Vulnerabilities > CVE-2015-3194 - NULL Pointer Dereference vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1 signature that lacks a mask generation function parameter.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_215E740E9C5611E590E7B499BAEBFEAF.NASL description The OpenBSD project reports : A NULL pointer deference could be triggered by a crafted certificate sent to services configured to verify client certificates on TLS/SSL connections. last seen 2020-06-01 modified 2020-06-02 plugin id 87269 published 2015-12-09 reporter This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/87269 title FreeBSD : libressl -- NULL pointer dereference (215e740e-9c56-11e5-90e7-b499baebfeaf) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2018 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # include("compat.inc"); if (description) { script_id(87269); script_version("2.12"); script_cvs_date("Date: 2018/11/10 11:49:44"); script_cve_id("CVE-2015-3194"); script_name(english:"FreeBSD : libressl -- NULL pointer dereference (215e740e-9c56-11e5-90e7-b499baebfeaf)"); script_summary(english:"Checks for updated packages in pkg_info output"); script_set_attribute( attribute:"synopsis", value: "The remote FreeBSD host is missing one or more security-related updates." ); script_set_attribute( attribute:"description", value: "The OpenBSD project reports : A NULL pointer deference could be triggered by a crafted certificate sent to services configured to verify client certificates on TLS/SSL connections." ); script_set_attribute( attribute:"see_also", value:"https://marc.info/?l=openbsd-announce&t=144920914600002" ); # https://vuxml.freebsd.org/freebsd/215e740e-9c56-11e5-90e7-b499baebfeaf.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?d07d991d" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:libressl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2015/12/03"); script_set_attribute(attribute:"patch_publication_date", value:"2015/12/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/12/09"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (pkg_test(save_report:TRUE, pkg:"libressl<2.2.5")) flag++; if (pkg_test(save_report:TRUE, pkg:"libressl>=2.3.0<2.3.1_1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2016-0001.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - fix CVE-2015-7575 - disallow use of MD5 in TLS1.2 - fix CVE-2015-3194 - certificate verify crash with missing PSS parameter - fix CVE-2015-3195 - X509_ATTRIBUTE memory leak - fix CVE-2015-3196 - race condition when handling PSK identity hint last seen 2020-06-01 modified 2020-06-02 plugin id 87800 published 2016-01-08 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/87800 title OracleVM 3.3 : openssl (OVMSA-2016-0001) (SLOTH) code # # (C) Tenable Network Security, Inc. # # The package checks in this plugin were extracted from OracleVM # Security Advisory OVMSA-2016-0001. # include("compat.inc"); if (description) { script_id(87800); script_version("2.16"); script_cvs_date("Date: 2019/09/27 13:00:34"); script_cve_id("CVE-2015-3194", "CVE-2015-3195", "CVE-2015-3196", "CVE-2015-7575"); script_name(english:"OracleVM 3.3 : openssl (OVMSA-2016-0001) (SLOTH)"); script_summary(english:"Checks the RPM output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote OracleVM host is missing a security update." ); script_set_attribute( attribute:"description", value: "The remote OracleVM system is missing necessary patches to address critical security updates : - fix CVE-2015-7575 - disallow use of MD5 in TLS1.2 - fix CVE-2015-3194 - certificate verify crash with missing PSS parameter - fix CVE-2015-3195 - X509_ATTRIBUTE memory leak - fix CVE-2015-3196 - race condition when handling PSK identity hint" ); # https://oss.oracle.com/pipermail/oraclevm-errata/2016-January/000407.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?90e4620d" ); script_set_attribute( attribute:"solution", value:"Update the affected openssl package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:openssl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:vm_server:3.3"); script_set_attribute(attribute:"vuln_publication_date", value:"2015/12/06"); script_set_attribute(attribute:"patch_publication_date", value:"2016/01/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/01/08"); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"OracleVM Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleVM/release", "Host/OracleVM/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/OracleVM/release"); if (isnull(release) || "OVS" >!< release) audit(AUDIT_OS_NOT, "OracleVM"); if (! preg(pattern:"^OVS" + "3\.3" + "(\.[0-9]|$)", string:release)) audit(AUDIT_OS_NOT, "OracleVM 3.3", "OracleVM " + release); if (!get_kb_item("Host/OracleVM/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "OracleVM", cpu); if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu); flag = 0; if (rpm_check(release:"OVS3.3", reference:"openssl-1.0.1e-42.el6_7.2")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openssl"); }NASL family MacOS X Local Security Checks NASL id MACOS_10_14.NASL description The remote host is running a version of Mac OS X that is prior to 10.13.6 or is not macOS 10.14. It is, therefore, affected by multiple vulnerabilities in the following components : - afpserver - AppleGraphicsControl - Application Firewall - App Store - APR - ATS - Auto Unlock - Bluetooth - CFNetwork - CoreFoundation - CoreText - Crash Reporter - CUPS - Dictionary - Grand Central Dispatch - Heimdal - Hypervisor - iBooks - Intel Graphics Driver - IOHIDFamily - IOKit - IOUserEthernet - Kernel - LibreSSL - Login Window - mDNSOffloadUserClient - MediaRemote - Microcode - Security - Spotlight - Symptom Framework - Text - Wi-Fi Note that successful exploitation of the most serious issues can result in arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 118178 published 2018-10-18 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118178 title macOS < 10.14 Multiple Vulnerabilities NASL family SuSE Local Security Checks NASL id OPENSUSE-2015-908.NASL description OpenSSL was updated to fix three security issues. The following vulnerabilities were fixed : - CVE-2015-3194: Certificate verify crash with missing PSS parameter (bsc#957815) - CVE-2015-3195: X509_ATTRIBUTE memory leak (bsc#957812) - CVE-2015-3196: Race condition handling PSK identify hint (bsc#957813) last seen 2020-06-05 modified 2015-12-17 plugin id 87447 published 2015-12-17 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/87447 title openSUSE Security Update : OpenSSL (openSUSE-2015-908) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2015-2617.NASL description From Red Hat Security Advisory 2015:2617 : Updated openssl packages that fix three security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. A NULL pointer dereference flaw was found in the way OpenSSL verified signatures using the RSA PSS algorithm. A remote attacked could possibly use this flaw to crash a TLS/SSL client using OpenSSL, or a TLS/SSL server using OpenSSL if it enabled client authentication. (CVE-2015-3194) A memory leak vulnerability was found in the way OpenSSL parsed PKCS#7 and CMS data. A remote attacker could use this flaw to cause an application that parses PKCS#7 or CMS data from untrusted sources to use an excessive amount of memory and possibly crash. (CVE-2015-3195) A race condition flaw, leading to a double free, was found in the way OpenSSL handled pre-shared key (PSK) identify hints. A remote attacker could use this flaw to crash a multi-threaded SSL/TLS client using OpenSSL. (CVE-2015-3196) All openssl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. last seen 2020-06-01 modified 2020-06-02 plugin id 87364 published 2015-12-15 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/87364 title Oracle Linux 6 / 7 : openssl (ELSA-2015-2617) NASL family Fedora Local Security Checks NASL id FEDORA_2015-D87D60B9A9.NASL description Moderate security issues fixed in this update. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2016-03-04 plugin id 89431 published 2016-03-04 reporter This script is Copyright (C) 2016-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/89431 title Fedora 22 : openssl-1.0.1k-13.fc22 (2015-d87d60b9a9) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2015-2617.NASL description Updated openssl packages that fix three security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. A NULL pointer dereference flaw was found in the way OpenSSL verified signatures using the RSA PSS algorithm. A remote attacked could possibly use this flaw to crash a TLS/SSL client using OpenSSL, or a TLS/SSL server using OpenSSL if it enabled client authentication. (CVE-2015-3194) A memory leak vulnerability was found in the way OpenSSL parsed PKCS#7 and CMS data. A remote attacker could use this flaw to cause an application that parses PKCS#7 or CMS data from untrusted sources to use an excessive amount of memory and possibly crash. (CVE-2015-3195) A race condition flaw, leading to a double free, was found in the way OpenSSL handled pre-shared key (PSK) identify hints. A remote attacker could use this flaw to crash a multi-threaded SSL/TLS client using OpenSSL. (CVE-2015-3196) All openssl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. last seen 2020-06-01 modified 2020-06-02 plugin id 87357 published 2015-12-15 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/87357 title CentOS 6 / 7 : openssl (CESA-2015:2617) NASL family Misc. NASL id SECURITYCENTER_OPENSSL_1_0_1Q.NASL description The SecurityCenter application installed on the remote host is affected by a denial of service vulnerability in the bundled OpenSSL library. The library is version 1.0.1 or later but prior to 1.0.1q. It is, therefore, affected by a NULL pointer dereference flaw in file rsa_ameth.c due to improper handling of ASN.1 signatures that are missing the PSS parameter. A remote attacker can exploit this to cause the signature verification routine to crash, resulting in a denial of service condition. last seen 2020-06-01 modified 2020-06-02 plugin id 88809 published 2016-02-17 reporter This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/88809 title Tenable SecurityCenter OpenSSL ASN.1 Signature Verification Routine DoS (TNS-2016-01) NASL family SuSE Local Security Checks NASL id OPENSUSE-2015-916.NASL description LibreSSL was updated to fix two security issues inherited from OpenSSL. The following vulnerabilities were fixed : - CVE-2015-3194: NULL pointer dereference in client side certificate validation - CVE-2015-3195: Memory leak in PKCS7 - not reachable from TLS/SSL last seen 2020-06-05 modified 2015-12-21 plugin id 87518 published 2015-12-21 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/87518 title openSUSE Security Update : libressl (openSUSE-2015-916) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2015-0155.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - fix CVE-2015-3194 - certificate verify crash with missing PSS parameter - fix CVE-2015-3195 - X509_ATTRIBUTE memory leak - fix CVE-2015-3196 - race condition when handling PSK identity hint last seen 2020-06-01 modified 2020-06-02 plugin id 87366 published 2015-12-15 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/87366 title OracleVM 3.3 : openssl (OVMSA-2015-0155) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_4C8D1D729B3811E5AECED050996490D0.NASL description OpenSSL project reports : - BN_mod_exp may produce incorrect results on x86_64 (CVE-2015-3193) - Certificate verify crash with missing PSS parameter (CVE-2015-3194) - X509_ATTRIBUTE memory leak (CVE-2015-3195) - Race condition handling PSK identify hint (CVE-2015-3196) - Anon DH ServerKeyExchange with 0 p parameter (CVE-2015-1794) last seen 2020-06-01 modified 2020-06-02 plugin id 87213 published 2015-12-07 reporter This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/87213 title FreeBSD : openssl -- multiple vulnerabilities (4c8d1d72-9b38-11e5-aece-d050996490d0) NASL family Windows NASL id CISCO_SECURITY_MANAGER_CSCUX41352.NASL description The version of Cisco Security Manager running on the remote web server is 4.9.x prior to 4.9(0.397) or 4.10.x prior to 4.10(0.189). It is, therefore, affected by a NULL pointer dereference flaw in file rsa_ameth.c due to improper handling of ASN.1 signatures that are missing the PSS parameter. A remote attacker can exploit this to cause the signature verification routine to crash, resulting in a denial of service condition. last seen 2020-06-01 modified 2020-06-02 plugin id 88593 published 2016-02-05 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/88593 title Cisco Security Manager 4.9.x < 4.9(0.397) / 4.10.x < 4.10(0.189) OpenSSL ASN.1 Signature Handling DoS NASL family Databases NASL id MYSQL_5_6_29.NASL description The version of MySQL running on the remote host is 5.6.x prior to 5.6.29. It is, therefore, affected by multiple vulnerabilities : - A NULL pointer dereference flaw exists in the bundled version of OpenSSL in file rsa_ameth.c due to improper handling of ASN.1 signatures that are missing the PSS parameter. A remote attacker can exploit this to cause the signature verification routine to crash, resulting in a denial of service condition. (CVE-2015-3194) - An unspecified flaw exists in the DML subcomponent that allows an authenticated, remote attacker to impact integrity and availability. (CVE-2016-0640) - An unspecified flaw exists in the MyISAM subcomponent that allows an authenticated, remote attacker to disclose sensitive information or cause a denial of service condition. (CVE-2016-0641) - An unspecified flaw exists in the DDL subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0644) - An unspecified flaw exists in the DML subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0646) - An unspecified flaw exists in the PS subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0649) - An unspecified flaw exists in the Replication subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0650) - An unspecified flaw exists in the Options subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0661) - An unspecified flaw exists in the Security: Encryption subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0665) - An unspecified flaw exists in the InnoDB subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0668) - A denial of service vulnerability exists in the bundled OpenSSL library due to improper handling of variables declared as TEXT or BLOB. An authenticated, remote attacker can exploit this to corrupt data or cause a denial of service condition. - A denial of service vulnerability exists that is triggered when handling a last seen 2020-06-01 modified 2020-06-02 plugin id 89055 published 2016-03-01 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/89055 title MySQL 5.6.x < 5.6.29 Multiple Vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_SU-2015-2230-1.NASL description This update for openssl fixes the following issues : Security fixes : - CVE-2015-3194: The signature verification routines will crash with a NULL pointer dereference if presented with an ASN.1 signature using the RSA PSS algorithm and absent mask generation function parameter. Since these routines are used to verify certificate signature algorithms this can be used to crash any certificate verification operation and exploited in a DoS attack. Any application which performs certificate verification is vulnerable including OpenSSL clients and servers which enable client authentication. (bsc#957815) - CVE-2015-3195: When presented with a malformed X509_ATTRIBUTE structure OpenSSL would leak memory. This structure is used by the PKCS#7 and CMS routines so any application which reads PKCS#7 or CMS data from untrusted sources is affected. SSL/TLS is not affected. (bsc#957812) - CVE-2015-3196: If PSK identity hints are received by a multi-threaded client then the values were wrongly updated in the parent SSL_CTX structure. This could result in a race condition potentially leading to a double free of the identify hint data. (bsc#957813) Non security bugs fixed : - Improve S/390 performance on IBM z196 and z13 (bsc#954256) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 87280 published 2015-12-09 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/87280 title SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2015:2230-1) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2015-349-04.NASL description New openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 87378 published 2015-12-16 reporter This script is Copyright (C) 2015-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/87378 title Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : openssl (SSA:2015-349-04) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201601-05.NASL description The remote host is affected by the vulnerability described in GLSA-201601-05 (OpenSSL: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in OpenSSL. Please review the upstream advisory and CVE identifiers referenced below for details. Note that the list includes CVE identifiers for an older OpenSSL Security Advisory (3 Dec 2015) for which we have not issued a GLSA before. Impact : A remote attacker could disclose a server’s private DH exponent, or complete SSLv2 handshakes using ciphers that have been disabled on the server. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 88586 published 2016-02-05 reporter This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/88586 title GLSA-201601-05 : OpenSSL: Multiple vulnerabilities NASL family Databases NASL id MYSQL_5_7_11.NASL description The version of MySQL running on the remote host is 5.7.x prior to 5.7.11. It is, therefore, potentially affected by multiple vulnerabilities : - A NULL pointer dereference flaw exists in the bundled version of OpenSSL in file rsa_ameth.c due to improper handling of ASN.1 signatures that are missing the PSS parameter. A remote attacker can exploit this to cause the signature verification routine to crash, resulting in a denial of service condition. (CVE-2015-3194) - An unspecified flaw exists in the DML subcomponent that allows an authenticated, remote attacker to impact integrity and availability. (CVE-2016-0640) - An unspecified flaw exists in the MyISAM subcomponent that allows an authenticated, remote attacker to disclose sensitive information or cause a denial of service condition. (CVE-2016-0641) - An unspecified flaw exists in the DDL subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0644) - Multiple unspecified flaws exist in the DML subcomponent that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0646, CVE-2016-0652) - An unspecified flaw exists in the PS subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0649) - An unspecified flaw exists in the Replication subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0650) - An unspecified flaw exists in the FTS subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0653) - Multiple unspecified flaws exist in the InnoDB subcomponent that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0654, CVE-2016-0656, CVE-2016-0668) - An unspecified flaw exists in the Optimizer subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0658) - An unspecified flaw exists in the Options subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0661) - An unspecified flaw exists in the Performance Schema subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0663) - An unspecified flaw exists in the Security: Encryption subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0665) - A denial of service vulnerability exists in the bundled OpenSSL library due to improper handling of variables declared as TEXT or BLOB. An authenticated, remote attacker can exploit this to corrupt data or cause a denial of service condition. - A denial of service vulnerability exists that is triggered when handling a last seen 2020-06-01 modified 2020-06-02 plugin id 89056 published 2016-03-01 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/89056 title MySQL 5.7.x < 5.7.11 Multiple Vulnerabilities NASL family Databases NASL id MYSQL_5_7_11_RPM.NASL description The version of Oracle MySQL installed on the remote host is 5.7.x prior to 5.7.11. It is, therefore, affected by the following vulnerabilities : - A NULL pointer dereference flaw exists in the bundled version of OpenSSL in file rsa_ameth.c due to improper handling of ASN.1 signatures that are missing the PSS parameter. A remote attacker can exploit this to cause the signature verification routine to crash, resulting in a denial of service condition. (CVE-2015-3194) - A flaw exists in the ASN1_TFLG_COMBINE implementation in file tasn_dec.c related to handling malformed X509_ATTRIBUTE structures. A remote attacker can exploit this to cause a memory leak by triggering a decoding failure in a PKCS#7 or CMS application, resulting in a denial of service. (CVE-2015-3195) - An unspecified flaw exists in the DML subcomponent that allows a local attacker to impact integrity and availability. (CVE-2016-0640) - An unspecified flaw exists in the MyISAM subcomponent that allows a local attacker to disclose potentially sensitive information or cause a denial of service condition. (CVE-2016-0641) - An unspecified flaw exists in the DDL subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-0644) - Multiple unspecified flaws exist in the DML subcomponent that allow a local attacker to cause a denial of service condition. (CVE-2016-0646, CVE-2016-0652) - An unspecified flaw exists in the PS subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-0649) - An unspecified flaw exists in the Replication subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-0650) - An unspecified flaw exists in the FTS subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-0653) - Multiple unspecified flaws exist in the InnoDB subcomponent that allow a local attacker to cause a denial of service condition. (CVE-2016-0654, CVE-2016-0656, CVE-2016-0668) - An unspecified flaw exists in the Optimizer subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-0658) - An unspecified flaw exists in the Options subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-0661) - An unspecified flaw exists in the Performance Schema subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-0663) - An unspecified flaw exists in the Security: Encryption subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-0665) - An unspecified flaw exists in the Security: Encryption subcomponent that allows an unauthenticated, remote attacker to disclose potentially sensitive information. (CVE-2016-3452) - A denial of service vulnerability exists in the bundled OpenSSL library due to improper handling of variables declared as TEXT or BLOB. An authenticated, remote attacker can exploit this to corrupt data or cause a denial of service condition. - A denial of service vulnerability exists that is triggered when handling a last seen 2020-06-04 modified 2016-05-02 plugin id 90833 published 2016-05-02 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/90833 title Oracle MySQL 5.7.x < 5.7.11 Multiple Vulnerabilities (April 2016 CPU) (July 2016 CPU) NASL family SuSE Local Security Checks NASL id OPENSUSE-2016-604.NASL description This libressl update to version 2.2.7 fixes the following issues : Security issues fixed : - Fix multiple vulnerabilities in libcrypto relating to ASN.1 and encoding. [boo#978492, boo#977584] - CVE-2015-3194: Certificate verify crash with missing PSS parameter (boo#957815) - CVE-2015-3195: X509_ATTRIBUTE memory leak (boo#957812) - CVE-2015-5333: Memory Leak (boo#950707) - CVE-2015-5334: Buffer Overflow (boo#950708) last seen 2020-06-05 modified 2016-05-20 plugin id 91274 published 2016-05-20 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/91274 title openSUSE Security Update : libressl (openSUSE-2016-604) NASL family Scientific Linux Local Security Checks NASL id SL_20151214_OPENSSL_ON_SL6_X.NASL description A NULL pointer derefernce flaw was found in the way OpenSSL verified signatures using the RSA PSS algorithm. A remote attacked could possibly use this flaw to crash a TLS/SSL client using OpenSSL, or a TLS/SSL server using OpenSSL if it enabled client authentication. (CVE-2015-3194) A memory leak vulnerability was found in the way OpenSSL parsed PKCS#7 and CMS data. A remote attacker could use this flaw to cause an application that parses PKCS#7 or CMS data from untrusted sources to use an excessive amount of memory and possibly crash. (CVE-2015-3195) A race condition flaw, leading to a double free, was found in the way OpenSSL handled pre-shared key (PSK) identify hints. A remote attacker could use this flaw to crash a multi-threaded SSL/TLS client using OpenSSL. (CVE-2015-3196) For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. last seen 2020-03-18 modified 2015-12-16 plugin id 87402 published 2015-12-16 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/87402 title Scientific Linux Security Update : openssl on SL6.x i386/x86_64 (20151214) NASL family SuSE Local Security Checks NASL id OPENSUSE-2015-911.NASL description This update for openssl fixes the following issues : Security fixes : - CVE-2015-3194: The signature verification routines will crash with a NULL pointer dereference if presented with an ASN.1 signature using the RSA PSS algorithm and absent mask generation function parameter. Since these routines are used to verify certificate signature algorithms this can be used to crash any certificate verification operation and exploited in a DoS attack. Any application which performs certificate verification is vulnerable including OpenSSL clients and servers which enable client authentication. (bsc#957815) - CVE-2015-3195: When presented with a malformed X509_ATTRIBUTE structure OpenSSL would leak memory. This structure is used by the PKCS#7 and CMS routines so any application which reads PKCS#7 or CMS data from untrusted sources is affected. SSL/TLS is not affected. (bsc#957812) - CVE-2015-3196: If PSK identity hints are received by a multi-threaded client then the values were wrongly updated in the parent SSL_CTX structure. This could result in a race condition potentially leading to a double free of the identify hint data. (bsc#957813) Non security bugs fixed : - Improve S/390 performance on IBM z196 and z13 (bsc#954256) This update was imported from the SUSE:SLE-12-SP1:Update update project. last seen 2020-06-05 modified 2015-12-18 plugin id 87487 published 2015-12-18 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/87487 title openSUSE Security Update : openssl (openSUSE-2015-911) NASL family SuSE Local Security Checks NASL id SUSE_SU-2015-2237-1.NASL description This update for openssl fixes the following issues : Security fixes : - CVE-2015-3194: The signature verification routines will crash with a NULL pointer dereference if presented with an ASN.1 signature using the RSA PSS algorithm and absent mask generation function parameter. Since these routines are used to verify certificate signature algorithms this can be used to crash any certificate verification operation and exploited in a DoS attack. Any application which performs certificate verification is vulnerable including OpenSSL clients and servers which enable client authentication. (bsc#957815) - CVE-2015-3195: When presented with a malformed X509_ATTRIBUTE structure OpenSSL would leak memory. This structure is used by the PKCS#7 and CMS routines so any application which reads PKCS#7 or CMS data from untrusted sources is affected. SSL/TLS is not affected. (bsc#957812) - CVE-2015-3196: If PSK identity hints are received by a multi-threaded client then the values were wrongly updated in the parent SSL_CTX structure. This could result in a race condition potentially leading to a double free of the identify hint data. (bsc#957813) Non security bugs fixed : - Clear the error after setting non-fips mode (bsc#947104) - Improve S/390 performance on IBM z196 and z13 (bsc#954256) - Add support for last seen 2020-06-01 modified 2020-06-02 plugin id 87318 published 2015-12-11 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/87318 title SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2015:2237-1) NASL family F5 Networks Local Security Checks NASL id F5_BIGIP_SOL86772626.NASL description crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1 signature that lacks a mask generation function parameter. (CVE-2015-3194) last seen 2020-06-01 modified 2020-06-02 plugin id 87435 published 2015-12-17 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/87435 title F5 Networks BIG-IP : OpenSSL vulnerability (K86772626) NASL family MacOS X Local Security Checks NASL id MACOSX_CISCO_ANYCONNECT_CSCUX41420.NASL description The Cisco AnyConnect Secure Mobility Client installed on the remote Mac OS X host is a version prior to 3.1.13015.0 or 4.2.x prior to 4.2.1035.0. It is, therefore, affected by multiple vulnerabilities in the bundled version of OpenSSL : - A carry propagating flaw exists in the x86_64 Montgomery squaring implementation that may cause the BN_mod_exp() function to produce incorrect results. An attacker can exploit this to obtain sensitive information regarding private keys. (CVE-2015-3193) - A NULL pointer dereference flaw exists in file rsa_ameth.c when handling ASN.1 signatures that use the RSA PSS algorithm but are missing a mask generation function parameter. A remote attacker can exploit this to cause the signature verification routine to crash, leading to a denial of service. (CVE-2015-3194) - A flaw exists in the ASN1_TFLG_COMBINE implementation in file tasn_dec.c related to handling malformed X509_ATTRIBUTE structures. A remote attacker can exploit this to cause a memory leak by triggering a decoding failure in a PKCS#7 or CMS application, resulting in a denial of service. (CVE-2015-3195) - A race condition exists in s3_clnt.c that is triggered when PSK identity hints are incorrectly updated in the parent SSL_CTX structure when they are received by a multi-threaded client. A remote attacker can exploit this, via a crafted ServerKeyExchange message, to cause a double-free memory error, resulting in a denial of service. (CVE-2015-3196) - A flaw exists in the ssl3_get_key_exchange() function in file s3_clnt.c when handling a ServerKeyExchange message for an anonymous DH ciphersuite with the value of last seen 2020-06-01 modified 2020-06-02 plugin id 88101 published 2016-01-22 reporter This script is Copyright (C) 2016-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/88101 title Mac OS X : Cisco AnyConnect Secure Mobility Client < 3.1.13015.0 / 4.2.x < 4.2.1035.0 Multiple OpenSSL Vulnerabilities NASL family Web Servers NASL id OPENSSL_1_0_1Q.NASL description According to its banner, the remote host is running a version of OpenSSL 1.0.1 prior to 1.0.1q. It is, therefore, affected by the following vulnerabilities : - A NULL pointer dereference flaw exists in file rsa_ameth.c when handling ASN.1 signatures that use the RSA PSS algorithm but are missing a mask generation function parameter. A remote attacker can exploit this to cause the signature verification routine to crash, leading to a denial of service. (CVE-2015-3194) - A flaw exists in the ASN1_TFLG_COMBINE implementation in file tasn_dec.c related to handling malformed X509_ATTRIBUTE structures. A remote attacker can exploit this to cause a memory leak by triggering a decoding failure in a PKCS#7 or CMS application, resulting in a denial of service. (CVE-2015-3195) last seen 2020-06-01 modified 2020-06-02 plugin id 87221 published 2015-12-07 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/87221 title OpenSSL 1.0.1 < 1.0.1q Multiple DoS NASL family MacOS X Local Security Checks NASL id MACOSX_XCODE_81.NASL description The version of Apple Xcode installed on the remote macOS or Mac OS X host is prior to 8.1. It is, therefore, affected by multiple remote code execution vulnerabilities in the Node.js component of the Xcode Server. An unauthenticated, remote attacker can exploit these vulnerabilities to cause a denial of service condition or the execution of arbitrary code. last seen 2020-05-06 modified 2016-11-17 plugin id 94935 published 2016-11-17 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/94935 title Apple Xcode < 8.1 Node.js Multiple RCE (macOS) NASL family Web Servers NASL id HPSMH_7_5_5.NASL description According to its banner, the version of HP System Management Homepage (SMH) hosted on the remote web server is affected by the following vulnerabilities : - A denial of service vulnerability exists in the Apache HTTP Server due to the lack of the mod_reqtimeout module. An unauthenticated, remote attacker can exploit this, via a saturation of partial HTTP requests, to cause a daemon outage. (CVE-2007-6750) - A cross-site scripting (XSS) vulnerability exists in jQuery when using location.hash to select elements. An unauthenticated, remote attacker can exploit this, via a specially crafted tag, to inject arbitrary script code or HTML into the user last seen 2020-06-01 modified 2020-06-02 plugin id 91222 published 2016-05-18 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/91222 title HP System Management Homepage Multiple Vulnerabilities (HPSBMU03593) NASL family Junos Local Security Checks NASL id JUNIPER_JSA10759.NASL description According to its self-reported version number, the remote Juniper Junos device is affected by the following vulnerabilities related to OpenSSL : - A flaw exists in the ssl3_get_key_exchange() function in file s3_clnt.c when handling a ServerKeyExchange message for an anonymous DH ciphersuite with the value of last seen 2020-03-18 modified 2017-01-05 plugin id 96316 published 2017-01-05 reporter This script is Copyright (C) 2017-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/96316 title Juniper Junos Multiple OpenSSL Vulnerabilities (JSA10759) (SWEET32) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2016-0049.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - fix CVE-2016-2105 - possible overflow in base64 encoding - fix CVE-2016-2106 - possible overflow in EVP_EncryptUpdate - fix CVE-2016-2107 - padding oracle in stitched AES-NI CBC-MAC - fix CVE-2016-2108 - memory corruption in ASN.1 encoder - fix CVE-2016-2109 - possible DoS when reading ASN.1 data from BIO - fix CVE-2016-0799 - memory issues in BIO_printf - fix CVE-2016-0702 - side channel attack on modular exponentiation - fix CVE-2016-0705 - double-free in DSA private key parsing - fix CVE-2016-0797 - heap corruption in BN_hex2bn and BN_dec2bn - fix CVE-2015-3197 - SSLv2 ciphersuite enforcement - disable SSLv2 in the generic TLS method - fix 1-byte memory leak in pkcs12 parse (#1229871) - document some options of the speed command (#1197095) - fix high-precision timestamps in timestamping authority - fix CVE-2015-7575 - disallow use of MD5 in TLS1.2 - fix CVE-2015-3194 - certificate verify crash with missing PSS parameter - fix CVE-2015-3195 - X509_ATTRIBUTE memory leak - fix CVE-2015-3196 - race condition when handling PSK identity hint last seen 2020-06-01 modified 2020-06-02 plugin id 91154 published 2016-05-16 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/91154 title OracleVM 3.3 / 3.4 : openssl (OVMSA-2016-0049) (SLOTH) NASL family Databases NASL id MYSQL_ES_5_6_29.NASL description The version of MySQL Enterprise Server 5.6 installed on the remote host is 5.6.x prior to 5.6.29 or 5.7.x prior to 5.7.11. It is, therefore, affected by multiple vulnerabilities in the included OpenSSL library : - A NULL pointer dereference flaw exists in file rsa_ameth.c due to improper handling of ASN.1 signatures that are missing the PSS parameter. A remote attacker can exploit this to cause the signature verification routine to crash, resulting in a denial of service condition. (CVE-2015-3194) - A flaw exists in the ASN1_TFLG_COMBINE implementation in file tasn_dec.c related to handling malformed X509_ATTRIBUTE structures. A remote attacker can exploit this to cause a memory leak by triggering a decoding failure in a PKCS#7 or CMS application, resulting in a denial of service. (CVE-2015-3195) last seen 2020-06-01 modified 2020-06-02 plugin id 88698 published 2016-02-11 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/88698 title MySQL Enterprise Server 5.6.x < 5.6.29 / 5.7.x < 5.7.11 OpenSSL Multiple Vulnerabilities NASL family Misc. NASL id ORACLE_SECURE_GLOBAL_DESKTOP_JUL_2016_CPU.NASL description The version of Oracle Secure Global Desktop installed on the remote host is 4.63, 4.71, or 5.2 and is missing a security patch from the July 2016 Critical Patch Update (CPU). It is, therefore, affected by the following vulnerabilities : - An integer overflow condition exists in the X Server subcomponent in the read_packet() function due to improper validation of user-supplied input when calculating the amount of memory required to handle returned data. A remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. Note that this vulnerability only affects versions 4.71 and 5.2. (CVE-2013-2064) - A carry propagating flaw exists in the OpenSSL subcomponent in the x86_64 Montgomery squaring implementation that may cause the BN_mod_exp() function to produce incorrect results. An attacker can exploit this to obtain sensitive information regarding private keys. (CVE-2015-3193) - A NULL pointer dereference flaw exists in the OpenSSL subcomponent in file rsa_ameth.c when handling ASN.1 signatures that use the RSA PSS algorithm but are missing a mask generation function parameter. A remote attacker can exploit this to cause the signature verification routine to crash, leading to a denial of service. (CVE-2015-3194) - A key disclosure vulnerability exists in the OpenSSL subcomponent due to improper handling of cache-bank conflicts on the Intel Sandy-bridge microarchitecture. An attacker can exploit this to gain access to RSA key information. (CVE-2016-0702) - A NULL pointer dereference flaw exists in the OpenSSL subcomponent in the BN_hex2bn() and BN_dec2bn() functions. A remote attacker can exploit this to trigger a heap corruption, resulting in the execution of arbitrary code. (CVE-2016-0797) - Multiple memory corruption issues exist in the OpenSSL subcomponent that allow a remote attacker to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-0799) - A heap buffer overflow condition exists in the OpenSSL subcomponent in the EVP_EncodeUpdate() function within file crypto/evp/encode.c that is triggered when handling a large amount of input data. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2016-2105) - Multiple flaws exist in the OpenSSL subcomponent in the aesni_cbc_hmac_sha1_cipher() function in file crypto/evp/e_aes_cbc_hmac_sha1.c and the aesni_cbc_hmac_sha256_cipher() function in file crypto/evp/e_aes_cbc_hmac_sha256.c that are triggered when the connection uses an AES-CBC cipher and AES-NI is supported by the server. A man-in-the-middle attacker can exploit these to conduct a padding oracle attack, resulting in the ability to decrypt the network traffic. (CVE-2016-2107) - An unspecified flaw exists in the OpenSSL subcomponent that allows a remote attacker to execute arbitrary code. (CVE-2016-3613) last seen 2020-06-01 modified 2020-06-02 plugin id 92543 published 2016-07-25 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/92543 title Oracle Secure Global Desktop Multiple Vulnerabilities (July 2016 CPU) NASL family SuSE Local Security Checks NASL id OPENSUSE-2016-607.NASL description This mysql-community-server version update to 5.6.30 fixes the following issues : Security issues fixed : - fixed CVEs (boo#962779, boo#959724): CVE-2016-0705, CVE-2016-0639, CVE-2015-3194, CVE-2016-0640, CVE-2016-2047, CVE-2016-0644, CVE-2016-0646, CVE-2016-0647, CVE-2016-0648, CVE-2016-0649, CVE-2016-0650, CVE-2016-0665, CVE-2016-0666, CVE-2016-0641, CVE-2016-0642, CVE-2016-0655, CVE-2016-0661, CVE-2016-0668, CVE-2016-0643 - changes http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6- 30.html http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6- 29.html Bugs fixed : - don last seen 2020-06-05 modified 2016-05-20 plugin id 91277 published 2016-05-20 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/91277 title openSUSE Security Update : mysql-community-server (openSUSE-2016-607) NASL family CGI abuses NASL id BLUECOAT_PROXY_AV_3_5_4_1.NASL description According to its self-reported version number, the Blue Coat ProxyAV firmware installed on the remote device is 3.5.x prior to 3.5.4.1. It is, therefore, affected by the following vulnerabilities in the bundled version of OpenSSL : - A NULL pointer dereference flaw exists in file rsa_ameth.c due to improper handling of ASN.1 signatures that are missing the PSS parameter. A remote attacker can exploit this to cause the signature verification routine to crash, resulting in a denial of service condition. (CVE-2015-3194) - A flaw exists in the ASN1_TFLG_COMBINE implementation in file tasn_dec.c related to handling malformed X509_ATTRIBUTE structures. A remote attacker can exploit this to cause a memory leak by triggering a decoding failure in a PKCS#7 or CMS application, resulting in a denial of service. (CVE-2015-3195) Note that Nessus has not tested for these issues but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 93410 published 2016-09-09 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/93410 title Blue Coat ProxyAV 3.5.x < 3.5.4.1 Multiple DoS Vulnerabilities NASL family Firewalls NASL id PFSENSE_SA-15_11.NASL description According to its self-reported version number, the remote pfSense install is prior to 2.2.6. It is, therefore, affected by multiple vulnerabilities. last seen 2020-06-01 modified 2020-06-02 plugin id 106498 published 2018-01-31 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/106498 title pfSense < 2.2.6 Multiple Vulnerabilities (SA-15_09 / SA-15_10 / SA-15_11) NASL family Misc. NASL id VIRTUALBOX_5_0_18.NASL description The Oracle VM VirtualBox application installed on the remote host is a version prior to 4.3.36 or 5.0.18. It is, therefore, affected by an unspecified flaw in the Core subcomponent that allows a local attacker to gain elevated privileges. Additionally, multiple vulnerabilities exist in the bundled version of OpenSSL : - A flaw exists in the ssl3_get_key_exchange() function in file s3_clnt.c when handling a ServerKeyExchange message for an anonymous DH ciphersuite with the value of last seen 2020-06-01 modified 2020-06-02 plugin id 90680 published 2016-04-22 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/90680 title Oracle VM VirtualBox < 4.3.36 / 5.0.18 Multiple Vulnerabilities (April 2016 CPU) NASL family AIX Local Security Checks NASL id AIX_OPENSSL_ADVISORY15.NASL description The version of OpenSSL installed on the remote AIX host is affected by multiple vulnerabilities : - A NULL pointer dereference flaw exists in file rsa_ameth.c when handling ASN.1 signatures that use the RSA PSS algorithm but are missing a mask generation function parameter. A remote attacker can exploit this to cause the signature verification routine to crash, leading to a denial of service. (CVE-2015-3194) - A flaw exists in the ASN1_TFLG_COMBINE implementation in file tasn_dec.c related to handling malformed X509_ATTRIBUTE structures. A remote attacker can exploit this to cause a memory leak by triggering a decoding failure in a PKCS#7 or CMS application, resulting in a denial of service. (CVE-2015-3195) - A race condition exists in s3_clnt.c that is triggered when PSK identity hints are incorrectly updated in the parent SSL_CTX structure when they are received by a multi-threaded client. A remote attacker can exploit this, via a crafted ServerKeyExchange message, to cause a double-free memory error, resulting in a denial of service. (CVE-2015-3196) last seen 2020-06-01 modified 2020-06-02 plugin id 88085 published 2016-01-22 reporter This script is Copyright (C) 2016-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/88085 title AIX OpenSSL Advisory : openssl_advisory15.asc NASL family Databases NASL id MYSQL_5_6_29_RPM.NASL description The version of Oracle MySQL installed on the remote host is 5.6.x prior to 5.6.29. It is, therefore, affected by the following vulnerabilities : - A NULL pointer dereference flaw exists in the bundled version of OpenSSL in file rsa_ameth.c due to improper handling of ASN.1 signatures that are missing the PSS parameter. A remote attacker can exploit this to cause the signature verification routine to crash, resulting in a denial of service condition. (CVE-2015-3194) - An unspecified flaw exists in the DML subcomponent that allows an authenticated, remote attacker to impact integrity and availability. (CVE-2016-0640) - An unspecified flaw exists in the MyISAM subcomponent that allows an authenticated, remote attacker to disclose sensitive information or cause a denial of service condition. (CVE-2016-0641) - An unspecified flaw exists in the DDL subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0644) - An unspecified flaw exists in the DML subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0646) - An unspecified flaw exists in the PS subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0649) - An unspecified flaw exists in the Replication subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0650) - An unspecified flaw exists in the Options subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0661) - An unspecified flaw exists in the Security: Encryption subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0665) - An unspecified flaw exists in the InnoDB subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0668) - A denial of service vulnerability exists in the bundled OpenSSL library due to improper handling of variables declared as TEXT or BLOB. An authenticated, remote attacker can exploit this to corrupt data or cause a denial of service condition. - A denial of service vulnerability exists that is triggered when handling a last seen 2020-06-04 modified 2016-05-02 plugin id 90831 published 2016-05-02 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/90831 title Oracle MySQL 5.6.x < 5.6.29 Multiple Vulnerabilities (April 2016 CPU) NASL family Windows NASL id CISCO_ANYCONNECT_CSCUX41420.NASL description The Cisco AnyConnect Secure Mobility Client installed on the remote host is a version prior to 3.1.13015.0 or 4.2.x prior to 4.2.1035.0. It is, therefore, affected by multiple vulnerabilities in the bundled version of OpenSSL : - A carry propagating flaw exists in the x86_64 Montgomery squaring implementation that may cause the BN_mod_exp() function to produce incorrect results. An attacker can exploit this to obtain sensitive information regarding private keys. (CVE-2015-3193) - A NULL pointer dereference flaw exists in file rsa_ameth.c when handling ASN.1 signatures that use the RSA PSS algorithm but are missing a mask generation function parameter. A remote attacker can exploit this to cause the signature verification routine to crash, leading to a denial of service. (CVE-2015-3194) - A flaw exists in the ASN1_TFLG_COMBINE implementation in file tasn_dec.c related to handling malformed X509_ATTRIBUTE structures. A remote attacker can exploit this to cause a memory leak by triggering a decoding failure in a PKCS#7 or CMS application, resulting in a denial of service. (CVE-2015-3195) - A race condition exists in s3_clnt.c that is triggered when PSK identity hints are incorrectly updated in the parent SSL_CTX structure when they are received by a multi-threaded client. A remote attacker can exploit this, via a crafted ServerKeyExchange message, to cause a double-free memory error, resulting in a denial of service. (CVE-2015-3196) - A flaw exists in the ssl3_get_key_exchange() function in file s3_clnt.c when handling a ServerKeyExchange message for an anonymous DH ciphersuite with the value of last seen 2020-06-01 modified 2020-06-02 plugin id 88100 published 2016-01-22 reporter This script is Copyright (C) 2016-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/88100 title Cisco AnyConnect Secure Mobility Client < 3.1.13015.0 / 4.2.x < 4.2.1035.0 Multiple OpenSSL Vulnerabilities NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3413.NASL description Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues : - CVE-2015-3194 Loic Jonas Etienne of Qnective AG discovered that the signature verification routines will crash with a NULL pointer dereference if presented with an ASN.1 signature using the RSA PSS algorithm and absent mask generation function parameter. A remote attacker can exploit this flaw to crash any certificate verification operation and mount a denial of service attack. - CVE-2015-3195 Adam Langley of Google/BoringSSL discovered that OpenSSL will leak memory when presented with a malformed X509_ATTRIBUTE structure. - CVE-2015-3196 A race condition flaw in the handling of PSK identify hints was discovered, potentially leading to a double free of the identify hint data. last seen 2020-06-01 modified 2020-06-02 plugin id 87212 published 2015-12-07 reporter This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/87212 title Debian DSA-3413-1 : openssl - security update NASL family Fedora Local Security Checks NASL id FEDORA_2015-605DE37B7F.NASL description Moderate security issues fixed in this update. Faster handling of some common elliptic curves enabled on 64 bit architectures. Improved Makefile.certificate to not use serial number 0 by default. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2016-03-04 plugin id 89256 published 2016-03-04 reporter This script is Copyright (C) 2016-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/89256 title Fedora 23 : openssl-1.0.2e-1.fc23 (2015-605de37b7f) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_8C2B2F110EBE11E6B55EB499BAEBFEAF.NASL description Oracle reports reports : Critical Patch Update contains 31 new security fixes for Oracle MySQL 5.5.48, 5.6.29, 5.7.11 and earlier last seen 2020-06-01 modified 2020-06-02 plugin id 90847 published 2016-05-03 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/90847 title FreeBSD : MySQL -- multiple vulnerabilities (8c2b2f11-0ebe-11e6-b55e-b499baebfeaf) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2015-614.NASL description A NULL pointer derefernce flaw was found in the way OpenSSL verified signatures using the RSA PSS algorithm. A remote attacked could possibly use this flaw to crash a TLS/SSL client using OpenSSL, or a TLS/SSL server using OpenSSL if it enabled client authentication. (CVE-2015-3194) A memory leak vulnerability was found in the way OpenSSL parsed PKCS#7 and CMS data. A remote attacker could use this flaw to cause an application that parses PKCS#7 or CMS data from untrusted sources to use an excessive amount of memory and possibly crash. (CVE-2015-3195) A race condition flaw, leading to a double free, was found in the way OpenSSL handled pre-shared key (PSK) identify hints. A remote attacker could use this flaw to crash a multi-threaded SSL/TLS client using OpenSSL. (CVE-2015-3196) last seen 2020-06-01 modified 2020-06-02 plugin id 87340 published 2015-12-15 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/87340 title Amazon Linux AMI : openssl (ALAS-2015-614) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2830-1.NASL description Guy Leaver discovered that OpenSSL incorrectly handled a ServerKeyExchange for an anonymous DH ciphersuite with the value of p set to 0. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only applied to Ubuntu 15.10. (CVE-2015-1794) Hanno Bock discovered that the OpenSSL Montgomery squaring procedure algorithm may produce incorrect results when being used on x86_64. A remote attacker could possibly use this issue to break encryption. This issue only applied to Ubuntu 15.10. (CVE-2015-3193) Loic Jonas Etienne discovered that OpenSSL incorrectly handled ASN.1 signatures with a missing PSS parameter. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2015-3194) Adam Langley discovered that OpenSSL incorrectly handled malformed X509_ATTRIBUTE structures. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, resulting in a denial of service. (CVE-2015-3195) It was discovered that OpenSSL incorrectly handled PSK identity hints. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-3196). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 87236 published 2015-12-08 reporter Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/87236 title Ubuntu 12.04 LTS / 14.04 LTS / 15.04 / 15.10 : openssl vulnerabilities (USN-2830-1) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2015-2617.NASL description Updated openssl packages that fix three security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. A NULL pointer dereference flaw was found in the way OpenSSL verified signatures using the RSA PSS algorithm. A remote attacked could possibly use this flaw to crash a TLS/SSL client using OpenSSL, or a TLS/SSL server using OpenSSL if it enabled client authentication. (CVE-2015-3194) A memory leak vulnerability was found in the way OpenSSL parsed PKCS#7 and CMS data. A remote attacker could use this flaw to cause an application that parses PKCS#7 or CMS data from untrusted sources to use an excessive amount of memory and possibly crash. (CVE-2015-3195) A race condition flaw, leading to a double free, was found in the way OpenSSL handled pre-shared key (PSK) identify hints. A remote attacker could use this flaw to crash a multi-threaded SSL/TLS client using OpenSSL. (CVE-2015-3196) All openssl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. last seen 2020-06-01 modified 2020-06-02 plugin id 87335 published 2015-12-14 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/87335 title RHEL 6 / 7 : openssl (RHSA-2015:2617) NASL family Web Servers NASL id OPENSSL_1_0_2E.NASL description According to its banner, the remote host is running a version of OpenSSL 1.0.2 prior to 1.0.2e. It is, therefore, affected by the following vulnerabilities : - A flaw exists in the ssl3_get_key_exchange() function in file s3_clnt.c when handling a ServerKeyExchange message for an anonymous DH ciphersuite with the value of last seen 2020-06-01 modified 2020-06-02 plugin id 87222 published 2015-12-07 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/87222 title OpenSSL 1.0.2 < 1.0.2e Multiple Vulnerabilities
Packetstorm
| data source | https://packetstormsecurity.com/files/download/143369/orionbrowser79-mitm.txt |
| id | PACKETSTORM:143369 |
| last seen | 2017-07-15 |
| published | 2017-07-14 |
| reporter | MaXe |
| source | https://packetstormsecurity.com/files/143369/Orion-Elite-Hidden-IP-Browser-Pro-7.9-OpenSSL-Tor-Man-In-The-Middle.html |
| title | Orion Elite Hidden IP Browser Pro 7.9 OpenSSL / Tor / Man-In-The-Middle |
Redhat
| advisories |
| ||||||||
| rpms |
|
References
- http://lists.opensuse.org/opensuse-updates/2015-12/msg00071.html
- http://www.debian.org/security/2015/dsa-3413
- http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173801.html
- http://lists.opensuse.org/opensuse-updates/2015-12/msg00087.html
- http://www.fortiguard.com/advisory/openssl-advisory-december-2015
- http://fortiguard.com/advisory/openssl-advisory-december-2015
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html
- http://www.securityfocus.com/bid/78623
- http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944173
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888
- http://www.securityfocus.com/bid/91787
- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131085
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667
- http://marc.info/?l=bugtraq&m=145382583417444&w=2
- http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40100
- http://openssl.org/news/secadv/20151203.txt
- https://bugzilla.redhat.com/show_bug.cgi?id=1288320
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-openssl
- http://rhn.redhat.com/errata/RHSA-2015-2617.html
- http://www.ubuntu.com/usn/USN-2830-1
- http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.754583
- http://lists.opensuse.org/opensuse-updates/2015-12/msg00070.html
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05398322
- http://www.securitytracker.com/id/1034294
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://rhn.redhat.com/errata/RHSA-2016-2957.html
- https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
- https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=c394a488942387246653833359a5c94b5832674e
- https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=d8541d7e9e63bf5f343af24644046c8d96498c17