LaserJet Enterprise Flow MFP M630z",                         20140731,
      "HP LaserJet Enterprise 700 color M775dn",                       20140731,
      "HP LaserJet Enterprise 700 color M775f",                        20140731,
      "HP LaserJet Enterprise 700 color M775z",                        20140731,
      "HP LaserJet Enterprise 700 color M775z+",                       20140731,
      "HP LaserJet Enterprise 700 M712n",                              20140731,
      "HP LaserJet Enterprise 700 M712dn",                             20140731,
      "HP LaserJet Enterprise 700 M712xh",                             20140731,
      "HP LaserJet Enterprise 800 color M855dn",                       20140731,
      "HP LaserJet Enterprise 800 color M855xh",                       20140731,
      "HP LaserJet Enterprise 800 color M855x+",                       20140731,
      "HP LaserJet Enterprise 800 color MFP M880z",                    20140731,
      "HP LaserJet Enterprise 800 color MFP M880z+",                   20140731,
      "HP LaserJet Enterprise Color 500 M551n",                        20140731,
      "HP LaserJet Enterprise Color 500 M551dn",                       20140731,
      "HP LaserJet Enterprise Color 500 M551xh",                       20140731,
      "HP LaserJet Enterprise color flow MFP M575c",                   20140731,
      "HP LaserJet Enterprise flow M830z Multifunction Printer",       20140731,
      "HP LaserJet Enterprise flow MFP M525c",                         20140731,
      "HP LaserJet Enterprise M4555 MFP",                              20140731,
      "HP LaserJet Enterprise M4555f MFP",                             20140731,
      "HP LaserJet Enterprise M4555fskm MFP",                          20140731,
      "HP LaserJet Enterprise M4555h MFP",                             20140731,
      "HP LaserJet Enterprise M806dn",                                 20140731,
      "HP LaserJet Enterprise M806x+",                                 20140731,
      "HP LaserJet Enterprise MFP M725dn",                             20140731,
      "HP LaserJet Enterprise MFP M725z+",                             20140731,
      "HP LaserJet Enterprise MFP M725z",                              20140731,
      "HP LaserJet Enterprise MFP M725f",                              20140731,
      "HP Scanjet Enterprise 8500 fn1 Document Capture Workstation",   20140731,
      "HP Color LaserJet CP3525",                                      20140722,
      "HP Color LaserJet CP3525n",                                     20140722,
      "HP Color LaserJet CP3525x",                                     20140722,
      "HP Color LaserJet CP3525dn",                                    20140722,
      "HP LaserJet M4345 Multifunction Printer",                       20140722,
      "HP LaserJet M4345x Multifunction Printer",                      20140722,
      "HP LaserJet M4345xm Multifunction Printer",                     20140722,
      "HP LaserJet M4345xs Multifunction Printer",                     20140722,
      "HP LaserJet M5025 Multifunction Printer",                       20140722,
      "HP Color LaserJet CM6040 Multifunction Printer",                20140723,
      "HP Color LaserJet CM6040f Multifunction Printer",               20140723,
      "HP Color LaserJet Enterprise CP4525n",                          20140725,
      "HP Color LaserJet Enterprise CP4525dn",                         20140725,
      "HP Color LaserJet Enterprise CP4525xh",                         20140725,
      "HP Color LaserJet Enterprise CP4025n Printer",                  20140725,
      "HP Color LaserJet Enterprise CP4025dn Printer",                 20140725,
      "HP LaserJet M5035 Multifunction Printer",                       20140722,
      "HP LaserJet M5035x Multifunction Printer",                      20140722,
      "HP LaserJet M5035xs Multifunction Printer",                     20140722,
      "HP LaserJet M9050 Multifunction Printer",                       20140722,
      "HP LaserJet M9040 Multifunction Printer",                       20140722,
      "HP Color LaserJet CM4730 Multifunction Printer",                20140723,
      "HP Color LaserJet CM4730f Multifunction Printer",               20140723,
      "HP Color LaserJet CM4730fsk Multifunction Printer",             20140723,
      "HP Color LaserJet CM4730fm Multifunction Printer",              20140723,
      "HP LaserJet M3035 Multifunction Printer",                       20140722,
      "HP LaserJet M3035xs Multifunction Printer",                     20140722,
      "HP 9250c Digital Sender",                                       20140723,
      "HP LaserJet Enterprise P3015 Printer",                          20140723,
      "HP LaserJet Enterprise P3015d Printer",                         20140723,
      "HP LaserJet Enterprise P3015n Printer",                         20140723,
      "HP LaserJet Enterprise P3015dn Printer",                        20140723,
      "HP LaserJet Enterprise P3015x Printer",                         20140723,
      "HP LaserJet M3027 Multifunction Printer",                       20140722,
      "HP LaserJet M3027x Multifunction Printer",                      20140722,
      "HP LaserJet CM3530 Multifunction Printer",                      20140722,
      "HP LaserJet CM3530fs Multifunction Printer",                    20140722,
      "HP Color LaserJet CP6015dn Printer",                            20140725,
      "HP Color LaserJet CP6015n Printer",                             20140725,
      "HP Color LaserJet CP6015x Printer",                             20140725,
      "HP Color LaserJet CP6015xh Printer",                            20140725,
      "HP Color LaserJet CP6015de Printer",                            20140725,
      "HP LaserJet P4515n Printer",                                    20140723,
      "HP LaserJet P4515tn Printer",                                   20140723,
      "HP LaserJet P4515x Printer",                                    20140723,
      "HP LaserJet P4515xm Printer",                                   20140723,
      "HP Color LaserJet CM6030 Multifunction Printer",                20140723,
      "HP Color LaserJet CM6030f Multifunction Printer",               20140723,
      "HP LaserJet P4015n Printer",                                    20140723,
      "HP LaserJet P4015dn Printer",                                   20140723,
      "HP LaserJet P4015x Printer",                                    20140723,
      "HP LaserJet P4015tn Printer",                                   20140723,
      "HP LaserJet P4014 Printer",                                     20140723,
      "HP LaserJet P4014n Printer",                                    20140723,
      "HP LaserJet P4014dn Printer",                                   20140723
    );
    
    # Normalize the names of the models (to make it possible to look them up)
    fixed_signing_firmware = make_array();
    foreach f(keys(signing_firmware))
    {
      fixed_signing_firmware[normalize_model(model:f)] = signing_firmware[f];
    }
    signing_firmware = fixed_signing_firmware;
    
    # Figure out which firmware update the printer requires
    model_norm = normalize_model(model:model);
    update = signing_firmware[model_norm];
    
    # If we didn't find it in the list, this plugin doesn't apply
    if (isnull(update)) exit(0, "This printer model (" + model + ") does not appear to be affected.");
    
    # Check if the firmware version is vulnerable
    if (firmware < update)
    {
      if (report_verbosity > 0)
        security_warning(
          port:port,
          extra:
            '\n  Model             : ' + model +
            '\n  Serial number     : ' + serial +
            '\n  Installed version : ' + firmware +
            '\n  Fixed version     : ' + update +
            '\n'
        );
      else security_warning(port);
      exit(0);
    }
    audit(AUDIT_HOST_NOT, 'affected since firmware version ' + firmware + ' is installed');
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2014-0627.NASL
    descriptionUpdated openssl packages that fix one security issue are now available for Red Hat Enterprise Linux 4 Extended Life Cycle Support, Red Hat Enterprise Linux 5.6 Long Life, Red Hat Enterprise Linux 5.9 Extended Update Support, Red Hat Enterprise Linux 6.2 Advanced Update Support, and Red Hat Enterprise Linux 6.3 and 6.4 Extended Update Support. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. (CVE-2014-0224) Note: In order to exploit this flaw, both the server and the client must be using a vulnerable version of OpenSSL; the server must be using OpenSSL version 1.0.1 and above, and the client must be using any version of OpenSSL. For more information about this flaw, refer to: https://access.redhat.com/site/articles/904433 Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter of this issue. All OpenSSL users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.
    last seen2020-06-01
    modified2020-06-02
    plugin id79025
    published2014-11-08
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79025
    titleRHEL 4 / 5 / 6 : openssl (RHSA-2014:0627)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2014:0627. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(79025);
      script_version("1.15");
      script_cvs_date("Date: 2019/11/12");
    
      script_cve_id("CVE-2014-0224");
      script_bugtraq_id(67899);
      script_xref(name:"RHSA", value:"2014:0627");
    
      script_name(english:"RHEL 4 / 5 / 6 : openssl (RHSA-2014:0627)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated openssl packages that fix one security issue are now available
    for Red Hat Enterprise Linux 4 Extended Life Cycle Support, Red Hat
    Enterprise Linux 5.6 Long Life, Red Hat Enterprise Linux 5.9 Extended
    Update Support, Red Hat Enterprise Linux 6.2 Advanced Update Support,
    and Red Hat Enterprise Linux 6.3 and 6.4 Extended Update Support.
    
    The Red Hat Security Response Team has rated this update as having
    Important security impact. A Common Vulnerability Scoring System
    (CVSS) base score, which gives a detailed severity rating, is
    available from the CVE link in the References section.
    
    OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL
    v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a
    full-strength, general purpose cryptography library.
    
    It was found that OpenSSL clients and servers could be forced, via a
    specially crafted handshake packet, to use weak keying material for
    communication. A man-in-the-middle attacker could use this flaw to
    decrypt and modify traffic between a client and a server.
    (CVE-2014-0224)
    
    Note: In order to exploit this flaw, both the server and the client
    must be using a vulnerable version of OpenSSL; the server must be
    using OpenSSL version 1.0.1 and above, and the client must be using
    any version of OpenSSL. For more information about this flaw, refer
    to: https://access.redhat.com/site/articles/904433
    
    Red Hat would like to thank the OpenSSL project for reporting this
    issue. Upstream acknowledges KIKUCHI Masashi of Lepidum as the
    original reporter of this issue.
    
    All OpenSSL users are advised to upgrade to these updated packages,
    which contain a backported patch to correct this issue. For the update
    to take effect, all services linked to the OpenSSL library (such as
    httpd and other SSL-enabled services) must be restarted or the system
    rebooted."
      );
      # https://access.redhat.com/site/articles/904433
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/articles/904433"
      );
      # https://access.redhat.com/site/solutions/905793
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/solutions/905793"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2014:0627"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-0224"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:X/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openssl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openssl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openssl-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openssl-perl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openssl-static");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5.6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5.9");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6.2");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6.3");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6.4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/06/05");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/06/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/08");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(4|5\.6|5\.9|6)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 4.x / 5.6 / 5.9 / 6.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2014:0627";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {  sp = get_kb_item("Host/RedHat/minor_release");
      if (isnull(sp)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    
      flag = 0;
      if (rpm_check(release:"RHEL4", cpu:"i386", reference:"openssl-0.9.7a-43.22.el4")) flag++;
    
      if (rpm_check(release:"RHEL4", cpu:"i686", reference:"openssl-0.9.7a-43.22.el4")) flag++;
    
      if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"openssl-0.9.7a-43.22.el4")) flag++;
    
      if (rpm_check(release:"RHEL4", cpu:"i386", reference:"openssl-devel-0.9.7a-43.22.el4")) flag++;
    
      if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"openssl-devel-0.9.7a-43.22.el4")) flag++;
    
      if (rpm_check(release:"RHEL4", cpu:"i386", reference:"openssl-perl-0.9.7a-43.22.el4")) flag++;
    
      if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"openssl-perl-0.9.7a-43.22.el4")) flag++;
    
    
      if (rpm_check(release:"RHEL5", sp:"9", reference:"openssl-0.9.8e-26.el5_9.4")) flag++;
    
      if (rpm_check(release:"RHEL5", sp:"6", cpu:"i386", reference:"openssl-0.9.8e-12.el5_6.12")) flag++;
    
      if (rpm_check(release:"RHEL5", sp:"6", cpu:"i686", reference:"openssl-0.9.8e-12.el5_6.12")) flag++;
    
      if (rpm_check(release:"RHEL5", sp:"6", cpu:"x86_64", reference:"openssl-0.9.8e-12.el5_6.12")) flag++;
    
      if (rpm_check(release:"RHEL5", sp:"9", reference:"openssl-debuginfo-0.9.8e-26.el5_9.4")) flag++;
    
      if (rpm_check(release:"RHEL5", sp:"6", cpu:"i386", reference:"openssl-debuginfo-0.9.8e-12.el5_6.12")) flag++;
    
      if (rpm_check(release:"RHEL5", sp:"6", cpu:"i686", reference:"openssl-debuginfo-0.9.8e-12.el5_6.12")) flag++;
    
      if (rpm_check(release:"RHEL5", sp:"6", cpu:"x86_64", reference:"openssl-debuginfo-0.9.8e-12.el5_6.12")) flag++;
    
      if (rpm_check(release:"RHEL5", sp:"9", reference:"openssl-devel-0.9.8e-26.el5_9.4")) flag++;
    
      if (rpm_check(release:"RHEL5", sp:"6", cpu:"i386", reference:"openssl-devel-0.9.8e-12.el5_6.12")) flag++;
    
      if (rpm_check(release:"RHEL5", sp:"6", cpu:"x86_64", reference:"openssl-devel-0.9.8e-12.el5_6.12")) flag++;
    
      if (rpm_check(release:"RHEL5", sp:"6", cpu:"i386", reference:"openssl-perl-0.9.8e-12.el5_6.12")) flag++;
      if (rpm_check(release:"RHEL5", sp:"9", cpu:"i386", reference:"openssl-perl-0.9.8e-26.el5_9.4")) flag++;
    
      if (rpm_check(release:"RHEL5", sp:"9", cpu:"s390x", reference:"openssl-perl-0.9.8e-26.el5_9.4")) flag++;
    
      if (rpm_check(release:"RHEL5", sp:"6", cpu:"x86_64", reference:"openssl-perl-0.9.8e-12.el5_6.12")) flag++;
      if (rpm_check(release:"RHEL5", sp:"9", cpu:"x86_64", reference:"openssl-perl-0.9.8e-26.el5_9.4")) flag++;
    
    
      if (rpm_check(release:"RHEL6", sp:"4", reference:"openssl-1.0.0-27.el6_4.4")) flag++;
      if (rpm_check(release:"RHEL6", sp:"3", reference:"openssl-1.0.0-25.el6_3.3")) flag++;
    
    if (sp == "2") {   if (rpm_check(release:"RHEL6", sp:"2", cpu:"i686", reference:"openssl-1.0.0-20.el6_2.7")) flag++; }
      else { if (rpm_check(release:"RHEL6", cpu:"i686", reference:"openssl-1.0.0-27.el6_4.4")) flag++; }
    
    if (sp == "2") {   if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"openssl-1.0.0-20.el6_2.7")) flag++; }
      else { if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"openssl-1.0.0-27.el6_4.4")) flag++; }
    
      if (rpm_check(release:"RHEL6", sp:"4", reference:"openssl-debuginfo-1.0.0-27.el6_4.4")) flag++;
    
    if (sp == "2") {   if (rpm_check(release:"RHEL6", sp:"2", cpu:"i686", reference:"openssl-debuginfo-1.0.0-20.el6_2.7")) flag++; }
      else { if (rpm_check(release:"RHEL6", cpu:"i686", reference:"openssl-debuginfo-1.0.0-27.el6_4.4")) flag++; }
    
      if (rpm_check(release:"RHEL6", sp:"3", cpu:"s390", reference:"openssl-debuginfo-1.0.0-25.el6_3.3")) flag++;
    
      if (rpm_check(release:"RHEL6", sp:"3", cpu:"s390x", reference:"openssl-debuginfo-1.0.0-25.el6_3.3")) flag++;
    
    if (sp == "2") {   if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"openssl-debuginfo-1.0.0-20.el6_2.7")) flag++; }
      else { if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"openssl-debuginfo-1.0.0-27.el6_4.4")) flag++; }
    
      if (rpm_check(release:"RHEL6", sp:"4", reference:"openssl-devel-1.0.0-27.el6_4.4")) flag++;
      if (rpm_check(release:"RHEL6", sp:"3", reference:"openssl-devel-1.0.0-25.el6_3.3")) flag++;
    
    if (sp == "2") {   if (rpm_check(release:"RHEL6", sp:"2", cpu:"i686", reference:"openssl-devel-1.0.0-20.el6_2.7")) flag++; }
      else { if (rpm_check(release:"RHEL6", cpu:"i686", reference:"openssl-devel-1.0.0-27.el6_4.4")) flag++; }
    
    if (sp == "2") {   if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"openssl-devel-1.0.0-20.el6_2.7")) flag++; }
      else { if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"openssl-devel-1.0.0-27.el6_4.4")) flag++; }
    
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"i686", reference:"openssl-perl-1.0.0-27.el6_4.4")) flag++;
      if (rpm_check(release:"RHEL6", sp:"3", cpu:"i686", reference:"openssl-perl-1.0.0-25.el6_3.3")) flag++;
    
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"s390x", reference:"openssl-perl-1.0.0-27.el6_4.4")) flag++;
      if (rpm_check(release:"RHEL6", sp:"3", cpu:"s390x", reference:"openssl-perl-1.0.0-25.el6_3.3")) flag++;
    
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"openssl-perl-1.0.0-27.el6_4.4")) flag++;
      if (rpm_check(release:"RHEL6", sp:"3", cpu:"x86_64", reference:"openssl-perl-1.0.0-25.el6_3.3")) flag++;
      if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"openssl-perl-1.0.0-20.el6_2.7")) flag++;
    
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"i686", reference:"openssl-static-1.0.0-27.el6_4.4")) flag++;
      if (rpm_check(release:"RHEL6", sp:"3", cpu:"i686", reference:"openssl-static-1.0.0-25.el6_3.3")) flag++;
    
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"s390x", reference:"openssl-static-1.0.0-27.el6_4.4")) flag++;
      if (rpm_check(release:"RHEL6", sp:"3", cpu:"s390x", reference:"openssl-static-1.0.0-25.el6_3.3")) flag++;
    
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"openssl-static-1.0.0-27.el6_4.4")) flag++;
      if (rpm_check(release:"RHEL6", sp:"3", cpu:"x86_64", reference:"openssl-static-1.0.0-25.el6_3.3")) flag++;
      if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"openssl-static-1.0.0-20.el6_2.7")) flag++;
    
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openssl / openssl-debuginfo / openssl-devel / openssl-perl / etc");
      }
    }
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2014-0680.NASL
    descriptionFrom Red Hat Security Advisory 2014:0680 : Updated openssl098e packages that fix one security issue are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. (CVE-2014-0224) Note: In order to exploit this flaw, both the server and the client must be using a vulnerable version of OpenSSL; the server must be using OpenSSL version 1.0.1 and above, and the client must be using any version of OpenSSL. For more information about this flaw, refer to: https://access.redhat.com/site/articles/904433 Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter of this issue. All OpenSSL users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.
    last seen2020-06-01
    modified2020-06-02
    plugin id76730
    published2014-07-24
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76730
    titleOracle Linux 7 : openssl098e (ELSA-2014-0680)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2014:0680 and 
    # Oracle Linux Security Advisory ELSA-2014-0680 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(76730);
      script_version("1.9");
      script_cvs_date("Date: 2019/11/12");
    
      script_cve_id("CVE-2014-0224");
      script_bugtraq_id(67899);
      script_xref(name:"RHSA", value:"2014:0680");
    
      script_name(english:"Oracle Linux 7 : openssl098e (ELSA-2014-0680)");
      script_summary(english:"Checks rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "From Red Hat Security Advisory 2014:0680 :
    
    Updated openssl098e packages that fix one security issue are now
    available for Red Hat Enterprise Linux 7.
    
    The Red Hat Security Response Team has rated this update as having
    Important security impact. A Common Vulnerability Scoring System
    (CVSS) base score, which gives a detailed severity rating, is
    available from the CVE link in the References section.
    
    OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL
    v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a
    full-strength, general purpose cryptography library.
    
    It was found that OpenSSL clients and servers could be forced, via a
    specially crafted handshake packet, to use weak keying material for
    communication. A man-in-the-middle attacker could use this flaw to
    decrypt and modify traffic between a client and a server.
    (CVE-2014-0224)
    
    Note: In order to exploit this flaw, both the server and the client
    must be using a vulnerable version of OpenSSL; the server must be
    using OpenSSL version 1.0.1 and above, and the client must be using
    any version of OpenSSL. For more information about this flaw, refer
    to: https://access.redhat.com/site/articles/904433
    
    Red Hat would like to thank the OpenSSL project for reporting this
    issue. Upstream acknowledges KIKUCHI Masashi of Lepidum as the
    original reporter of this issue.
    
    All OpenSSL users are advised to upgrade to these updated packages,
    which contain a backported patch to correct this issue. For the update
    to take effect, all services linked to the OpenSSL library (such as
    httpd and other SSL-enabled services) must be restarted or the system
    rebooted."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2014-July/004273.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected openssl098e package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:X/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:openssl098e");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/06/05");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/07/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/07/24");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 7", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    flag = 0;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"openssl098e-0.9.8e-29.el7_0.2")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openssl098e");
    }
    
  • NASL familyCGI abuses
    NASL idHP_ONEVIEW_1_10.NASL
    descriptionThe version of HP OneView installed on the remote host is 1.0, 1.01, or 1.05. It is, therefore, affected by the following vulnerabilities related to the included OpenSSL libraries : - An error exists in the function
    last seen2020-06-01
    modified2020-06-02
    plugin id76776
    published2014-07-24
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76776
    titleHP OneView < 1.10 OpenSSL Multiple Vulnerabilities (HPSBGN03068)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(76776);
      script_version("1.10");
      script_cvs_date("Date: 2019/11/26");
    
      script_cve_id("CVE-2010-5298", "CVE-2014-0198", "CVE-2014-0224");
      script_bugtraq_id(66801, 67193, 67899);
      script_xref(name:"CERT", value:"978508");
      script_xref(name:"HP", value:"emr_na-c04368264");
      script_xref(name:"HP", value:"HPSBGN03068");
      script_xref(name:"HP", value:"SSRT101004");
    
      script_name(english:"HP OneView < 1.10 OpenSSL Multiple Vulnerabilities (HPSBGN03068)");
      script_summary(english:"Checks the version of HP OneView.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote host has an application installed that is affected by
    multiple OpenSSL related vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of HP OneView installed on the remote host is 1.0, 1.01,
    or 1.05. It is, therefore, affected by the following vulnerabilities
    related to the included OpenSSL libraries :
    
      - An error exists in the function 'ssl3_read_bytes'
        that could allow data to be injected into other
        sessions or allow denial of service attacks. Note
        this issue is only exploitable if
        'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2010-5298)
    
      - An error exists in the function 'do_ssl3_write' that
        could allow a NULL pointer to be dereferenced leading
        to denial of service attacks. Note this issue is
        exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is
        enabled. (CVE-2014-0198)
    
      - An unspecified error exists that could allow an
        attacker to cause usage of weak keying material
        leading to simplified man-in-the-middle attacks.
        (CVE-2014-0224)");
      # https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04368264
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?4400eebb");
      script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/532783/30/0/threaded");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to HP OneView 1.10 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-0224");
    
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2010/02/09");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/07/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/07/24");
    
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:hp:oneview");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"CGI abuses");
    
      script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("hp_oneview_detect.nbin");
      script_require_keys("www/hp_oneview");
      script_require_ports("Services/www", 80, 443);
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("http.inc");
    include("webapp_func.inc");
    
    port = get_http_port(default:443);
    
    install = get_install_from_kb(appname:'hp_oneview', port:port, exit_on_fail:TRUE);
    
    appname = 'HP OneView';
    dir = install['dir'];
    install_loc = build_url(port:port, qs:dir + "/");
    
    version = install["ver"];
    if (version == UNKNOWN_VER)  audit(AUDIT_UNKNOWN_WEB_APP_VER, appname, install_loc);
    
    if ('build' >< version)
    {
      ver = version - strstr(version, ' build');
    }
    
    if (
      ver =~ '^1\\.0(0)?$' ||
      ver =~ '^1\\.01$' ||
      ver =~ '^1\\.05$'
    )
    {
      if (report_verbosity > 0)
      {
        report =
          '\n  URL               : ' + install_loc +
          '\n  Installed version : ' + ver +
          '\n  Fixed version     : 1.10\n';
        security_warning(port:port, extra:report);
      }
      else security_warning(port);
      exit(0);
    }
    else audit(AUDIT_WEB_APP_NOT_AFFECTED, appname, install_loc, ver);
    
  • NASL familyWindows
    NASL idHP_VCA_SSRT101614.NASL
    descriptionThe installation of HP Version Control Agent (VCA) on the remote Windows host is a version prior to 7.3.3. It is, therefore, affected by multiple vulnerabilities in the bundled version of SSL : - An error exists in the
    last seen2020-06-01
    modified2020-06-02
    plugin id77150
    published2014-08-12
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77150
    titleHP Version Control Agent (VCA) < 7.3.3 Multiple SSL Vulnerabilities
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2014-0629.NASL
    descriptionAn updated rhev-hypervisor6 package that fixes two security issues is now available. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. (CVE-2014-0224) Note: In order to exploit this flaw, both the server and the client must be using a vulnerable version of OpenSSL; the server must be using OpenSSL version 1.0.1 and above, and the client must be using any version of OpenSSL. For more information about this flaw, refer to: https://access.redhat.com/site/articles/904433 A flaw was found in the way the handle_rx() function handled large network packets when mergeable buffers were disabled. A privileged guest user could use this flaw to crash the host or corrupt QEMU process memory on the host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process. (CVE-2014-0077) Red Hat would like to thank the OpenSSL project for reporting CVE-2014-0224. Upstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter of CVE-2014-0224. The CVE-2014-0077 issue was discovered by Michael S. Tsirkin of Red Hat. This updated package provides updated components that include fixes for various security issues. These issues have no security impact on Red Hat Enterprise Virtualization Hypervisor itself, however. The security fixes included in this update address the following CVE numbers : CVE-2014-0015 and CVE-2014-0138 (curl issues) CVE-2014-2523 and CVE-2013-6383 (kernel issues) CVE-2014-0179 (libvirt issue) CVE-2010-5298, CVE-2014-0198, CVE-2014-0221, CVE-2014-0195, and CVE-2014-3470 (openssl issues) Users of the Red Hat Enterprise Virtualization Hypervisor are advised to upgrade to this updated package, which corrects these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id79027
    published2014-11-08
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79027
    titleRHEL 6 : rhev-hypervisor6 (RHSA-2014:0629)
  • NASL familyMisc.
    NASL idJUNOS_PULSE_JSA10629.NASL
    descriptionAccording to its self-reported version, the version of IVE / UAC OS running on the remote host is affected by multiple vulnerabilities : - An error exists in the function
    last seen2020-06-01
    modified2020-06-02
    plugin id76124
    published2014-06-18
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76124
    titleJunos Pulse Secure Access IVE / UAC OS Multiple OpenSSL Vulnerabilities (JSA10629)
  • NASL familyWindows
    NASL idCISCO_ANYCONNECT_3_1_5170.NASL
    descriptionThe remote host has a version of Cisco AnyConnect prior to 3.1(5170). It is, therefore, potentially affected by the following vulnerabilities : - An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA) that could allow nonce disclosure via the
    last seen2020-06-01
    modified2020-06-02
    plugin id76491
    published2014-07-14
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76491
    titleCisco AnyConnect Secure Mobility Client 2.x / 3.x < 3.1(5170) Multiple OpenSSL Vulnerabilities
  • NASL familyWindows
    NASL idHP_SYSTEMS_INSIGHT_MANAGER_73_HOTFIX_34.NASL
    descriptionThe version of HP Systems Insight Manager installed on the remote Windows host is affected by the following vulnerabilities in the included OpenSSL library : - An error exists in the function
    last seen2020-06-01
    modified2020-06-02
    plugin id77020
    published2014-08-06
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77020
    titleHP Systems Insight Manager 7.2.x < 7.2 Hotfix 37 / 7.3.x < 7.3 Hotfix 34 OpenSSL Multiple Vulnerabilities
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2014-0628.NASL
    descriptionUpdated openssl packages that fix multiple security issues are now available for Red Hat Storage 2.1. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. (CVE-2014-0224) Note: In order to exploit this flaw, both the server and the client must be using a vulnerable version of OpenSSL; the server must be using OpenSSL version 1.0.1 and above, and the client must be using any version of OpenSSL. For more information about this flaw, refer to: https://access.redhat.com/site/articles/904433 A buffer overflow flaw was found in the way OpenSSL handled invalid DTLS packet fragments. A remote attacker could possibly use this flaw to execute arbitrary code on a DTLS client or server. (CVE-2014-0195) Multiple flaws were found in the way OpenSSL handled read and write buffers when the SSL_MODE_RELEASE_BUFFERS mode was enabled. A TLS/SSL client or server using OpenSSL could crash or unexpectedly drop connections when processing certain SSL traffic. (CVE-2010-5298, CVE-2014-0198) A denial of service flaw was found in the way OpenSSL handled certain DTLS ServerHello requests. A specially crafted DTLS handshake packet could cause a DTLS client using OpenSSL to crash. (CVE-2014-0221) A NULL pointer dereference flaw was found in the way OpenSSL performed anonymous Elliptic Curve Diffie Hellman (ECDH) key exchange. A specially crafted handshake packet could cause a TLS/SSL client that has the anonymous ECDH cipher suite enabled to crash. (CVE-2014-3470) Red Hat would like to thank the OpenSSL project for reporting these issues. Upstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter of CVE-2014-0224, Juri Aedla as the original reporter of CVE-2014-0195, Imre Rad of Search-Lab as the original reporter of CVE-2014-0221, and Felix Grobert and Ivan Fratric of Google as the original reporters of CVE-2014-3470. All OpenSSL users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.
    last seen2020-06-01
    modified2020-06-02
    plugin id79026
    published2014-11-08
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79026
    titleRHEL 6 : Storage Server (RHSA-2014:0628)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2014-0679.NASL
    descriptionFrom Red Hat Security Advisory 2014:0679 : Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. (CVE-2014-0224) Note: In order to exploit this flaw, both the server and the client must be using a vulnerable version of OpenSSL; the server must be using OpenSSL version 1.0.1 and above, and the client must be using any version of OpenSSL. For more information about this flaw, refer to: https://access.redhat.com/site/articles/904433 A buffer overflow flaw was found in the way OpenSSL handled invalid DTLS packet fragments. A remote attacker could possibly use this flaw to execute arbitrary code on a DTLS client or server. (CVE-2014-0195) Multiple flaws were found in the way OpenSSL handled read and write buffers when the SSL_MODE_RELEASE_BUFFERS mode was enabled. A TLS/SSL client or server using OpenSSL could crash or unexpectedly drop connections when processing certain SSL traffic. (CVE-2010-5298, CVE-2014-0198) A denial of service flaw was found in the way OpenSSL handled certain DTLS ServerHello requests. A specially crafted DTLS handshake packet could cause a DTLS client using OpenSSL to crash. (CVE-2014-0221) A NULL pointer dereference flaw was found in the way OpenSSL performed anonymous Elliptic Curve Diffie Hellman (ECDH) key exchange. A specially crafted handshake packet could cause a TLS/SSL client that has the anonymous ECDH cipher suite enabled to crash. (CVE-2014-3470) Red Hat would like to thank the OpenSSL project for reporting these issues. Upstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter of CVE-2014-0224, Juri Aedla as the original reporter of CVE-2014-0195, Imre Rad of Search-Lab as the original reporter of CVE-2014-0221, and Felix Grobert and Ivan Fratric of Google as the original reporters of CVE-2014-3470. All OpenSSL users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.
    last seen2020-06-01
    modified2020-06-02
    plugin id76729
    published2014-07-24
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76729
    titleOracle Linux 7 : openssl (ELSA-2014-0679)
  • NASL familyFirewalls
    NASL idPFSENSE_SA-14_07.NASL
    descriptionAccording to its self-reported version number, the remote pfSense install is a version prior to 2.1.4 It is, therefore, affected by multiple vulnerabilities.
    last seen2020-06-01
    modified2020-06-02
    plugin id108515
    published2018-03-21
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/108515
    titlepfSense < 2.1.4 Multiple Vulnerabilities ( SA-14_07 )
  • NASL familyWindows
    NASL idFORTICLIENT_5_0_10.NASL
    descriptionFortiClient, a client-based software solution intended to provide security features for enterprise computers and mobile devices, is installed on the remote Windows host. The installed FortiClient version uses a vulnerable OpenSSL library that contains a flaw with the handshake process. The flaw could allow an attacker to cause usage of weak keying material leading to simplified man-in-the-middle attacks.
    last seen2020-06-01
    modified2020-06-02
    plugin id76535
    published2014-07-16
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76535
    titleFortinet FortiClient OpenSSL Security Bypass
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2014-0624.NASL
    descriptionUpdated openssl packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. (CVE-2014-0224) Note: In order to exploit this flaw, both the server and the client must be using a vulnerable version of OpenSSL; the server must be using OpenSSL version 1.0.1 and above, and the client must be using any version of OpenSSL. For more information about this flaw, refer to: https://access.redhat.com/site/articles/904433 Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter of this issue. All OpenSSL users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.
    last seen2020-06-01
    modified2020-06-02
    plugin id74346
    published2014-06-06
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74346
    titleRHEL 5 : openssl (RHSA-2014:0624)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_LIBREOFFICE_423.NASL
    descriptionA version of LibreOffice 4.2.x prior to 4.2.3 is installed on the remote Mac OS X host. This version of LibreOffice is bundled with a version of OpenSSL affected by multiple vulnerabilities : - An error exists in the function
    last seen2020-06-01
    modified2020-06-02
    plugin id76511
    published2014-07-15
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76511
    titleLibreOffice 4.2.x < 4.2.3 OpenSSL Multiple Vulnerabilities (Mac OS X) (Heartbleed)
  • NASL familyWindows
    NASL idORACLE_VIRTUALBOX_JAN_2015_CPU.NASL
    descriptionThe remote host contains a version of Oracle VM VirtualBox that is prior to 3.2.26 / 4.0.28 / 4.1.36 / 4.2.28 / 4.3.20. It is, therefore, affected by multiple vulnerabilities in the following subcomponents : - Core - OpenSSL - VMSVGA device
    last seen2020-06-01
    modified2020-06-02
    plugin id80915
    published2015-01-22
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/80915
    titleOracle VM VirtualBox < 3.2.26 / 4.0.28 / 4.1.36 / 4.2.28 / 4.3.20 Multiple Vulnerabilities (January 2015 CPU)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2014-0040.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - add support for fallback SCSV to partially mitigate (CVE-2014-3566) (padding attack on SSL3) - fix CVE-2014-0221 - recursion in DTLS code leading to DoS - fix CVE-2014-3505 - doublefree in DTLS packet processing - fix CVE-2014-3506 - avoid memory exhaustion in DTLS - fix CVE-2014-3508 - fix OID handling to avoid information leak - fix CVE-2014-3510 - fix DoS in anonymous (EC)DH handling in DTLS - fix for CVE-2014-0224 - SSL/TLS MITM vulnerability - replace expired GlobalSign Root CA certificate in ca-bundle.crt
    last seen2020-06-01
    modified2020-06-02
    plugin id79555
    published2014-11-26
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79555
    titleOracleVM 2.2 : openssl (OVMSA-2014-0040) (POODLE)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2014-0625.NASL
    descriptionFrom Red Hat Security Advisory 2014:0625 : Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. (CVE-2014-0224) Note: In order to exploit this flaw, both the server and the client must be using a vulnerable version of OpenSSL; the server must be using OpenSSL version 1.0.1 and above, and the client must be using any version of OpenSSL. For more information about this flaw, refer to: https://access.redhat.com/site/articles/904433 A buffer overflow flaw was found in the way OpenSSL handled invalid DTLS packet fragments. A remote attacker could possibly use this flaw to execute arbitrary code on a DTLS client or server. (CVE-2014-0195) Multiple flaws were found in the way OpenSSL handled read and write buffers when the SSL_MODE_RELEASE_BUFFERS mode was enabled. A TLS/SSL client or server using OpenSSL could crash or unexpectedly drop connections when processing certain SSL traffic. (CVE-2010-5298, CVE-2014-0198) A denial of service flaw was found in the way OpenSSL handled certain DTLS ServerHello requests. A specially crafted DTLS handshake packet could cause a DTLS client using OpenSSL to crash. (CVE-2014-0221) A NULL pointer dereference flaw was found in the way OpenSSL performed anonymous Elliptic Curve Diffie Hellman (ECDH) key exchange. A specially crafted handshake packet could cause a TLS/SSL client that has the anonymous ECDH cipher suite enabled to crash. (CVE-2014-3470) Red Hat would like to thank the OpenSSL project for reporting these issues. Upstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter of CVE-2014-0224, Juri Aedla as the original reporter of CVE-2014-0195, Imre Rad of Search-Lab as the original reporter of CVE-2014-0221, and Felix Grobert and Ivan Fratric of Google as the original reporters of CVE-2014-3470. All OpenSSL users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.
    last seen2020-06-01
    modified2020-06-02
    plugin id74344
    published2014-06-06
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74344
    titleOracle Linux 6 : openssl (ELSA-2014-0625)
  • NASL familyCISCO
    NASL idCISCO_TELEPRESENCE_MCU_CSCUP23994.NASL
    descriptionThe remote Cisco TelePresence MCU device is running a software version known to be affected by multiple OpenSSL related vulnerabilities : - An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA) that could allow nonce disclosure via the
    last seen2020-06-01
    modified2020-06-02
    plugin id76131
    published2014-06-18
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76131
    titleCisco TelePresence MCU Series Devices Multiple Vulnerabilities in OpenSSL
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_VMWARE_OVFTOOL_VMSA_2014_0006.NASL
    descriptionThe version of VMware OVF (Open Virtualization Format) Tool installed on the remote Mac OS X host is version 3.x prior to 3.5.2. It is, therefore, affected by multiple vulnerabilities in the bundled version of OpenSSL : - An error exists in the
    last seen2020-06-01
    modified2020-06-02
    plugin id77331
    published2014-08-20
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77331
    titleVMware OVF Tool 3.x < 3.5.2 Multiple OpenSSL Vulnerabilities (VMSA-2014-0006) (Mac OS X)
  • NASL familyMisc.
    NASL idVMWARE_VCENTER_SERVER_APPLIANCE_2014-0006.NASL
    descriptionThe version of VMware vCenter Server Appliance installed on the remote host is 5.0 prior to 5.0 Update 3a, 5.1 prior to 5.1 Update 2a, or 5.5 prior to 5.5 Update 1b. It is, therefore, affected by multiple vulnerabilities in the bundled OpenSSL library : - An error exists in the function
    last seen2020-06-01
    modified2020-06-02
    plugin id76495
    published2014-07-14
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76495
    titleVMware vCenter Server Appliance Multiple Vulnerabilities (VMSA-2014-0006)
  • NASL familyWindows
    NASL idVMWARE_PLAYER_MULTIPLE_VMSA_2014-0006.NASL
    descriptionThe version of VMware Player installed on the remote host is version 5.x prior to 5.0.4 or 6.x prior to 6.0.3. It is, therefore, affected by the following vulnerabilities in the OpenSSL library : - An error exists in the function
    last seen2020-06-01
    modified2020-06-02
    plugin id76454
    published2014-07-10
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76454
    titleVMware Player < 5.0.4 / 6.0.3 OpenSSL Library Multiple Vulnerabilities (Windows)
  • NASL familyWindows
    NASL idVMWARE_WORKSTATION_MULTIPLE_VMSA_2014_0006.NASL
    descriptionThe version of VMware Workstation installed on the remote host is version 9.x prior to 9.0.4 or 10.x prior to 10.0.3. It is, therefore, affected by the following vulnerabilities in the OpenSSL library : - An error exists in the function
    last seen2020-06-01
    modified2020-06-02
    plugin id76456
    published2014-07-10
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76456
    titleVMware Workstation < 9.0.4 / 10.0.3 OpenSSL Library Multiple Vulnerabilities (Windows)
  • NASL familyMisc.
    NASL idVMWARE_ESXI_5_1_BUILD_1900470_REMOTE.NASL
    descriptionThe remote VMware ESXi host is version 5.1 prior to build 1900470. It is, therefore, affected by the following vulnerabilities in the OpenSSL library : - An error exists in the function
    last seen2020-06-01
    modified2020-06-02
    plugin id76203
    published2014-06-24
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76203
    titleESXi 5.1 < Build 1900470 OpenSSL Library Multiple Vulnerabilities (remote check)
  • NASL familyVMware ESX Local Security Checks
    NASL idVMWARE_VMSA-2014-0006.NASL
    descriptiona. OpenSSL update for multiple products. OpenSSL libraries have been updated in multiple products to versions 0.9.8za and 1.0.1h in order to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2014-0224, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470, CVE-2014-0221 and CVE-2014-0195 to these issues. The most important of these issues is CVE-2014-0224. CVE-2014-0198, CVE-2010-5298 and CVE-2014-3470 are considered to be of moderate severity. Exploitation is highly unlikely or is mitigated due to the application configuration. CVE-2014-0221 and CVE-2014-0195, which are listed in the OpenSSL Security Advisory (see Reference section below), do not affect any VMware products. CVE-2014-0224 may lead to a Man-in-the-Middle attack if a server is running a vulnerable version of OpenSSL 1.0.1 and clients are running a vulnerable version of OpenSSL 0.9.8 or 1.0.1. Updating the server will mitigate this issue for both the server and all affected clients. CVE-2014-0224 may affect products differently depending on whether the product is acting as a client or a server and of which version of OpenSSL the product is using. For readability the affected products have been split into 3 tables below, based on the different client-server configurations and deployment scenarios. MITIGATIONS Clients that communicate with a patched or non-vulnerable server are not vulnerable to CVE-2014-0224. Applying these patches to affected servers will mitigate the affected clients (See Table 1 below). Clients that communicate over untrusted networks such as public Wi-Fi and communicate to a server running a vulnerable version of OpenSSL 1.0.1. can be mitigated by using a secure network such as VPN (see Table 2 below). Clients and servers that are deployed on an isolated network are less exposed to CVE-2014-0224 (see Table 3 below). The affected products are typically deployed to communicate over the management network. RECOMMENDATIONS VMware recommends customers evaluate and deploy patches for affected Servers in Table 1 below as these patches become available. Patching these servers will remove the ability to exploit the vulnerability described in CVE-2014-0224 on both clients and servers. VMware recommends customers consider applying patches to products listed in Table 2 &amp; 3 as required. Column 4 of the following tables lists the action required to remediate the vulnerability in each release, if a solution is available. Table 1 ======= Affected servers running a vulnerable version of OpenSSL 1.0.1.
    last seen2020-06-01
    modified2020-06-02
    plugin id74465
    published2014-06-11
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74465
    titleVMSA-2014-0006 : VMware product updates address OpenSSL security vulnerabilities
  • NASL familyMisc.
    NASL idVMWARE_VCENTER_VMSA-2014-0006.NASL
    descriptionThe version of VMware vCenter installed on the remote host is prior to 5.0 Update 3a, 5.1 Update 2a, or 5.5 Update 1b. It is, therefore, affected by multiple OpenSSL vulnerabilities : - An error exists in the function
    last seen2020-06-01
    modified2020-06-02
    plugin id76457
    published2014-07-10
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76457
    titleVMware Security Updates for vCenter Server (VMSA-2014-0006)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_10_9_5.NASL
    descriptionThe remote host is running a version of Mac OS X 10.9.x that is prior to version 10.9.5. This update contains several security-related fixes for the following components : - apache_mod_php - Bluetooth - CoreGraphics - Foundation - Intel Graphics Driver - IOAcceleratorFamily - IOHIDFamily - IOKit - Kernel - Libnotify - OpenSSL - QT Media Foundation - ruby Note that successful exploitation of the most serious issues can result in arbitrary code execution.
    last seen2020-06-01
    modified2020-06-02
    plugin id77748
    published2014-09-18
    reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/77748
    titleMac OS X 10.9.x < 10.9.5 Multiple Vulnerabilities
  • NASL familyWeb Servers
    NASL idHP_OFFICEJET_HPSBPI03107.NASL
    descriptionThe remote HP OfficeJet printer is affected by a security bypass vulnerability. The included OpenSSL library has a security bypass flaw in the handshake process. By using a specially crafted handshake, a remote attacker can force the use of weak keying material. This could be leveraged for a man-in-the-middle attack.
    last seen2020-06-01
    modified2020-06-02
    plugin id78111
    published2014-10-09
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78111
    titleHP OfficeJet Printer Security Bypass (HPSBPI03107)
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_148071.NASL
    descriptionSunOS 5.10: openssl patch. Date this patch was last updated by Sun : Dec/17/15 This plugin has been deprecated and either replaced with individual 148071 patch-revision plugins, or deemed non-security related.
    last seen2019-02-21
    modified2019-01-02
    plugin id66739
    published2013-06-02
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=66739
    titleSolaris 10 (sparc) : 148071-19 (deprecated)
  • NASL familyMisc.
    NASL idHP_ONBOARD_ADMIN_4_22.NASL
    descriptionThe version of HP Onboard Administrator installed on the remote host is prior to 4.22. It is, therefore, affected by the following OpenSSL related vulnerability : - An unspecified error exists that could allow an attacker to cause usage of weak keying material leading to simplified man-in-the-middle attacks. (CVE-2014-0224)
    last seen2020-06-01
    modified2020-06-02
    plugin id76357
    published2014-07-03
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76357
    titleHP Onboard Administrator < 4.22 Remote Information Disclosure
  • NASL familyDatabases
    NASL idMARIADB_10_0_13.NASL
    descriptionThe version of MariaDB installed on the remote host is prior to 10.0.13. It is, therefore, affected by multiple vulnerabilities as referenced in the mariadb-10013-release-notes advisory, including the following: - A flaw in OpenSSL which fails to properly restrict processing of ChangeCipherSpec messages. A man-in-the-middle attacker can exploit this, via a crafted TLS handshake, to force the use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, resulting in the session being hijacked and sensitive information being disclosed. (CVE-2014-0224) - A buffer overflow error in OpenSSL related to invalid DTLS fragment handling that can lead to execution of arbitrary code or denial of service. This is caused by improper validation on the fragment lengths in DTLS ClientHello messages. (CVE-2014-0195) - An unspecified vulnerability in MariaDB Server related to CLIENT:MYSQLDUMP that allows remote, authenticated users to affect confidentiality, integrity, and availability. (CVE-2014-6530) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id129359
    published2019-09-26
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129359
    titleMariaDB 10.0.0 < 10.0.13 Multiple Vulnerabilities
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_CISCO_ANYCONNECT_3_1_5170.NASL
    descriptionThe remote host has a version of Cisco AnyConnect prior to 3.1(5170). It is, therefore, potentially affected by the following vulnerabilities : - An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA) that could allow nonce disclosure via the
    last seen2020-06-01
    modified2020-06-02
    plugin id76492
    published2014-07-14
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76492
    titleMac OS X : Cisco AnyConnect Secure Mobility Client 2.x / 3.x < 3.1(5170) Multiple OpenSSL Vulnerabilities
  • NASL familyAIX Local Security Checks
    NASL idAIX_OPENSSL_ADVISORY9.NASL
    descriptionThe version of OpenSSL installed on the remote host is potentially affected by the following remote code execution and denial of service vulnerabilities : - OpenSSL could allow an attacker to cause a buffer overrun situation when an attacker sends invalid DTLS fragments to an OpenSSL DTLS client or server, which forces it to run arbitrary code on a vulnerable client or server. (CVE-2014-0195) - An attacker could cause a denial of service by exploiting a flaw in the do_ssl3_write function via a NULL pointer dereference. NOTE: Only versions 1.0.1.500 through 1.0.1.510 are vulnerable. (CVE-2014-0198) - An attacker could cause a denial of service by sending an invalid DTLS handshake to an OpenSSL DTLS client, resulting in recursive execution of code and an eventual crash. (CVE-2014-0221) - An attacker could use a man-in-the-middle (MITM) attack to force the use of weak keying material in OpenSSL SSL/TLS clients and servers. The attacker could decrypt and modify traffic from the attacked client and server. The attack can only be performed between a vulnerable client and server. (CVE-2014-0224) - An attacker could cause a denial of service by exploiting OpenSSL
    last seen2020-06-01
    modified2020-06-02
    plugin id74512
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74512
    titleAIX OpenSSL Advisory : openssl_advisory9.doc
  • NASL familyWeb Servers
    NASL idTOMCAT_8_0_11.NASL
    descriptionAccording to its self-reported version number, the Apache Tomcat server running on the remote host is 8.0.x prior to 8.0.11. It is, therefore, affected by multiple vulnerabilities in the bundled version of OpenSSL : - An error exists in the function
    last seen2020-03-18
    modified2014-09-02
    plugin id77476
    published2014-09-02
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77476
    titleApache Tomcat 8.0.x < 8.0.11 Multiple OpenSSL Vulnerabilities
  • NASL familyWindows
    NASL idVMWARE_OVFTOOL_VMSA_2014-0006.NASL
    descriptionThe remote host contains VMware OVF (Open Virtualization Format) Tool version 3.x prior to 3.5.2. It is, therefore, affected by multiple vulnerabilities in the bundled version of OpenSSL : - An error exists in the
    last seen2020-06-01
    modified2020-06-02
    plugin id77332
    published2014-08-20
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77332
    titleVMware OVF Tool 3.x < 3.5.2 Multiple OpenSSL Vulnerabilities (VMSA-2014-0006)
  • NASL familyWindows
    NASL idSTUNNEL_5_02.NASL
    descriptionThe version of stunnel installed on the remote host is prior to version 5.02. It is, therefore, affected by the following vulnerabilities : - An error exists in the ssl3_read_bytes() function that allows data to be injected into other sessions or allows denial of service attacks. Note this issue is only exploitable if
    last seen2020-06-01
    modified2020-06-02
    plugin id74421
    published2014-06-10
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74421
    titlestunnel < 5.02 OpenSSL Multiple Vulnerabilities
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2014-9308.NASL
    descriptionMultiple moderate issues fixed. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2014-08-10
    plugin id77108
    published2014-08-10
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77108
    titleFedora 20 : openssl-1.0.1e-39.fc20 (2014-9308) (Heartbleed)
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_150383.NASL
    descriptionSunOS 5.10: wanboot patch. Date this patch was last updated by Sun : Aug/13/17 This plugin has been deprecated and either replaced with individual 150383 patch-revision plugins, or deemed non-security related.
    last seen2019-02-21
    modified2018-07-30
    plugin id66800
    published2013-06-05
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=66800
    titleSolaris 10 (sparc) : 150383-19 (deprecated)
  • NASL familyFirewalls
    NASL idBLUECOAT_PROXY_SG_6_2_15_6.NASL
    descriptionThe remote Blue Coat ProxySG device
    last seen2020-06-01
    modified2020-06-02
    plugin id76164
    published2014-06-20
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76164
    titleBlue Coat ProxySG 6.2.x OpenSSL Security Bypass
  • NASL familyWeb Servers
    NASL idHPSMH_7_3_3_1.NASL
    descriptionAccording to the web server
    last seen2020-06-01
    modified2020-06-02
    plugin id76345
    published2014-07-02
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76345
    titleHP System Management Homepage < 7.2.4.1 / 7.3.3.1 OpenSSL Multiple Vulnerabilities
  • NASL familyGeneral
    NASL idVMWARE_WORKSTATION_LINUX_10_0_3.NASL
    descriptionThe version of VMware Workstation installed on the remote host is version 9.x prior to 9.0.4 or 10.x prior to 10.0.3. It is, therefore, affected by the following vulnerabilities in the OpenSSL library : - An error exists in the function
    last seen2020-06-01
    modified2020-06-02
    plugin id76455
    published2014-07-10
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76455
    titleVMware Workstation < 9.0.4 / 10.0.3 OpenSSL Library Multiple Vulnerabilities (Linux)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2232-2.NASL
    descriptionUSN-2232-1 fixed vulnerabilities in OpenSSL. The upstream fix for CVE-2014-0224 caused a regression for certain applications that use tls_session_secret_cb, such as wpa_supplicant. This update fixes the problem. Juri Aedla discovered that OpenSSL incorrectly handled invalid DTLS fragments. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. (CVE-2014-0195) Imre Rad discovered that OpenSSL incorrectly handled DTLS recursions. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2014-0221) KIKUCHI Masashi discovered that OpenSSL incorrectly handled certain handshakes. A remote attacker could use this flaw to perform a man-in-the-middle attack and possibly decrypt and modify traffic. (CVE-2014-0224) Felix Grobert and Ivan Fratric discovered that OpenSSL incorrectly handled anonymous ECDH ciphersuites. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. (CVE-2014-3470). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id74508
    published2014-06-13
    reporterUbuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74508
    titleUbuntu 12.04 LTS / 13.10 / 14.04 LTS : openssl regression (USN-2232-2)
  • NASL familyCGI abuses
    NASL idPUPPET_ENTERPRISE_330.NASL
    descriptionAccording to its self-reported version number, the Puppet Enterprise application installed on the remote host is version 2.8.x or 3.2.x. It is, therefore, affected by multiple vulnerabilities : - An error exists in the
    last seen2020-06-01
    modified2020-06-02
    plugin id77281
    published2014-08-20
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77281
    titlePuppet Enterprise 2.8.x / 3.2.x Multiple Vulnerabilities
  • NASL familyCGI abuses
    NASL idHP_SUM_6_4_1.NASL
    descriptionThe version of HP Smart Update manager running on the remote host is prior to 6.4.1. It is, therefore, affected by the following vulnerabilities : - An error exists in the function
    last seen2020-06-01
    modified2020-06-02
    plugin id76769
    published2014-07-24
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76769
    titleHP Smart Update Manager 6.x < 6.4.1 Multiple Vulnerabilities
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_X86_148072.NASL
    descriptionSunOS 5.10_x86: openssl patch. Date this patch was last updated by Sun : Dec/17/15 This plugin has been deprecated and either replaced with individual 148072 patch-revision plugins, or deemed non-security related.
    last seen2019-02-21
    modified2019-01-02
    plugin id66740
    published2013-06-02
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=66740
    titleSolaris 10 (x86) : 148072-19 (deprecated)
  • NASL familyMisc.
    NASL idOPENSSL_CCS.NASL
    descriptionThe OpenSSL service on the remote host is potentially vulnerable to a man-in-the-middle (MiTM) attack, based on its response to two consecutive
    last seen2019-10-28
    modified2014-06-05
    plugin id74326
    published2014-06-05
    reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/74326
    titleOpenSSL 'ChangeCipherSpec' MiTM Potential Vulnerability
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2014-156-03.NASL
    descriptionNew openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id74331
    published2014-06-06
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74331
    titleSlackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : openssl (SSA:2014-156-03)
  • NASL familyGeneral
    NASL idVMWARE_PLAYER_LINUX_6_0_3.NASL
    descriptionThe version of VMware Player installed on the remote host is version 5.x prior to 5.0.4 or 6.x prior to 6.0.3. It is, therefore, affected by the following vulnerabilities in the OpenSSL library : - An error exists in the function
    last seen2020-06-01
    modified2020-06-02
    plugin id76453
    published2014-07-10
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76453
    titleVMware Player < 5.0.4 / 6.0.3 OpenSSL Library Multiple Vulnerabilities (Linux)
  • NASL familyFirewalls
    NASL idBLUECOAT_PROXY_SG_4_X_OPENSSL.NASL
    descriptionThe remote Blue Coat ProxySG device
    last seen2020-06-01
    modified2020-06-02
    plugin id76163
    published2014-06-20
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76163
    titleBlue Coat ProxySG 4.x OpenSSL Security Bypass
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2014-0626.NASL
    descriptionUpdated openssl097a and openssl098e packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. (CVE-2014-0224) Note: In order to exploit this flaw, both the server and the client must be using a vulnerable version of OpenSSL; the server must be using OpenSSL version 1.0.1 and above, and the client must be using any version of OpenSSL. For more information about this flaw, refer to: https://access.redhat.com/site/articles/904433 Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter of this issue. All OpenSSL users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.
    last seen2020-06-01
    modified2020-06-02
    plugin id74335
    published2014-06-06
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74335
    titleCentOS 5 / 6 : openssl097a / openssl098e (CESA-2014:0626)
  • NASL familyPalo Alto Local Security Checks
    NASL idPALO_ALTO_PAN-SA-2014-0003.NASL
    descriptionThe remote host is running a version of Palo Alto Networks PAN-OS prior to 5.0.14 / 5.1.9 / 6.0.4. It is, therefore, affected by a flaw in the included OpenSSL library that can cause the client or server to use weak keying material, which a remote attacker can exploit to conduct a man-in-the-middle attack.
    last seen2020-06-01
    modified2020-06-02
    plugin id78586
    published2014-10-20
    reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/78586
    titlePalo Alto Networks PAN-OS < 5.0.14 / 5.1.x < 5.1.9 / 6.0.x < 6.0.4 OpenSSL MitM
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_VMWARE_HORIZON_VIEW_CLIENT_VMSA_2014_0006.NASL
    descriptionThe version of VMware Horizon View Client installed on the remote Mac OS X host is a version prior to 3.0.0. It is, therefore, affected by multiple vulnerabilities in the bundled OpenSSL library : - An error exists in the function
    last seen2020-06-01
    modified2020-06-02
    plugin id76965
    published2014-08-01
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76965
    titleVMware Horizon View Client < 3.0.0 Multiple SSL Vulnerabilities (VMSA-2014-0006) (Mac OS X)
  • NASL familyWindows
    NASL idVMWARE_HORIZON_VIEW_CLIENT_VMSA_2014_0006.NASL
    descriptionThe version of VMware Horizon View Client installed on the remote host is a version prior to 3.0.0. It is, therefore, affected by multiple vulnerabilities in the bundled OpenSSL library : - An error exists in the function
    last seen2020-06-01
    modified2020-06-02
    plugin id76966
    published2014-08-01
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76966
    titleVMware Horizon View Client < 3.0.0 Multiple SSL Vulnerabilities (VMSA-2014-0006)
  • NASL familyWindows
    NASL idEMC_DOCUMENTUM_CONTENT_SERVER_ESA-2014-079.NASL
    descriptionThe remote host is running a version of EMC Documentum Content Server that is affected by multiple vulnerabilities : - An error exists in the
    last seen2020-06-01
    modified2020-06-02
    plugin id77635
    published2014-09-11
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77635
    titleEMC Documentum Content Server Multiple Vulnerabilities (ESA-2014-079)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2014-349.NASL
    descriptionIt was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. (CVE-2014-0224) Note: In order to exploit this flaw, both the server and the client must be using a vulnerable version of OpenSSL; the server must be using OpenSSL version 1.0.1 and above, and the client must be using any version of OpenSSL. A buffer overflow flaw was found in the way OpenSSL handled invalid DTLS packet fragments. A remote attacker could possibly use this flaw to execute arbitrary code on a DTLS client or server. (CVE-2014-0195) Multiple flaws were found in the way OpenSSL handled read and write buffers when the SSL_MODE_RELEASE_BUFFERS mode was enabled. A TLS/SSL client or server using OpenSSL could crash or unexpectedly drop connections when processing certain SSL traffic. (CVE-2010-5298 , CVE-2014-0198) A denial of service flaw was found in the way OpenSSL handled certain DTLS ServerHello requests. A specially crafted DTLS handshake packet could cause a DTLS client using OpenSSL to crash. (CVE-2014-0221) A NULL pointer dereference flaw was found in the way OpenSSL performed anonymous Elliptic Curve Diffie Hellman (ECDH) key exchange. A specially crafted handshake packet could cause a TLS/SSL client that has the anonymous ECDH cipher suite enabled to crash. (CVE-2014-3470) An integer underflow flaw, leading to a heap-based buffer overflow, was found in the way OpenSSL decoded certain base64 strings. A remote attacker could provide a specially crafted base64 string via certain PEM processing routines that, when parsed by the OpenSSL library, would cause the OpenSSL server to crash. (CVE-2015-0292)
    last seen2020-06-01
    modified2020-06-02
    plugin id78292
    published2014-10-12
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78292
    titleAmazon Linux AMI : openssl (ALAS-2014-349)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2014-0625.NASL
    descriptionUpdated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. (CVE-2014-0224) Note: In order to exploit this flaw, both the server and the client must be using a vulnerable version of OpenSSL; the server must be using OpenSSL version 1.0.1 and above, and the client must be using any version of OpenSSL. For more information about this flaw, refer to: https://access.redhat.com/site/articles/904433 A buffer overflow flaw was found in the way OpenSSL handled invalid DTLS packet fragments. A remote attacker could possibly use this flaw to execute arbitrary code on a DTLS client or server. (CVE-2014-0195) Multiple flaws were found in the way OpenSSL handled read and write buffers when the SSL_MODE_RELEASE_BUFFERS mode was enabled. A TLS/SSL client or server using OpenSSL could crash or unexpectedly drop connections when processing certain SSL traffic. (CVE-2010-5298, CVE-2014-0198) A denial of service flaw was found in the way OpenSSL handled certain DTLS ServerHello requests. A specially crafted DTLS handshake packet could cause a DTLS client using OpenSSL to crash. (CVE-2014-0221) A NULL pointer dereference flaw was found in the way OpenSSL performed anonymous Elliptic Curve Diffie Hellman (ECDH) key exchange. A specially crafted handshake packet could cause a TLS/SSL client that has the anonymous ECDH cipher suite enabled to crash. (CVE-2014-3470) Red Hat would like to thank the OpenSSL project for reporting these issues. Upstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter of CVE-2014-0224, Juri Aedla as the original reporter of CVE-2014-0195, Imre Rad of Search-Lab as the original reporter of CVE-2014-0221, and Felix Grobert and Ivan Fratric of Google as the original reporters of CVE-2014-3470. All OpenSSL users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.
    last seen2020-06-01
    modified2020-06-02
    plugin id74334
    published2014-06-06
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74334
    titleCentOS 6 : openssl (CESA-2014:0625)
  • NASL familyWindows
    NASL idVMWARE_HORIZON_VIEW_VMSA-2014-0006.NASL
    descriptionThe version of VMware Horizon View installed on the remote Windows host is version 5.3.x prior to 5.3.2 or 5.3.x prior to 5.3 Feature Pack 3. It is, therefore, affected by multiple vulnerabilities in the bundled OpenSSL library : - An error exists in the function
    last seen2020-06-01
    modified2020-06-02
    plugin id76945
    published2014-07-31
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76945
    titleVMware Horizon View Multiple Vulnerabilities (VMSA-2014-0006)
  • NASL familyMisc.
    NASL idFORTINET_FG-IR-14-018.NASL
    descriptionThe firmware of the remote Fortinet host is running a version of OpenSSL that is affected by one or more of the following vulnerabilities : - An error exists in the function
    last seen2020-06-01
    modified2020-06-02
    plugin id76493
    published2014-07-14
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76493
    titleFortinet OpenSSL Multiple Vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2014-410.NASL
    descriptionThe openssl library was updated to version 1.0.1h fixing various security issues and bugs : Security issues fixed : - CVE-2014-0224: Fix for SSL/TLS MITM flaw. An attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. - CVE-2014-0221: Fix DTLS recursion flaw. By sending an invalid DTLS handshake to an OpenSSL DTLS client the code can be made to recurse eventually crashing in a DoS attack. - CVE-2014-0195: Fix DTLS invalid fragment vulnerability. A buffer overrun attack can be triggered by sending invalid DTLS fragments to an OpenSSL DTLS client or server. This is potentially exploitable to run arbitrary code on a vulnerable client or server. - CVE-2014-3470: Fix bug in TLS code where clients enable anonymous ECDH ciphersuites are subject to a denial of service attack.
    last seen2020-06-05
    modified2014-06-13
    plugin id75383
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75383
    titleopenSUSE Security Update : openssl (openSUSE-SU-2014:0764-1)
  • NASL familyCISCO
    NASL idCISCO_ASA_CSCUP22532.NASL
    descriptionThe remote Cisco ASA device is running a software version known to be affected by multiple OpenSSL related vulnerabilities : - A buffer overflow error exists related to invalid DTLS fragment handling that could lead to execution of arbitrary code. Note this issue only affects OpenSSL when used as a DTLS client or server. (CVE-2014-0195) - An unspecified error exists that could allow an attacker to cause usage of weak keying material leading to simplified man-in-the-middle attacks. (CVE-2014-0224) Note that Nessus has not checked for the presence of workarounds that may mitigate these vulnerabilities.
    last seen2020-06-01
    modified2020-06-02
    plugin id76128
    published2014-06-18
    reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/76128
    titleCisco Adaptive Security Appliances Multiple Vulnerabilities in OpenSSL
  • NASL familyMisc.
    NASL idMCAFEE_VSEL_SB10075.NASL
    descriptionThe remote host is running a version of McAfee VirusScan Enterprise for Linux (VSEL) that is affected by multiple vulnerabilities due to flaws in the included OpenSSL library : - An error exists in the function
    last seen2020-06-01
    modified2020-06-02
    plugin id76580
    published2014-07-17
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76580
    titleMcAfee VirusScan Enterprise for Linux Multiple OpenSSL Vulnerabilities (SB10075)
  • NASL familyWeb Servers
    NASL idSPLUNK_605.NASL
    descriptionAccording to its version number, the Splunk Enterprise hosted on the remote web server is 4.3.x, 5.0.x prior to 5.0.9, 6.0.x prior to 6.0.5, or 6.1.x prior to 6.1.2. It is, therefore, affected by multiple OpenSSL-related vulnerabilities : - An unspecified error exists that allows an attacker to cause usage of weak keying material, resulting in simplified man-in-the-middle attacks. (CVE-2014-0224) - An unspecified error exists related to anonymous ECDH cipher suites that allow denial of service attacks. Note that this issue only affects OpenSSL TLS clients. (CVE-2014-3470) Note that Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id76528
    published2014-07-16
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76528
    titleSplunk Enterprise 4.3.x / 5.0.x < 5.0.9 / 6.0.x < 6.0.5 / 6.1.x < 6.1.2 Multiple OpenSSL Vulnerabilities
  • NASL familyWindows
    NASL idWINSCP_5_5_4.NASL
    descriptionThe WinSCP program installed on the remote host is version 4.3.8, 4.3.9, 4.4.0 or 5.x prior to 5.5.4. It therefore contains a bundled version of OpenSSL prior to 1.0.1h which is affected by the following vulnerabilities : - An error exists in the
    last seen2020-06-01
    modified2020-06-02
    plugin id76167
    published2014-06-20
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76167
    titleWinSCP 5.x < 5.5.4 Multiple Vulnerabilities
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2014-0624.NASL
    descriptionUpdated openssl packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. (CVE-2014-0224) Note: In order to exploit this flaw, both the server and the client must be using a vulnerable version of OpenSSL; the server must be using OpenSSL version 1.0.1 and above, and the client must be using any version of OpenSSL. For more information about this flaw, refer to: https://access.redhat.com/site/articles/904433 Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter of this issue. All OpenSSL users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.
    last seen2020-06-01
    modified2020-06-02
    plugin id74333
    published2014-06-06
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74333
    titleCentOS 5 : openssl (CESA-2014:0624)
  • NASL familyMisc.
    NASL idVMWARE_VCENTER_OPERATIONS_MANAGER_VMSA_2014-0006.NASL
    descriptionThe version of vCenter Operations Manager installed on the remote host is 5.7.x or later and prior to 5.8.2. It is, therefore, affected by the following OpenSSL related vulnerabilities : - An error exists in the function
    last seen2020-06-01
    modified2020-06-02
    plugin id76360
    published2014-07-03
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76360
    titleVMware vCenter Operations Manager Multiple OpenSSL Vulnerabilities (VMSA-2014-0006)
  • NASL familyCISCO
    NASL idCISCO-SA-20140605-OPENSSL-IOS.NASL
    descriptionThe remote Cisco IOS device is missing a vendor-supplied security patch and has an IOS service configured to use TLS or SSL. It is, therefore, affected by the following vulnerabilities in the bundled OpenSSL library : - A buffer overflow error exists related to invalid DTLS fragment handling that can lead to execution of arbitrary code. Note this issue only affects OpenSSL when used as a DTLS client or server. (CVE-2014-0195) - An error exists related to DTLS handshake handling that could lead to denial of service attacks. Note that this issue only affects OpenSSL when used as a DTLS client. (CVE-2014-0221) - An unspecified error exists that allows an attacker to cause usage of weak keying material leading to simplified man-in-the-middle attacks. (CVE-2014-0224)
    last seen2020-06-01
    modified2020-06-02
    plugin id88988
    published2016-02-26
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/88988
    titleCisco IOS Multiple OpenSSL Vulnerabilities (CSCup22590)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2014-0008.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - fix for CVE-2014-0224 - SSL/TLS MITM vulnerability - replace expired GlobalSign Root CA certificate in ca-bundle.crt - fix for CVE-2013-0169 - SSL/TLS CBC timing attack (#907589) - fix for CVE-2013-0166 - DoS in OCSP signatures checking (#908052) - enable compression only if explicitly asked for or OPENSSL_DEFAULT_ZLIB environment variable is set (fixes CVE-2012-4929 #857051) - use __secure_getenv everywhere instead of getenv (#839735) - fix for CVE-2012-2333 - improper checking for record length in DTLS (#820686) - fix for CVE-2012-2110 - memory corruption in asn1_d2i_read_bio (#814185) - fix problem with the SGC restart patch that might terminate handshake incorrectly - fix for CVE-2012-0884 - MMA weakness in CMS and PKCS#7 code (#802725) - fix for CVE-2012-1165 - NULL read dereference on bad MIME headers (#802489) - fix for CVE-2011-4108 & CVE-2012-0050 - DTLS plaintext recovery vulnerability and additional DTLS fixes (#771770) - fix for CVE-2011-4109 - double free in policy checks (#771771) - fix for CVE-2011-4576 - uninitialized SSL 3.0 padding (#771775) - fix for CVE-2011-4619 - SGC restart DoS attack (#771780) - add known answer test for SHA2 algorithms (#740866) - make default private key length in certificate Makefile 2048 bits (can be changed with PRIVATE_KEY_BITS setting) (#745410) - fix incorrect return value in parse_yesno (#726593) - added DigiCert CA certificates to ca-bundle (#735819) - added a new section about error states to README.FIPS (#628976) - add missing DH_check_pub_key call when DH key is computed (#698175) - presort list of ciphers available in SSL (#688901) - accept connection in s_server even if getaddrinfo fails (#561260) - point to openssl dgst for list of supported digests (#608639) - fix handling of future TLS versions (#599112) - added VeriSign Class 3 Public Primary Certification Authority - G5 and StartCom Certification Authority certs to ca-bundle (#675671, #617856) - upstream fixes for the CHIL engine (#622003, #671484) - add SHA-2 hashes in SSL_library_init (#676384) - fix CVE-2010-4180 - completely disable code for SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG (#659462) - fix CVE-2009-3245 - add missing bn_wexpand return checks (#570924) - fix CVE-2010-0433 - do not pass NULL princ to krb5_kt_get_entry which in the RHEL-5 and newer versions will crash in such case (#569774) - fix CVE-2009-3555 - support the safe renegotiation extension and do not allow legacy renegotiation on the server by default (#533125) - fix CVE-2009-2409 - drop MD2 algorithm from EVP tables (#510197) - fix CVE-2009-4355 - do not leak memory when CRYPTO_cleanup_all_ex_data is called prematurely by application (#546707)
    last seen2020-06-01
    modified2020-06-02
    plugin id79532
    published2014-11-26
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79532
    titleOracleVM 3.2 : onpenssl (OVMSA-2014-0008)
  • NASL familyRed Hat Local Security Checks
    NASL idHP_VCA_SSRT101614-RHEL.NASL
    descriptionThe RPM installation of HP Version Control Agent (VCA) on the remote Linux host is a version prior to 7.3.3. It is, therefore, affected by multiple vulnerabilities in the bundled version of SSL : - An error exists in the
    last seen2020-06-01
    modified2020-06-02
    plugin id77151
    published2014-08-12
    reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/77151
    titleHP Version Control Agent (VCA) < 7.3.3 Multiple SSL Vulnerabilities
  • NASL familyWeb Servers
    NASL idPIVOTAL_WEBSERVER_5_4_1.NASL
    descriptionThe version of Pivotal Web Server (formerly VMware vFabric Web Server) installed on the remote host is version 5.x prior to 5.4.1. It is, therefore, affected by multiple vulnerabilities in the bundled version of OpenSSL : - An error exists in the
    last seen2020-06-01
    modified2020-06-02
    plugin id77389
    published2014-08-26
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77389
    titlePivotal Web Server 5.x < 5.4.1 Multiple OpenSSL Vulnerabilities
  • NASL familyJunos Local Security Checks
    NASL idJUNIPER_JSA10629.NASL
    descriptionAccording to its self-reported version number, the remote Juniper Junos device is affected by the following vulnerabilities related to OpenSSL : - An error exists in the ssl3_read_bytes() function that permits data to be injected into other sessions or allows denial of service attacks. Note that this issue is exploitable only if SSL_MODE_RELEASE_BUFFERS is enabled. (CVE-2010-5298) - An error exists in the do_ssl3_write() function that permits a NULL pointer to be dereferenced, which could allow denial of service attacks. Note that this issue is exploitable only if SSL_MODE_RELEASE_BUFFERS is enabled. (CVE-2014-0198) - An error exists in the processing of ChangeCipherSpec messages that allows the usage of weak keying material. This permits simplified man-in-the-middle attacks to be done. (CVE-2014-0224) - An error exists in the dtls1_get_message_fragment() function related to anonymous ECDH cipher suites. This could allow denial of service attacks. Note that this issue only affects OpenSSL TLS clients. (CVE-2014-3470) Note that these issues only affects devices with J-Web or the SSL service for JUNOScript enabled.
    last seen2020-03-18
    modified2014-08-05
    plugin id77000
    published2014-08-05
    reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/77000
    titleJuniper Junos Multiple OpenSSL Vulnerabilities (JSA10629)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_5AC53801EC2E11E39CF33C970E169BC2.NASL
    descriptionThe OpenSSL Project reports : An attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. This can be exploited by a Man-in-the-middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server. [CVE-2014-0224] By sending an invalid DTLS handshake to an OpenSSL DTLS client the code can be made to recurse eventually crashing in a DoS attack. [CVE-2014-0221] A buffer overrun attack can be triggered by sending invalid DTLS fragments to an OpenSSL DTLS client or server. This is potentially exploitable to run arbitrary code on a vulnerable client or server. [CVE-2014-0195] OpenSSL TLS clients enabling anonymous ECDH ciphersuites are subject to a denial of service attack. [CVE-2014-3470]
    last seen2020-06-01
    modified2020-06-02
    plugin id74342
    published2014-06-06
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74342
    titleFreeBSD : OpenSSL -- multiple vulnerabilities (5ac53801-ec2e-11e3-9cf3-3c970e169bc2)
  • NASL familyMisc.
    NASL idVMWARE_ESXI_5_5_BUILD_1881737_REMOTE.NASL
    descriptionThe remote VMware ESXi host is 5.5 prior to build 1881737. It is, therefore, affected by the following vulnerabilities in the OpenSSL library : - An error exists in the function
    last seen2020-06-01
    modified2020-06-02
    plugin id74470
    published2014-06-11
    reporterThis script is (C) 2014-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/74470
    titleESXi 5.5 < Build 1881737 OpenSSL Library Multiple Vulnerabilities (remote check)
  • NASL familyMisc.
    NASL idVMWARE_VMSA-2014-0006_REMOTE.NASL
    descriptionThe remote VMware ESXi host is affected by multiple vulnerabilities in the OpenSSL third-party library : - A use-after-free error exists in the ssl3_read_bytes() function in file ssl/s3_pkt.c that is triggered when a second read is done to the function by multiple threads when SSL_MODE_RELEASE_BUFFERS is enabled. A man-in-the-middle attacker can exploit this to dereference already freed memory and inject arbitrary data into the SSL stream. (CVE-2010-5298) - A NULL pointer dereference flaw exists in the do_ssl3_write() function in file ssl/s3_pkt.c due to a failure to properly manage a buffer pointer during certain recursive calls when SSL_MODE_RELEASE_BUFFERS is enabled. A remote attacker can exploit this, by triggering an alert condition, to cause a denial of service. (CVE-2014-0198) - A flaw exists due to a failure to properly restrict processing of ChangeCipherSpec messages. A man-in-the-middle attacker can exploit this, via a crafted TLS handshake, to force the use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, resulting in the session being hijacked and sensitive information being disclosed. (CVE-2014-0224) - A NULL pointer dereference flaw exists in the ssl3_send_client_key_exchange() function in file s3_clnt.c, when an anonymous ECDH cipher suite is used, that allows a remote attacker to cause a denial of service. (CVE-2014-3470)
    last seen2020-06-01
    modified2020-06-02
    plugin id87678
    published2015-12-30
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/87678
    titleVMware ESXi Multiple OpenSSL Vulnerabilities (VMSA-2014-0006)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2014-0624.NASL
    descriptionFrom Red Hat Security Advisory 2014:0624 : Updated openssl packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. (CVE-2014-0224) Note: In order to exploit this flaw, both the server and the client must be using a vulnerable version of OpenSSL; the server must be using OpenSSL version 1.0.1 and above, and the client must be using any version of OpenSSL. For more information about this flaw, refer to: https://access.redhat.com/site/articles/904433 Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter of this issue. All OpenSSL users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.
    last seen2020-06-01
    modified2020-06-02
    plugin id74343
    published2014-06-06
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74343
    titleOracle Linux 5 : openssl (ELSA-2014-0624)
  • NASL familyMisc.
    NASL idMCAFEE_EMAIL_GATEWAY_SB10075.NASL
    descriptionThe remote host is running a version of McAfee Email Gateway (MEG) that is affected by the multiple vulnerabilities related to the included OpenSSL library : - An error exists in the function
    last seen2020-06-01
    modified2020-06-02
    plugin id76579
    published2014-07-17
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76579
    titleMcAfee Email Gateway OpenSSL Multiple Vulnerabilities (SB10075)
  • NASL familyF5 Networks Local Security Checks
    NASL idF5_BIGIP_SOL15325.NASL
    descriptionOpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the
    last seen2020-06-01
    modified2020-06-02
    plugin id78174
    published2014-10-10
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78174
    titleF5 Networks BIG-IP : OpenSSL vulnerability (K15325)
  • NASL familyMisc.
    NASL idVMWARE_VCENTER_SUPPORT_ASSISTANT_2014-0006.NASL
    descriptionThe version of VMware vCenter Support Assistant installed on the remote host is 5.5.1.x prior to 5.5.1.1. It is, therefore, affected by multiple vulnerabilities in the bundled OpenSSL library : - An error exists in the function
    last seen2020-06-01
    modified2020-06-02
    plugin id76994
    published2014-08-04
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76994
    titleVMware vCenter Support Assistant Multiple Vulnerabilities (VMSA-2014-0006)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2014-350.NASL
    descriptionIt was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. (CVE-2014-0224)
    last seen2020-06-01
    modified2020-06-02
    plugin id78293
    published2014-10-12
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78293
    titleAmazon Linux AMI : openssl098e (ALAS-2014-350)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2014-351.NASL
    descriptionIt was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. (CVE-2014-0224)
    last seen2020-06-01
    modified2020-06-02
    plugin id78294
    published2014-10-12
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78294
    titleAmazon Linux AMI : openssl097a (ALAS-2014-351)
  • NASL familyWindows
    NASL idVSPHERE_CLIENT_VMSA_2014-0006.NASL
    descriptionThe version of vSphere Client installed on the remote Windows host is is affected by the following vulnerabilities in the OpenSSL library : - An error exists in the function
    last seen2020-06-01
    modified2020-06-02
    plugin id76355
    published2014-07-03
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76355
    titleVMware vSphere Client Multiple Vulnerabilities (VMSA-2014-0006)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20140605_OPENSSL_ON_SL6_X.NASL
    descriptionIt was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. (CVE-2014-0224) Note: In order to exploit this flaw, both the server and the client must be using a vulnerable version of OpenSSL; the server must be using OpenSSL version 1.0.1 and above, and the client must be using any version of OpenSSL. For more information about this flaw, refer to : A buffer overflow flaw was found in the way OpenSSL handled invalid DTLS packet fragments. A remote attacker could possibly use this flaw to execute arbitrary code on a DTLS client or server. (CVE-2014-0195) Multiple flaws were found in the way OpenSSL handled read and write buffers when the SSL_MODE_RELEASE_BUFFERS mode was enabled. A TLS/SSL client or server using OpenSSL could crash or unexpectedly drop connections when processing certain SSL traffic. (CVE-2010-5298, CVE-2014-0198) A denial of service flaw was found in the way OpenSSL handled certain DTLS ServerHello requests. A specially crafted DTLS handshake packet could cause a DTLS client using OpenSSL to crash. (CVE-2014-0221) A NULL pointer dereference flaw was found in the way OpenSSL performed anonymous Elliptic Curve Diffie Hellman (ECDH) key exchange. A specially crafted handshake packet could cause a TLS/SSL client that has the anonymous ECDH cipher suite enabled to crash. (CVE-2014-3470) For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.
    last seen2020-03-18
    modified2014-06-06
    plugin id74350
    published2014-06-06
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74350
    titleScientific Linux Security Update : openssl on SL6.x i386/x86_64 (20140605)
  • NASL familyMisc.
    NASL idOPENSSL_CCS_1_0_1.NASL
    descriptionThe OpenSSL service on the remote host is vulnerable to a man-in-the-middle (MiTM) attack, based on its acceptance of a specially crafted handshake. This flaw could allow a MiTM attacker to decrypt or forge SSL messages by telling the service to begin encrypted communications before key material has been exchanged, which causes predictable keys to be used to secure future traffic. Note that Nessus has only tested for an SSL/TLS MiTM vulnerability (CVE-2014-0224). However, Nessus has inferred that the OpenSSL service on the remote host is also affected by six additional vulnerabilities that were disclosed in OpenSSL
    last seen2020-04-07
    modified2014-08-14
    plugin id77200
    published2014-08-14
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77200
    titleOpenSSL 'ChangeCipherSpec' MiTM Vulnerability
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2950.NASL
    descriptionMultiple vulnerabilities have been discovered in OpenSSL : - CVE-2014-0195 Jueri Aedla discovered that a buffer overflow in processing DTLS fragments could lead to the execution of arbitrary code or denial of service. - CVE-2014-0221 Imre Rad discovered the processing of DTLS hello packets is susceptible to denial of service. - CVE-2014-0224 KIKUCHI Masashi discovered that carefully crafted handshakes can force the use of weak keys, resulting in potential man-in-the-middle attacks. - CVE-2014-3470 Felix Groebert and Ivan Fratric discovered that the implementation of anonymous ECDH ciphersuites is suspectible to denial of service. Additional information can be found at http://www.openssl.org/news/secadv/20140605.txt
    last seen2020-03-17
    modified2014-06-06
    plugin id74337
    published2014-06-06
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74337
    titleDebian DSA-2950-1 : openssl - security update
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2014-0626.NASL
    descriptionUpdated openssl097a and openssl098e packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. (CVE-2014-0224) Note: In order to exploit this flaw, both the server and the client must be using a vulnerable version of OpenSSL; the server must be using OpenSSL version 1.0.1 and above, and the client must be using any version of OpenSSL. For more information about this flaw, refer to: https://access.redhat.com/site/articles/904433 Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter of this issue. All OpenSSL users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.
    last seen2020-06-01
    modified2020-06-02
    plugin id74348
    published2014-06-06
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74348
    titleRHEL 5 / 6 : openssl097a and openssl098e (RHSA-2014:0626)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SECUPD2014-004.NASL
    descriptionThe remote host is running a version of Mac OS X 10.7 or 10.8 that does not have Security Update 2014-004 applied. This update contains several security-related fixes for the following components : - CoreGraphics - Intel Graphics Driver - IOAcceleratorFamily - IOHIDFamily - IOKit - Libnotify - OpenSSL - QT Media Foundation Note that successful exploitation of the most serious issues can result in arbitrary code execution.
    last seen2020-06-01
    modified2020-06-02
    plugin id77749
    published2014-09-18
    reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/77749
    titleMac OS X Multiple Vulnerabilities (Security Update 2014-004)
  • NASL familyCISCO
    NASL idCISCO-SA-20140605-OPENSSL-NXOS.NASL
    descriptionThe remote Cisco device is running a version of NX-OS software that is affected by multiple vulnerabilities in the bundled OpenSSL library : - An error exists in the function
    last seen2020-06-01
    modified2020-06-02
    plugin id88991
    published2016-02-26
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/88991
    titleCisco NX-OS OpenSSL Multiple Vulnerabilities
  • NASL familyWeb Servers
    NASL idOPENSSL_1_0_0M.NASL
    descriptionAccording to its banner, the remote web server uses a version of OpenSSL 1.0.0 prior to 1.0.0m. The OpenSSL library is, therefore, reportedly affected by the following vulnerabilities : - An error exists in the function
    last seen2020-06-01
    modified2020-06-02
    plugin id73403
    published2014-04-08
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/73403
    titleOpenSSL 1.0.0 < 1.0.0m Multiple Vulnerabilities
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS11_OPENSSL_20141014.NASL
    descriptionThe remote Solaris system is missing necessary patches to address security updates : - OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the
    last seen2020-06-01
    modified2020-06-02
    plugin id80723
    published2015-01-19
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/80723
    titleOracle Solaris Third-Party Patch Update : openssl (cve_2014_0224_cryptographic_issues1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2014-0625.NASL
    descriptionUpdated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. (CVE-2014-0224) Note: In order to exploit this flaw, both the server and the client must be using a vulnerable version of OpenSSL; the server must be using OpenSSL version 1.0.1 and above, and the client must be using any version of OpenSSL. For more information about this flaw, refer to: https://access.redhat.com/site/articles/904433 A buffer overflow flaw was found in the way OpenSSL handled invalid DTLS packet fragments. A remote attacker could possibly use this flaw to execute arbitrary code on a DTLS client or server. (CVE-2014-0195) Multiple flaws were found in the way OpenSSL handled read and write buffers when the SSL_MODE_RELEASE_BUFFERS mode was enabled. A TLS/SSL client or server using OpenSSL could crash or unexpectedly drop connections when processing certain SSL traffic. (CVE-2010-5298, CVE-2014-0198) A denial of service flaw was found in the way OpenSSL handled certain DTLS ServerHello requests. A specially crafted DTLS handshake packet could cause a DTLS client using OpenSSL to crash. (CVE-2014-0221) A NULL pointer dereference flaw was found in the way OpenSSL performed anonymous Elliptic Curve Diffie Hellman (ECDH) key exchange. A specially crafted handshake packet could cause a TLS/SSL client that has the anonymous ECDH cipher suite enabled to crash. (CVE-2014-3470) Red Hat would like to thank the OpenSSL project for reporting these issues. Upstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter of CVE-2014-0224, Juri Aedla as the original reporter of CVE-2014-0195, Imre Rad of Search-Lab as the original reporter of CVE-2014-0221, and Felix Grobert and Ivan Fratric of Google as the original reporters of CVE-2014-3470. All OpenSSL users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.
    last seen2020-06-01
    modified2020-06-02
    plugin id74347
    published2014-06-06
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74347
    titleRHEL 6 : openssl (RHSA-2014:0625)
  • NASL familyFirewalls
    NASL idBLUECOAT_PROXY_SG_6_4_6_4.NASL
    descriptionThe remote Blue Coat ProxySG device
    last seen2020-06-01
    modified2020-06-02
    plugin id76256
    published2014-06-26
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76256
    titleBlue Coat ProxySG 6.4.x OpenSSL Security Bypass
  • NASL familyCGI abuses
    NASL idORACLE_EIDS_CPU_OCT_2014.NASL
    descriptionThe remote host is running a version of Oracle Endeca Information Discovery Studio that may be missing a vendor-supplied security patch that fixes multiple bugs and OpenSSL related security vulnerabilities. Note that depending on how the remote host is configured, Nessus may not be able to detect the correct version. You
    last seen2020-06-01
    modified2020-06-02
    plugin id78603
    published2014-10-21
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78603
    titleOracle Endeca Information Discovery Studio Multiple Vulnerabilities (October 2014 CPU)
  • NASL familyFirewalls
    NASL idBLUECOAT_PROXY_SG_6_5_4_4.NASL
    descriptionThe remote Blue Coat ProxySG device
    last seen2020-06-01
    modified2020-06-02
    plugin id76165
    published2014-06-20
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76165
    titleBlue Coat ProxySG 6.5.x Multiple OpenSSL Vulnerabilities
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2014-17587.NASL
    description - Synced with native openssl-1.0.1j-3.fc22\r\n* Add support for RFC 5649\r\n* Prevent compiler warning
    last seen2020-03-17
    modified2015-01-02
    plugin id80322
    published2015-01-02
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/80322
    titleFedora 20 : mingw-openssl-1.0.1j-1.fc20 (2014-17587) (POODLE)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2014-7101.NASL
    descriptionMajor security update fixing multiple issues. Some of these fixes are quite important. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2014-06-06
    plugin id74340
    published2014-06-06
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74340
    titleFedora 19 : openssl-1.0.1e-38.fc19 (2014-7101)
  • NASL familyWindows
    NASL idIBM_GPFS_ISG3T1020948_WINDOWS.NASL
    descriptionA version of IBM General Parallel File System (GPFS) 3.5.0.11 or later but prior to 3.5.0.18 is installed on the remote host. It is, therefore, affected by an unspecified error that could allow an attacker to cause usage of weak keying material, leading to simplified man-in-the-middle attacks.
    last seen2020-06-01
    modified2020-06-02
    plugin id76428
    published2014-07-09
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76428
    titleIBM General Parallel File System OpenSSL Security Bypass (Windows)
  • NASL familyFirewalls
    NASL idFIREEYE_OS_SB001.NASL
    descriptionThe remote host is running a version of FireEye Operating System (FEOS) that is affected by multiple vulnerabilities : - An error exists in the function ssl3_read_bytes() function that allows data to be injected into other sessions or allow denial of service attacks. Note that this issue is only exploitable if
    last seen2020-06-01
    modified2020-06-02
    plugin id77057
    published2014-08-07
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77057
    titleFireEye Operating System Multiple Vulnerabilities (SB001)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2232-1.NASL
    descriptionJuri Aedla discovered that OpenSSL incorrectly handled invalid DTLS fragments. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. (CVE-2014-0195) Imre Rad discovered that OpenSSL incorrectly handled DTLS recursions. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2014-0221) KIKUCHI Masashi discovered that OpenSSL incorrectly handled certain handshakes. A remote attacker could use this flaw to perform a man-in-the-middle attack and possibly decrypt and modify traffic. (CVE-2014-0224) Felix Grobert and Ivan Fratric discovered that OpenSSL incorrectly handled anonymous ECDH ciphersuites. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. (CVE-2014-3470). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id74353
    published2014-06-06
    reporterUbuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74353
    titleUbuntu 10.04 LTS / 12.04 LTS / 13.10 / 14.04 LTS : openssl vulnerabilities (USN-2232-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_LIBMYSQL55CLIENT18-150302.NASL
    descriptionThe MySQL datebase server was updated to 5.5.42, fixing various bugs and security issues. More information can be found on : - http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5- 42.html - http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5- 41.html - http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5- 40.html Also various issues with the mysql start script were fixed. (bsc#868673,bsc#878779)
    last seen2020-06-01
    modified2020-06-02
    plugin id82428
    published2015-03-30
    reporterThis script is Copyright (C) 2015 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/82428
    titleSuSE 11.3 Security Update : MySQL (SAT Patch Number 10387)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2014-0007.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - fix for CVE-2014-0224 - SSL/TLS MITM vulnerability - replace expired GlobalSign Root CA certificate in ca-bundle.crt - fix for CVE-2013-0169 - SSL/TLS CBC timing attack (#907589) - fix for CVE-2013-0166 - DoS in OCSP signatures checking (#908052) - enable compression only if explicitly asked for or OPENSSL_DEFAULT_ZLIB environment variable is set (fixes CVE-2012-4929 #857051) - use __secure_getenv everywhere instead of getenv (#839735) - fix for CVE-2012-2333 - improper checking for record length in DTLS (#820686) - fix for CVE-2012-2110 - memory corruption in asn1_d2i_read_bio (#814185) - fix problem with the SGC restart patch that might terminate handshake incorrectly - fix for CVE-2012-0884 - MMA weakness in CMS and PKCS#7 code (#802725) - fix for CVE-2012-1165 - NULL read dereference on bad MIME headers (#802489) - fix for CVE-2011-4108 & CVE-2012-0050 - DTLS plaintext recovery vulnerability and additional DTLS fixes (#771770) - fix for CVE-2011-4109 - double free in policy checks (#771771) - fix for CVE-2011-4576 - uninitialized SSL 3.0 padding (#771775) - fix for CVE-2011-4619 - SGC restart DoS attack (#771780) - add known answer test for SHA2 algorithms (#740866) - make default private key length in certificate Makefile 2048 bits (can be changed with PRIVATE_KEY_BITS setting) (#745410) - fix incorrect return value in parse_yesno (#726593) - added DigiCert CA certificates to ca-bundle (#735819) - added a new section about error states to README.FIPS (#628976) - add missing DH_check_pub_key call when DH key is computed (#698175) - presort list of ciphers available in SSL (#688901) - accept connection in s_server even if getaddrinfo fails (#561260) - point to openssl dgst for list of supported digests (#608639) - fix handling of future TLS versions (#599112) - added VeriSign Class 3 Public Primary Certification Authority - G5 and StartCom Certification Authority certs to ca-bundle (#675671, #617856) - upstream fixes for the CHIL engine (#622003, #671484) - add SHA-2 hashes in SSL_library_init (#676384) - fix CVE-2010-4180 - completely disable code for SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG (#659462) - fix CVE-2009-3245 - add missing bn_wexpand return checks (#570924) - fix CVE-2010-0433 - do not pass NULL princ to krb5_kt_get_entry which in the RHEL-5 and newer versions will crash in such case (#569774) - fix CVE-2009-3555 - support the safe renegotiation extension and do not allow legacy renegotiation on the server by default (#533125) - fix CVE-2009-2409 - drop MD2 algorithm from EVP tables (#510197) - fix CVE-2009-4355 - do not leak memory when CRYPTO_cleanup_all_ex_data is called prematurely by application (#546707)
    last seen2020-06-01
    modified2020-06-02
    plugin id79531
    published2014-11-26
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79531
    titleOracleVM 2.2 : openssl (OVMSA-2014-0007)
  • NASL familyMisc.
    NASL idORACLE_E-BUSINESS_CPU_JUL_2014.NASL
    descriptionThe version of Oracle E-Business installed on the remote host is missing the July 2014 Critical Patch Update (CPU). It is, therefore, affected by vulnerabilities in the following components : - Oracle Applications Technology Stack - Oracle Concurrent Processing - Oracle Applications Manager - Oracle iStore - Oracle Applications Object Library
    last seen2020-06-01
    modified2020-06-02
    plugin id76596
    published2014-07-18
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76596
    titleOracle E-Business (July 2014 CPU)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2015-0743-1.NASL
    descriptionmariadb was updated to version 10.0.16 to fix 40 security issues. These security issues were fixed : - CVE-2015-0411: Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allowed remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Server : Security : Encryption (bnc#915911). - CVE-2015-0382: Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allowed remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0381 (bnc#915911). - CVE-2015-0381: Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allowed remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0382 (bnc#915911). - CVE-2015-0432: Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier allowed remote authenticated users to affect availability via vectors related to Server : InnoDB : DDL : Foreign Key (bnc#915911). - CVE-2014-6568: Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allowed remote authenticated users to affect availability via vectors related to Server : InnoDB : DML (bnc#915911). - CVE-2015-0374: Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allowed remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges : Foreign Key (bnc#915911). - CVE-2014-6507: Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allowed remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML (bnc#915912). - CVE-2014-6491: Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allowed remote attackers to affect confidentiality, integrity, and availability via vectors related to SERVER:SSL:yaSSL, a different vulnerability than CVE-2014-6500 (bnc#915912). - CVE-2014-6500: Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allowed remote attackers to affect confidentiality, integrity, and availability via vectors related to SERVER:SSL:yaSSL, a different vulnerability than CVE-2014-6491 (bnc#915912). - CVE-2014-6469: Unspecified vulnerability in Oracle MySQL Server 5.5.39 and eariler and 5.6.20 and earlier allowed remote authenticated users to affect availability via vectors related to SERVER:OPTIMIZER (bnc#915912). - CVE-2014-6555: Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allowed remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML (bnc#915912). - CVE-2014-6559: Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allowed remote attackers to affect confidentiality via vectors related to C API SSL CERTIFICATE HANDLING (bnc#915912). - CVE-2014-6494: Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allowed remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL, a different vulnerability than CVE-2014-6496 (bnc#915912). - CVE-2014-6496: Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allowed remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL, a different vulnerability than CVE-2014-6494 (bnc#915912). - CVE-2014-6464: Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allowed remote authenticated users to affect availability via vectors related to SERVER:INNODB DML FOREIGN KEYS (bnc#915912). - CVE-2010-5298: Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allowed remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment (bnc#873351). - CVE-2014-0195: The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h did not properly validate fragment lengths in DTLS ClientHello messages, which allowed remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment (bnc#880891). - CVE-2014-0198: The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, did not properly manage a buffer pointer during certain recursive calls, which allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition (bnc#876282). - CVE-2014-0221: The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allowed remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake (bnc#915913). - CVE-2014-0224: OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h did not properly restrict processing of ChangeCipherSpec messages, which allowed man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the
    last seen2020-06-01
    modified2020-06-02
    plugin id83716
    published2015-05-20
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/83716
    titleSUSE SLED12 / SLES12 Security Update : mariadb (SUSE-SU-2015:0743-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_LIBOPENSSL-DEVEL-140604.NASL
    descriptionOpenSSL was updated to fix several vulnerabilities : - SSL/TLS MITM vulnerability. (CVE-2014-0224) - DTLS recursion flaw. (CVE-2014-0221) - Anonymous ECDH denial of service. (CVE-2014-3470) Further information can be found at https://www.openssl.org/news/secadv/20140605.txt .
    last seen2020-06-05
    modified2014-06-06
    plugin id74352
    published2014-06-06
    reporterThis script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/74352
    titleSuSE 11.3 Security Update : OpenSSL (SAT Patch Number 9326)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2015-116.NASL
    descriptionvirtualbox was updated to version 4.2.28 to fix eight security issues. These security issues were fixed : - OpenSSL fixes for VirtualBox (CVE-2014-0224) - Unspecified vulnerability in the Oracle VM VirtualBox prior to 3.2.26, 4.0.28, 4.1.36, and 4.2.28 allows local users to affect availability via unknown vectors related to Core, a different vulnerability than CVE-2015-0418 (CVE-2015-0377, bnc#914447). - Unspecified vulnerability in the Oracle VM VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6588, CVE-2014-6589, CVE-2014-6590, and CVE-2015-0427 (CVE-2014-6595, bnc#914447). - Unspecified vulnerability in the Oracle VM VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6589, CVE-2014-6590, CVE-2014-6595, and CVE-2015-0427 (CVE-2014-6588, bnc#914447). - Unspecified vulnerability in the Oracle VM VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6588, CVE-2014-6590, CVE-2014-6595, and CVE-2015-0427 (CVE-2014-6589, bnc#914447). - Unspecified vulnerability in the Oracle VM VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6588, CVE-2014-6589, CVE-2014-6595, and CVE-2015-0427 (CVE-2014-6590, bnc#914447). - Unspecified vulnerability in the Oracle VM VirtualBox prior to 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6588, CVE-2014-6589, CVE-2014-6590, and CVE-2014-6595 (CVE-2015-0427, bnc#914447). - Unspecified vulnerability in the Oracle VM VirtualBox prior to 3.2.26, 4.0.28, 4.1.36, and 4.2.28 allows local users to affect availability via unknown vectors related to Core, a different vulnerability than CVE-2015-0377 (CVE-2015-0418, bnc#914447). For the full changelog please read https://www.virtualbox.org/wiki/Changelog-4.2
    last seen2020-06-05
    modified2015-02-09
    plugin id81242
    published2015-02-09
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81242
    titleopenSUSE Security Update : virtualbox (openSUSE-2015-116)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1546.NASL
    descriptionAccording to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.(CVE-2018-0495) - OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key.(CVE-2013-0166) - OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an
    last seen2020-06-01
    modified2020-06-02
    plugin id124999
    published2019-05-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124999
    titleEulerOS Virtualization 3.0.1.0 : openssl (EulerOS-SA-2019-1546)
  • NASL familyMisc.
    NASL idORACLE_SECURE_GLOBAL_DESKTOP_JUL_2014_CPU.NASL
    descriptionThe remote host has a version of Oracle Secure Global Desktop that is version 4.63, 4.71, 5.0 or 5.1. It is, therefore, affected by the following vulnerabilities : - Apache Tomcat does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request
    last seen2020-06-01
    modified2020-06-02
    plugin id76570
    published2014-07-17
    reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/76570
    titleOracle Secure Global Desktop Multiple Vulnerabilities (July 2014 CPU)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2014-9301.NASL
    descriptionMultiple moderate issues fixed. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2014-08-10
    plugin id77107
    published2014-08-10
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77107
    titleFedora 19 : openssl-1.0.1e-39.fc19 (2014-9301)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201407-05.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201407-05 (OpenSSL: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in OpenSSL. Please review the OpenSSL Security Advisory [05 Jun 2014] and the CVE identifiers referenced below for details. Impact : A remote attacker could send specially crafted DTLS fragments to an OpenSSL DTLS client or server to possibly execute arbitrary code with the privileges of the process using OpenSSL. Furthermore, an attacker could force the use of weak keying material in OpenSSL SSL/TLS clients and servers, inject data across sessions, or cause a Denial of Service via various vectors. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id76864
    published2014-07-28
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76864
    titleGLSA-201407-05 : OpenSSL: Multiple vulnerabilities
  • NASL familyWindows
    NASL idVMWARE_VCENTER_CONVERTER_2014-0006.NASL
    descriptionThe version of VMware vCenter Converter installed on the remote Windows host is version 5.1.x prior to 5.1.1 or 5.5.x prior to 5.5.2. It is, therefore, affected by multiple vulnerabilities in the bundled OpenSSL library : - An error exists in the function
    last seen2020-06-01
    modified2020-06-02
    plugin id76947
    published2014-07-31
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76947
    titleVMware vCenter Converter Multiple Vulnerabilities (VMSA-2014-0006)
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS11_WANBOOT_20141014.NASL
    descriptionThe remote Solaris system is missing necessary patches to address security updates : - OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the
    last seen2020-06-01
    modified2020-06-02
    plugin id80799
    published2015-01-19
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/80799
    titleOracle Solaris Third-Party Patch Update : wanboot (cve_2014_0224_cryptographic_issues)
  • NASL familyMisc.
    NASL idVMWARE_ESXI_5_0_BUILD_1918656_REMOTE.NASL
    descriptionThe remote VMware ESXi host is version 5.0 prior to build 1918656. It is, therefore, affected by the following vulnerabilities in the OpenSSL library : - An error exists in the function
    last seen2020-06-01
    modified2020-06-02
    plugin id76368
    published2014-07-04
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76368
    titleESXi 5.0 < Build 1918656 OpenSSL Library Multiple Vulnerabilities (remote check)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2232-4.NASL
    descriptionUSN-2232-1 fixed vulnerabilities in OpenSSL. One of the patch backports for Ubuntu 10.04 LTS caused a regression for certain applications. This update fixes the problem. We apologize for the inconvenience. Juri Aedla discovered that OpenSSL incorrectly handled invalid DTLS fragments. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. (CVE-2014-0195) Imre Rad discovered that OpenSSL incorrectly handled DTLS recursions. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2014-0221) KIKUCHI Masashi discovered that OpenSSL incorrectly handled certain handshakes. A remote attacker could use this flaw to perform a man-in-the-middle attack and possibly decrypt and modify traffic. (CVE-2014-0224) Felix Grobert and Ivan Fratric discovered that OpenSSL incorrectly handled anonymous ECDH ciphersuites. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. (CVE-2014-3470). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id77245
    published2014-08-19
    reporterUbuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77245
    titleUbuntu 10.04 LTS : openssl vulnerabilities (USN-2232-4)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2014-0626.NASL
    descriptionFrom Red Hat Security Advisory 2014:0626 : Updated openssl097a and openssl098e packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. (CVE-2014-0224) Note: In order to exploit this flaw, both the server and the client must be using a vulnerable version of OpenSSL; the server must be using OpenSSL version 1.0.1 and above, and the client must be using any version of OpenSSL. For more information about this flaw, refer to: https://access.redhat.com/site/articles/904433 Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter of this issue. All OpenSSL users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.
    last seen2020-06-01
    modified2020-06-02
    plugin id74345
    published2014-06-06
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74345
    titleOracle Linux 5 / 6 : openssl097a / openssl098e (ELSA-2014-0626)
  • NASL familyJunos Local Security Checks
    NASL idJUNIPER_SPACE_JSA10659.NASL
    descriptionAccording to its self-reported version number, the remote Junos Space version is prior to 14.1R1. It is, therefore, affected by multiple vulnerabilities in bundled third party software components : - Multiple vulnerabilities in the bundled OpenSSL CentOS package. (CVE-2011-4109, CVE-2011-4576, CVE-2011-4619, CVE-2012-0884, CVE-2012-2110, CVE-2012-2333, CVE-2013-0166, CVE-2013-0169, CVE-2014-0224) - Multiple vulnerabilities in Oracle MySQL. (CVE-2013-5908) - Multiple vulnerabilities in the Oracle Java runtime. (CVE-2014-0411, CVE-2014-0423, CVE-2014-4244, CVE-2014-0453, CVE-2014-0460, CVE-2014-4263, CVE-2014-4264)
    last seen2020-06-01
    modified2020-06-02
    plugin id80197
    published2014-12-22
    reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/80197
    titleJuniper Junos Space < 14.1R1 Multiple Vulnerabilities (JSA10659)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_COMPAT-OPENSSL097G-141202.NASL
    descriptionThe SLES 9 compatibility package compat-openssl097g received a roll up update fixing various security issues : - Build option no-ssl3 is incomplete. (CVE-2014-3568) - Add support for TLS_FALLBACK_SCSV. (CVE-2014-3566) - Information leak in pretty printing functions. (CVE-2014-3508) - OCSP bad key DoS attack. (CVE-2013-0166) - SSL/TLS CBC plaintext recovery attack. (CVE-2013-0169) - Anonymous ECDH denial of service. (CVE-2014-3470) - SSL/TLS MITM vulnerability (CVE-2014-0224)
    last seen2020-06-05
    modified2014-12-05
    plugin id79738
    published2014-12-05
    reporterThis script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/79738
    titleSuSE 11.3 Security Update : compat-openssl097g (SAT Patch Number 10033)
  • NASL familyCISCO
    NASL idCISCO-SA-20140605-OPENSSL-IOSXR.NASL
    descriptionThe remote Cisco device is running a version of IOS XR software that is affected by security bypass vulnerability in the bundled OpenSSL library due to an unspecified error that can allow an attacker to cause the usage of weak keying material, leading to simplified man-in-the-middle attacks.
    last seen2020-06-01
    modified2020-06-02
    plugin id88990
    published2016-02-26
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/88990
    titleCisco IOS XR OpenSSL Security Bypass (CSCup22654)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20140605_OPENSSL097A_AND_OPENSSL098E_ON_SL5_X.NASL
    descriptionIt was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. (CVE-2014-0224) Note: In order to exploit this flaw, both the server and the client must be using a vulnerable version of OpenSSL; the server must be using OpenSSL version 1.0.1 and above, and the client must be using any version of OpenSSL. For more information about this flaw, refer to : For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.
    last seen2020-03-18
    modified2014-06-06
    plugin id74349
    published2014-06-06
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74349
    titleScientific Linux Security Update : openssl097a and openssl098e on SL5.x, SL6.x i386/x86_64 (20140605)
  • NASL familyCISCO
    NASL idCISCO-SA-20140605-OPENSSL-IOSXE.NASL
    descriptionThe remote Cisco IOS XE device is missing a vendor-supplied security patch, and its web user interface is configured to use HTTPS. It is, therefore, affected by the following vulnerabilities in the bundled OpenSSL library : - An error exists in the ssl3_read_bytes() function that could allow data to be injected into other sessions or allow denial of service attacks. Note this issue is only exploitable if
    last seen2020-06-01
    modified2020-06-02
    plugin id88989
    published2016-02-26
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/88989
    titleCisco IOS XE Multiple OpenSSL Vulnerabilities (CSCup22487)
  • NASL familyCISCO
    NASL idCISCO_JABBER_CLIENT_CSCUP23913.NASL
    descriptionThe remote Windows host has a version of Cisco Jabber installed that is known to be affected by multiple OpenSSL related vulnerabilities : - An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA) that could allow nonce disclosure via the
    last seen2020-03-17
    modified2014-06-18
    plugin id76129
    published2014-06-18
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76129
    titleCisco Windows Jabber Client Multiple Vulnerabilities in OpenSSL (cisco-sa-20140605-openssl)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2014-17576.NASL
    description - Synced with native openssl-1.0.1j-3.fc22\r\n* Add support for RFC 5649\r\n* Prevent compiler warning
    last seen2020-03-17
    modified2015-01-02
    plugin id80319
    published2015-01-02
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/80319
    titleFedora 21 : mingw-openssl-1.0.1j-1.fc21 (2014-17576) (POODLE)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_FUSION_6_0_4.NASL
    descriptionThe version of VMware Fusion installed on the remote Mac OS X is version 5.x prior to 5.0.5 or 6.x prior to 6.0.4. It is, therefore, affected by the following vulnerabilities in the OpenSSL library : - An error exists in the function
    last seen2020-06-01
    modified2020-06-02
    plugin id76452
    published2014-07-10
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76452
    titleVMware Fusion < 5.0.5 / 6.0.4 OpenSSL Library Multiple Vulnerabilities
  • NASL familyWeb Servers
    NASL idOPENSSL_0_9_8ZA.NASL
    descriptionAccording to its banner, the remote web server uses a version of OpenSSL 0.9.8 prior to 0.9.8za. The OpenSSL library is, therefore, reportedly affected by the following vulnerabilities : - An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA) that could allow nonce disclosure via the
    last seen2020-06-01
    modified2020-06-02
    plugin id74363
    published2014-06-06
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74363
    titleOpenSSL 0.9.8 < 0.9.8za Multiple Vulnerabilities
  • NASL familyWindows
    NASL idLIBREOFFICE_423.NASL
    descriptionA version of LibreOffice 4.2.x prior to 4.2.3 is installed on the remote Windows host. This version of LibreOffice is bundled with a version of OpenSSL affected by multiple vulnerabilities : - An error exists in the function
    last seen2020-06-01
    modified2020-06-02
    plugin id76510
    published2014-07-15
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76510
    titleLibreOffice 4.2.x < 4.2.3 OpenSSL Multiple Vulnerabilities (Heartbleed)
  • NASL familyMisc.
    NASL idMCAFEE_EPO_SB10075.NASL
    descriptionThe remote host is running a version of McAfee ePolicy Orchestrator that is affected by multiple vulnerabilities due to flaws in the OpenSSL library : - An error exists in the function
    last seen2020-06-01
    modified2020-06-02
    plugin id76145
    published2014-06-19
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76145
    titleMcAfee ePolicy Orchestrator Multiple OpenSSL Vulnerabilities (SB10075)
  • NASL familyWindows
    NASL idHP_VERSION_CONTROL_REPO_MANAGER_HPSBMU03056.NASL
    descriptionThe version of HP Version Control Repository Manager installed on the remote host is prior to 7.3.4, and thus is affected by multiple vulnerabilities in the bundled version of OpenSSL : - An error exists in the function
    last seen2020-06-01
    modified2020-06-02
    plugin id76390
    published2014-07-07
    reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/76390
    titleHP Version Control Repository Manager Multiple Vulnerabilities (HPSBMU03056)
  • NASL familyWeb Servers
    NASL idOPENSSL_1_0_1H.NASL
    descriptionAccording to its banner, the remote web server uses a version of OpenSSL 1.0.1 prior to 1.0.1h. The OpenSSL library is, therefore, affected by the following vulnerabilities : - A race condition exists in the ssl3_read_bytes() function when SSL_MODE_RELEASE_BUFFERS is enabled. This allows a remote attacker to inject data across sessions or cause a denial of service. (CVE-2010-5298) - A buffer overflow error exists related to invalid DTLS fragment handling that can lead to execution of arbitrary code. Note this issue only affects OpenSSL when used as a DTLS client or server. (CVE-2014-0195) - An error exists in the do_ssl3_write() function that allows a NULL pointer to be dereferenced, resulting in a denial of service. Note that this issue is exploitable only if
    last seen2020-06-01
    modified2020-06-02
    plugin id74364
    published2014-06-06
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74364
    titleOpenSSL 1.0.1 < 1.0.1h Multiple Vulnerabilities
  • NASL familyWindows
    NASL idVMWARE_VCENTER_UPDATE_MGR_VMSA-2014-0006.NASL
    descriptionThe version of VMware vCenter Update Manager installed on the remote Windows host is 5.5 prior to Update 1b. It is, therefore, affected by the following vulnerabilities related to the bundled version of OpenSSL : - An error exists in the function
    last seen2020-06-01
    modified2020-06-02
    plugin id76356
    published2014-07-03
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76356
    titleVMware vCenter Update Manager Multiple Vulnerabilities (VMSA-2014-0006)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2014-0679.NASL
    descriptionUpdated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. (CVE-2014-0224) Note: In order to exploit this flaw, both the server and the client must be using a vulnerable version of OpenSSL; the server must be using OpenSSL version 1.0.1 and above, and the client must be using any version of OpenSSL. For more information about this flaw, refer to: https://access.redhat.com/site/articles/904433 A buffer overflow flaw was found in the way OpenSSL handled invalid DTLS packet fragments. A remote attacker could possibly use this flaw to execute arbitrary code on a DTLS client or server. (CVE-2014-0195) Multiple flaws were found in the way OpenSSL handled read and write buffers when the SSL_MODE_RELEASE_BUFFERS mode was enabled. A TLS/SSL client or server using OpenSSL could crash or unexpectedly drop connections when processing certain SSL traffic. (CVE-2010-5298, CVE-2014-0198) A denial of service flaw was found in the way OpenSSL handled certain DTLS ServerHello requests. A specially crafted DTLS handshake packet could cause a DTLS client using OpenSSL to crash. (CVE-2014-0221) A NULL pointer dereference flaw was found in the way OpenSSL performed anonymous Elliptic Curve Diffie Hellman (ECDH) key exchange. A specially crafted handshake packet could cause a TLS/SSL client that has the anonymous ECDH cipher suite enabled to crash. (CVE-2014-3470) Red Hat would like to thank the OpenSSL project for reporting these issues. Upstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter of CVE-2014-0224, Juri Aedla as the original reporter of CVE-2014-0195, Imre Rad of Search-Lab as the original reporter of CVE-2014-0221, and Felix Grobert and Ivan Fratric of Google as the original reporters of CVE-2014-3470. All OpenSSL users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.
    last seen2020-06-01
    modified2020-06-02
    plugin id76891
    published2014-07-30
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76891
    titleRHEL 7 : openssl (RHSA-2014:0679)
  • NASL familyMisc.
    NASL idVMWARE_VSPHERE_REPLICATION_VMSA_2014_0006.NASL
    descriptionThe VMware vSphere Replication installed on the remote host is version 5.5.x prior to 5.5.1.1, or else it is version 5.6.x. It is, therefore, affected by the following OpenSSL related vulnerabilities : - An error exists in the function
    last seen2020-06-01
    modified2020-06-02
    plugin id78024
    published2014-10-02
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78024
    titleVMware vSphere Replication Multiple OpenSSL Vulnerabilities (VMSA-2014-0006)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2014-106.NASL
    descriptionMultiple vulnerabilities has been discovered and corrected in openssl : The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment (CVE-2014-0195). The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake (CVE-2014-0221). OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the CCS Injection vulnerability (CVE-2014-0224). The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value (CVE-2014-3470). The updated packages have been upgraded to the 1.0.0m version where these security flaws has been fixed.
    last seen2020-06-01
    modified2020-06-02
    plugin id74415
    published2014-06-10
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74415
    titleMandriva Linux Security Advisory : openssl (MDVSA-2014:106)
  • NASL familyMisc.
    NASL idXEROX_XRX15AO_COLORQUBE.NASL
    descriptionAccording to its model number and software version, the remote host is a Xerox ColorQube device that is affected by multiple vulnerabilities : - An information disclosure vulnerability exists in the bundled version of OpenSSL due to a flaw in the implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA) that allows nonce disclosure via the
    last seen2020-06-01
    modified2020-06-02
    plugin id86710
    published2015-11-03
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/86710
    titleXerox ColorQube 8570 / 8870 Multiple Vulnerabilities (XRX15OA)
  • NASL familyDatabases
    NASL idMYSQL_5_6_20.NASL
    descriptionThe version of MySQL installed on the remote host is version 5.6.x prior to 5.6.20. It is, therefore, affected by errors in the following components : - CLIENT:MYSQLADMIN - CLIENT:MYSQLDUMP - SERVER:CHARACTER SETS - SERVER:DML - SERVER:MEMORY STORAGE ENGINE - SERVER:MyISAM - SERVER:PRIVILEGES AUTHENTICATION PLUGIN API - SERVER:REPLICATION ROW FORMAT BINARY LOG DML - SERVER:SSL:OpenSSL - SERVER:SSL:yaSSL
    last seen2020-06-01
    modified2020-06-02
    plugin id77670
    published2014-09-12
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77670
    titleMySQL 5.6.x < 5.6.20 Multiple Vulnerabilities (October 2014 CPU)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2015-062.NASL
    descriptionMultiple vulnerabilities has been discovered and corrected in openssl : Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment (CVE-2010-5298). The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack (CVE-2014-0076). The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug (CVE-2014-0160). The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment (CVE-2014-0195). The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition (CVE-2014-0198). The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake (CVE-2014-0221). OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the CCS Injection vulnerability (CVE-2014-0224). The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value (CVE-2014-3470). Memory leak in d1_srtp.c in the DTLS SRTP extension in OpenSSL 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted handshake message (CVE-2014-3513). The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the POODLE issue (CVE-2014-3566). Memory leak in the tls_decrypt_ticket function in t1_lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted session ticket that triggers an integrity-check failure (CVE-2014-3567). The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 0.9.8zc, 1.0.0o, and 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unexpected handshake, as demonstrated by an SSLv3 handshake to a no-ssl3 application with certain error handling. NOTE: this issue became relevant after the CVE-2014-3568 fix (CVE-2014-3569). The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c (CVE-2014-3570). OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DTLS message that is processed with a different read operation for the handshake header than for the handshake body, related to the dtls1_get_record function in d1_pkt.c and the ssl3_read_n function in s3_pkt.c (CVE-2014-3571). The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message (CVE-2014-3572). OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate
    last seen2020-06-01
    modified2020-06-02
    plugin id82315
    published2015-03-30
    reporterThis script is Copyright (C) 2015-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/82315
    titleMandriva Linux Security Advisory : openssl (MDVSA-2015:062)
  • NASL familyWeb Servers
    NASL idTOMCAT_7_0_55.NASL
    descriptionAccording to its self-reported version number, the Apache Tomcat service listening on the remote host is 7.0.x prior to 7.0.55. It is, therefore, affected by the following vulnerabilities : - A race condition exists in the ssl3_read_bytes() function when SSL_MODE_RELEASE_BUFFERS is enabled. This allows a remote attacker to inject data across sessions or cause a denial of service. (CVE-2010-5298) - A buffer overflow error exists related to invalid DTLS fragment handling that can lead to the execution of arbitrary code. Note that this issue only affects OpenSSL when used as a DTLS client or server. (CVE-2014-0195) - An error exists in the do_ssl3_write() function that allows a NULL pointer to be dereferenced, resulting in a denial of service. Note that this issue is exploitable only if
    last seen2020-03-18
    modified2014-09-02
    plugin id77475
    published2014-09-02
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77475
    titleApache Tomcat 7.0.x < 7.0.55 Multiple Vulnerabilities
  • NASL familyCISCO
    NASL idCISCO_TELEPRESENCE_SUPERVISOR_8050_MSE_CSCUP22635.NASL
    descriptionThe remote Cisco TelePresence device is running a software version known to be affected by multiple OpenSSL related vulnerabilities : - An unspecified error exists that could allow an attacker to cause usage of weak keying material leading to simplified man-in-the-middle attacks. (CVE-2014-0224) - An unspecified error exists related to anonymous ECDH ciphersuites that could allow denial of service attacks. Note this issue only affects OpenSSL TLS clients. (CVE-2014-3470)
    last seen2020-06-01
    modified2020-06-02
    plugin id76132
    published2014-06-18
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76132
    titleCisco TelePresence Supervisor MSE 8050 Multiple Vulnerabilities in OpenSSL
  • NASL familyWindows
    NASL idVMWARE_VCENTER_CHARGEBACK_MANAGER_2601.NASL
    descriptionThe version of vCenter Chargeback Manager installed on the remote host is 2.6.0. It is, therefore, affected by the following OpenSSL related vulnerabilities : - An error exists in the function
    last seen2020-06-01
    modified2020-06-02
    plugin id76426
    published2014-07-09
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76426
    titleVMware vCenter Chargeback Manager Multiple OpenSSL Vulnerabilities (VMSA-2014-0006)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2014-7102.NASL
    descriptionMajor security update fixing multiple issues. Some of these fixes are quite important. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2014-06-06
    plugin id74341
    published2014-06-06
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74341
    titleFedora 20 : openssl-1.0.1e-38.fc20 (2014-7102)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2014-0680.NASL
    descriptionUpdated openssl098e packages that fix one security issue are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. (CVE-2014-0224) Note: In order to exploit this flaw, both the server and the client must be using a vulnerable version of OpenSSL; the server must be using OpenSSL version 1.0.1 and above, and the client must be using any version of OpenSSL. For more information about this flaw, refer to: https://access.redhat.com/site/articles/904433 Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter of this issue. All OpenSSL users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.
    last seen2020-06-01
    modified2020-06-02
    plugin id76892
    published2014-07-30
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76892
    titleRHEL 7 : openssl098e (RHSA-2014:0680)
  • NASL familyCISCO
    NASL idCISCO-CSCUP22544-ACE.NASL
    descriptionThe remote device is running a software version known to be affected by an OpenSSL related vulnerability. The flaw could allow a MiTM attacker to decrypt or forge SSL messages by telling the service to begin encrypted communications before key material has been exchanged, which causes predictable keys to be used to secure future traffic.
    last seen2020-06-01
    modified2020-06-02
    plugin id76127
    published2014-06-18
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76127
    titleCisco ACE30 and ACE4710 OpenSSL 'ChangeCipherSpec' MiTM Vulnerability
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20140605_OPENSSL_ON_SL5_X.NASL
    descriptionIt was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. (CVE-2014-0224) Note: In order to exploit this flaw, both the server and the client must be using a vulnerable version of OpenSSL; the server must be using OpenSSL version 1.0.1 and above, and the client must be using any version of OpenSSL. For more information about this flaw, refer to : For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.
    last seen2020-03-18
    modified2014-06-12
    plugin id74487
    published2014-06-12
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74487
    titleScientific Linux Security Update : openssl on SL5.x i386/x86_64 (20140605)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2232-3.NASL
    descriptionUSN-2232-1 fixed vulnerabilities in OpenSSL. The upstream fix for CVE-2014-0224 caused a regression for certain applications that use renegotiation, such as PostgreSQL. This update fixes the problem. Juri Aedla discovered that OpenSSL incorrectly handled invalid DTLS fragments. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. (CVE-2014-0195) Imre Rad discovered that OpenSSL incorrectly handled DTLS recursions. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2014-0221) KIKUCHI Masashi discovered that OpenSSL incorrectly handled certain handshakes. A remote attacker could use this flaw to perform a man-in-the-middle attack and possibly decrypt and modify traffic. (CVE-2014-0224) Felix Grobert and Ivan Fratric discovered that OpenSSL incorrectly handled anonymous ECDH ciphersuites. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. (CVE-2014-3470). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id76199
    published2014-06-24
    reporterUbuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76199
    titleUbuntu 10.04 LTS / 12.04 LTS / 13.10 / 14.04 LTS : openssl regression (USN-2232-3)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2014-3040.NASL
    descriptionDescription of changes: [0.9.7a-43.18.0.2] - fix for CVE-2014-0224 - SSL/TLS MITM vulnerability
    last seen2020-06-01
    modified2020-06-02
    plugin id74484
    published2014-06-12
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74484
    titleOracle Linux 4 : openssl (ELSA-2014-3040)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2014-0039.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - add support for fallback SCSV to partially mitigate (CVE-2014-3566) (padding attack on SSL3) - fix CVE-2014-0221 - recursion in DTLS code leading to DoS - fix CVE-2014-3505 - doublefree in DTLS packet processing - fix CVE-2014-3506 - avoid memory exhaustion in DTLS - fix CVE-2014-3508 - fix OID handling to avoid information leak - fix CVE-2014-3510 - fix DoS in anonymous (EC)DH handling in DTLS - fix for CVE-2014-0224 - SSL/TLS MITM vulnerability - replace expired GlobalSign Root CA certificate in ca-bundle.crt
    last seen2020-06-01
    modified2020-06-02
    plugin id79554
    published2014-11-26
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79554
    titleOracleVM 3.2 : openssl (OVMSA-2014-0039) (POODLE)
  • NASL familyWeb Servers
    NASL idIBM_TEM_9_1_1117_0.NASL
    descriptionAccording to its self-reported version, the IBM Tivoli Endpoint Manager Server installed on the remote host uses a vulnerable OpenSSL library that contains a flaw in the processing of ChangeCipherSpec messages. The flaw allows an attacker to cause usage of weak keying material leading to simplified man-in-the-middle attacks.
    last seen2020-06-01
    modified2020-06-02
    plugin id79335
    published2014-11-19
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79335
    titleIBM Tivoli Endpoint Manager Server 9.1.x < 9.1.1117.0 OpenSSL Security Bypass

Redhat

advisories
  • bugzilla
    id1103586
    titleCVE-2014-0224 openssl: SSL/TLS MITM vulnerability
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 5 is installed
        ovaloval:com.redhat.rhba:tst:20070331005
      • OR
        • AND
          • commentopenssl-perl is earlier than 0:0.9.8e-27.el5_10.3
            ovaloval:com.redhat.rhsa:tst:20140624001
          • commentopenssl-perl is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070964006
        • AND
          • commentopenssl is earlier than 0:0.9.8e-27.el5_10.3
            ovaloval:com.redhat.rhsa:tst:20140624003
          • commentopenssl is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070964004
        • AND
          • commentopenssl-devel is earlier than 0:0.9.8e-27.el5_10.3
            ovaloval:com.redhat.rhsa:tst:20140624005
          • commentopenssl-devel is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070964002
    rhsa
    idRHSA-2014:0624
    released2014-06-05
    severityImportant
    titleRHSA-2014:0624: openssl security update (Important)
  • bugzilla
    id1103586
    titleCVE-2014-0224 openssl: SSL/TLS MITM vulnerability
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 5 is installed
        ovaloval:com.redhat.rhba:tst:20070331005
      • commentopenssl097a is earlier than 0:0.9.7a-12.el5_10.1
        ovaloval:com.redhat.rhsa:tst:20140626001
      • commentopenssl097a is signed with Red Hat redhatrelease key
        ovaloval:com.redhat.rhsa:tst:20090004011
    • AND
      • commentRed Hat Enterprise Linux 6 is installed
        ovaloval:com.redhat.rhba:tst:20111656003
      • commentopenssl098e is earlier than 0:0.9.8e-18.el6_5.2
        ovaloval:com.redhat.rhsa:tst:20140626004
      • commentopenssl098e is signed with Red Hat redhatrelease2 key
        ovaloval:com.redhat.rhsa:tst:20120518019
    rhsa
    idRHSA-2014:0626
    released2014-06-05
    severityImportant
    titleRHSA-2014:0626: openssl097a and openssl098e security update (Important)
  • bugzilla
    id1103586
    titleCVE-2014-0224 openssl: SSL/TLS MITM vulnerability
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 7 is installed
        ovaloval:com.redhat.rhba:tst:20150364027
      • commentopenssl098e is earlier than 0:0.9.8e-29.el7_0.2
        ovaloval:com.redhat.rhsa:tst:20140680001
      • commentopenssl098e is signed with Red Hat redhatrelease2 key
        ovaloval:com.redhat.rhsa:tst:20120518019
    rhsa
    idRHSA-2014:0680
    released2014-06-10
    severityImportant
    titleRHSA-2014:0680: openssl098e security update (Important)
  • rhsa
    idRHSA-2014:0627
  • rhsa
    idRHSA-2014:0630
  • rhsa
    idRHSA-2014:0631
  • rhsa
    idRHSA-2014:0632
  • rhsa
    idRHSA-2014:0633
rpms
  • openssl-0:0.9.8e-27.el5_10.3
  • openssl-debuginfo-0:0.9.8e-27.el5_10.3
  • openssl-devel-0:0.9.8e-27.el5_10.3
  • openssl-perl-0:0.9.8e-27.el5_10.3
  • openssl-0:1.0.1e-16.el6_5.14
  • openssl-debuginfo-0:1.0.1e-16.el6_5.14
  • openssl-devel-0:1.0.1e-16.el6_5.14
  • openssl-perl-0:1.0.1e-16.el6_5.14
  • openssl-static-0:1.0.1e-16.el6_5.14
  • openssl097a-0:0.9.7a-12.el5_10.1
  • openssl097a-debuginfo-0:0.9.7a-12.el5_10.1
  • openssl098e-0:0.9.8e-18.el6_5.2
  • openssl098e-debuginfo-0:0.9.8e-18.el6_5.2
  • openssl-0:0.9.7a-43.22.el4
  • openssl-0:0.9.8e-12.el5_6.12
  • openssl-0:0.9.8e-26.el5_9.4
  • openssl-0:1.0.0-20.el6_2.7
  • openssl-0:1.0.0-25.el6_3.3
  • openssl-0:1.0.0-27.el6_4.4
  • openssl-debuginfo-0:0.9.7a-43.22.el4
  • openssl-debuginfo-0:0.9.8e-12.el5_6.12
  • openssl-debuginfo-0:0.9.8e-26.el5_9.4
  • openssl-debuginfo-0:1.0.0-20.el6_2.7
  • openssl-debuginfo-0:1.0.0-25.el6_3.3
  • openssl-debuginfo-0:1.0.0-27.el6_4.4
  • openssl-devel-0:0.9.7a-43.22.el4
  • openssl-devel-0:0.9.8e-12.el5_6.12
  • openssl-devel-0:0.9.8e-26.el5_9.4
  • openssl-devel-0:1.0.0-20.el6_2.7
  • openssl-devel-0:1.0.0-25.el6_3.3
  • openssl-devel-0:1.0.0-27.el6_4.4
  • openssl-perl-0:0.9.7a-43.22.el4
  • openssl-perl-0:0.9.8e-12.el5_6.12
  • openssl-perl-0:0.9.8e-26.el5_9.4
  • openssl-perl-0:1.0.0-20.el6_2.7
  • openssl-perl-0:1.0.0-25.el6_3.3
  • openssl-perl-0:1.0.0-27.el6_4.4
  • openssl-static-0:1.0.0-20.el6_2.7
  • openssl-static-0:1.0.0-25.el6_3.3
  • openssl-static-0:1.0.0-27.el6_4.4
  • openssl-0:1.0.1e-16.el6_5.14
  • openssl-debuginfo-0:1.0.1e-16.el6_5.14
  • openssl-devel-0:1.0.1e-16.el6_5.14
  • openssl-perl-0:1.0.1e-16.el6_5.14
  • openssl-static-0:1.0.1e-16.el6_5.14
  • rhev-hypervisor6-0:6.5-20140603.1.el6ev
  • openssl-1:1.0.1e-34.el7_0.3
  • openssl-debuginfo-1:1.0.1e-34.el7_0.3
  • openssl-devel-1:1.0.1e-34.el7_0.3
  • openssl-libs-1:1.0.1e-34.el7_0.3
  • openssl-perl-1:1.0.1e-34.el7_0.3
  • openssl-static-1:1.0.1e-34.el7_0.3
  • openssl098e-0:0.9.8e-29.el7_0.2
  • openssl098e-debuginfo-0:0.9.8e-29.el7_0.2

Seebug

bulletinFamilyexploit
descriptionOpenSSL is an open-source SSL implementation, used to implement the network communication of high-strength encryption, it is now widely used in various network applications. OpenSSL 0.9.8 za, 1.0.0 m, 1.0.1 h prior version, does not properly handle ChangeCipherSpec messages, which allows the middle attack in certain OpenSSL-to-OpenSSL communications within the use of a zero-length master key, and then use a specially crafted TLS handshake to hijack a session and gain sensitive information. OpenSSL TLS heartbeat read remote information disclosure Vulnerability (CVE-2014-0160) http://www.linuxidc.com/Linux/2014-04/99741.htm OpenSSL serious bug allows an attacker to read 64k of memory, and Debian half an hour to fix http://www.linuxidc.com/Linux/2014-04/99737.htm OpenSSL “heartbleed” security vulnerability http://www.linuxidc.com/Linux/2014-04/99706.htm By OpenSSL to provide FTP+SSL/TLS authentication functions, and to achieve secure data transmission http://www.linuxidc.com/Linux/2013-05/84986.htm * Source: KIKUCHI Masashi
idSSV:92577
last seen2017-11-19
modified2016-12-20
published2016-12-20
reporterRoot
titleOpenSSL SSL/TLS MITM Vulnerability (CVE-2014-0224)

The Hacker News

References