Vulnerabilities > CVE-2015-0206 - Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Openssl

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
openssl
CWE-119
nessus

Summary

Memory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate records for the next epoch, leading to failure of replay detection.

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
  • Client-side Injection-induced Buffer Overflow
    This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
  • Filter Failure through Buffer Overflow
    In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
  • MIME Conversion
    An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2015-0512.NASL
    descriptionNew upstream release fixing multiple low and moderate impact security issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2015-01-13
    plugin id80464
    published2015-01-13
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/80464
    titleFedora 21 : openssl-1.0.1k-1.fc21 (2015-0512)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2015-0512.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(80464);
      script_version("1.11");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2014-3570", "CVE-2014-3571", "CVE-2015-0205", "CVE-2015-0206");
      script_bugtraq_id(71937, 71939, 71940, 71941);
      script_xref(name:"FEDORA", value:"2015-0512");
    
      script_name(english:"Fedora 21 : openssl-1.0.1k-1.fc21 (2015-0512)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "New upstream release fixing multiple low and moderate impact security
    issues.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1180234"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1180235"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1180239"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1180240"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2015-January/147938.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?1ac229eb"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected openssl package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:openssl");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:21");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2015/01/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/01/13");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^21([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 21.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC21", reference:"openssl-1.0.1k-1.fc21")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openssl");
    }
    
  • NASL familyWindows
    NASL idCISCO_ANYCONNECT_3_1_7021.NASL
    descriptionThe remote host has a version of Cisco AnyConnect Secure Mobility Client installed that is prior to 3.1.7021.0, or else it is a version equal or prior to 4.0.0048.0. It is, therefore, affected by multiple vulnerabilities in the OpenSSL library : - The BIGNUM squaring (BN_sqr) implementation does not properly calculate the square of a BIGNUM value. This allows remote attackers to defeat cryptographic protection mechanisms. (CVE-2014-3570) - A NULL pointer dereference flaw exists with dtls1_get_record when handling DTLS messages. A remote attacker, using a specially crafted DTLS message, can cause a denial of service. (CVE-2014-3571) - A flaw exists when accepting non-DER variations of certificate signature algorithms and signature encodings due to a lack of enforcement of matches between signed and unsigned portions. A remote attacker, by including crafted data within a certificate
    last seen2020-06-01
    modified2020-06-02
    plugin id82270
    published2015-03-26
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/82270
    titleCisco AnyConnect Secure Mobility Client < 3.1(7021) / <= 4.0(48) Multiple Vulnerabilities (FREAK)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(82270);
      script_version("1.8");
      script_cvs_date("Date: 2019/11/22");
    
      script_cve_id(
        "CVE-2014-3570",
        "CVE-2014-3571",
        "CVE-2014-8275",
        "CVE-2015-0204",
        "CVE-2015-0206"
      );
      script_bugtraq_id(
        71935,
        71936,
        71937,
        71939,
        71940
      );
      script_xref(name:"CERT", value:"243585");
      script_xref(name:"CISCO-BUG-ID", value:"CSCus42726");
    
      script_name(english:"Cisco AnyConnect Secure Mobility Client < 3.1(7021) / <= 4.0(48) Multiple Vulnerabilities (FREAK)");
      script_summary(english:"Checks the version of the Cisco AnyConnect client.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote host is affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The remote host has a version of Cisco AnyConnect Secure Mobility
    Client installed that is prior to 3.1.7021.0, or else it is a version
    equal or prior to 4.0.0048.0. It is, therefore, affected by multiple
    vulnerabilities in the OpenSSL library :
    
      - The BIGNUM squaring (BN_sqr) implementation does not
        properly calculate the square of a BIGNUM value. This
        allows remote attackers to defeat cryptographic
        protection mechanisms. (CVE-2014-3570)
    
      - A NULL pointer dereference flaw exists with
        dtls1_get_record when handling DTLS messages. A remote
        attacker, using a specially crafted DTLS message, can
        cause a denial of service. (CVE-2014-3571)
    
      - A flaw exists when accepting non-DER variations of
        certificate signature algorithms and signature encodings
        due to a lack of enforcement of matches between signed
        and unsigned portions. A remote attacker, by including
        crafted data within a certificate's unsigned portion,
        can bypass fingerprint-based certificate-blacklist
        protection mechanisms. (CVE-2014-8275)
    
      - A security feature bypass vulnerability, known as FREAK
        (Factoring attack on RSA-EXPORT Keys), exists due to the
        support of weak EXPORT_RSA cipher suites with keys less
        than or equal to 512 bits. A man-in-the-middle attacker
        may be able to downgrade the SSL/TLS connection to use
        EXPORT_RSA cipher suites which can be factored in a
        short amount of time, allowing the attacker to intercept
        and decrypt the traffic. (CVE-2015-0204)
    
      - A memory leak occurs in dtls1_buffer_record
        when handling a saturation of DTLS records containing
        the same number sequence but for the next epoch. This
        allows a remote attacker to cause a denial of service.
        (CVE-2015-0206)");
      # http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?bd646a4f");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Cisco AnyConnect Secure Mobility Client 3.1(7021) or
    later, or refer to the vendor.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-8275");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_set_attribute(attribute:"in_the_news", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2015/01/05");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/03/12");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/26");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:cisco:anyconnect_secure_mobility_client");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("cisco_anyconnect_vpn_installed.nasl");
      script_require_keys("installed_sw/Cisco AnyConnect Secure Mobility Client", "SMB/Registry/Enumerated");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("install_func.inc");
    
    get_kb_item_or_exit("SMB/Registry/Enumerated");
    
    app_name = "Cisco AnyConnect Secure Mobility Client";
    
    install = get_single_install(app_name:app_name, exit_if_unknown_ver:TRUE);
    path = install['path'];
    ver  = install['version'];
    
    fix_display = NULL;
    
    if (ver =~ "^[0-3]\." && ver_compare(ver:ver, fix:"3.1.7021.0", strict:FALSE) == -1)
      fix_display = '3.1.7021 (3.1(7021))';
    else if (ver =~ "^4\." && ver_compare(ver:ver, fix:"4.0.48.0", strict:FALSE) <= 0)
      fix_display = 'Refer to the vendor for a fix.';
    
    if (isnull(fix_display))
      audit(AUDIT_INST_PATH_NOT_VULN, app_name, ver, path);
    
    port = get_kb_item('SMB/transport');
    if (!port) port = 445;
    
    if (report_verbosity > 0)
    {
      report +=
        '\n  Path              : ' + path +
        '\n  Installed version : ' + ver +
        '\n  Fixed version     : ' + fix_display +
        '\n';
      security_warning(port:port, extra:report);
    }
    else security_warning(port);
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2015-0066.NASL
    descriptionFrom Red Hat Security Advisory 2015:0066 : Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL), Transport Layer Security (TLS), and Datagram Transport Layer Security (DTLS) protocols, as well as a full-strength, general purpose cryptography library. A NULL pointer dereference flaw was found in the DTLS implementation of OpenSSL. A remote attacker could send a specially crafted DTLS message, which would cause an OpenSSL server to crash. (CVE-2014-3571) A memory leak flaw was found in the way the dtls1_buffer_record() function of OpenSSL parsed certain DTLS messages. A remote attacker could send multiple specially crafted DTLS messages to exhaust all available memory of a DTLS server. (CVE-2015-0206) It was found that OpenSSL
    last seen2020-06-01
    modified2020-06-02
    plugin id80877
    published2015-01-21
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/80877
    titleOracle Linux 6 / 7 : openssl (ELSA-2015-0066) (FREAK)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2015:0066 and 
    # Oracle Linux Security Advisory ELSA-2015-0066 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(80877);
      script_version("1.19");
      script_cvs_date("Date: 2019/09/27 13:00:35");
    
      script_cve_id("CVE-2014-3570", "CVE-2014-3571", "CVE-2014-3572", "CVE-2014-8275", "CVE-2015-0204", "CVE-2015-0205", "CVE-2015-0206");
      script_bugtraq_id(71935, 71936, 71937, 71939, 71940, 71941, 71942);
      script_xref(name:"RHSA", value:"2015:0066");
    
      script_name(english:"Oracle Linux 6 / 7 : openssl (ELSA-2015-0066) (FREAK)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "From Red Hat Security Advisory 2015:0066 :
    
    Updated openssl packages that fix multiple security issues are now
    available for Red Hat Enterprise Linux 6 and 7.
    
    Red Hat Product Security has rated this update as having Moderate
    security impact. Common Vulnerability Scoring System (CVSS) base
    scores, which give detailed severity ratings, are available for each
    vulnerability from the CVE links in the References section.
    
    OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),
    Transport Layer Security (TLS), and Datagram Transport Layer Security
    (DTLS) protocols, as well as a full-strength, general purpose
    cryptography library.
    
    A NULL pointer dereference flaw was found in the DTLS implementation
    of OpenSSL. A remote attacker could send a specially crafted DTLS
    message, which would cause an OpenSSL server to crash. (CVE-2014-3571)
    
    A memory leak flaw was found in the way the dtls1_buffer_record()
    function of OpenSSL parsed certain DTLS messages. A remote attacker
    could send multiple specially crafted DTLS messages to exhaust all
    available memory of a DTLS server. (CVE-2015-0206)
    
    It was found that OpenSSL's BigNumber Squaring implementation could
    produce incorrect results under certain special conditions. This flaw
    could possibly affect certain OpenSSL library functionality, such as
    RSA blinding. Note that this issue occurred rarely and with a low
    probability, and there is currently no known way of exploiting it.
    (CVE-2014-3570)
    
    It was discovered that OpenSSL would perform an ECDH key exchange with
    a non-ephemeral key even when the ephemeral ECDH cipher suite was
    selected. A malicious server could make a TLS/SSL client using OpenSSL
    use a weaker key exchange method than the one requested by the user.
    (CVE-2014-3572)
    
    It was discovered that OpenSSL would accept ephemeral RSA keys when
    using non-export RSA cipher suites. A malicious server could make a
    TLS/SSL client using OpenSSL use a weaker key exchange method.
    (CVE-2015-0204)
    
    Multiple flaws were found in the way OpenSSL parsed X.509
    certificates. An attacker could use these flaws to modify an X.509
    certificate to produce a certificate with a different fingerprint
    without invalidating its signature, and possibly bypass
    fingerprint-based blacklisting in applications. (CVE-2014-8275)
    
    It was found that an OpenSSL server would, under certain conditions,
    accept Diffie-Hellman client certificates without the use of a private
    key. An attacker could use a user's client certificate to authenticate
    as that user, without needing the private key. (CVE-2015-0205)
    
    All OpenSSL users are advised to upgrade to these updated packages,
    which contain a backported patch to mitigate the above issues. For the
    update to take effect, all services linked to the OpenSSL library
    (such as httpd and other SSL-enabled services) must be restarted or
    the system rebooted."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2015-January/004793.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2015-January/004795.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected openssl packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:openssl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:openssl-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:openssl-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:openssl-perl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:openssl-static");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2015/01/08");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/01/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/01/21");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(6|7)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 6 / 7", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    
    flag = 0;
    if (rpm_check(release:"EL6", reference:"openssl-1.0.1e-30.el6_6.5")) flag++;
    if (rpm_check(release:"EL6", reference:"openssl-devel-1.0.1e-30.el6_6.5")) flag++;
    if (rpm_check(release:"EL6", reference:"openssl-perl-1.0.1e-30.el6_6.5")) flag++;
    if (rpm_check(release:"EL6", reference:"openssl-static-1.0.1e-30.el6_6.5")) flag++;
    
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"openssl-1.0.1e-34.el7_0.7")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"openssl-devel-1.0.1e-34.el7_0.7")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"openssl-libs-1.0.1e-34.el7_0.7")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"openssl-perl-1.0.1e-34.el7_0.7")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"openssl-static-1.0.1e-34.el7_0.7")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openssl / openssl-devel / openssl-libs / openssl-perl / etc");
    }
    
  • NASL familyFirewalls
    NASL idMCAFEE_FIREWALL_ENTERPRISE_SB10102.NASL
    descriptionThe remote host has a version of McAfee Firewall Enterprise installed that is affected by multiple vulnerabilities in the OpenSSL library : - A NULL pointer dereference flaw exists when the SSLv3 option isn
    last seen2020-06-01
    modified2020-06-02
    plugin id81815
    published2015-03-13
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81815
    titleMcAfee Firewall Enterprise OpenSSL Multiple Vulnerabilities (SB10102) (FREAK)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_F9C388C5A25611E4992A7B2A515A1247.NASL
    descriptionOpenSSL Security Advisory : A memory leak can occur in the dtls1_buffer_record function under certain conditions. In particular this could occur if an attacker sent repeated DTLS records with the same sequence number but for the next epoch. The memory leak could be exploited by an attacker in a Denial of Service attack through memory exhaustion.
    last seen2020-06-01
    modified2020-06-02
    plugin id80925
    published2015-01-23
    reporterThis script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/80925
    titleFreeBSD : LibreSSL -- DTLS vulnerability (f9c388c5-a256-11e4-992a-7b2a515a1247)
  • NASL familyWeb Servers
    NASL idHPSMH_7_5.NASL
    descriptionAccording to the web server
    last seen2020-06-01
    modified2020-06-02
    plugin id84923
    published2015-07-22
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/84923
    titleHP System Management Homepage 7.3.x / 7.4.x < 7.5.0 Multiple Vulnerabilities (FREAK)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2459-1.NASL
    descriptionPieter Wuille discovered that OpenSSL incorrectly handled Bignum squaring. (CVE-2014-3570) Markus Stenberg discovered that OpenSSL incorrectly handled certain crafted DTLS messages. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2014-3571) Karthikeyan Bhargavan discovered that OpenSSL incorrectly handled certain handshakes. A remote attacker could possibly use this issue to downgrade to ECDH, removing forward secrecy from the ciphersuite. (CVE-2014-3572) Antti Karjalainen, Tuomo Untinen and Konrad Kraszewski discovered that OpenSSL incorrectly handled certain certificate fingerprints. A remote attacker could possibly use this issue to trick certain applications that rely on the uniqueness of fingerprints. (CVE-2014-8275) Karthikeyan Bhargavan discovered that OpenSSL incorrectly handled certain key exchanges. A remote attacker could possibly use this issue to downgrade the security of the session to EXPORT_RSA. (CVE-2015-0204) Karthikeyan Bhargavan discovered that OpenSSL incorrectly handled client authentication. A remote attacker could possibly use this issue to authenticate without the use of a private key in certain limited scenarios. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2015-0205) Chris Mueller discovered that OpenSSL incorrect handled memory when processing DTLS records. A remote attacker could use this issue to cause OpenSSL to consume resources, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2015-0206). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id80471
    published2015-01-13
    reporterUbuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/80471
    titleUbuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : openssl vulnerabilities (USN-2459-1) (FREAK)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_CISCO_ANYCONNECT_3_1_7021.NASL
    descriptionThe remote Mac OS X host has a version of Cisco AnyConnect Secure Mobility Client installed that is prior to 3.1.7021.0, or else it is a version equal or prior to 4.0.0048.0. It is, therefore, affected by multiple vulnerabilities in the OpenSSL library : - The BIGNUM squaring (BN_sqr) implementation does not properly calculate the square of a BIGNUM value. This allows remote attackers to defeat cryptographic protection mechanisms. (CVE-2014-3570) - A NULL pointer dereference flaw exists with dtls1_get_record when handling DTLS messages. A remote attacker, using a specially crafted DTLS message, can cause a denial of service. (CVE-2014-3571) - A flaw exists when accepting non-DER variations of certificate signature algorithms and signature encodings due to a lack of enforcement of matches between signed and unsigned portions. A remote attacker, by including crafted data within a certificate
    last seen2020-06-01
    modified2020-06-02
    plugin id82271
    published2015-03-26
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/82271
    titleMac OS X : Cisco AnyConnect Secure Mobility Client < 3.1(7021) <= 4.0(48) Multiple Vulnerabilities (FREAK)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2015-009-01.NASL
    descriptionNew openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id80443
    published2015-01-12
    reporterThis script is Copyright (C) 2015 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/80443
    titleSlackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : openssl (SSA:2015-009-01) (FREAK)
  • NASL familyWeb Servers
    NASL idOPENSSL_1_0_0P.NASL
    descriptionAccording to its banner, the remote web server uses a version of OpenSSL 1.0.0 prior to 1.0.0p. The OpenSSL library is, therefore, affected by the following vulnerabilities : - A NULL pointer dereference flaw exists when the SSLv3 option isn
    last seen2020-06-01
    modified2020-06-02
    plugin id80567
    published2015-01-16
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/80567
    titleOpenSSL 1.0.0 < 1.0.0p Multiple Vulnerabilities (FREAK)
  • NASL familyWeb Servers
    NASL idTOMCAT_6_0_44.NASL
    descriptionAccording to its self-reported version number, the Apache Tomcat service listening on the remote host is 6.0.x prior to 6.0.44. It is, therefore, affected by multiple vulnerabilities : - An error exists due to a failure to limit the size of discarded requests. A remote attacker can exploit this to exhaust available memory resources, resulting in a denial of service condition. (CVE-2014-0230) - A NULL pointer dereference flaw exists when the SSLv3 option isn
    last seen2020-04-30
    modified2015-05-15
    plugin id83490
    published2015-05-15
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/83490
    titleApache Tomcat 6.0.x < 6.0.44 Multiple Vulnerabilities (FREAK)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2015-0005.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - fix CVE-2014-3570 - incorrect computation in BN_sqr - fix CVE-2014-3571 - possible crash in dtls1_get_record - fix CVE-2014-3572 - possible downgrade of ECDH ciphersuite to non-PFS state - fix CVE-2014-8275 - various certificate fingerprint issues - fix CVE-2015-0204 - remove support for RSA ephemeral keys for non-export ciphersuites and on server - fix CVE-2015-0205 - do not allow unauthenticated client DH certificate - fix CVE-2015-0206 - possible memory leak when buffering DTLS records - use FIPS approved method for computation of d in RSA
    last seen2020-06-01
    modified2020-06-02
    plugin id80929
    published2015-01-23
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/80929
    titleOracleVM 3.3 : openssl (OVMSA-2015-0005) (FREAK)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3125.NASL
    descriptionMultiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues : - CVE-2014-3569 Frank Schmirler reported that the ssl23_get_client_hello function in OpenSSL does not properly handle attempts to use unsupported protocols. When OpenSSL is built with the no-ssl3 option and a SSL v3 ClientHello is received, the ssl method would be set to NULL which could later result in a NULL pointer dereference and daemon crash. - CVE-2014-3570 Pieter Wuille of Blockstream reported that the bignum squaring (BN_sqr) may produce incorrect results on some platforms, which might make it easier for remote attackers to defeat cryptographic protection mechanisms. - CVE-2014-3571 Markus Stenberg of Cisco Systems, Inc. reported that a carefully crafted DTLS message can cause a segmentation fault in OpenSSL due to a NULL pointer dereference. A remote attacker could use this flaw to mount a denial of service attack. - CVE-2014-3572 Karthikeyan Bhargavan of the PROSECCO team at INRIA reported that an OpenSSL client would accept a handshake using an ephemeral ECDH ciphersuite if the server key exchange message is omitted. This allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy. - CVE-2014-8275 Antti Karjalainen and Tuomo Untinen of the Codenomicon CROSS project and Konrad Kraszewski of Google reported various certificate fingerprint issues, which allow remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism. - CVE-2015-0204 Karthikeyan Bhargavan of the PROSECCO team at INRIA reported that an OpenSSL client will accept the use of an ephemeral RSA key in a non-export RSA key exchange ciphersuite, violating the TLS standard. This allows remote SSL servers to downgrade the security of the session. - CVE-2015-0205 Karthikeyan Bhargavan of the PROSECCO team at INRIA reported that an OpenSSL server will accept a DH certificate for client authentication without the certificate verify message. This flaw effectively allows a client to authenticate without the use of a private key via crafted TLS handshake protocol traffic to a server that recognizes a certification authority with DH support. - CVE-2015-0206 Chris Mueller discovered a memory leak in the dtls1_buffer_record function. A remote attacker could exploit this flaw to mount a denial of service through memory exhaustion by repeatedly sending specially crafted DTLS records.
    last seen2020-03-17
    modified2015-01-12
    plugin id80446
    published2015-01-12
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/80446
    titleDebian DSA-3125-1 : openssl - security update (FREAK)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2015-019.NASL
    descriptionMultiple vulnerabilities has been discovered and corrected in openssl : A carefully crafted DTLS message can cause a segmentation fault in OpenSSL due to a NULL pointer dereference. This could lead to a Denial Of Service attack (CVE-2014-3571). A memory leak can occur in the dtls1_buffer_record function under certain conditions. In particular this could occur if an attacker sent repeated DTLS records with the same sequence number but for the next epoch. The memory leak could be exploited by an attacker in a Denial of Service attack through memory exhaustion (CVE-2015-0206). When openssl is built with the no-ssl3 option and a SSL v3 ClientHello is received the ssl method would be set to NULL which could later result in a NULL pointer dereference (CVE-2014-3569). An OpenSSL client will accept a handshake using an ephemeral ECDH ciphersuite using an ECDSA certificate if the server key exchange message is omitted. This effectively removes forward secrecy from the ciphersuite (CVE-2014-3572). An OpenSSL client will accept the use of an RSA temporary key in a non-export RSA key exchange ciphersuite. A server could present a weak temporary key and downgrade the security of the session (CVE-2015-0204). An OpenSSL server will accept a DH certificate for client authentication without the certificate verify message. This effectively allows a client to authenticate without the use of a private key. This only affects servers which trust a client certificate authority which issues certificates containing DH keys: these are extremely rare and hardly ever encountered (CVE-2015-0205). OpenSSL accepts several non-DER-variations of certificate signature algorithm and signature encodings. OpenSSL also does not enforce a match between the signature algorithm between the signed and unsigned portions of the certificate. By modifying the contents of the signature algorithm or the encoding of the signature, it is possible to change the certificate
    last seen2020-06-01
    modified2020-06-02
    plugin id80456
    published2015-01-12
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/80456
    titleMandriva Linux Security Advisory : openssl (MDVSA-2015:019)
  • NASL familyWeb Servers
    NASL idHPSMH_7_2_6.NASL
    descriptionAccording to the web server
    last seen2020-06-01
    modified2020-06-02
    plugin id90251
    published2016-03-29
    reporterThis script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/90251
    titleHP System Management Homepage < 7.2.6 Multiple Vulnerabilities (FREAK)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2015-0946-1.NASL
    descriptionMySQL was updated to version 5.5.43 to fix several security and non security issues : CVEs fixed: CVE-2014-3569, CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0205, CVE-2015-0206, CVE-2015-0405, CVE-2015-0423, CVE-2015-0433, CVE-2015-0438, CVE-2015-0439, CVE-2015-0441, CVE-2015-0498, CVE-2015-0499, CVE-2015-0500, CVE-2015-0501, CVE-2015-0503, CVE-2015-0505, CVE-2015-0506, CVE-2015-0507, CVE-2015-0508, CVE-2015-0511, CVE-2015-2566, CVE-2015-2567, CVE-2015-2568, CVE-2015-2571, CVE-2015-2573, CVE-2015-2576. Fix integer overflow in regcomp (Henry Spencer
    last seen2020-06-01
    modified2020-06-02
    plugin id83860
    published2015-05-27
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/83860
    titleSUSE SLED11 / SLES11 Security Update : MySQL (SUSE-SU-2015:0946-1) (FREAK)
  • NASL familyWeb Servers
    NASL idTOMCAT_7_0_60.NASL
    descriptionAccording to its self-reported version number, the Apache Tomcat service listening on the remote host is 7.0.x prior to 7.0.60. It is, therefore, affected by the following vulnerabilities : - A NULL pointer dereference flaw exists when the SSLv3 option isn
    last seen2020-06-01
    modified2020-06-02
    plugin id83526
    published2015-05-19
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/83526
    titleApache Tomcat 7.0.x < 7.0.60 Multiple Vulnerabilities (FREAK)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2015-0066.NASL
    descriptionUpdated OpenSSL packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL), Transport Layer Security (TLS), and Datagram Transport Layer Security (DTLS) protocols, as well as a full-strength, general purpose cryptography library. - A NULL pointer dereference flaw was found in the DTLS implementation of OpenSSL. A remote attacker could send a specially crafted DTLS message, which would cause an OpenSSL server to crash. (CVE-2014-3571) - A memory leak flaw was found in the way the dtls1_buffer_record() function of OpenSSL parsed certain DTLS messages. A remote attacker could send multiple specially crafted DTLS messages to exhaust all available memory of a DTLS server. (CVE-2015-0206) - It was found that OpenSSL
    last seen2020-06-01
    modified2020-06-02
    plugin id80867
    published2015-01-21
    reporterThis script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/80867
    titleCentOS 6 / 7 : openssl (CESA-2015:0066)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2015-0601.NASL
    descriptionMultiple low and moderate impact security issues fixed. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2015-01-21
    plugin id80874
    published2015-01-21
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/80874
    titleFedora 20 : openssl-1.0.1e-41.fc20 (2015-0601)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2015-469.NASL
    descriptionOpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DTLS message that is processed with a different read operation for the handshake header than for the handshake body, related to the dtls1_get_record function in d1_pkt.c and the ssl3_read_n function in s3_pkt.c. The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c. The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message. The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 0.9.8zc, 1.0.0o, and 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unexpected handshake, as demonstrated by an SSLv3 handshake to a no-ssl3 application with certain error handling. NOTE: this issue became relevant after the CVE-2014-3568 fix. OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate
    last seen2020-06-01
    modified2020-06-02
    plugin id80461
    published2015-01-13
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/80461
    titleAmazon Linux AMI : openssl (ALAS-2015-469) (FREAK)
  • NASL familyWindows
    NASL idHP_VERSION_CONTROL_REPO_MANAGER_7_5_0_0.NASL
    descriptionThe version of HP Version Control Repository Manager (VCRM) installed on the remote Windows host is prior to 7.5.0. It is, therefore, affected by multiple vulnerabilities : - A NULL pointer dereference flaw exists when the SSLv3 option isn
    last seen2020-06-01
    modified2020-06-02
    plugin id85802
    published2015-09-04
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/85802
    titleHP Version Control Repository Manager < 7.5.0 Multiple Vulnerabilities (HPSBMU03396) (FREAK)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20150121_OPENSSL_ON_SL6_X.NASL
    descriptionA NULL pointer dereference flaw was found in the DTLS implementation of OpenSSL. A remote attacker could send a specially crafted DTLS message, which would cause an OpenSSL server to crash. (CVE-2014-3571) A memory leak flaw was found in the way the dtls1_buffer_record() function of OpenSSL parsed certain DTLS messages. A remote attacker could send multiple specially crafted DTLS messages to exhaust all available memory of a DTLS server. (CVE-2015-0206) It was found that OpenSSL
    last seen2020-03-18
    modified2015-01-22
    plugin id80905
    published2015-01-22
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/80905
    titleScientific Linux Security Update : openssl on SL6.x, SL7.x i386/x86_64 (20150121) (FREAK)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2015-0066.NASL
    descriptionUpdated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL), Transport Layer Security (TLS), and Datagram Transport Layer Security (DTLS) protocols, as well as a full-strength, general purpose cryptography library. A NULL pointer dereference flaw was found in the DTLS implementation of OpenSSL. A remote attacker could send a specially crafted DTLS message, which would cause an OpenSSL server to crash. (CVE-2014-3571) A memory leak flaw was found in the way the dtls1_buffer_record() function of OpenSSL parsed certain DTLS messages. A remote attacker could send multiple specially crafted DTLS messages to exhaust all available memory of a DTLS server. (CVE-2015-0206) It was found that OpenSSL
    last seen2020-06-01
    modified2020-06-02
    plugin id80879
    published2015-01-21
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/80879
    titleRHEL 6 / 7 : openssl (RHSA-2015:0066) (FREAK)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_4E536C14979111E4977DD050992ECDE8.NASL
    descriptionOpenSSL project reports : DTLS segmentation fault in dtls1_get_record (CVE-2014-3571) DTLS memory leak in dtls1_buffer_record (CVE-2015-0206) no-ssl3 configuration sets method to NULL (CVE-2014-3569) ECDHE silently downgrades to ECDH [Client] (CVE-2014-3572) RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204) DH client certificates accepted without verification [Server] (CVE-2015-0205) Certificate fingerprints can be modified (CVE-2014-8275) Bignum squaring may produce incorrect results (CVE-2014-3570)
    last seen2020-06-01
    modified2020-06-02
    plugin id80424
    published2015-01-09
    reporterThis script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/80424
    titleFreeBSD : OpenSSL -- multiple vulnerabilities (4e536c14-9791-11e4-977d-d050992ecde8) (FREAK)
  • NASL familyWeb Servers
    NASL idTOMCAT_8_0_21.NASL
    descriptionAccording to its self-reported version number, the Apache Tomcat server listening on the remote host is 8.0.x prior to 8.0.21. It is, therefore, affected by the following vulnerabilities : - A NULL pointer dereference flaw exists when the SSLv3 option isn
    last seen2020-03-18
    modified2015-05-19
    plugin id83527
    published2015-05-19
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/83527
    titleApache Tomcat 8.0.x < 8.0.21 Multiple Vulnerabilities (FREAK)
  • NASL familyCISCO
    NASL idCISCO-SA-20150310-SSL-NXOS.NASL
    descriptionThe remote Cisco device is running a version of NX-OS software that is affected by multiple vulnerabilities in its bundled OpenSSL library: - A NULL pointer dereference flaw exists when the SSLv3 option isn
    last seen2020-06-01
    modified2020-06-02
    plugin id83528
    published2015-05-19
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/83528
    titleCisco NX-OS OpenSSL Multiple Vulnerabilities (cisco-sa-20150310-ssl) (FREAK)
  • NASL familyMisc.
    NASL idHP_VERSION_CONTROL_REPO_MANAGER_7_5_0_NIX.NASL
    descriptionThe version of HP Version Control Repository Manager (VCRM) installed on the remote Linux host is prior to 7.5.0. It is, therefore, affected by multiple vulnerabilities : - A NULL pointer dereference flaw exists when the SSLv3 option isn
    last seen2020-06-01
    modified2020-06-02
    plugin id85803
    published2015-09-04
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/85803
    titleHP Version Control Repository Manager for Linux < 7.5.0 Multiple Vulnerabilities (HPSBMU03396) (FREAK)
  • NASL familyAIX Local Security Checks
    NASL idAIX_OPENSSL_ADVISORY12.NASL
    descriptionThe version of OpenSSL installed on the remote AIX host is affected by the following vulnerabilities : - The BIGNUM squaring (BN_sqr) implementation does not properly calculate the square of a BIGNUM value. This allows remote attackers to defeat cryptographic protection mechanisms. (CVE-2014-3570) - A NULL pointer dereference flaw exists in the dtls1_get_record() function when handling DTLS messages. A remote attacker, using a specially crafted DTLS message, can cause a denial of service. (CVE-2014-3571) - A flaw exists with ECDH handshakes when using an ECDSA certificate without a ServerKeyExchange message. This allows a remote attacker to trigger a loss of forward secrecy from the ciphersuite. (CVE-2014-3572) - A flaw exists when accepting non-DER variations of certificate signature algorithms and signature encodings due to a lack of enforcement of matches between signed and unsigned portions. A remote attacker, by including crafted data within a certificate
    last seen2020-06-01
    modified2020-06-02
    plugin id81406
    published2015-02-18
    reporterThis script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81406
    titleAIX OpenSSL Advisory : openssl_advisory12.asc (FREAK)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2015-67.NASL
    descriptionopenssl was updated to 1.0.1k to fix various security issues and bugs. More information can be found in the openssl advisory: http://openssl.org/news/secadv/20150108.txt Following issues were fixed : - CVE-2014-3570 (bsc#912296): Bignum squaring (BN_sqr) may have produced incorrect results on some platforms, including x86_64. - CVE-2014-3571 (bsc#912294): Fixed crash in dtls1_get_record whilst in the listen state where you get two separate reads performed - one for the header and one for the body of the handshake record. - CVE-2014-3572 (bsc#912015): Don
    last seen2020-06-05
    modified2015-01-26
    plugin id80991
    published2015-01-26
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/80991
    titleopenSUSE Security Update : openssl (openSUSE-SU-2015:0130-1) (FREAK)
  • NASL familyWeb Servers
    NASL idOPENSSL_1_0_1K.NASL
    descriptionAccording to its banner, the remote web server uses a version of OpenSSL 1.0.1 prior to 1.0.1k. The OpenSSL library is, therefore, affected by the following vulnerabilities : - A NULL pointer dereference flaw exists when the SSLv3 option isn
    last seen2020-06-01
    modified2020-06-02
    plugin id80568
    published2015-01-16
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/80568
    titleOpenSSL 1.0.1 < 1.0.1k Multiple Vulnerabilities (FREAK)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2015-507.NASL
    descriptionlibressl was updated to version 2.2.1 to fix 16 security issues. LibreSSL is a fork of OpenSSL. Because of that CVEs affecting OpenSSL often also affect LibreSSL. These security issues were fixed : - CVE-2014-3570: The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k did not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c (bsc#912296). - CVE-2014-3572: The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allowed remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message (bsc#912015). - CVE-2015-1792: The do_free_upto function in crypto/cms/cms_smime.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allowed remote attackers to cause a denial of service (infinite loop) via vectors that trigger a NULL value of a BIO data structure, as demonstrated by an unrecognized X.660 OID for a hash function (bsc#934493). - CVE-2014-8275: OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k did not enforce certain constraints on certificate data, which allowed remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate
    last seen2020-06-05
    modified2015-07-27
    plugin id84998
    published2015-07-27
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/84998
    titleopenSUSE Security Update : libressl (openSUSE-2015-507) (Logjam)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2015-062.NASL
    descriptionMultiple vulnerabilities has been discovered and corrected in openssl : Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment (CVE-2010-5298). The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack (CVE-2014-0076). The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug (CVE-2014-0160). The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment (CVE-2014-0195). The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition (CVE-2014-0198). The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake (CVE-2014-0221). OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the CCS Injection vulnerability (CVE-2014-0224). The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value (CVE-2014-3470). Memory leak in d1_srtp.c in the DTLS SRTP extension in OpenSSL 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted handshake message (CVE-2014-3513). The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the POODLE issue (CVE-2014-3566). Memory leak in the tls_decrypt_ticket function in t1_lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted session ticket that triggers an integrity-check failure (CVE-2014-3567). The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 0.9.8zc, 1.0.0o, and 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unexpected handshake, as demonstrated by an SSLv3 handshake to a no-ssl3 application with certain error handling. NOTE: this issue became relevant after the CVE-2014-3568 fix (CVE-2014-3569). The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c (CVE-2014-3570). OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DTLS message that is processed with a different read operation for the handshake header than for the handshake body, related to the dtls1_get_record function in d1_pkt.c and the ssl3_read_n function in s3_pkt.c (CVE-2014-3571). The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message (CVE-2014-3572). OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate
    last seen2020-06-01
    modified2020-06-02
    plugin id82315
    published2015-03-30
    reporterThis script is Copyright (C) 2015-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/82315
    titleMandriva Linux Security Advisory : openssl (MDVSA-2015:062)

Redhat

advisories
bugzilla
id1180240
titleCVE-2014-3570 openssl: Bignum squaring may produce incorrect results
oval
OR
  • commentRed Hat Enterprise Linux must be installed
    ovaloval:com.redhat.rhba:tst:20070304026
  • AND
    • commentRed Hat Enterprise Linux 6 is installed
      ovaloval:com.redhat.rhba:tst:20111656003
    • OR
      • AND
        • commentopenssl-static is earlier than 0:1.0.1e-30.el6_6.5
          ovaloval:com.redhat.rhsa:tst:20150066001
        • commentopenssl-static is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20171929006
      • AND
        • commentopenssl-perl is earlier than 0:1.0.1e-30.el6_6.5
          ovaloval:com.redhat.rhsa:tst:20150066003
        • commentopenssl-perl is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20171929004
      • AND
        • commentopenssl-devel is earlier than 0:1.0.1e-30.el6_6.5
          ovaloval:com.redhat.rhsa:tst:20150066005
        • commentopenssl-devel is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20171929002
      • AND
        • commentopenssl is earlier than 0:1.0.1e-30.el6_6.5
          ovaloval:com.redhat.rhsa:tst:20150066007
        • commentopenssl is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20171929008
  • AND
    • commentRed Hat Enterprise Linux 7 is installed
      ovaloval:com.redhat.rhba:tst:20150364027
    • OR
      • AND
        • commentopenssl-perl is earlier than 1:1.0.1e-34.el7_0.7
          ovaloval:com.redhat.rhsa:tst:20150066010
        • commentopenssl-perl is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20171929004
      • AND
        • commentopenssl-static is earlier than 1:1.0.1e-34.el7_0.7
          ovaloval:com.redhat.rhsa:tst:20150066011
        • commentopenssl-static is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20171929006
      • AND
        • commentopenssl-devel is earlier than 1:1.0.1e-34.el7_0.7
          ovaloval:com.redhat.rhsa:tst:20150066012
        • commentopenssl-devel is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20171929002
      • AND
        • commentopenssl is earlier than 1:1.0.1e-34.el7_0.7
          ovaloval:com.redhat.rhsa:tst:20150066013
        • commentopenssl is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20171929008
      • AND
        • commentopenssl-libs is earlier than 1:1.0.1e-34.el7_0.7
          ovaloval:com.redhat.rhsa:tst:20150066014
        • commentopenssl-libs is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20171929010
rhsa
idRHSA-2015:0066
released2015-01-21
severityModerate
titleRHSA-2015:0066: openssl security update (Moderate)
rpms
  • openssl-0:1.0.1e-30.el6_6.5
  • openssl-1:1.0.1e-34.el7_0.7
  • openssl-debuginfo-0:1.0.1e-30.el6_6.5
  • openssl-debuginfo-1:1.0.1e-34.el7_0.7
  • openssl-devel-0:1.0.1e-30.el6_6.5
  • openssl-devel-1:1.0.1e-34.el7_0.7
  • openssl-libs-1:1.0.1e-34.el7_0.7
  • openssl-perl-0:1.0.1e-30.el6_6.5
  • openssl-perl-1:1.0.1e-34.el7_0.7
  • openssl-static-0:1.0.1e-30.el6_6.5
  • openssl-static-1:1.0.1e-34.el7_0.7

References