Vulnerabilities > CVE-2015-1789 - Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
openssl
oracle
CWE-119
nessus

Summary

The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIME data, as demonstrated by an attack against a server that supports client authentication with a custom verification callback.

Vulnerable Configurations

Part Description Count
Application
Openssl
150
Application
Oracle
1

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
  • Client-side Injection-induced Buffer Overflow
    This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
  • Filter Failure through Buffer Overflow
    In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
  • MIME Conversion
    An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.

Nessus

  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-294.NASL
    descriptionThis update for libopenssl0_9_8 fixes the following issues : - CVE-2016-0800 aka the
    last seen2020-06-05
    modified2016-03-04
    plugin id89651
    published2016-03-04
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/89651
    titleopenSUSE Security Update : libopenssl0_9_8 (openSUSE-2016-294) (DROWN) (FREAK) (POODLE)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2016-294.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(89651);
      script_version("1.20");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2013-0166", "CVE-2013-0169", "CVE-2014-0076", "CVE-2014-0195", "CVE-2014-0221", "CVE-2014-0224", "CVE-2014-3470", "CVE-2014-3505", "CVE-2014-3506", "CVE-2014-3507", "CVE-2014-3508", "CVE-2014-3510", "CVE-2014-3566", "CVE-2014-3567", "CVE-2014-3568", "CVE-2014-3569", "CVE-2014-3570", "CVE-2014-3571", "CVE-2014-3572", "CVE-2014-8275", "CVE-2015-0204", "CVE-2015-0209", "CVE-2015-0286", "CVE-2015-0287", "CVE-2015-0288", "CVE-2015-0289", "CVE-2015-0293", "CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-3195", "CVE-2015-3197", "CVE-2016-0797", "CVE-2016-0799", "CVE-2016-0800");
    
      script_name(english:"openSUSE Security Update : libopenssl0_9_8 (openSUSE-2016-294) (DROWN) (FREAK) (POODLE)");
      script_summary(english:"Check for the openSUSE-2016-294 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for libopenssl0_9_8 fixes the following issues :
    
      - CVE-2016-0800 aka the 'DROWN' attack (bsc#968046):
        OpenSSL was vulnerable to a cross-protocol attack that
        could lead to decryption of TLS sessions by using a
        server supporting SSLv2 and EXPORT cipher suites as a
        Bleichenbacher RSA padding oracle.
    
        This update changes the openssl library to :
    
      - Disable SSLv2 protocol support by default.
    
        This can be overridden by setting the environment
        variable 'OPENSSL_ALLOW_SSL2' or by using
        SSL_CTX_clear_options using the SSL_OP_NO_SSLv2 flag.
    
        Note that various services and clients had already
        disabled SSL protocol 2 by default previously.
    
      - Disable all weak EXPORT ciphers by default. These can be
        reenabled if required by old legacy software using the
        environment variable 'OPENSSL_ALLOW_EXPORT'.
    
      - CVE-2016-0797 (bnc#968048): The BN_hex2bn() and
        BN_dec2bn() functions had a bug that could result in an
        attempt to de-reference a NULL pointer leading to
        crashes. This could have security consequences if these
        functions were ever called by user applications with
        large untrusted hex/decimal data. Also, internal usage
        of these functions in OpenSSL uses data from config
        files or application command line arguments. If user
        developed applications generated config file data based
        on untrusted data, then this could have had security
        consequences as well.
    
      - CVE-2016-0799 (bnc#968374) On many 64 bit systems, the
        internal fmtstr() and doapr_outch() functions could
        miscalculate the length of a string and attempt to
        access out-of-bounds memory locations. These problems
        could have enabled attacks where large amounts of
        untrusted data is passed to the BIO_*printf functions.
        If applications use these functions in this way then
        they could have been vulnerable. OpenSSL itself uses
        these functions when printing out human-readable dumps
        of ASN.1 data. Therefore applications that print this
        data could have been vulnerable if the data is from
        untrusted sources. OpenSSL command line applications
        could also have been vulnerable when they print out
        ASN.1 data, or if untrusted data is passed as command
        line arguments. Libssl is not considered directly
        vulnerable.
    
      - The package was updated to 0.9.8zh :
    
      - fixes many security vulnerabilities (not separately
        listed): CVE-2015-3195, CVE-2015-1788, CVE-2015-1789,
        CVE-2015-1790, CVE-2015-1792, CVE-2015-1791,
        CVE-2015-0286, CVE-2015-0287, CVE-2015-0289,
        CVE-2015-0293, CVE-2015-0209, CVE-2015-0288,
        CVE-2014-3571, CVE-2014-3569, CVE-2014-3572,
        CVE-2015-0204, CVE-2014-8275, CVE-2014-3570,
        CVE-2014-3567, CVE-2014-3568, CVE-2014-3566,
        CVE-2014-3510, CVE-2014-3507, CVE-2014-3506,
        CVE-2014-3505, CVE-2014-3508, CVE-2014-0224,
        CVE-2014-0221, CVE-2014-0195, CVE-2014-3470,
        CVE-2014-0076, CVE-2013-0169, CVE-2013-0166
    
      - avoid running OPENSSL_config twice. This avoids breaking
        engine loading. (boo#952871, boo#967787)
    
      - fix CVE-2015-3197 (boo#963415)
    
      - SSLv2 doesn't block disabled ciphers"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=952871"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=963415"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=967787"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=968046"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=968048"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=968374"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected libopenssl0_9_8 packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libopenssl0_9_8");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libopenssl0_9_8-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libopenssl0_9_8-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libopenssl0_9_8-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libopenssl0_9_8-debugsource");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.2");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2016/03/03");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/03/04");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE13\.2|SUSE42\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.2 / 42.1", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE13.2", reference:"libopenssl0_9_8-0.9.8zh-9.3.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"libopenssl0_9_8-debuginfo-0.9.8zh-9.3.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"libopenssl0_9_8-debugsource-0.9.8zh-9.3.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libopenssl0_9_8-32bit-0.9.8zh-9.3.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libopenssl0_9_8-debuginfo-32bit-0.9.8zh-9.3.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"libopenssl0_9_8-0.9.8zh-14.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"libopenssl0_9_8-debuginfo-0.9.8zh-14.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"libopenssl0_9_8-debugsource-0.9.8zh-14.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"libopenssl0_9_8-32bit-0.9.8zh-14.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"libopenssl0_9_8-debuginfo-32bit-0.9.8zh-14.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libopenssl0_9_8 / libopenssl0_9_8-32bit / libopenssl0_9_8-debuginfo / etc");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2015-1150-1.NASL
    descriptionThis update fixes the following security issues : - CVE-2015-4000 (boo#931698) - The Logjam Attack / weakdh.org - reject connections with DH parameters shorter than 1024 bits - generates 2048-bit DH parameters by default - CVE-2015-1788 (boo#934487) - Malformed ECParameters causes infinite loop - CVE-2015-1789 (boo#934489) - Exploitable out-of-bounds read in X509_cmp_time - CVE-2015-1790 (boo#934491) - PKCS7 crash with missing EnvelopedContent - CVE-2015-1792 (boo#934493) - CMS verify infinite loop with unknown hash function - CVE-2015-1791 (boo#933911) - race condition in NewSessionTicket - CVE-2015-3216 (boo#933898) - Crash in ssleay_rand_bytes due to locking regression - modified openssl-1.0.1i-fipslocking.patch - fix timing side channel in RSA decryption (bnc#929678) - add ECC ciphersuites to DEFAULT (bnc#879179) - Disable EXPORT ciphers by default (bnc#931698, comment #3) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id84442
    published2015-06-29
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84442
    titleSUSE SLED12 / SLES12 Security Update : compat-openssl098 (SUSE-SU-2015:1150-1) (Logjam)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2015:1150-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(84442);
      script_version("2.17");
      script_cvs_date("Date: 2019/09/11 11:22:12");
    
      script_cve_id("CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-3216", "CVE-2015-4000");
      script_bugtraq_id(74733, 75154, 75156, 75157, 75158, 75161, 75219);
    
      script_name(english:"SUSE SLED12 / SLES12 Security Update : compat-openssl098 (SUSE-SU-2015:1150-1) (Logjam)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update fixes the following security issues :
    
      - CVE-2015-4000 (boo#931698)
    
      - The Logjam Attack / weakdh.org
    
      - reject connections with DH parameters shorter than 1024
        bits
    
      - generates 2048-bit DH parameters by default
    
      - CVE-2015-1788 (boo#934487)
    
      - Malformed ECParameters causes infinite loop
    
      - CVE-2015-1789 (boo#934489)
    
      - Exploitable out-of-bounds read in X509_cmp_time
    
      - CVE-2015-1790 (boo#934491)
    
      - PKCS7 crash with missing EnvelopedContent
    
      - CVE-2015-1792 (boo#934493)
    
      - CMS verify infinite loop with unknown hash function
    
      - CVE-2015-1791 (boo#933911)
    
      - race condition in NewSessionTicket
    
      - CVE-2015-3216 (boo#933898)
    
      - Crash in ssleay_rand_bytes due to locking regression
    
      - modified openssl-1.0.1i-fipslocking.patch
    
      - fix timing side channel in RSA decryption (bnc#929678)
    
      - add ECC ciphersuites to DEFAULT (bnc#879179)
    
      - Disable EXPORT ciphers by default (bnc#931698, comment
        #3)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=879179"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=929678"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=931698"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=933898"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=933911"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=934487"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=934489"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=934491"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=934493"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-1788/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-1789/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-1790/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-1791/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-1792/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-3216/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-4000/"
      );
      # https://www.suse.com/support/update/announcement/2015/suse-su-20151150-1.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?4eea51db"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Module for Legacy Software 12 :
    
    zypper in -t patch SUSE-SLE-Module-Legacy-12-2015-285=1
    
    SUSE Linux Enterprise Desktop 12 :
    
    zypper in -t patch SUSE-SLE-DESKTOP-12-2015-285=1
    
    To bring your system up-to-date, use 'zypper patch'."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:compat-openssl098-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libopenssl0_9_8");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libopenssl0_9_8-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2015/05/21");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/06/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/06/29");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP0", os_ver + " SP" + sp);
    if (os_ver == "SLED12" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP0", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"0", reference:"compat-openssl098-debugsource-0.9.8j-78.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"libopenssl0_9_8-0.9.8j-78.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"libopenssl0_9_8-32bit-0.9.8j-78.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"libopenssl0_9_8-debuginfo-0.9.8j-78.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"libopenssl0_9_8-debuginfo-32bit-0.9.8j-78.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"compat-openssl098-debugsource-0.9.8j-78.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libopenssl0_9_8-0.9.8j-78.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libopenssl0_9_8-32bit-0.9.8j-78.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libopenssl0_9_8-debuginfo-0.9.8j-78.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libopenssl0_9_8-debuginfo-32bit-0.9.8j-78.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "compat-openssl098");
    }
    
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2015-550.NASL
    descriptionLOGJAM: A flaw was found in the way the TLS protocol composes the Diffie-Hellman exchange (for both export and non-export grade cipher suites). An attacker could use this flaw to downgrade a DHE connection to use export-grade key sizes, which could then be broken by sufficient pre-computation. This can lead to a passive man-in-the-middle attack in which the attacker is able to decrypt all traffic. (CVE-2015-4000) An out-of-bounds read flaw was found in the X509_cmp_time() function of OpenSSL, which is used to test the expiry dates of SSL/TLS certificates. An attacker could possibly use a specially crafted SSL/TLS certificate or CRL (Certificate Revocation List), which when parsed by an application would cause that application to crash. (CVE-2015-1789) A NULL pointer dereference was found in the way OpenSSL handled certain PKCS#7 inputs. An attacker able to make an application using OpenSSL verify, decrypt, or parse a specially crafted PKCS#7 input could cause that application to crash. TLS/SSL clients and servers using OpenSSL were not affected by this flaw. (CVE-2015-1790) A race condition was found in the session handling code of OpenSSL. An attacker could cause a multi-threaded SSL/TLS server to crash. (CVE-2015-1791) A denial of service flaw was found in OpenSSL in the way it verified certain signed messages using CMS (Cryptographic Message Syntax). A remote attacker could cause an application using OpenSSL to use excessive amounts of memory by sending a specially crafted message for verification. (CVE-2015-1792) An invalid-free flaw was found in the way OpenSSL handled certain DTLS handshake messages. A malicious DTLS client or server could send a specially crafted message to the peer, which could cause the application to crash or potentially cause arbitrary code execution. (CVE-2014-8176) A regression was found in the ssleay_rand_bytes() function. This could lead a multi-threaded application to crash. (CVE-2015-3216)
    last seen2020-06-01
    modified2020-06-02
    plugin id84251
    published2015-06-18
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/84251
    titleAmazon Linux AMI : openssl (ALAS-2015-550) (Logjam)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Amazon Linux AMI Security Advisory ALAS-2015-550.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(84251);
      script_version("2.7");
      script_cvs_date("Date: 2018/04/18 15:09:35");
    
      script_cve_id("CVE-2014-8176", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-3216", "CVE-2015-4000");
      script_xref(name:"ALAS", value:"2015-550");
    
      script_name(english:"Amazon Linux AMI : openssl (ALAS-2015-550) (Logjam)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Amazon Linux AMI host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "LOGJAM: A flaw was found in the way the TLS protocol composes the
    Diffie-Hellman exchange (for both export and non-export grade cipher
    suites). An attacker could use this flaw to downgrade a DHE connection
    to use export-grade key sizes, which could then be broken by
    sufficient pre-computation. This can lead to a passive
    man-in-the-middle attack in which the attacker is able to decrypt all
    traffic. (CVE-2015-4000)
    
    An out-of-bounds read flaw was found in the X509_cmp_time() function
    of OpenSSL, which is used to test the expiry dates of SSL/TLS
    certificates. An attacker could possibly use a specially crafted
    SSL/TLS certificate or CRL (Certificate Revocation List), which when
    parsed by an application would cause that application to crash.
    (CVE-2015-1789)
    
    A NULL pointer dereference was found in the way OpenSSL handled
    certain PKCS#7 inputs. An attacker able to make an application using
    OpenSSL verify, decrypt, or parse a specially crafted PKCS#7 input
    could cause that application to crash. TLS/SSL clients and servers
    using OpenSSL were not affected by this flaw. (CVE-2015-1790)
    
    A race condition was found in the session handling code of OpenSSL. An
    attacker could cause a multi-threaded SSL/TLS server to crash.
    (CVE-2015-1791)
    
    A denial of service flaw was found in OpenSSL in the way it verified
    certain signed messages using CMS (Cryptographic Message Syntax). A
    remote attacker could cause an application using OpenSSL to use
    excessive amounts of memory by sending a specially crafted message for
    verification. (CVE-2015-1792)
    
    An invalid-free flaw was found in the way OpenSSL handled certain DTLS
    handshake messages. A malicious DTLS client or server could send a
    specially crafted message to the peer, which could cause the
    application to crash or potentially cause arbitrary code execution.
    (CVE-2014-8176)
    
    A regression was found in the ssleay_rand_bytes() function. This could
    lead a multi-threaded application to crash. (CVE-2015-3216)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://alas.aws.amazon.com/ALAS-2015-550.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Run 'yum update openssl' to update your system."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:openssl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:openssl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:openssl-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:openssl-perl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:openssl-static");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2015/06/16");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/06/18");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.");
      script_family(english:"Amazon Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/AmazonLinux/release");
    if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
    os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
    os_ver = os_ver[1];
    if (os_ver != "A")
    {
      if (os_ver == 'A') os_ver = 'AMI';
      audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
    }
    
    if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (rpm_check(release:"ALA", reference:"openssl-1.0.1k-10.86.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"openssl-debuginfo-1.0.1k-10.86.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"openssl-devel-1.0.1k-10.86.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"openssl-perl-1.0.1k-10.86.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"openssl-static-1.0.1k-10.86.amzn1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openssl / openssl-debuginfo / openssl-devel / openssl-perl / etc");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2015-1143-1.NASL
    descriptionThis update of openssl fixes the following security issues : - CVE-2015-4000 (bsc#931698) - The Logjam Attack / weakdh.org - reject connections with DH parameters shorter than 1024 bits - generates 2048-bit DH parameters by default - CVE-2015-1788 (bsc#934487) - Malformed ECParameters causes infinite loop - CVE-2015-1789 (bsc#934489) - Exploitable out-of-bounds read in X509_cmp_time - CVE-2015-1790 (bsc#934491) - PKCS7 crash with missing EnvelopedContent - CVE-2015-1792 (bsc#934493) - CMS verify infinite loop with unknown hash function - CVE-2015-1791 (bsc#933911) - race condition in NewSessionTicket - CVE-2015-3216 (bsc#933898) - Crash in ssleay_rand_bytes due to locking regression - fix a timing side channel in RSA decryption (bnc#929678) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id84426
    published2015-06-26
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84426
    titleSUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2015:1143-1) (Logjam)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2015:1143-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(84426);
      script_version("2.16");
      script_cvs_date("Date: 2019/09/11 11:22:12");
    
      script_cve_id("CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-3216", "CVE-2015-4000");
      script_bugtraq_id(74733, 75154, 75156, 75157, 75158, 75161, 75219);
    
      script_name(english:"SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2015:1143-1) (Logjam)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update of openssl fixes the following security issues :
    
      - CVE-2015-4000 (bsc#931698)
    
      - The Logjam Attack / weakdh.org
    
      - reject connections with DH parameters shorter than 1024
        bits
    
      - generates 2048-bit DH parameters by default
    
      - CVE-2015-1788 (bsc#934487)
    
      - Malformed ECParameters causes infinite loop
    
      - CVE-2015-1789 (bsc#934489)
    
      - Exploitable out-of-bounds read in X509_cmp_time
    
      - CVE-2015-1790 (bsc#934491)
    
      - PKCS7 crash with missing EnvelopedContent
    
      - CVE-2015-1792 (bsc#934493)
    
      - CMS verify infinite loop with unknown hash function
    
      - CVE-2015-1791 (bsc#933911)
    
      - race condition in NewSessionTicket
    
      - CVE-2015-3216 (bsc#933898)
    
      - Crash in ssleay_rand_bytes due to locking regression
    
      - fix a timing side channel in RSA decryption (bnc#929678)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=926597"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=929678"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=931698"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=933898"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=933911"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=934487"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=934489"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=934491"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=934493"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-1788/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-1789/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-1790/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-1791/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-1792/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-3216/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-4000/"
      );
      # https://www.suse.com/support/update/announcement/2015/suse-su-20151143-1.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?1fad401c"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Software Development Kit 12 :
    
    zypper in -t patch SUSE-SLE-SDK-12-2015-282=1
    
    SUSE Linux Enterprise Server 12 :
    
    zypper in -t patch SUSE-SLE-SERVER-12-2015-282=1
    
    SUSE Linux Enterprise Desktop 12 :
    
    zypper in -t patch SUSE-SLE-DESKTOP-12-2015-282=1
    
    To bring your system up-to-date, use 'zypper patch'."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libopenssl1_0_0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libopenssl1_0_0-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libopenssl1_0_0-hmac");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:openssl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:openssl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:openssl-debugsource");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2015/05/21");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/06/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/06/26");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP0", os_ver + " SP" + sp);
    if (os_ver == "SLED12" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP0", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"0", reference:"libopenssl1_0_0-1.0.1i-25.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"libopenssl1_0_0-debuginfo-1.0.1i-25.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"libopenssl1_0_0-hmac-1.0.1i-25.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"openssl-1.0.1i-25.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"openssl-debuginfo-1.0.1i-25.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"openssl-debugsource-1.0.1i-25.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"libopenssl1_0_0-32bit-1.0.1i-25.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"libopenssl1_0_0-debuginfo-32bit-1.0.1i-25.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"libopenssl1_0_0-hmac-32bit-1.0.1i-25.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libopenssl1_0_0-1.0.1i-25.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libopenssl1_0_0-32bit-1.0.1i-25.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libopenssl1_0_0-debuginfo-1.0.1i-25.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libopenssl1_0_0-debuginfo-32bit-1.0.1i-25.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"openssl-1.0.1i-25.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"openssl-debuginfo-1.0.1i-25.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"openssl-debugsource-1.0.1i-25.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openssl");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2015-1115.NASL
    descriptionUpdated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. An invalid free flaw was found in the way OpenSSL handled certain DTLS handshake messages. A malicious DTLS client or server could cause a DTLS server or client using OpenSSL to crash or, potentially, execute arbitrary code. (CVE-2014-8176) A flaw was found in the way the OpenSSL packages shipped with Red Hat Enterprise Linux 6 and 7 performed locking in the ssleay_rand_bytes() function. This issue could possibly cause a multi-threaded application using OpenSSL to perform an out-of-bounds read and crash. (CVE-2015-3216) An out-of-bounds read flaw was found in the X509_cmp_time() function of OpenSSL. A specially crafted X.509 certificate or a Certificate Revocation List (CRL) could possibly cause a TLS/SSL server or client using OpenSSL to crash. (CVE-2015-1789) A race condition was found in the session handling code of OpenSSL. This issue could possibly cause a multi-threaded TLS/SSL client using OpenSSL to double free session ticket data and crash. (CVE-2015-1791) A flaw was found in the way OpenSSL handled Cryptographic Message Syntax (CMS) messages. A CMS message with an unknown hash function identifier could cause an application using OpenSSL to enter an infinite loop. (CVE-2015-1792) A NULL pointer dereference was found in the way OpenSSL handled certain PKCS#7 inputs. A specially crafted PKCS#7 input with missing EncryptedContent data could cause an application using OpenSSL to crash. (CVE-2015-1790) Red Hat would like to thank the OpenSSL project for reporting CVE-2014-8176, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791 and CVE-2015-1792 flaws. Upstream acknowledges Praveen Kariyanahalli and Ivan Fratric as the original reporters of CVE-2014-8176, Robert Swiecki and Hanno Bock as the original reporters of CVE-2015-1789, Michal Zalewski as the original reporter of CVE-2015-1790, Emilia Kasper as the original report of CVE-2015-1791 and Johannes Bauer as the original reporter of CVE-2015-1792. All openssl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
    last seen2020-06-01
    modified2020-06-02
    plugin id84204
    published2015-06-16
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84204
    titleRHEL 6 / 7 : openssl (RHSA-2015:1115)
  • NASL familyCGI abuses
    NASL idPUPPET_ENTERPRISE_ACTIVEMQ_PSQL_SSL.NASL
    descriptionAccording to its self-reported version number, the Puppet Enterprise application running on the remote host is 3.x prior to 3.8.1. It is, therefore, affected by the following vulnerabilities : - An XML external entity injection (XXE) flaw exists in the Apache ActiveMQ component due to a faulty configuration that allows an XML parser to accept XML external entities from untrusted sources. A remote attacker, by sending crafted XML data, can exploit this to disclose arbitrary files. (CVE-2014-3600) - An authentication bypass vulnerability exists in the Apache ActiveMQ component due to a flaw in the LDAPLoginModule implementation. A remote attacker can exploit this to bypass authentication mechanisms. (CVE-2014-3612) - Multiple cross-site scripting vulnerabilities exist in the administrative console of Apache ActiveMQ that allow a remote attacker to inject arbitrary HTML or web scripts. (CVE-2014-8110) - An invalid free memory error exists due to improper validation of user-supplied input when a DTLS peer receives application data between ChangeCipherSpec and Finished messages. A remote attacker can exploit this to corrupt memory, resulting in a denial of service or the execution of arbitrary code. (CVE-2014-8176) - A denial of service vulnerability exists when processing an ECParameters structure due to an infinite loop that occurs when a specified curve is over a malformed binary polynomial field. A remote attacker can exploit this to perform a denial of service against any system that processes public keys, certificate requests, or certificates. This includes TLS clients and TLS servers with client authentication enabled. (CVE-2015-1788) - A denial of service vulnerability exists due to improper validation of the content and length of the ASN1_TIME string by the X509_cmp_time() function. A remote attacker can exploit this, via a malformed certificate and CRLs of various sizes, to cause a segmentation fault, resulting in a denial of service condition. TLS clients that verify CRLs are affected. TLS clients and servers with client authentication enabled may be affected if they use custom verification callbacks. (CVE-2015-1789) - A NULL pointer dereference flaw exists in the PKCS#7 parsing code due to incorrect handling of missing inner
    last seen2020-06-01
    modified2020-06-02
    plugin id84960
    published2015-07-23
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84960
    titlePuppet Enterprise 3.x < 3.8.1 Multiple Vulnerabilities (Logjam)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-247.NASL
    descriptionMultiple vulnerabilities were discovered in OpenSSL, a Secure Sockets Layer toolkit. CVE-2014-8176 Praveen Kariyanahalli, Ivan Fratric and Felix Groebert discovered that an invalid memory free could be triggered when buffering DTLS data. This could allow remote attackers to cause a denial of service (crash) or potentially execute arbitrary code. This issue only affected the oldstable distribution (wheezy). CVE-2015-1789 Robert Swiecki and Hanno B??ck discovered that the X509_cmp_time function could read a few bytes out of bounds. This could allow remote attackers to cause a denial of service (crash) via crafted certificates and CRLs. CVE-2015-1790 Michal Zalewski discovered that the PKCS#7 parsing code did not properly handle missing content which could lead to a NULL pointer dereference. This could allow remote attackers to cause a denial of service (crash) via crafted ASN.1-encoded PKCS#7 blobs. CVE-2015-1791 Emilia K??sper discovered that a race condition could occur due to incorrect handling of NewSessionTicket in a multi-threaded client, leading to a double free. This could allow remote attackers to cause a denial of service (crash). CVE-2015-1792 Johannes Bauer discovered that the CMS code could enter an infinite loop when verifying a signedData message, if presented with an unknown hash function OID. This could allow remote attackers to cause a denial of service. Additionally OpenSSL will now reject handshakes using DH parameters shorter than 768 bits as a countermeasure against the Logjam attack (CVE-2015-4000). NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2015-06-18
    plugin id84253
    published2015-06-18
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84253
    titleDebian DLA-247-1 : openssl security update (Logjam)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1548.NASL
    descriptionAccording to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A race condition was found in the session handling code of OpenSSL. This issue could possibly cause a multi-threaded TLS/SSL client using OpenSSL to double free session ticket data and crash.(CVE-2015-1791) - An out-of-bounds read flaw was found in the X509_cmp_time() function of OpenSSL, which is used to test the expiry dates of SSL/TLS certificates. An attacker could possibly use a specially crafted SSL/TLS certificate or CRL (Certificate Revocation List), which when parsed by an application would cause that application to crash.(CVE-2015-1789) - The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length.(CVE-2009-0590) - An invalid-free flaw was found in the way OpenSSL handled certain DTLS handshake messages. A malicious DTLS client or server could send a specially crafted message to the peer, which could cause the application to crash or potentially result in arbitrary code execution.(CVE-2014-8176) - The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack.(CVE-2011-4108) - Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result of a fix for CVE-2006-3738. As of 20071012, it is unknown whether code execution is possible.(CVE-2007-5135) - A NULL pointer dereference flaw was found in the DTLS implementation of OpenSSL. A remote attacker could send a specially crafted DTLS message, which would cause an OpenSSL server to crash.(CVE-2014-3571) - The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key.(CVE-2012-2110) - It was discovered that the SSLv2 servers using OpenSSL accepted SSLv2 connection handshakes that indicated non-zero clear key length for non-export cipher suites. An attacker could use this flaw to decrypt recorded SSLv2 sessions with the server by using it as a decryption oracle.(CVE-2016-0703) - ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello.(CVE-2009-1386) - Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.(CVE-2009-4355) - A flaw was discovered in the way OpenSSL handled DTLS packets. A remote attacker could use this flaw to cause a DTLS server or client using OpenSSL to crash or use excessive amounts of memory.(CVE-2014-3507) - The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service (memory consumption) via a large series of
    last seen2020-06-01
    modified2020-06-02
    plugin id125001
    published2019-05-14
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125001
    titleEulerOS Virtualization 3.0.1.0 : openssl (EulerOS-SA-2019-1548)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201506-02.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201506-02 (OpenSSL: Multiple vulnerabilities) Multiple vulnerabilities have been found in OpenSSL. Please review the CVE identifiers referenced below for details. Impact : A remote attacker can cause Denial of Service and information disclosure. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id84330
    published2015-06-23
    reporterThis script is Copyright (C) 2015-2017 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/84330
    titleGLSA-201506-02 : OpenSSL: Multiple vulnerabilities (Logjam)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2015-1197.NASL
    descriptionUpdated openssl packages that fix three security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. An out-of-bounds read flaw was found in the X509_cmp_time() function of OpenSSL. A specially crafted X.509 certificate or a Certificate Revocation List (CRL) could possibly cause a TLS/SSL server or client using OpenSSL to crash. (CVE-2015-1789) A NULL pointer dereference was found in the way OpenSSL handled certain PKCS#7 inputs. A specially crafted PKCS#7 input with missing EncryptedContent data could cause an application using OpenSSL to crash. (CVE-2015-1790) A flaw was found in the way the TLS protocol composes the Diffie-Hellman (DH) key exchange. A man-in-the-middle attacker could use this flaw to force the use of weak 512 bit export-grade keys during the key exchange, allowing them to decrypt all traffic. (CVE-2015-4000) Note: This update forces the TLS/SSL client implementation in OpenSSL to reject DH key sizes below 768 bits, which prevents sessions to be downgraded to export-grade keys. Future updates may raise this limit to 1024 bits. Red Hat would like to thank the OpenSSL project for reporting CVE-2015-1789 and CVE-2015-1790. Upstream acknowledges Robert Swiecki and Hanno Bock as the original reporters of CVE-2015-1789, and Michal Zalewski as the original reporter of CVE-2015-1790. All openssl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
    last seen2020-06-01
    modified2020-06-02
    plugin id84506
    published2015-07-06
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84506
    titleCentOS 5 : openssl (CESA-2015:1197) (Logjam)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2271.NASL
    descriptionAccording to the versions of the openssl098e package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An integer overflow flaw, leading to a buffer overflow, was found in the way the EVP_EncryptUpdate() function of OpenSSL parsed very large amounts of input data. A remote attacker could use this flaw to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application.(CVE-2016-2106) - A denial of service flaw was found in the way OpenSSL parsed certain ASN.1-encoded data from BIO (OpenSSL
    last seen2020-05-08
    modified2019-11-08
    plugin id130733
    published2019-11-08
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130733
    titleEulerOS 2.0 SP3 : openssl098e (EulerOS-SA-2019-2271)
  • NASL familyCISCO
    NASL idCISCO_ACE_A5_3_3.NASL
    descriptionThe Cisco Application Control Engine (ACE) software installed on the remote Cisco ACE 4710 device or ACE30 module is version A5 prior to A5(3.3). It is, therefore, affected by multiple vulnerabilities : - An invalid free memory error exists due to improper validation of user-supplied input when a DTLS peer receives application data between ChangeCipherSpec and Finished messages. A remote attacker can exploit this to corrupt memory, resulting in a denial of service or the execution of arbitrary code. (CVE-2014-8176) - A denial of service vulnerability exists when processing an ECParameters structure due to an infinite loop that occurs when a specified curve is over a malformed binary polynomial field. A remote attacker can exploit this to perform a denial of service against any system that processes public keys, certificate requests, or certificates. This includes TLS clients and TLS servers with client authentication enabled. (CVE-2015-1788) - A denial of service vulnerability exists due to improper validation of the content and length of the ASN1_TIME string by the X509_cmp_time() function. A remote attacker can exploit this, via a malformed certificate and CRLs of various sizes, to cause a segmentation fault, resulting in a denial of service condition. TLS clients that verify CRLs are affected. TLS clients and servers with client authentication enabled may be affected if they use custom verification callbacks. (CVE-2015-1789) - A NULL pointer dereference flaw exists in the PKCS#7 parsing code due to incorrect handling of missing inner
    last seen2020-06-01
    modified2020-06-02
    plugin id91427
    published2016-06-01
    reporterThis script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/91427
    titleCisco ACE 4710 Appliance / ACE30 Module Multiple Vulnerabilities (Logjam)
  • NASL familyWeb Servers
    NASL idOPENSSL_1_0_1N.NASL
    descriptionAccording to its banner, the remote web server uses a version of OpenSSL 1.0.1 prior to 1.0.1n. The OpenSSL library is, therefore, affected by the following vulnerabilities : - A denial of service vulnerability exists when processing an ECParameters structure due to an infinite loop that occurs when a specified curve is over a malformed binary polynomial field. A remote attacker can exploit this to perform a denial of service against any system that processes public keys, certificate requests, or certificates. This includes TLS clients and TLS servers with client authentication enabled. (CVE-2015-1788) - A denial of service vulnerability exists due to improper validation of the content and length of the ASN1_TIME string by the X509_cmp_time() function. A remote attacker can exploit this, via a malformed certificate and CRLs of various sizes, to cause a segmentation fault, resulting in a denial of service condition. TLS clients that verify CRLs are affected. TLS clients and servers with client authentication enabled may be affected if they use custom verification callbacks. (CVE-2015-1789) - A NULL pointer dereference flaw exists in the PKCS#7 parsing code due to incorrect handling of missing inner
    last seen2020-06-01
    modified2020-06-02
    plugin id84153
    published2015-06-12
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/84153
    titleOpenSSL 1.0.1 < 1.0.1n Multiple Vulnerabilities (Logjam)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2015-889.NASL
    descriptionMySQL was updated to 5.6.27 to fix security issues and bugs. The following vulnerabilities were fixed as part of the upstream release [boo#951391]: CVE-2015-1793, CVE-2015-0286, CVE-2015-0288, CVE-2015-1789, CVE-2015-4730, CVE-2015-4766, CVE-2015-4792, CVE-2015-4800, CVE-2015-4802, CVE-2015-4815, CVE-2015-4816, CVE-2015-4819, CVE-2015-4826, CVE-2015-4830, CVE-2015-4833, CVE-2015-4836, CVE-2015-4858, CVE-2015-4861, CVE-2015-4862, CVE-2015-4864, CVE-2015-4866, CVE-2015-4870, CVE-2015-4879, CVE-2015-4890, CVE-2015-4895, CVE-2015-4904, CVE-2015-4905, CVE-2015-4910, CVE-2015-4913 Details on these and other changes can be found at: http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-27.html The following security relevant changes are included additionally : - CVE-2015-3152: MySQL lacked SSL enforcement. Using --ssl-verify-server-cert and --ssl[-*] implies that the ssl connection is required. The mysql client will now print an error if ssl is required, but the server can not handle a ssl connection [boo#924663], [boo#928962]
    last seen2020-06-05
    modified2015-12-17
    plugin id87442
    published2015-12-17
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/87442
    titleopenSUSE Security Update : mysql (openSUSE-2015-889) (BACKRONYM)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1980.NASL
    descriptionAccording to the versions of the openssl098e package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was discovered that OpenSSL would accept ephemeral RSA keys when using non-export RSA cipher suites. A malicious server could make a TLS/SSL client using OpenSSL use a weaker key exchange method.(CVE-2015-0204) - A NULL pointer dereference flaw was found in OpenSSL
    last seen2020-05-08
    modified2019-09-24
    plugin id129174
    published2019-09-24
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129174
    titleEulerOS 2.0 SP5 : openssl098e (EulerOS-SA-2019-1980)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2015-1197.NASL
    descriptionUpdated openssl packages that fix three security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. An out-of-bounds read flaw was found in the X509_cmp_time() function of OpenSSL. A specially crafted X.509 certificate or a Certificate Revocation List (CRL) could possibly cause a TLS/SSL server or client using OpenSSL to crash. (CVE-2015-1789) A NULL pointer dereference was found in the way OpenSSL handled certain PKCS#7 inputs. A specially crafted PKCS#7 input with missing EncryptedContent data could cause an application using OpenSSL to crash. (CVE-2015-1790) A flaw was found in the way the TLS protocol composes the Diffie-Hellman (DH) key exchange. A man-in-the-middle attacker could use this flaw to force the use of weak 512 bit export-grade keys during the key exchange, allowing them to decrypt all traffic. (CVE-2015-4000) Note: This update forces the TLS/SSL client implementation in OpenSSL to reject DH key sizes below 768 bits, which prevents sessions to be downgraded to export-grade keys. Future updates may raise this limit to 1024 bits. Red Hat would like to thank the OpenSSL project for reporting CVE-2015-1789 and CVE-2015-1790. Upstream acknowledges Robert Swiecki and Hanno Bock as the original reporters of CVE-2015-1789, and Michal Zalewski as the original reporter of CVE-2015-1790. All openssl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
    last seen2020-06-01
    modified2020-06-02
    plugin id84467
    published2015-06-30
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84467
    titleRHEL 5 : openssl (RHSA-2015:1197) (Logjam)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3287.NASL
    descriptionMultiple vulnerabilities were discovered in OpenSSL, a Secure Sockets Layer toolkit. - CVE-2014-8176 Praveen Kariyanahalli, Ivan Fratric and Felix Groebert discovered that an invalid memory free could be triggered when buffering DTLS data. This could allow remote attackers to cause a denial of service (crash) or potentially execute arbitrary code. This issue only affected the oldstable distribution (wheezy). - CVE-2015-1788 Joseph Barr-Pixton discovered that an infinite loop could be triggered due to incorrect handling of malformed ECParameters structures. This could allow remote attackers to cause a denial of service. - CVE-2015-1789 Robert Swiecki and Hanno Bock discovered that the X509_cmp_time function could read a few bytes out of bounds. This could allow remote attackers to cause a denial of service (crash) via crafted certificates and CRLs. - CVE-2015-1790 Michal Zalewski discovered that the PKCS#7 parsing code did not properly handle missing content which could lead to a NULL pointer dereference. This could allow remote attackers to cause a denial of service (crash) via crafted ASN.1-encoded PKCS#7 blobs. - CVE-2015-1791 Emilia Kasper discovered that a race condition could occur due to incorrect handling of NewSessionTicket in a multi-threaded client, leading to a double free. This could allow remote attackers to cause a denial of service (crash). - CVE-2015-1792 Johannes Bauer discovered that the CMS code could enter an infinite loop when verifying a signedData message, if presented with an unknown hash function OID. This could allow remote attackers to cause a denial of service. Additionally OpenSSL will now reject handshakes using DH parameters shorter than 768 bits as a countermeasure against the Logjam attack (CVE-2015-4000 ).
    last seen2020-06-01
    modified2020-06-02
    plugin id84170
    published2015-06-15
    reporterThis script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84170
    titleDebian DSA-3287-1 : openssl - security update (Logjam)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_10_10_5.NASL
    descriptionThe remote host is running a version of Mac OS X 10.10.x that is prior to 10.10.5. It is, therefore, affected by multiple vulnerabilities in the following components : - apache - apache_mod_php - Apple ID OD Plug-in - AppleGraphicsControl - Bluetooth - bootp - CloudKit - CoreMedia Playback - CoreText - curl - Data Detectors Engine - Date & Time pref pane - Dictionary Application - DiskImages - dyld - FontParser - groff - ImageIO - Install Framework Legacy - IOFireWireFamily - IOGraphics - IOHIDFamily - Kernel - Libc - Libinfo - libpthread - libxml2 - libxpc - mail_cmds - Notification Center OSX - ntfs - OpenSSH - OpenSSL - perl - PostgreSQL - python - QL Office - Quartz Composer Framework - Quick Look - QuickTime 7 - SceneKit - Security - SMBClient - Speech UI - sudo - tcpdump - Text Formats - udf Note that successful exploitation of the most serious issues can result in arbitrary code execution.
    last seen2020-06-01
    modified2020-06-02
    plugin id85408
    published2015-08-17
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/85408
    titleMac OS X 10.10.x < 10.10.5 Multiple Vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2015-1183-2.NASL
    descriptionOpenSSL was updated to fix several security issues. CVE-2015-4000: The Logjam Attack ( weakdh.org ) has been addressed by rejecting connections with DH parameters shorter than 1024 bits. We now also generate 2048-bit DH parameters by default. CVE-2015-1789: An out-of-bounds read in X509_cmp_time was fixed. CVE-2015-1790: A PKCS7 decoder crash with missing EnvelopedContent was fixed. fixed a timing side channel in RSA decryption (bnc#929678) Additional changes : In the default SSL cipher string EXPORT ciphers are now disabled. This will only get active if applications get rebuilt and actually use this string. (bnc#931698) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id84560
    published2015-07-07
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84560
    titleSUSE SLED11 / SLES10 Security Update : OpenSSL (SUSE-SU-2015:1183-2) (Logjam)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_8305E215108011E58BA2000C2980A9F3.NASL
    descriptionThe OpenSSL team reports : - Missing DHE man-in-the-middle protection (Logjam) (CVE-2015-4000) - Malformed ECParameters causes infinite loop (CVE-2015-1788) - Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789) - PKCS#7 crash with missing EnvelopedContent (CVE-2015-1790) - CMS verify infinite loop with unknown hash function (CVE-2015-1792) - Race condition handling NewSessionTicket (CVE-2015-1791) - Invalid free in DTLS (CVE-2014-8176)
    last seen2020-06-01
    modified2020-06-02
    plugin id84133
    published2015-06-12
    reporterThis script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84133
    titleFreeBSD : openssl -- multiple vulnerabilities (8305e215-1080-11e5-8ba2-000c2980a9f3) (Logjam)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2015-10047.NASL
    descriptionMultiple moderate and low impact security issues fixed. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2015-06-22
    plugin id84301
    published2015-06-22
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/84301
    titleFedora 22 : openssl-1.0.1k-10.fc22 (2015-10047)
  • NASL familyWeb Servers
    NASL idHPSMH_7_2_6.NASL
    descriptionAccording to the web server
    last seen2020-06-01
    modified2020-06-02
    plugin id90251
    published2016-03-29
    reporterThis script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/90251
    titleHP System Management Homepage < 7.2.6 Multiple Vulnerabilities (FREAK)
  • NASL familyWeb Servers
    NASL idOPENSSL_1_0_2B.NASL
    descriptionAccording to its banner, the remote web server uses a version of OpenSSL 1.0.2 prior to 1.0.2b. The OpenSSL library is, therefore, affected by the following vulnerabilities : - A denial of service vulnerability exists when processing an ECParameters structure due to an infinite loop that occurs when a specified curve is over a malformed binary polynomial field. A remote attacker can exploit this to perform a denial of service against any system that processes public keys, certificate requests, or certificates. This includes TLS clients and TLS servers with client authentication enabled. (CVE-2015-1788) - A denial of service vulnerability exists due to improper validation of the content and length of the ASN1_TIME string by the X509_cmp_time() function. A remote attacker can exploit this, via a malformed certificate and CRLs of various sizes, to cause a segmentation fault, resulting in a denial of service condition. TLS clients that verify CRLs are affected. TLS clients and servers with client authentication enabled may be affected if they use custom verification callbacks. (CVE-2015-1789) - A NULL pointer dereference flaw exists in the PKCS#7 parsing code due to incorrect handling of missing inner
    last seen2020-06-01
    modified2020-06-02
    plugin id84154
    published2015-06-12
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/84154
    titleOpenSSL 1.0.2 < 1.0.2b Multiple Vulnerabilities (Logjam)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SECUPD2015-006.NASL
    descriptionThe remote host is running a version of Mac OS X 10.8.5 or 10.9.5 that is missing Security Update 2015-006. It is, therefore, affected by multiple vulnerabilities in the following components : - apache - apache_mod_php - CoreText - FontParser - Libinfo - libxml2 - OpenSSL - perl - PostgreSQL - QL Office - Quartz Composer Framework - QuickTime 7 - SceneKit Note that successful exploitation of the most serious issues can result in arbitrary code execution.
    last seen2020-06-01
    modified2020-06-02
    plugin id85409
    published2015-08-17
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/85409
    titleMac OS X Multiple Vulnerabilities (Security Update 2015-006)
  • NASL familyWeb Servers
    NASL idHPSMH_7_5_4.NASL
    descriptionAccording to the web server
    last seen2020-06-01
    modified2020-06-02
    plugin id90150
    published2016-03-24
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90150
    titleHP System Management Homepage < 7.5.4 Multiple Vulnerabilities (Logjam)
  • NASL familyFirewalls
    NASL idSCREENOS_JSA10733.NASL
    descriptionThe version of Juniper ScreenOS running on the remote host is 6.3.x prior to 6.3.0r22. It is, therefore, affected by multiple vulnerabilities in its bundled version of OpenSSL : - A denial of service vulnerability exists due to improper validation of the content and length of the ASN1_TIME string by the X509_cmp_time() function. A remote attacker can exploit this, via a malformed certificate and CRLs of various sizes, to cause a segmentation fault, resulting in a denial of service condition. TLS clients that verify CRLs are affected. TLS clients and servers with client authentication enabled may be affected if they use custom verification callbacks. (CVE-2015-1789) - A NULL pointer dereference flaw exists in the PKCS#7 parsing code due to incorrect handling of missing inner
    last seen2020-06-01
    modified2020-06-02
    plugin id93383
    published2016-09-08
    reporterThis script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/93383
    titleJuniper ScreenOS 6.3.x < 6.3.0r22 Multiple Vulnerabilities in OpenSSL (JSA10733)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2015-0070.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - improved fix for (CVE-2015-1791) - add missing parts of CVE-2015-0209 fix for corectness although unexploitable - fix CVE-2014-8176 - invalid free in DTLS buffering code - fix CVE-2015-1789 - out-of-bounds read in X509_cmp_time - fix CVE-2015-1790 - PKCS7 crash with missing EncryptedContent - fix CVE-2015-1791 - race condition handling NewSessionTicket - fix CVE-2015-1792 - CMS verify infinite loop with unknown hash function - fix CVE-2015-3216 - regression in RAND locking that can cause segfaults on read in multithreaded applications
    last seen2020-06-01
    modified2020-06-02
    plugin id84203
    published2015-06-16
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84203
    titleOracleVM 3.3 : openssl (OVMSA-2015-0070)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2015-1197.NASL
    descriptionFrom Red Hat Security Advisory 2015:1197 : Updated openssl packages that fix three security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. An out-of-bounds read flaw was found in the X509_cmp_time() function of OpenSSL. A specially crafted X.509 certificate or a Certificate Revocation List (CRL) could possibly cause a TLS/SSL server or client using OpenSSL to crash. (CVE-2015-1789) A NULL pointer dereference was found in the way OpenSSL handled certain PKCS#7 inputs. A specially crafted PKCS#7 input with missing EncryptedContent data could cause an application using OpenSSL to crash. (CVE-2015-1790) A flaw was found in the way the TLS protocol composes the Diffie-Hellman (DH) key exchange. A man-in-the-middle attacker could use this flaw to force the use of weak 512 bit export-grade keys during the key exchange, allowing them to decrypt all traffic. (CVE-2015-4000) Note: This update forces the TLS/SSL client implementation in OpenSSL to reject DH key sizes below 768 bits, which prevents sessions to be downgraded to export-grade keys. Future updates may raise this limit to 1024 bits. Red Hat would like to thank the OpenSSL project for reporting CVE-2015-1789 and CVE-2015-1790. Upstream acknowledges Robert Swiecki and Hanno Bock as the original reporters of CVE-2015-1789, and Michal Zalewski as the original reporter of CVE-2015-1790. All openssl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
    last seen2020-06-01
    modified2020-06-02
    plugin id84485
    published2015-07-01
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84485
    titleOracle Linux 5 : openssl (ELSA-2015-1197) (Logjam)
  • NASL familyFirewalls
    NASL idCHECK_POINT_GAIA_SK106499.NASL
    descriptionThe remote host is running a version of Gaia OS which is affected by multiple vulnerabilities: - An out of bounds read denial of service vulnerability in OpenSSL (CVE-2015-1789) - An information disclosure weakness in the RC4 algorithm as used in SSL/TLS (CVE-2015-2808)
    last seen2020-06-01
    modified2020-06-02
    plugin id105000
    published2017-12-04
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/105000
    titleCheck Point Gaia Operating System Multiple Vulnerabilities (sk106499)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20150615_OPENSSL_ON_SL6_X.NASL
    descriptionAn invalid free flaw was found in the way OpenSSL handled certain DTLS handshake messages. A malicious DTLS client or server could cause a DTLS server or client using OpenSSL to crash or, potentially, execute arbitrary code. (CVE-2014-8176) A flaw was found in the way the OpenSSL packages shipped with Scientific Linux 6 and 7 performed locking in the ssleay_rand_bytes() function. This issue could possibly cause a multi-threaded application using OpenSSL to perform an out-of-bounds read and crash. (CVE-2015-3216) An out-of-bounds read flaw was found in the X509_cmp_time() function of OpenSSL. A specially crafted X.509 certificate or a Certificate Revocation List (CRL) could possibly cause a TLS/SSL server or client using OpenSSL to crash. (CVE-2015-1789) A race condition was found in the session handling code of OpenSSL. This issue could possibly cause a multi-threaded TLS/SSL client using OpenSSL to double free session ticket data and crash. (CVE-2015-1791) A flaw was found in the way OpenSSL handled Cryptographic Message Syntax (CMS) messages. A CMS message with an unknown hash function identifier could cause an application using OpenSSL to enter an infinite loop. (CVE-2015-1792) A NULL pointer dereference was found in the way OpenSSL handled certain PKCS#7 inputs. A specially crafted PKCS#7 input with missing EncryptedContent data could cause an application using OpenSSL to crash. (CVE-2015-1790) For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
    last seen2020-03-18
    modified2015-06-17
    plugin id84226
    published2015-06-17
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84226
    titleScientific Linux Security Update : openssl on SL6.x, SL7.x i386/x86_64 (20150615)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2015-1182-2.NASL
    descriptionOpenSSL 0.9.8k was updated to fix several security issues : CVE-2015-4000: The Logjam Attack (weakdh.org) has been addressed by rejecting connections with DH parameters shorter than 1024 bits. 2048-bit DH parameters are now generated by default. CVE-2015-1788: Malformed ECParameters could cause an infinite loop. CVE-2015-1789: An out-of-bounds read in X509_cmp_time was fixed. CVE-2015-1790: A PKCS7 decoder crash with missing EnvelopedContent was fixed. CVE-2015-1792: A CMS verification infinite loop when using an unknown hash function was fixed. CVE-2015-1791: Fixed a race condition in NewSessionTicket creation. CVE-2015-3216: Fixed a potential crash in ssleay_rand_bytes due to locking regression. Fixed a timing side channel in RSA decryption. (bsc#929678) Additional changes : In the default SSL cipher string EXPORT ciphers are now disabled. This will only get active if applications get rebuilt and actually use this string. (bsc#931698) Added the ECC ciphersuites to the DEFAULT cipher class. (bsc#879179) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id84559
    published2015-07-07
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84559
    titleSUSE SLED11 / SLES11 Security Update : OpenSSL (SUSE-SU-2015:1182-2) (Logjam)
  • NASL familyCGI abuses
    NASL idSPLUNK_625.NASL
    descriptionAccording to its version number, the instance of Splunk hosted on the remote web server is Enterprise 5.0.x prior to 5.0.14, 6.0.x prior to 6.0.10, 6.1.x prior to 6.1.9, 6.2.x prior to 6.2.5, or Light 6.2.x prior to 6.2.5. It is, therefore, affected by the following vulnerabilities in the bundled OpenSSL library : - A denial of service vulnerability exists when processing an ECParameters structure due to an infinite loop that occurs when a specified curve is over a malformed binary polynomial field. A remote attacker can exploit this to perform a denial of service against any system that processes public keys, certificate requests, or certificates. This includes TLS clients and TLS servers with client authentication enabled. (CVE-2015-1788) - A denial of service vulnerability exists due to improper validation of the content and length of the ASN1_TIME string by the X509_cmp_time() function. A remote attacker can exploit this, via a malformed certificate and CRLs of various sizes, to cause a segmentation fault, resulting in a denial of service condition. TLS clients that verify CRLs are affected. TLS clients and servers with client authentication enabled may be affected if they use custom verification callbacks. (CVE-2015-1789) - A NULL pointer dereference flaw exists in the PKCS#7 parsing code due to incorrect handling of missing inner
    last seen2020-06-01
    modified2020-06-02
    plugin id85581
    published2015-08-21
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/85581
    titleSplunk Enterprise < 5.0.14 / 6.0.10 / 6.1.9 / 6.2.5 or Splunk Light < 6.2.5 Multiple Vulnerabilities
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20150630_OPENSSL_ON_SL5_X.NASL
    descriptionAn out-of-bounds read flaw was found in the X509_cmp_time() function of OpenSSL. A specially crafted X.509 certificate or a Certificate Revocation List (CRL) could possibly cause a TLS/SSL server or client using OpenSSL to crash. (CVE-2015-1789) A NULL pointer dereference was found in the way OpenSSL handled certain PKCS#7 inputs. A specially crafted PKCS#7 input with missing EncryptedContent data could cause an application using OpenSSL to crash. (CVE-2015-1790) A flaw was found in the way the TLS protocol composes the Diffie-Hellman (DH) key exchange. A man-in-the-middle attacker could use this flaw to force the use of weak 512 bit export-grade keys during the key exchange, allowing them to decrypt all traffic. (CVE-2015-4000) Note: This update forces the TLS/SSL client implementation in OpenSSL to reject DH key sizes below 768 bits, which prevents sessions to be downgraded to export-grade keys. Future updates may raise this limit to 1024 bits. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
    last seen2020-03-18
    modified2015-07-06
    plugin id84542
    published2015-07-06
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84542
    titleScientific Linux Security Update : openssl on SL5.x i386/x86_64 (20150630) (Logjam)
  • NASL familyFirewalls
    NASL idPFSENSE_SA-15_06.NASL
    descriptionAccording to its self-reported version number, the remote pfSense install is prior to 2.2.3. It is, therefore, affected by multiple vulnerabilities as stated in the referenced vendor advisories.
    last seen2020-06-01
    modified2020-06-02
    plugin id106495
    published2018-01-31
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/106495
    titlepfSense < 2.2.3 Multiple Vulnerabilities (SA-15_07) (Logjam)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1861.NASL
    descriptionAccording to the versions of the openssl098e package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An integer underflow flaw, leading to a buffer overflow, was found in the way OpenSSL decoded malformed Base64-encoded inputs. An attacker able to make an application using OpenSSL decode a specially crafted Base64-encoded input (such as a PEM file) could use this flaw to cause the application to crash. Note: this flaw is not exploitable via the TLS/SSL protocol because the data being transferred is not Base64-encoded.(CVE-2015-0292) - An out-of-bounds read flaw was found in the X509_cmp_time() function of OpenSSL, which is used to test the expiry dates of SSL/TLS certificates. An attacker could possibly use a specially crafted SSL/TLS certificate or CRL (Certificate Revocation List), which when parsed by an application would cause that application to crash.(CVE-2015-1789) - A memory leak vulnerability was found in the way OpenSSL parsed PKCS#7 and CMS data. A remote attacker could use this flaw to cause an application that parses PKCS#7 or CMS data from untrusted sources to use an excessive amount of memory and possibly crash.(CVE-2015-3195) - OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DTLS message that is processed with a different read operation for the handshake header than for the handshake body, related to the dtls1_get_record function in d1_pkt.c and the ssl3_read_n function in s3_pkt.c.(CVE-2014-3571) - OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c.(CVE-2016-2177) - An integer overflow flaw, leading to a buffer overflow, was found in the way the EVP_EncodeUpdate() function of OpenSSL parsed very large amounts of input data. A remote attacker could use this flaw to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application.(CVE-2016-2105) - An integer overflow flaw, leading to a buffer overflow, was found in the way the EVP_EncryptUpdate() function of OpenSSL parsed very large amounts of input data. A remote attacker could use this flaw to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application.(CVE-2016-2106) - A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an application compiled against the OpenSSL library.(CVE-2016-2108) - A denial of service flaw was found in the way OpenSSL parsed certain ASN.1-encoded data from BIO (OpenSSL
    last seen2020-05-08
    modified2019-09-17
    plugin id128913
    published2019-09-17
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128913
    titleEulerOS 2.0 SP2 : openssl098e (EulerOS-SA-2019-1861)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2015-2303-1.NASL
    descriptionThe mysql package was updated to version 5.5.46 to fixs several security and non security issues. - bnc#951391: update to version 5.5.46 - changes: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5- 46.html - fixed CVEs: CVE-2015-1793, CVE-2015-0286, CVE-2015-0288, CVE-2015-1789, CVE-2015-4730, CVE-2015-4766, CVE-2015-4792, CVE-2015-4800, CVE-2015-4802, CVE-2015-4815, CVE-2015-4816, CVE-2015-4819, CVE-2015-4826, CVE-2015-4830, CVE-2015-4833, CVE-2015-4836, CVE-2015-4858, CVE-2015-4861, CVE-2015-4862, CVE-2015-4864, CVE-2015-4866, CVE-2015-4870, CVE-2015-4879, CVE-2015-4890, CVE-2015-4895, CVE-2015-4904, CVE-2015-4905, CVE-2015-4910, CVE-2015-4913 - bnc#952196: Fixed a build error for ppc*, s390* and ia64 architectures. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id87525
    published2015-12-21
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/87525
    titleSUSE SLED11 / SLES11 Security Update : mysql (SUSE-SU-2015:2303-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2015-1184-2.NASL
    descriptionOpenSSL 0.9.8j was updated to fix several security issues. CVE-2015-4000: The Logjam Attack ( weakdh.org ) has been addressed by rejecting connections with DH parameters shorter than 1024 bits. We now also generate 2048-bit DH parameters by default. CVE-2015-1788: Malformed ECParameters could cause an infinite loop. CVE-2015-1789: An out-of-bounds read in X509_cmp_time was fixed. CVE-2015-1790: A PKCS7 decoder crash with missing EnvelopedContent was fixed. CVE-2015-1792: A CMS verification infinite loop when using an unknown hash function was fixed. CVE-2015-1791: Fixed a race condition in NewSessionTicket creation. CVE-2015-3216: Fixed a potential crash in ssleay_rand_bytes due to locking regression. fixed a timing side channel in RSA decryption (bnc#929678) Additional changes : In the default SSL cipher string EXPORT ciphers are now disabled. This will only get active if applications get rebuilt and actually use this string. (bnc#931698) Added the ECC ciphersuites to the DEFAULT cipher class (bnc#879179) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id84561
    published2015-07-07
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84561
    titleSUSE SLES11 Security Update : OpenSSL (SUSE-SU-2015:1184-2) (Logjam)
  • NASL familyMisc.
    NASL idNESSUS_TNS_2015_07.NASL
    descriptionAccording to its version, the installation of Tenable Nessus running on the remote host is version 5.x prior to 5.2.12 or 6.x prior to 6.4. It is, therefore, affected by multiple denial of service vulnerabilities in the bundled OpenSSL component : - A denial of service vulnerability exists when processing an ECParameters structure due to an infinite loop that occurs when a specified curve is over a malformed binary polynomial field. A remote attacker can exploit this to perform a denial of service against any system that processes public keys, certificate requests, or certificates. This includes TLS clients and TLS servers with client authentication enabled. (CVE-2015-1788) - A denial of service vulnerability exists due to improper validation of the content and length of the ASN1_TIME string by the X509_cmp_time() function. A remote attacker can exploit this, via a malformed certificate and CRLs of various sizes, to cause a segmentation fault, resulting in a denial of service condition. TLS clients that verify CRLs are affected. TLS clients and servers with client authentication enabled may be affected if they use custom verification callbacks. (CVE-2015-1789)
    last seen2020-06-01
    modified2020-06-02
    plugin id86949
    published2015-11-19
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/86949
    titleNessus 5.x < 5.2.12 / 6.x < 6.4 Multiple OpenSSL Vulnerabilities
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2639-1.NASL
    descriptionPraveen Kariyanahalli, Ivan Fratric and Felix Groebert discovered that OpenSSL incorrectly handled memory when buffering DTLS data. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2014-8176) Joseph Barr-Pixton discovered that OpenSSL incorrectly handled malformed ECParameters structures. A remote attacker could use this issue to cause OpenSSL to hang, resulting in a denial of service. (CVE-2015-1788) Robert Swiecki and Hanno Bock discovered that OpenSSL incorrectly handled certain ASN1_TIME strings. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2015-1789) Michal Zalewski discovered that OpenSSL incorrectly handled missing content when parsing ASN.1-encoded PKCS#7 blobs. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2015-1790) Emilia Kasper discovered that OpenSSL incorrectly handled NewSessionTicket when being used by a multi-threaded client. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2015-1791) Johannes Bauer discovered that OpenSSL incorrectly handled verifying signedData messages using the CMS code. A remote attacker could use this issue to cause OpenSSL to hang, resulting in a denial of service. (CVE-2015-1792) As a security improvement, this update also modifies OpenSSL behaviour to reject DH key sizes below 768 bits, preventing a possible downgrade attack. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id84148
    published2015-06-12
    reporterUbuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84148
    titleUbuntu 12.04 LTS / 14.04 LTS / 14.10 / 15.04 : openssl vulnerabilities (USN-2639-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2015-1184-1.NASL
    descriptionOpenSSL 0.9.8j was updated to fix several security issues. CVE-2015-4000: The Logjam Attack ( weakdh.org ) has been addressed by rejecting connections with DH parameters shorter than 1024 bits. We now also generate 2048-bit DH parameters by default. CVE-2015-1788: Malformed ECParameters could cause an infinite loop. CVE-2015-1789: An out-of-bounds read in X509_cmp_time was fixed. CVE-2015-1790: A PKCS7 decoder crash with missing EnvelopedContent was fixed. CVE-2015-1792: A CMS verification infinite loop when using an unknown hash function was fixed. CVE-2015-1791: Fixed a race condition in NewSessionTicket creation. CVE-2015-3216: Fixed a potential crash in ssleay_rand_bytes due to locking regression. fixed a timing side channel in RSA decryption (bnc#929678) Additional changes : In the default SSL cipher string EXPORT ciphers are now disabled. This will only get active if applications get rebuilt and actually use this string. (bnc#931698) Added the ECC ciphersuites to the DEFAULT cipher class (bnc#879179) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id84548
    published2015-07-06
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84548
    titleSUSE SLES11 Security Update : OpenSSL (SUSE-SU-2015:1184-1) (Logjam)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2015-162-01.NASL
    descriptionNew openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id84126
    published2015-06-12
    reporterThis script is Copyright (C) 2015-2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/84126
    titleSlackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : openssl (SSA:2015-162-01)
  • NASL familyF5 Networks Local Security Checks
    NASL idF5_BIGIP_SOL16913.NASL
    descriptionThe X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIME data, as demonstrated by an attack against a server that supports client authentication with a custom verification callback. (CVE-2015-1789)
    last seen2020-06-01
    modified2020-06-02
    plugin id88437
    published2016-01-28
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/88437
    titleF5 Networks BIG-IP : OpenSSL vulnerability (SOL16913)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2015-1115.NASL
    descriptionFrom Red Hat Security Advisory 2015:1115 : Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. An invalid free flaw was found in the way OpenSSL handled certain DTLS handshake messages. A malicious DTLS client or server could cause a DTLS server or client using OpenSSL to crash or, potentially, execute arbitrary code. (CVE-2014-8176) A flaw was found in the way the OpenSSL packages shipped with Red Hat Enterprise Linux 6 and 7 performed locking in the ssleay_rand_bytes() function. This issue could possibly cause a multi-threaded application using OpenSSL to perform an out-of-bounds read and crash. (CVE-2015-3216) An out-of-bounds read flaw was found in the X509_cmp_time() function of OpenSSL. A specially crafted X.509 certificate or a Certificate Revocation List (CRL) could possibly cause a TLS/SSL server or client using OpenSSL to crash. (CVE-2015-1789) A race condition was found in the session handling code of OpenSSL. This issue could possibly cause a multi-threaded TLS/SSL client using OpenSSL to double free session ticket data and crash. (CVE-2015-1791) A flaw was found in the way OpenSSL handled Cryptographic Message Syntax (CMS) messages. A CMS message with an unknown hash function identifier could cause an application using OpenSSL to enter an infinite loop. (CVE-2015-1792) A NULL pointer dereference was found in the way OpenSSL handled certain PKCS#7 inputs. A specially crafted PKCS#7 input with missing EncryptedContent data could cause an application using OpenSSL to crash. (CVE-2015-1790) Red Hat would like to thank the OpenSSL project for reporting CVE-2014-8176, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791 and CVE-2015-1792 flaws. Upstream acknowledges Praveen Kariyanahalli and Ivan Fratric as the original reporters of CVE-2014-8176, Robert Swiecki and Hanno Bock as the original reporters of CVE-2015-1789, Michal Zalewski as the original reporter of CVE-2015-1790, Emilia Kasper as the original report of CVE-2015-1791 and Johannes Bauer as the original reporter of CVE-2015-1792. All openssl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
    last seen2020-06-01
    modified2020-06-02
    plugin id84202
    published2015-06-16
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84202
    titleOracle Linux 6 / 7 : openssl (ELSA-2015-1115)
  • NASL familyWeb Servers
    NASL idOPENSSL_1_0_0S.NASL
    descriptionAccording to its banner, the remote web server uses a version of OpenSSL 1.0.0 prior to 1.0.0s. The OpenSSL library is, therefore, affected by the following vulnerabilities : - A denial of service vulnerability exists when processing an ECParameters structure due to an infinite loop that occurs when a specified curve is over a malformed binary polynomial field. A remote attacker can exploit this to perform a denial of service against any system that processes public keys, certificate requests, or certificates. This includes TLS clients and TLS servers with client authentication enabled. (CVE-2015-1788) - A denial of service vulnerability exists due to improper validation of the content and length of the ASN1_TIME string by the X509_cmp_time() function. A remote attacker can exploit this, via a malformed certificate and CRLs of various sizes, to cause a segmentation fault, resulting in a denial of service condition. TLS clients that verify CRLs are affected. TLS clients and servers with client authentication enabled may be affected if they use custom verification callbacks. (CVE-2015-1789) - A NULL pointer dereference flaw exists in the PKCS#7 parsing code due to incorrect handling of missing inner
    last seen2020-06-01
    modified2020-06-02
    plugin id84152
    published2015-06-12
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84152
    titleOpenSSL 1.0.0 < 1.0.0s Multiple Vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2015-447.NASL
    descriptionopenssl was updated to fix six security issues. The following vulnerabilities were fixed : - CVE-2015-4000: The Logjam Attack / weakdh.org. Rject connections with DH parameters shorter than 768 bits, generates 2048-bit DH parameters by default. (boo#931698) - CVE-2015-1788: Malformed ECParameters causes infinite loop (boo#934487) - CVE-2015-1789: Exploitable out-of-bounds read in X509_cmp_time (boo#934489) - CVE-2015-1790: PKCS7 crash with missing EnvelopedContent (boo#934491) - CVE-2015-1792: CMS verify infinite loop with unknown hash function (boo#934493) - CVE-2015-1791: race condition in NewSessionTicket (boo#933911) - CVE-2015-3216: Crash in ssleay_rand_bytes due to locking regression (boo#933898)
    last seen2020-06-05
    modified2015-06-26
    plugin id84414
    published2015-06-26
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/84414
    titleopenSUSE Security Update : openssl (openSUSE-2015-447) (Logjam)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2015-507.NASL
    descriptionlibressl was updated to version 2.2.1 to fix 16 security issues. LibreSSL is a fork of OpenSSL. Because of that CVEs affecting OpenSSL often also affect LibreSSL. These security issues were fixed : - CVE-2014-3570: The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k did not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c (bsc#912296). - CVE-2014-3572: The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allowed remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message (bsc#912015). - CVE-2015-1792: The do_free_upto function in crypto/cms/cms_smime.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allowed remote attackers to cause a denial of service (infinite loop) via vectors that trigger a NULL value of a BIO data structure, as demonstrated by an unrecognized X.660 OID for a hash function (bsc#934493). - CVE-2014-8275: OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k did not enforce certain constraints on certificate data, which allowed remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate
    last seen2020-06-05
    modified2015-07-27
    plugin id84998
    published2015-07-27
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/84998
    titleopenSUSE Security Update : libressl (openSUSE-2015-507) (Logjam)
  • NASL familyAIX Local Security Checks
    NASL idAIX_OPENSSL_ADVISORY14.NASL
    descriptionThe version of OpenSSL installed on the remote AIX host is affected by multiple vulnerabilities : - An invalid free memory error exists due to improper validation of user-supplied input when a DTLS peer receives application data between ChangeCipherSpec and Finished messages. A remote attacker can exploit this to corrupt memory, resulting in a denial of service or the execution of arbitrary code. (CVE-2014-8176) - A denial of service vulnerability exists when processing an ECParameters structure due to an infinite loop that occurs when a specified curve is over a malformed binary polynomial field. A remote attacker can exploit this to perform a denial of service against any system that processes public keys, certificate requests, or certificates. This includes TLS clients and TLS servers with client authentication enabled. (CVE-2015-1788) - A denial of service vulnerability exists due to improper validation of the content and length of the ASN1_TIME string by the X509_cmp_time() function. A remote attacker can exploit this, via a malformed certificate and CRLs of various sizes, to cause a segmentation fault, resulting in a denial of service condition. TLS clients that verify CRLs are affected. TLS clients and servers with client authentication enabled may be affected if they use custom verification callbacks. (CVE-2015-1789) - A NULL pointer dereference flaw exists in the PKCS#7 parsing code due to incorrect handling of missing inner
    last seen2020-06-01
    modified2020-06-02
    plugin id84880
    published2015-07-20
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/84880
    titleAIX OpenSSL Advisory : openssl_advisory14.asc (Logjam)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2015-1115.NASL
    descriptionUpdated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. An invalid free flaw was found in the way OpenSSL handled certain DTLS handshake messages. A malicious DTLS client or server could cause a DTLS server or client using OpenSSL to crash or, potentially, execute arbitrary code. (CVE-2014-8176) A flaw was found in the way the OpenSSL packages shipped with Red Hat Enterprise Linux 6 and 7 performed locking in the ssleay_rand_bytes() function. This issue could possibly cause a multi-threaded application using OpenSSL to perform an out-of-bounds read and crash. (CVE-2015-3216) An out-of-bounds read flaw was found in the X509_cmp_time() function of OpenSSL. A specially crafted X.509 certificate or a Certificate Revocation List (CRL) could possibly cause a TLS/SSL server or client using OpenSSL to crash. (CVE-2015-1789) A race condition was found in the session handling code of OpenSSL. This issue could possibly cause a multi-threaded TLS/SSL client using OpenSSL to double free session ticket data and crash. (CVE-2015-1791) A flaw was found in the way OpenSSL handled Cryptographic Message Syntax (CMS) messages. A CMS message with an unknown hash function identifier could cause an application using OpenSSL to enter an infinite loop. (CVE-2015-1792) A NULL pointer dereference was found in the way OpenSSL handled certain PKCS#7 inputs. A specially crafted PKCS#7 input with missing EncryptedContent data could cause an application using OpenSSL to crash. (CVE-2015-1790) Red Hat would like to thank the OpenSSL project for reporting CVE-2014-8176, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791 and CVE-2015-1792 flaws. Upstream acknowledges Praveen Kariyanahalli and Ivan Fratric as the original reporters of CVE-2014-8176, Robert Swiecki and Hanno Bock as the original reporters of CVE-2015-1789, Michal Zalewski as the original reporter of CVE-2015-1790, Emilia Kasper as the original report of CVE-2015-1791 and Johannes Bauer as the original reporter of CVE-2015-1792. All openssl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
    last seen2020-06-01
    modified2020-06-02
    plugin id84199
    published2015-06-16
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84199
    titleCentOS 6 / 7 : openssl (CESA-2015:1115)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2015-1181-2.NASL
    descriptionOpenSSL was updated to fix several security issues. CVE-2015-4000: The Logjam Attack ( weakdh.org ) has been addressed by rejecting connections with DH parameters shorter than 1024 bits. We now also generate 2048-bit DH parameters by default. CVE-2015-1788: Malformed ECParameters could cause an infinite loop. CVE-2015-1789: An out-of-bounds read in X509_cmp_time was fixed. CVE-2015-1790: A PKCS7 decoder crash with missing EnvelopedContent was fixed. fixed a timing side channel in RSA decryption (bnc#929678) Additional changes : In the default SSL cipher string EXPORT ciphers are now disabled. This will only get active if applications get rebuilt and actually use this string. (bnc#931698) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id84558
    published2015-07-07
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84558
    titleSUSE SLES10 Security Update : OpenSSL (SUSE-SU-2015:1181-2) (Logjam)
  • NASL familyWeb Servers
    NASL idOPENSSL_0_9_8ZG.NASL
    descriptionAccording to its banner, the remote web server uses a version of OpenSSL 0.9.8 prior to 0.9.8zg. The OpenSSL library is, therefore, affected by the following vulnerabilities : - A denial of service vulnerability exists when processing an ECParameters structure due to an infinite loop that occurs when a specified curve is over a malformed binary polynomial field. A remote attacker can exploit this to perform a denial of service against any system that processes public keys, certificate requests, or certificates. This includes TLS clients and TLS servers with client authentication enabled. (CVE-2015-1788) - A denial of service vulnerability exists due to improper validation of the content and length of the ASN1_TIME string by the X509_cmp_time() function. A remote attacker can exploit this, via a malformed certificate and CRLs of various sizes, to cause a segmentation fault, resulting in a denial of service condition. TLS clients that verify CRLs are affected. TLS clients and servers with client authentication enabled may be affected if they use custom verification callbacks. (CVE-2015-1789) - A NULL pointer dereference flaw exists in the PKCS#7 parsing code due to incorrect handling of missing inner
    last seen2020-06-01
    modified2020-06-02
    plugin id84151
    published2015-06-12
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84151
    titleOpenSSL 0.9.8 < 0.9.8zg Multiple Vulnerabilities
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2015-10108.NASL
    descriptionMultiple moderate and low impact security issues fixed. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2015-06-25
    plugin id84375
    published2015-06-25
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/84375
    titleFedora 21 : openssl-1.0.1k-10.fc21 (2015-10108)

Redhat

advisories
  • rhsa
    idRHSA-2015:1115
  • rhsa
    idRHSA-2015:1197
rpms
  • openssl-0:1.0.1e-30.el6_6.11
  • openssl-1:1.0.1e-42.ael7b_1.8
  • openssl-1:1.0.1e-42.el7_1.8
  • openssl-debuginfo-0:1.0.1e-30.el6_6.11
  • openssl-debuginfo-1:1.0.1e-42.ael7b_1.8
  • openssl-debuginfo-1:1.0.1e-42.el7_1.8
  • openssl-devel-0:1.0.1e-30.el6_6.11
  • openssl-devel-1:1.0.1e-42.ael7b_1.8
  • openssl-devel-1:1.0.1e-42.el7_1.8
  • openssl-libs-1:1.0.1e-42.ael7b_1.8
  • openssl-libs-1:1.0.1e-42.el7_1.8
  • openssl-perl-0:1.0.1e-30.el6_6.11
  • openssl-perl-1:1.0.1e-42.ael7b_1.8
  • openssl-perl-1:1.0.1e-42.el7_1.8
  • openssl-static-0:1.0.1e-30.el6_6.11
  • openssl-static-1:1.0.1e-42.ael7b_1.8
  • openssl-static-1:1.0.1e-42.el7_1.8
  • openssl-0:0.9.8e-36.el5_11
  • openssl-debuginfo-0:0.9.8e-36.el5_11
  • openssl-devel-0:0.9.8e-36.el5_11
  • openssl-perl-0:0.9.8e-36.el5_11

References