Vulnerabilities > CVE-2015-3195 - Information Exposure vulnerability in multiple products

The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application.

Vulnerable Configurations

Part	Description	Count
OS	Apple Apple MAC OS X - Apple MAC OS X 10.0 Apple MAC OS X 10.0.0 Apple MAC OS X 10.0.1 Apple MAC OS X 10.0.2 Apple MAC OS X 10.0.3 Apple MAC OS X 10.0.4 Apple MAC OS X 10.1 Apple MAC OS X 10.1.0 Apple MAC OS X 10.1.1 Apple MAC OS X 10.1.2 Apple MAC OS X 10.1.3 Apple MAC OS X 10.1.4 Apple MAC OS X 10.1.5 Apple MAC OS X 10.2 Apple MAC OS X 10.2.0 Apple MAC OS X 10.2.1 Apple MAC OS X 10.2.2 Apple MAC OS X 10.2.3 Apple MAC OS X 10.2.4 Apple MAC OS X 10.2.5 Apple MAC OS X 10.2.6 Apple MAC OS X 10.2.7 Apple MAC OS X 10.2.8 Apple MAC OS X 10.3 Apple MAC OS X 10.3.0 Apple MAC OS X 10.3.1 Apple MAC OS X 10.3.2 Apple MAC OS X 10.3.3 Apple MAC OS X 10.3.4 Apple MAC OS X 10.3.5 Apple MAC OS X 10.3.6 Apple MAC OS X 10.3.7 Apple MAC OS X 10.3.8 Apple MAC OS X 10.3.9 Apple MAC OS X 10.4 Apple MAC OS X 10.4.0 Apple MAC OS X 10.4.1 Apple MAC OS X 10.4.2 Apple MAC OS X 10.4.3 Apple MAC OS X 10.4.4 Apple MAC OS X 10.4.5 Apple MAC OS X 10.4.6 Apple MAC OS X 10.4.7 Apple MAC OS X 10.4.8 Apple MAC OS X 10.4.9 Apple MAC OS X 10.4.10 Apple MAC OS X 10.4.11 Apple MAC OS X 10.5 Apple MAC OS X 10.5.0 Apple MAC OS X 10.5.1 Apple MAC OS X 10.5.2 Apple MAC OS X 10.5.3 Apple MAC OS X 10.5.4 Apple MAC OS X 10.5.5 Apple MAC OS X 10.5.6 Apple MAC OS X 10.5.7 Apple MAC OS X 10.5.8 Apple MAC OS X 10.6.0 Apple MAC OS X 10.6.1 Apple MAC OS X 10.6.2 Apple MAC OS X 10.6.3 Apple MAC OS X 10.6.4 Apple MAC OS X 10.6.5 Apple MAC OS X 10.6.6 Apple MAC OS X 10.6.7 Apple MAC OS X 10.6.8 Apple MAC OS X 10.7.0 Apple MAC OS X 10.7.1 Apple MAC OS X 10.7.2 Apple MAC OS X 10.7.3 Apple MAC OS X 10.7.4 Apple MAC OS X 10.7.5 Apple MAC OS X 10.8.0 Apple MAC OS X 10.8.1 Apple MAC OS X 10.8.2 Apple MAC OS X 10.8.3 Apple MAC OS X 10.8.4 Apple MAC OS X 10.8.5 Apple MAC OS X 10.9 Apple MAC OS X 10.9.1 Apple MAC OS X 10.9.2 Apple MAC OS X 10.9.3 Apple MAC OS X 10.9.4 Apple MAC OS X 10.9.5 Apple MAC OS X 10.10.0 Apple MAC OS X 10.10.1 Apple MAC OS X 10.10.2 Apple MAC OS X 10.10.3 Apple MAC OS X 10.10.4 Apple MAC OS X 10.10.5 Apple MAC OS X 10.11.0 Apple MAC OS X 10.11.1 Apple MAC OS X 10.11.2 Apple MAC OS X 10.11.3	98
OS	Oracle Oracle Solaris 11.3 Oracle Solaris 10 Oracle Linux 5 Oracle Linux 6 Oracle Linux 7 Oracle Integrated Lights OUT Manager Firmware 3.0 Oracle Integrated Lights OUT Manager Firmware 3.0.0 Oracle Integrated Lights OUT Manager Firmware 3.0.3 Oracle Integrated Lights OUT Manager Firmware 3.0.4 Oracle Integrated Lights OUT Manager Firmware 3.0.6 Oracle Integrated Lights OUT Manager Firmware 3.0.8 Oracle Integrated Lights OUT Manager Firmware 3.0.9 Oracle Integrated Lights OUT Manager Firmware 3.0.10 Oracle Integrated Lights OUT Manager Firmware 3.0.12 Oracle Integrated Lights OUT Manager Firmware 3.0.14 Oracle Integrated Lights OUT Manager Firmware 3.0.16 Oracle Integrated Lights OUT Manager Firmware 3.1 Oracle Integrated Lights OUT Manager Firmware 3.1.0 Oracle Integrated Lights OUT Manager Firmware 3.1.1 Oracle Integrated Lights OUT Manager Firmware 3.1.2 Oracle Integrated Lights OUT Manager Firmware 3.2 Oracle Integrated Lights OUT Manager Firmware 3.2.0 Oracle Integrated Lights OUT Manager Firmware 3.2.1 Oracle Integrated Lights OUT Manager Firmware 3.2.2 Oracle Integrated Lights OUT Manager Firmware 3.2.3 Oracle Integrated Lights OUT Manager Firmware 3.2.4 Oracle Integrated Lights OUT Manager Firmware 3.2.5 Oracle Integrated Lights OUT Manager Firmware 3.2.6 Oracle Integrated Lights OUT Manager Firmware 3.2.7 Oracle Integrated Lights OUT Manager Firmware 3.2.8 Oracle Integrated Lights OUT Manager Firmware 3.2.9 Oracle Integrated Lights OUT Manager Firmware 3.2.10 Oracle Integrated Lights OUT Manager Firmware 3.2.11 Oracle Integrated Lights OUT Manager Firmware 4.0.0 Oracle Integrated Lights OUT Manager Firmware 4.0.1 Oracle Integrated Lights OUT Manager Firmware 4.0.2 Oracle Integrated Lights OUT Manager Firmware 4.0.3 Oracle Integrated Lights OUT Manager Firmware 4.0.4	38
OS	Redhat Redhat Enterprise Linux Desktop 7.0 Redhat Enterprise Linux Desktop 6.0 Redhat Enterprise Linux Desktop 5.0 Redhat Enterprise Linux Server 5.0 Redhat Enterprise Linux Server 7.0 Redhat Enterprise Linux Server 6.0 Redhat Enterprise Linux Server AUS 7.2 Redhat Enterprise Linux Server AUS 7.3 Redhat Enterprise Linux Server AUS 7.4 Redhat Enterprise Linux Server AUS 7.6 Redhat Enterprise Linux Server AUS 7.7 Redhat Enterprise Linux Workstation 7.0 Redhat Enterprise Linux Workstation 5.0 Redhat Enterprise Linux Workstation 6.0 Redhat Enterprise Linux Server TUS 7.2 Redhat Enterprise Linux Server TUS 7.3 Redhat Enterprise Linux Server TUS 7.6 Redhat Enterprise Linux Server TUS 7.7	18
OS	Canonical Canonical Ubuntu Linux 15.10 Canonical Ubuntu Linux 15.04 Canonical Ubuntu Linux 14.04 Canonical Ubuntu Linux 12.04	4
OS	Debian Debian Debian Linux 8.0 Debian Debian Linux 7.0	2
OS	Opensuse Opensuse Opensuse 11.4 Opensuse Opensuse 13.1 Opensuse Opensuse 13.2 Opensuse Leap 42.1	4
OS	Suse Suse Linux Enterprise Server 10	1
OS	Fedoraproject Fedoraproject Fedora 22	1
Application	Oracle Oracle SUN RAY Software 11.1 Oracle Transportation Management 6.1 Oracle Transportation Management 6.2 Oracle Life Sciences Data HUB 2.1 Oracle API Gateway 11.1.2.3.0 Oracle API Gateway 11.1.2.4.0 Oracle Exalogic Infrastructure 1.0 Oracle Exalogic Infrastructure 2.0 Oracle Communications Webrtc Session Controller 7.0 Oracle Communications Webrtc Session Controller 7.2 Oracle Communications Webrtc Session Controller 7.1 Oracle VM Virtualbox 5.0.0 Oracle VM Virtualbox 5.0.2 Oracle VM Virtualbox 5.0.4 Oracle VM Virtualbox 5.0.6 Oracle VM Virtualbox 5.0.8 Oracle VM Virtualbox 5.0.10 Oracle VM Virtualbox 5.0.12 Oracle VM Virtualbox 5.0.13 Oracle VM Virtualbox 5.0.14 Oracle VM Virtualbox 1.6 Oracle VM Virtualbox 1.6.0 Oracle VM Virtualbox 1.6.2 Oracle VM Virtualbox 1.6.4 Oracle VM Virtualbox 1.6.6 Oracle VM Virtualbox 2.0 Oracle VM Virtualbox 2.0.0 Oracle VM Virtualbox 2.0.2 Oracle VM Virtualbox 2.0.4 Oracle VM Virtualbox 2.0.6 Oracle VM Virtualbox 2.0.8 Oracle VM Virtualbox 2.0.10 Oracle VM Virtualbox 2.0.12 Oracle VM Virtualbox 2.1 Oracle VM Virtualbox 2.1.0 Oracle VM Virtualbox 2.1.2 Oracle VM Virtualbox 2.1.4 Oracle VM Virtualbox 2.2 Oracle VM Virtualbox 2.2.0 Oracle VM Virtualbox 2.2.2 Oracle VM Virtualbox 2.2.4 Oracle VM Virtualbox 3.0 Oracle VM Virtualbox 3.0.0 Oracle VM Virtualbox 3.0.2 Oracle VM Virtualbox 3.0.4 Oracle VM Virtualbox 3.0.6 Oracle VM Virtualbox 3.0.8 Oracle VM Virtualbox 3.0.10 Oracle VM Virtualbox 3.0.12 Oracle VM Virtualbox 3.0.14 Oracle VM Virtualbox 3.1 Oracle VM Virtualbox 3.1.0 Oracle VM Virtualbox 3.1.2 Oracle VM Virtualbox 3.1.4 Oracle VM Virtualbox 3.1.6 Oracle VM Virtualbox 3.1.8 Oracle VM Virtualbox 3.2 Oracle VM Virtualbox 3.2.0 Oracle VM Virtualbox 3.2.2 Oracle VM Virtualbox 3.2.4 Oracle VM Virtualbox 3.2.6 Oracle VM Virtualbox 3.2.8 Oracle VM Virtualbox 3.2.10 Oracle VM Virtualbox 3.2.12 Oracle VM Virtualbox 3.2.14 Oracle VM Virtualbox 3.2.16 Oracle VM Virtualbox 3.2.18 Oracle VM Virtualbox 3.2.20 Oracle VM Virtualbox 3.2.22 Oracle VM Virtualbox 3.2.24 Oracle VM Virtualbox 4.0 Oracle VM Virtualbox 4.0.0 Oracle VM Virtualbox 4.0.2 Oracle VM Virtualbox 4.0.4 Oracle VM Virtualbox 4.0.6 Oracle VM Virtualbox 4.0.8 Oracle VM Virtualbox 4.0.10 Oracle VM Virtualbox 4.0.12 Oracle VM Virtualbox 4.0.14 Oracle VM Virtualbox 4.0.16 Oracle VM Virtualbox 4.0.18 Oracle VM Virtualbox 4.0.20 Oracle VM Virtualbox 4.0.22 Oracle VM Virtualbox 4.0.24 Oracle VM Virtualbox 4.0.26 Oracle VM Virtualbox 4.0.31 Oracle VM Virtualbox 4.0.32 Oracle VM Virtualbox 4.0.34 Oracle VM Virtualbox 4.0.36 Oracle VM Virtualbox 4.1.0 Oracle VM Virtualbox 4.1.2 Oracle VM Virtualbox 4.1.4 Oracle VM Virtualbox 4.1.6 Oracle VM Virtualbox 4.1.8 Oracle VM Virtualbox 4.1.10 Oracle VM Virtualbox 4.1.12 Oracle VM Virtualbox 4.1.14 Oracle VM Virtualbox 4.1.16 Oracle VM Virtualbox 4.1.18 Oracle VM Virtualbox 4.1.20 Oracle VM Virtualbox 4.1.22 Oracle VM Virtualbox 4.1.24 Oracle VM Virtualbox 4.1.26 Oracle VM Virtualbox 4.1.28 Oracle VM Virtualbox 4.1.30 Oracle VM Virtualbox 4.1.32 Oracle VM Virtualbox 4.1.34 Oracle VM Virtualbox 4.1.39 Oracle VM Virtualbox 4.1.40 Oracle VM Virtualbox 4.1.42 Oracle VM Virtualbox 4.1.44 Oracle VM Virtualbox 4.2.0 Oracle VM Virtualbox 4.2.2 Oracle VM Virtualbox 4.2.4 Oracle VM Virtualbox 4.2.6 Oracle VM Virtualbox 4.2.8 Oracle VM Virtualbox 4.2.10 Oracle VM Virtualbox 4.2.12 Oracle VM Virtualbox 4.2.14 Oracle VM Virtualbox 4.2.16 Oracle VM Virtualbox 4.2.18 Oracle VM Virtualbox 4.2.20 Oracle VM Virtualbox 4.2.22 Oracle VM Virtualbox 4.2.24 Oracle VM Virtualbox 4.2.26 Oracle VM Virtualbox 4.2.28 Oracle VM Virtualbox 4.2.30 Oracle VM Virtualbox 4.2.31 Oracle VM Virtualbox 4.2.32 Oracle VM Virtualbox 4.2.34 Oracle VM Virtualbox 4.2.36 Oracle VM Virtualbox 4.3.0 Oracle VM Virtualbox 4.3.2 Oracle VM Virtualbox 4.3.4 Oracle VM Virtualbox 4.3.6 Oracle VM Virtualbox 4.3.8 Oracle VM Virtualbox 4.3.10 Oracle VM Virtualbox 4.3.12 Oracle VM Virtualbox 4.3.14 Oracle VM Virtualbox 4.3.16 Oracle VM Virtualbox 4.3.18 Oracle VM Virtualbox 4.3.22 Oracle VM Virtualbox 4.3.24 Oracle VM Virtualbox 4.3.26 Oracle VM Virtualbox 4.3.28 Oracle VM Virtualbox 4.3.29 Oracle VM Virtualbox 4.3.30 Oracle VM Virtualbox 4.3.32 Oracle VM Virtualbox 4.3.34 Oracle VM Virtualbox 4.3.35 Oracle VM Server 3.2 Oracle Http Server 11.5.10.2	152
Application	Openssl Openssl Openssl - Openssl Openssl 0.9.1C Openssl Openssl 0.9.2B Openssl Openssl 0.9.3 Openssl Openssl 0.9.3A Openssl Openssl 0.9.4 Openssl Openssl 0.9.5 Openssl Openssl 0.9.5A Openssl Openssl 0.9.6 Openssl Openssl 0.9.6A Openssl Openssl 0.9.6B Openssl Openssl 0.9.6C Openssl Openssl 0.9.6D Openssl Openssl 0.9.6E Openssl Openssl 0.9.6F Openssl Openssl 0.9.6G Openssl Openssl 0.9.6H Openssl Openssl 0.9.6I Openssl Openssl 0.9.6J Openssl Openssl 0.9.6K Openssl Openssl 0.9.6L Openssl Openssl 0.9.6M Openssl Openssl 0.9.7 Openssl Openssl 0.9.7A Openssl Openssl 0.9.7B Openssl Openssl 0.9.7C Openssl Openssl 0.9.7D Openssl Openssl 0.9.7E Openssl Openssl 0.9.7F Openssl Openssl 0.9.7G Openssl Openssl 0.9.7H Openssl Openssl 0.9.7I Openssl Openssl 0.9.7J Openssl Openssl 0.9.7K Openssl Openssl 0.9.7L Openssl Openssl 0.9.7M Openssl Openssl 0.9.8 Openssl Openssl 0.9.8A Openssl Openssl 0.9.8B Openssl Openssl 0.9.8C Openssl Openssl 0.9.8C-1 Openssl Openssl 0.9.8D Openssl Openssl 0.9.8E Openssl Openssl 0.9.8F Openssl Openssl 0.9.8G Openssl Openssl 0.9.8G-9 Openssl Openssl 0.9.8H Openssl Openssl 0.9.8I Openssl Openssl 0.9.8J Openssl Openssl 0.9.8K Openssl Openssl 0.9.8L Openssl Openssl 0.9.8M Openssl Openssl 0.9.8N Openssl Openssl 0.9.8O Openssl Openssl 0.9.8P Openssl Openssl 0.9.8Q Openssl Openssl 0.9.8R Openssl Openssl 0.9.8S Openssl Openssl 0.9.8T Openssl Openssl 0.9.8U Openssl Openssl 0.9.8V Openssl Openssl 0.9.8W Openssl Openssl 0.9.8X Openssl Openssl 0.9.8Y Openssl Openssl 0.9.8Z Openssl Openssl 0.9.8Za Openssl Openssl 0.9.8Zb Openssl Openssl 0.9.8Zc Openssl Openssl 0.9.8Zd Openssl Openssl 0.9.8Ze Openssl Openssl 0.9.8Zf Openssl Openssl 0.9.8Zg Openssl Openssl 1.0.0 Openssl Openssl 1.0.0A Openssl Openssl 1.0.0B Openssl Openssl 1.0.0C Openssl Openssl 1.0.0D Openssl Openssl 1.0.0E Openssl Openssl 1.0.0F Openssl Openssl 1.0.0G Openssl Openssl 1.0.0H Openssl Openssl 1.0.0I Openssl Openssl 1.0.0J Openssl Openssl 1.0.0K Openssl Openssl 1.0.0L Openssl Openssl 1.0.0M Openssl Openssl 1.0.0N Openssl Openssl 1.0.0O Openssl Openssl 1.0.0P Openssl Openssl 1.0.0Q Openssl Openssl 1.0.0R Openssl Openssl 1.0.0S Openssl Openssl 1.0.1 Openssl Openssl 1.0.1A Openssl Openssl 1.0.1B Openssl Openssl 1.0.1C Openssl Openssl 1.0.1D Openssl Openssl 1.0.1E Openssl Openssl 1.0.1F Openssl Openssl 1.0.1G Openssl Openssl 1.0.1H Openssl Openssl 1.0.1I Openssl Openssl 1.0.1J Openssl Openssl 1.0.1K Openssl Openssl 1.0.1L Openssl Openssl 1.0.1M Openssl Openssl 1.0.1N Openssl Openssl 1.0.1O Openssl Openssl 1.0.1P Openssl Openssl 1.0.2 Openssl Openssl 1.0.2A Openssl Openssl 1.0.2B Openssl Openssl 1.0.2C Openssl Openssl 1.0.2D	163

Common Weakness Enumeration (CWE)

CWE-200 - Information Exposure

Common Attack Pattern Enumeration and Classification (CAPEC)

Subverting Environment Variable Values
The attacker directly or indirectly modifies environment variables used by or controlling the target software. The attacker's goal is to cause the target software to deviate from its expected operation in a manner that benefits the attacker.
Footprinting
An attacker engages in probing and exploration activity to identify constituents and properties of the target. Footprinting is a general term to describe a variety of information gathering techniques, often used by attackers in preparation for some attack. It consists of using tools to learn as much as possible about the composition, configuration, and security mechanisms of the targeted application, system or network. Information that might be collected during a footprinting effort could include open ports, applications and their versions, network topology, and similar information. While footprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.
Exploiting Trust in Client (aka Make the Client Invisible)
An attack of this type exploits a programs' vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by placing themselves in the communication channel between client and server such that communication directly to the server is possible where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
Browser Fingerprinting
An attacker carefully crafts small snippets of Java Script to efficiently detect the type of browser the potential victim is using. Many web-based attacks need prior knowledge of the web browser including the version of browser to ensure successful exploitation of a vulnerability. Having this knowledge allows an attacker to target the victim with attacks that specifically exploit known or zero day weaknesses in the type and version of the browser used by the victim. Automating this process via Java Script as a part of the same delivery system used to exploit the browser is considered more efficient as the attacker can supply a browser fingerprinting method and integrate it with exploit code, all contained in Java Script and in response to the same web page request by the browser.
Session Credential Falsification through Prediction
This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.

Nessus

NASL family	Web Servers
NASL id	OPENSSL_0_9_8ZH.NASL
description	According to its banner, the remote host is running a version of OpenSSL 0.9.8 prior to 0.9.8zh. It is, therefore, affected by a flaw in the ASN1_TFLG_COMBINE implementation in file tasn_dec.c related to handling malformed X509_ATTRIBUTE structures. A remote attacker can exploit this to cause a memory leak by triggering a decoding failure in a PKCS#7 or CMS application, resulting in a denial of service.
last seen	2020-06-01
modified	2020-06-02
plugin id	87219
published	2015-12-07
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/87219
title	OpenSSL 0.9.8 < 0.9.8zh X509_ATTRIBUTE Memory Leak DoS
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(87219); script_version("1.15"); script_cvs_date("Date: 2019/11/22"); script_cve_id("CVE-2015-3195"); script_bugtraq_id(78626); script_name(english:"OpenSSL 0.9.8 < 0.9.8zh X509_ATTRIBUTE Memory Leak DoS"); script_summary(english:"Performs a banner check."); script_set_attribute(attribute:"synopsis", value: "The remote host is affected by a denial of service vulnerability."); script_set_attribute(attribute:"description", value: "According to its banner, the remote host is running a version of OpenSSL 0.9.8 prior to 0.9.8zh. It is, therefore, affected by a flaw in the ASN1_TFLG_COMBINE implementation in file tasn_dec.c related to handling malformed X509_ATTRIBUTE structures. A remote attacker can exploit this to cause a memory leak by triggering a decoding failure in a PKCS#7 or CMS application, resulting in a denial of service."); script_set_attribute(attribute:"see_also", value:"https://www.openssl.org/news/secadv/20151203.txt"); script_set_attribute(attribute:"solution", value: "Upgrade to OpenSSL version 0.9.8zh or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-3195"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2015/12/03"); script_set_attribute(attribute:"patch_publication_date", value:"2015/12/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/12/07"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:openssl:openssl"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Web Servers"); script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("openssl_version.nasl"); script_require_keys("openssl/port"); exit(0); } include("openssl_version.inc"); openssl_check_version(fixed:'0.9.8zh', min:"0.9.8", severity:SECURITY_WARNING);

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2016-294.NASL
description	This update for libopenssl0_9_8 fixes the following issues : - CVE-2016-0800 aka the
last seen	2020-06-05
modified	2016-03-04
plugin id	89651
published	2016-03-04
reporter	This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/89651
title	openSUSE Security Update : libopenssl0_9_8 (openSUSE-2016-294) (DROWN) (FREAK) (POODLE)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2016-294. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(89651); script_version("1.20"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2013-0166", "CVE-2013-0169", "CVE-2014-0076", "CVE-2014-0195", "CVE-2014-0221", "CVE-2014-0224", "CVE-2014-3470", "CVE-2014-3505", "CVE-2014-3506", "CVE-2014-3507", "CVE-2014-3508", "CVE-2014-3510", "CVE-2014-3566", "CVE-2014-3567", "CVE-2014-3568", "CVE-2014-3569", "CVE-2014-3570", "CVE-2014-3571", "CVE-2014-3572", "CVE-2014-8275", "CVE-2015-0204", "CVE-2015-0209", "CVE-2015-0286", "CVE-2015-0287", "CVE-2015-0288", "CVE-2015-0289", "CVE-2015-0293", "CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-3195", "CVE-2015-3197", "CVE-2016-0797", "CVE-2016-0799", "CVE-2016-0800"); script_name(english:"openSUSE Security Update : libopenssl0_9_8 (openSUSE-2016-294) (DROWN) (FREAK) (POODLE)"); script_summary(english:"Check for the openSUSE-2016-294 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for libopenssl0_9_8 fixes the following issues : - CVE-2016-0800 aka the 'DROWN' attack (bsc#968046): OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA padding oracle. This update changes the openssl library to : - Disable SSLv2 protocol support by default. This can be overridden by setting the environment variable 'OPENSSL_ALLOW_SSL2' or by using SSL_CTX_clear_options using the SSL_OP_NO_SSLv2 flag. Note that various services and clients had already disabled SSL protocol 2 by default previously. - Disable all weak EXPORT ciphers by default. These can be reenabled if required by old legacy software using the environment variable 'OPENSSL_ALLOW_EXPORT'. - CVE-2016-0797 (bnc#968048): The BN_hex2bn() and BN_dec2bn() functions had a bug that could result in an attempt to de-reference a NULL pointer leading to crashes. This could have security consequences if these functions were ever called by user applications with large untrusted hex/decimal data. Also, internal usage of these functions in OpenSSL uses data from config files or application command line arguments. If user developed applications generated config file data based on untrusted data, then this could have had security consequences as well. - CVE-2016-0799 (bnc#968374) On many 64 bit systems, the internal fmtstr() and doapr_outch() functions could miscalculate the length of a string and attempt to access out-of-bounds memory locations. These problems could have enabled attacks where large amounts of untrusted data is passed to the BIO_*printf functions. If applications use these functions in this way then they could have been vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could have been vulnerable if the data is from untrusted sources. OpenSSL command line applications could also have been vulnerable when they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable. - The package was updated to 0.9.8zh : - fixes many security vulnerabilities (not separately listed): CVE-2015-3195, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1792, CVE-2015-1791, CVE-2015-0286, CVE-2015-0287, CVE-2015-0289, CVE-2015-0293, CVE-2015-0209, CVE-2015-0288, CVE-2014-3571, CVE-2014-3569, CVE-2014-3572, CVE-2015-0204, CVE-2014-8275, CVE-2014-3570, CVE-2014-3567, CVE-2014-3568, CVE-2014-3566, CVE-2014-3510, CVE-2014-3507, CVE-2014-3506, CVE-2014-3505, CVE-2014-3508, CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-3470, CVE-2014-0076, CVE-2013-0169, CVE-2013-0166 - avoid running OPENSSL_config twice. This avoids breaking engine loading. (boo#952871, boo#967787) - fix CVE-2015-3197 (boo#963415) - SSLv2 doesn't block disabled ciphers" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=952871" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=963415" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=967787" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=968046" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=968048" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=968374" ); script_set_attribute( attribute:"solution", value:"Update the affected libopenssl0_9_8 packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libopenssl0_9_8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libopenssl0_9_8-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libopenssl0_9_8-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libopenssl0_9_8-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libopenssl0_9_8-debugsource"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.1"); script_set_attribute(attribute:"patch_publication_date", value:"2016/03/03"); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/03/04"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release =~ "^(SLED\|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE13\.2\|SUSE42\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.2 / 42.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586\|i686\|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE13.2", reference:"libopenssl0_9_8-0.9.8zh-9.3.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"libopenssl0_9_8-debuginfo-0.9.8zh-9.3.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"libopenssl0_9_8-debugsource-0.9.8zh-9.3.1") ) flag++; if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libopenssl0_9_8-32bit-0.9.8zh-9.3.1") ) flag++; if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libopenssl0_9_8-debuginfo-32bit-0.9.8zh-9.3.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libopenssl0_9_8-0.9.8zh-14.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libopenssl0_9_8-debuginfo-0.9.8zh-14.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libopenssl0_9_8-debugsource-0.9.8zh-14.1") ) flag++; if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"libopenssl0_9_8-32bit-0.9.8zh-14.1") ) flag++; if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"libopenssl0_9_8-debuginfo-32bit-0.9.8zh-14.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libopenssl0_9_8 / libopenssl0_9_8-32bit / libopenssl0_9_8-debuginfo / etc"); }

NASL family	Web Servers
NASL id	OPENSSL_1_0_0T.NASL
description	According to its banner, the remote host is running a version of OpenSSL 1.0.0 prior to 1.0.0t. It is, therefore, affected by the following vulnerabilities : - A flaw exists in the ASN1_TFLG_COMBINE implementation in file tasn_dec.c related to handling malformed X509_ATTRIBUTE structures. A remote attacker can exploit this to cause a memory leak by triggering a decoding failure in a PKCS#7 or CMS application, resulting in a denial of service. (CVE-2015-3195) - A race condition exists in s3_clnt.c that is triggered when PSK identity hints are incorrectly updated in the parent SSL_CTX structure when they are received by a multi-threaded client. A remote attacker can exploit this, via a crafted ServerKeyExchange message, to cause a double-free memory error, resulting in a denial of service. (CVE-2015-3196)
last seen	2020-06-01
modified	2020-06-02
plugin id	87220
published	2015-12-07
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/87220
title	OpenSSL 1.0.0 < 1.0.0t Multiple DoS
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(87220); script_version("1.15"); script_cvs_date("Date: 2019/11/22"); script_cve_id("CVE-2015-3195", "CVE-2015-3196"); script_bugtraq_id(78622, 78626); script_name(english:"OpenSSL 1.0.0 < 1.0.0t Multiple DoS"); script_summary(english:"Performs a banner check."); script_set_attribute(attribute:"synopsis", value: "The remote host is affected by multiple denial of service vulnerabilities."); script_set_attribute(attribute:"description", value: "According to its banner, the remote host is running a version of OpenSSL 1.0.0 prior to 1.0.0t. It is, therefore, affected by the following vulnerabilities : - A flaw exists in the ASN1_TFLG_COMBINE implementation in file tasn_dec.c related to handling malformed X509_ATTRIBUTE structures. A remote attacker can exploit this to cause a memory leak by triggering a decoding failure in a PKCS#7 or CMS application, resulting in a denial of service. (CVE-2015-3195) - A race condition exists in s3_clnt.c that is triggered when PSK identity hints are incorrectly updated in the parent SSL_CTX structure when they are received by a multi-threaded client. A remote attacker can exploit this, via a crafted ServerKeyExchange message, to cause a double-free memory error, resulting in a denial of service. (CVE-2015-3196)"); script_set_attribute(attribute:"see_also", value:"https://www.openssl.org/news/secadv/20151203.txt"); script_set_attribute(attribute:"solution", value: "Upgrade to OpenSSL version 1.0.0t or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-3195"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2015/12/03"); script_set_attribute(attribute:"patch_publication_date", value:"2015/12/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/12/07"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:openssl:openssl"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Web Servers"); script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("openssl_version.nasl"); script_require_keys("openssl/port"); exit(0); } include("openssl_version.inc"); openssl_check_version(fixed:'1.0.0t', min:"1.0.0", severity:SECURITY_WARNING);

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2016-0678-1.NASL
description	OpenSSL was update to fix security issues and bugs : CVE-2016-0800 aka the
last seen	2020-06-01
modified	2020-06-02
plugin id	89731
published	2016-03-08
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/89731
title	SUSE SLES10 Security Update : OpenSSL (SUSE-SU-2016:0678-1) (DROWN)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2016:0678-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(89731); script_version("2.16"); script_cvs_date("Date: 2019/09/11 11:22:13"); script_cve_id("CVE-2015-0287", "CVE-2015-0293", "CVE-2015-3195", "CVE-2015-3197", "CVE-2016-0703", "CVE-2016-0704", "CVE-2016-0797", "CVE-2016-0799", "CVE-2016-0800"); script_bugtraq_id(73227, 73232); script_name(english:"SUSE SLES10 Security Update : OpenSSL (SUSE-SU-2016:0678-1) (DROWN)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "OpenSSL was update to fix security issues and bugs : CVE-2016-0800 aka the 'DROWN' attack (bsc#968046): OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA padding oracle. This update changes the OpenSSL library to : Disable SSLv2 protocol support by default. This can be overridden by setting the environment variable 'OPENSSL_ALLOW_SSL2' or by using SSL_CTX_clear_options using the SSL_OP_NO_SSLv2 flag. Note that various services and clients had already disabled SSL protocol 2 by default previously. Disable all weak EXPORT ciphers by default. These can be re-enabled if required by old legacy software using the environment variable 'OPENSSL_ALLOW_EXPORT'. CVE-2016-0797 (bsc#968048): The BN_hex2bn() and BN_dec2bn() functions had a bug that could result in an attempt to de-reference a NULL pointer leading to crashes. This could have security consequences if these functions were ever called by user applications with large untrusted hex/decimal data. Also, internal usage of these functions in OpenSSL uses data from config files or application command line arguments. If user developed applications generated config file data based on untrusted data, then this could have had security consequences as well. CVE-2016-0799 (bsc#968374): On many 64 bit systems, the internal fmtstr() and doapr_outch() functions could miscalculate the length of a string and attempt to access out-of-bounds memory locations. These problems could have enabled attacks where large amounts of untrusted data is passed to the BIO_*printf functions. If applications use these functions in this way then they could have been vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could have been vulnerable if the data is from untrusted sources. OpenSSL command line applications could also have been vulnerable when they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable. CVE-2015-3197 (bsc#963415): The SSLv2 protocol did not block disabled ciphers. CVE-2015-3195 (bsc#957812): An X509_ATTRIBUTE memory leak was fixed. Fixed a regression caused by the openssl-CVE-2015-0287.patch (bsc#937492) Note that the March 1st 2016 release also references following CVEs that were fixed by us with CVE-2015-0293 in 2015 : CVE-2016-0703 (bsc#968051): This issue only affected versions of OpenSSL prior to March 19th 2015 at which time the code was refactored to address vulnerability CVE-2015-0293. It would have made the above 'DROWN' attack much easier. CVE-2016-0704 (bsc#968053): 'Bleichenbacher oracle in SSLv2' This issue only affected versions of OpenSSL prior to March 19th 2015 at which time the code was refactored to address vulnerability CVE-2015-0293. It would have made the above 'DROWN' attack much easier. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=937492" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=957812" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=963415" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=968046" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=968048" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=968051" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=968053" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=968374" ); # https://download.suse.com/patch/finder/?keywords=5965d0982b34e01de9e5c15991f88378 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?f5289575" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-0287/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-3195/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-3197/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-0703/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-0704/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-0797/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-0799/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-0800/" ); # https://www.suse.com/support/update/announcement/2016/suse-su-20160678-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?7d95a1fd" ); script_set_attribute( attribute:"solution", value:"Update the affected OpenSSL packages" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:openssl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:openssl-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:openssl-doc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:10"); script_set_attribute(attribute:"vuln_publication_date", value:"2015/03/19"); script_set_attribute(attribute:"patch_publication_date", value:"2016/03/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/03/08"); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release !~ "^(SLED\|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S\|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLES10)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES10", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES10" && (! preg(pattern:"^(4)$", string:sp))) audit(AUDIT_OS_NOT, "SLES10 SP4", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"openssl-32bit-0.9.8a-18.94.2")) flag++; if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"openssl-devel-32bit-0.9.8a-18.94.2")) flag++; if (rpm_check(release:"SLES10", sp:"4", cpu:"s390x", reference:"openssl-32bit-0.9.8a-18.94.2")) flag++; if (rpm_check(release:"SLES10", sp:"4", cpu:"s390x", reference:"openssl-devel-32bit-0.9.8a-18.94.2")) flag++; if (rpm_check(release:"SLES10", sp:"4", reference:"openssl-0.9.8a-18.94.2")) flag++; if (rpm_check(release:"SLES10", sp:"4", reference:"openssl-devel-0.9.8a-18.94.2")) flag++; if (rpm_check(release:"SLES10", sp:"4", reference:"openssl-doc-0.9.8a-18.94.2")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "OpenSSL"); }

NASL family	OracleVM Local Security Checks
NASL id	ORACLEVM_OVMSA-2016-0001.NASL
description	The remote OracleVM system is missing necessary patches to address critical security updates : - fix CVE-2015-7575 - disallow use of MD5 in TLS1.2 - fix CVE-2015-3194 - certificate verify crash with missing PSS parameter - fix CVE-2015-3195 - X509_ATTRIBUTE memory leak - fix CVE-2015-3196 - race condition when handling PSK identity hint
last seen	2020-06-01
modified	2020-06-02
plugin id	87800
published	2016-01-08
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/87800
title	OracleVM 3.3 : openssl (OVMSA-2016-0001) (SLOTH)
code	# # (C) Tenable Network Security, Inc. # # The package checks in this plugin were extracted from OracleVM # Security Advisory OVMSA-2016-0001. # include("compat.inc"); if (description) { script_id(87800); script_version("2.16"); script_cvs_date("Date: 2019/09/27 13:00:34"); script_cve_id("CVE-2015-3194", "CVE-2015-3195", "CVE-2015-3196", "CVE-2015-7575"); script_name(english:"OracleVM 3.3 : openssl (OVMSA-2016-0001) (SLOTH)"); script_summary(english:"Checks the RPM output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote OracleVM host is missing a security update." ); script_set_attribute( attribute:"description", value: "The remote OracleVM system is missing necessary patches to address critical security updates : - fix CVE-2015-7575 - disallow use of MD5 in TLS1.2 - fix CVE-2015-3194 - certificate verify crash with missing PSS parameter - fix CVE-2015-3195 - X509_ATTRIBUTE memory leak - fix CVE-2015-3196 - race condition when handling PSK identity hint" ); # https://oss.oracle.com/pipermail/oraclevm-errata/2016-January/000407.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?90e4620d" ); script_set_attribute( attribute:"solution", value:"Update the affected openssl package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:openssl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:vm_server:3.3"); script_set_attribute(attribute:"vuln_publication_date", value:"2015/12/06"); script_set_attribute(attribute:"patch_publication_date", value:"2016/01/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/01/08"); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"OracleVM Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleVM/release", "Host/OracleVM/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/OracleVM/release"); if (isnull(release) \|\| "OVS" >!< release) audit(AUDIT_OS_NOT, "OracleVM"); if (! preg(pattern:"^OVS" + "3\.3" + "(\.[0-9]\|$)", string:release)) audit(AUDIT_OS_NOT, "OracleVM 3.3", "OracleVM " + release); if (!get_kb_item("Host/OracleVM/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "OracleVM", cpu); if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu); flag = 0; if (rpm_check(release:"OVS3.3", reference:"openssl-1.0.1e-42.el6_7.2")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openssl"); }

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2015-908.NASL
description	OpenSSL was updated to fix three security issues. The following vulnerabilities were fixed : - CVE-2015-3194: Certificate verify crash with missing PSS parameter (bsc#957815) - CVE-2015-3195: X509_ATTRIBUTE memory leak (bsc#957812) - CVE-2015-3196: Race condition handling PSK identify hint (bsc#957813)
last seen	2020-06-05
modified	2015-12-17
plugin id	87447
published	2015-12-17
reporter	This script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/87447
title	openSUSE Security Update : OpenSSL (openSUSE-2015-908)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2015-908. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(87447); script_version("2.10"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2015-3194", "CVE-2015-3195", "CVE-2015-3196"); script_name(english:"openSUSE Security Update : OpenSSL (openSUSE-2015-908)"); script_summary(english:"Check for the openSUSE-2015-908 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "OpenSSL was updated to fix three security issues. The following vulnerabilities were fixed : - CVE-2015-3194: Certificate verify crash with missing PSS parameter (bsc#957815) - CVE-2015-3195: X509_ATTRIBUTE memory leak (bsc#957812) - CVE-2015-3196: Race condition handling PSK identify hint (bsc#957813)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=957812" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=957813" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=957815" ); script_set_attribute( attribute:"solution", value:"Update the affected OpenSSL packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libopenssl-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libopenssl-devel-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libopenssl1_0_0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libopenssl1_0_0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libopenssl1_0_0-hmac"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libopenssl1_0_0-hmac-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openssl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openssl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openssl-debugsource"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.2"); script_set_attribute(attribute:"patch_publication_date", value:"2015/12/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/12/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release =~ "^(SLED\|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE13\.1\|SUSE13\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.1 / 13.2", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586\|i686\|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE13.1", reference:"libopenssl-devel-1.0.1k-11.75.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libopenssl1_0_0-1.0.1k-11.75.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libopenssl1_0_0-debuginfo-1.0.1k-11.75.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"openssl-1.0.1k-11.75.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"openssl-debuginfo-1.0.1k-11.75.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"openssl-debugsource-1.0.1k-11.75.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libopenssl-devel-32bit-1.0.1k-11.75.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libopenssl1_0_0-32bit-1.0.1k-11.75.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libopenssl1_0_0-debuginfo-32bit-1.0.1k-11.75.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"libopenssl-devel-1.0.1k-2.27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"libopenssl1_0_0-1.0.1k-2.27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"libopenssl1_0_0-debuginfo-1.0.1k-2.27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"libopenssl1_0_0-hmac-1.0.1k-2.27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"openssl-1.0.1k-2.27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"openssl-debuginfo-1.0.1k-2.27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"openssl-debugsource-1.0.1k-2.27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libopenssl-devel-32bit-1.0.1k-2.27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libopenssl1_0_0-32bit-1.0.1k-2.27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libopenssl1_0_0-debuginfo-32bit-1.0.1k-2.27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libopenssl1_0_0-hmac-32bit-1.0.1k-2.27.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libopenssl-devel / libopenssl-devel-32bit / libopenssl1_0_0 / etc"); }

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2015-2617.NASL
description	From Red Hat Security Advisory 2015:2617 : Updated openssl packages that fix three security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. A NULL pointer dereference flaw was found in the way OpenSSL verified signatures using the RSA PSS algorithm. A remote attacked could possibly use this flaw to crash a TLS/SSL client using OpenSSL, or a TLS/SSL server using OpenSSL if it enabled client authentication. (CVE-2015-3194) A memory leak vulnerability was found in the way OpenSSL parsed PKCS#7 and CMS data. A remote attacker could use this flaw to cause an application that parses PKCS#7 or CMS data from untrusted sources to use an excessive amount of memory and possibly crash. (CVE-2015-3195) A race condition flaw, leading to a double free, was found in the way OpenSSL handled pre-shared key (PSK) identify hints. A remote attacker could use this flaw to crash a multi-threaded SSL/TLS client using OpenSSL. (CVE-2015-3196) All openssl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
last seen	2020-06-01
modified	2020-06-02
plugin id	87364
published	2015-12-15
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/87364
title	Oracle Linux 6 / 7 : openssl (ELSA-2015-2617)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2015:2617 and # Oracle Linux Security Advisory ELSA-2015-2617 respectively. # include("compat.inc"); if (description) { script_id(87364); script_version("2.16"); script_cvs_date("Date: 2019/09/27 13:00:36"); script_cve_id("CVE-2015-3194", "CVE-2015-3195", "CVE-2015-3196"); script_xref(name:"RHSA", value:"2015:2617"); script_name(english:"Oracle Linux 6 / 7 : openssl (ELSA-2015-2617)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2015:2617 : Updated openssl packages that fix three security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. A NULL pointer dereference flaw was found in the way OpenSSL verified signatures using the RSA PSS algorithm. A remote attacked could possibly use this flaw to crash a TLS/SSL client using OpenSSL, or a TLS/SSL server using OpenSSL if it enabled client authentication. (CVE-2015-3194) A memory leak vulnerability was found in the way OpenSSL parsed PKCS#7 and CMS data. A remote attacker could use this flaw to cause an application that parses PKCS#7 or CMS data from untrusted sources to use an excessive amount of memory and possibly crash. (CVE-2015-3195) A race condition flaw, leading to a double free, was found in the way OpenSSL handled pre-shared key (PSK) identify hints. A remote attacker could use this flaw to crash a multi-threaded SSL/TLS client using OpenSSL. (CVE-2015-3196) All openssl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2015-December/005624.html" ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2015-December/005625.html" ); script_set_attribute( attribute:"solution", value:"Update the affected openssl packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:openssl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:openssl-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:openssl-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:openssl-perl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:openssl-static"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:7"); script_set_attribute(attribute:"vuln_publication_date", value:"2015/12/06"); script_set_attribute(attribute:"patch_publication_date", value:"2015/12/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/12/15"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| !pregmatch(pattern: "Oracle (?:Linux Server\|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server\|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^(6\|7)([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 6 / 7", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); flag = 0; if (rpm_check(release:"EL6", reference:"openssl-1.0.1e-42.el6_7.1")) flag++; if (rpm_check(release:"EL6", reference:"openssl-devel-1.0.1e-42.el6_7.1")) flag++; if (rpm_check(release:"EL6", reference:"openssl-perl-1.0.1e-42.el6_7.1")) flag++; if (rpm_check(release:"EL6", reference:"openssl-static-1.0.1e-42.el6_7.1")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"openssl-1.0.1e-51.el7_2.1")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"openssl-devel-1.0.1e-51.el7_2.1")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"openssl-libs-1.0.1e-51.el7_2.1")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"openssl-perl-1.0.1e-51.el7_2.1")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"openssl-static-1.0.1e-51.el7_2.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openssl / openssl-devel / openssl-libs / openssl-perl / etc"); }

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2015-D87D60B9A9.NASL
description	Moderate security issues fixed in this update. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-05
modified	2016-03-04
plugin id	89431
published	2016-03-04
reporter	This script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/89431
title	Fedora 22 : openssl-1.0.1k-13.fc22 (2015-d87d60b9a9)

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2015-2617.NASL
description	Updated openssl packages that fix three security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. A NULL pointer dereference flaw was found in the way OpenSSL verified signatures using the RSA PSS algorithm. A remote attacked could possibly use this flaw to crash a TLS/SSL client using OpenSSL, or a TLS/SSL server using OpenSSL if it enabled client authentication. (CVE-2015-3194) A memory leak vulnerability was found in the way OpenSSL parsed PKCS#7 and CMS data. A remote attacker could use this flaw to cause an application that parses PKCS#7 or CMS data from untrusted sources to use an excessive amount of memory and possibly crash. (CVE-2015-3195) A race condition flaw, leading to a double free, was found in the way OpenSSL handled pre-shared key (PSK) identify hints. A remote attacker could use this flaw to crash a multi-threaded SSL/TLS client using OpenSSL. (CVE-2015-3196) All openssl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
last seen	2020-06-01
modified	2020-06-02
plugin id	87357
published	2015-12-15
reporter	This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/87357
title	CentOS 6 / 7 : openssl (CESA-2015:2617)

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DLA-358.NASL
description	When presented with a malformed X509_ATTRIBUTE structure OpenSSL will leak memory. This structure is used by the PKCS#7 and CMS routines so any application which reads PKCS#7 or CMS data from untrusted sources is affected. SSL/TLS is not affected. Kurt NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-03-17
modified	2015-12-04
plugin id	87186
published	2015-12-04
reporter	This script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/87186
title	Debian DLA-358-1 : openssl security update

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2015-916.NASL
description	LibreSSL was updated to fix two security issues inherited from OpenSSL. The following vulnerabilities were fixed : - CVE-2015-3194: NULL pointer dereference in client side certificate validation - CVE-2015-3195: Memory leak in PKCS7 - not reachable from TLS/SSL
last seen	2020-06-05
modified	2015-12-21
plugin id	87518
published	2015-12-21
reporter	This script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/87518
title	openSUSE Security Update : libressl (openSUSE-2015-916)

NASL family	OracleVM Local Security Checks
NASL id	ORACLEVM_OVMSA-2015-0155.NASL
description	The remote OracleVM system is missing necessary patches to address critical security updates : - fix CVE-2015-3194 - certificate verify crash with missing PSS parameter - fix CVE-2015-3195 - X509_ATTRIBUTE memory leak - fix CVE-2015-3196 - race condition when handling PSK identity hint
last seen	2020-06-01
modified	2020-06-02
plugin id	87366
published	2015-12-15
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/87366
title	OracleVM 3.3 : openssl (OVMSA-2015-0155)

NASL family	FreeBSD Local Security Checks
NASL id	FREEBSD_PKG_4C8D1D729B3811E5AECED050996490D0.NASL
description	OpenSSL project reports : - BN_mod_exp may produce incorrect results on x86_64 (CVE-2015-3193) - Certificate verify crash with missing PSS parameter (CVE-2015-3194) - X509_ATTRIBUTE memory leak (CVE-2015-3195) - Race condition handling PSK identify hint (CVE-2015-3196) - Anon DH ServerKeyExchange with 0 p parameter (CVE-2015-1794)
last seen	2020-06-01
modified	2020-06-02
plugin id	87213
published	2015-12-07
reporter	This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/87213
title	FreeBSD : openssl -- multiple vulnerabilities (4c8d1d72-9b38-11e5-aece-d050996490d0)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2015-2230-1.NASL
description	This update for openssl fixes the following issues : Security fixes : - CVE-2015-3194: The signature verification routines will crash with a NULL pointer dereference if presented with an ASN.1 signature using the RSA PSS algorithm and absent mask generation function parameter. Since these routines are used to verify certificate signature algorithms this can be used to crash any certificate verification operation and exploited in a DoS attack. Any application which performs certificate verification is vulnerable including OpenSSL clients and servers which enable client authentication. (bsc#957815) - CVE-2015-3195: When presented with a malformed X509_ATTRIBUTE structure OpenSSL would leak memory. This structure is used by the PKCS#7 and CMS routines so any application which reads PKCS#7 or CMS data from untrusted sources is affected. SSL/TLS is not affected. (bsc#957812) - CVE-2015-3196: If PSK identity hints are received by a multi-threaded client then the values were wrongly updated in the parent SSL_CTX structure. This could result in a race condition potentially leading to a double free of the identify hint data. (bsc#957813) Non security bugs fixed : - Improve S/390 performance on IBM z196 and z13 (bsc#954256) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	87280
published	2015-12-09
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/87280
title	SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2015:2230-1)

NASL family	Slackware Local Security Checks
NASL id	SLACKWARE_SSA_2015-349-04.NASL
description	New openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	87378
published	2015-12-16
reporter	This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/87378
title	Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : openssl (SSA:2015-349-04)

NASL family	MacOS X Local Security Checks
NASL id	MACOSX_10_11_4.NASL
description	The remote host is running a version of Mac OS X that is 10.11.x prior to 10.11.4. It is, therefore, affected by multiple vulnerabilities in the following components : - apache_mod_php - AppleRAID - AppleUSBNetworking - Bluetooth - Carbon - dyld - FontParser - HTTPProtocol - Intel Graphics Driver - IOFireWireFamily - IOGraphics - IOHIDFamily - IOUSBFamily - Kernel - libxml2 - Messages - NVIDIA Graphics Drivers - OpenSSH - OpenSSL - Python - QuickTime - Reminders - Ruby - Security - Tcl - TrueTypeScaler - Wi-Fi Note that successful exploitation of the most serious issues can result in arbitrary code execution.
last seen	2020-06-01
modified	2020-06-02
plugin id	90096
published	2016-03-22
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/90096
title	Mac OS X 10.11.x < 10.11.4 Multiple Vulnerabilities

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-201601-05.NASL
description	The remote host is affected by the vulnerability described in GLSA-201601-05 (OpenSSL: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in OpenSSL. Please review the upstream advisory and CVE identifiers referenced below for details. Note that the list includes CVE identifiers for an older OpenSSL Security Advisory (3 Dec 2015) for which we have not issued a GLSA before. Impact : A remote attacker could disclose a server’s private DH exponent, or complete SSLv2 handshakes using ciphers that have been disabled on the server. Workaround : There is no known workaround at this time.
last seen	2020-06-01
modified	2020-06-02
plugin id	88586
published	2016-02-05
reporter	This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/88586
title	GLSA-201601-05 : OpenSSL: Multiple vulnerabilities

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2015-2251-1.NASL
description	This update for compat-openssl097g fixes the following issues : Security issue fixed : - CVE-2015-3195: When presented with a malformed X509_ATTRIBUTE structure OpenSSL would leak memory. This structure is used by the PKCS#7 and CMS routines so any application which reads PKCS#7 or CMS data from untrusted sources is affected. SSL/TLS is not affected. (bsc#957812) A non security issue fixed : - Prevent segfault in s_client with invalid options (bsc#952099) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	87338
published	2015-12-14
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/87338
title	SUSE SLED11 Security Update : compat-openssl097g (SUSE-SU-2015:2251-1)

NASL family	Databases
NASL id	MYSQL_5_7_11_RPM.NASL
description	The version of Oracle MySQL installed on the remote host is 5.7.x prior to 5.7.11. It is, therefore, affected by the following vulnerabilities : - A NULL pointer dereference flaw exists in the bundled version of OpenSSL in file rsa_ameth.c due to improper handling of ASN.1 signatures that are missing the PSS parameter. A remote attacker can exploit this to cause the signature verification routine to crash, resulting in a denial of service condition. (CVE-2015-3194) - A flaw exists in the ASN1_TFLG_COMBINE implementation in file tasn_dec.c related to handling malformed X509_ATTRIBUTE structures. A remote attacker can exploit this to cause a memory leak by triggering a decoding failure in a PKCS#7 or CMS application, resulting in a denial of service. (CVE-2015-3195) - An unspecified flaw exists in the DML subcomponent that allows a local attacker to impact integrity and availability. (CVE-2016-0640) - An unspecified flaw exists in the MyISAM subcomponent that allows a local attacker to disclose potentially sensitive information or cause a denial of service condition. (CVE-2016-0641) - An unspecified flaw exists in the DDL subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-0644) - Multiple unspecified flaws exist in the DML subcomponent that allow a local attacker to cause a denial of service condition. (CVE-2016-0646, CVE-2016-0652) - An unspecified flaw exists in the PS subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-0649) - An unspecified flaw exists in the Replication subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-0650) - An unspecified flaw exists in the FTS subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-0653) - Multiple unspecified flaws exist in the InnoDB subcomponent that allow a local attacker to cause a denial of service condition. (CVE-2016-0654, CVE-2016-0656, CVE-2016-0668) - An unspecified flaw exists in the Optimizer subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-0658) - An unspecified flaw exists in the Options subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-0661) - An unspecified flaw exists in the Performance Schema subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-0663) - An unspecified flaw exists in the Security: Encryption subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-0665) - An unspecified flaw exists in the Security: Encryption subcomponent that allows an unauthenticated, remote attacker to disclose potentially sensitive information. (CVE-2016-3452) - A denial of service vulnerability exists in the bundled OpenSSL library due to improper handling of variables declared as TEXT or BLOB. An authenticated, remote attacker can exploit this to corrupt data or cause a denial of service condition. - A denial of service vulnerability exists that is triggered when handling a
last seen	2020-06-04
modified	2016-05-02
plugin id	90833
published	2016-05-02
reporter	This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/90833
title	Oracle MySQL 5.7.x < 5.7.11 Multiple Vulnerabilities (April 2016 CPU) (July 2016 CPU)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2016-604.NASL
description	This libressl update to version 2.2.7 fixes the following issues : Security issues fixed : - Fix multiple vulnerabilities in libcrypto relating to ASN.1 and encoding. [boo#978492, boo#977584] - CVE-2015-3194: Certificate verify crash with missing PSS parameter (boo#957815) - CVE-2015-3195: X509_ATTRIBUTE memory leak (boo#957812) - CVE-2015-5333: Memory Leak (boo#950707) - CVE-2015-5334: Buffer Overflow (boo#950708)
last seen	2020-06-05
modified	2016-05-20
plugin id	91274
published	2016-05-20
reporter	This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/91274
title	openSUSE Security Update : libressl (openSUSE-2016-604)

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20151214_OPENSSL_ON_SL6_X.NASL
description	A NULL pointer derefernce flaw was found in the way OpenSSL verified signatures using the RSA PSS algorithm. A remote attacked could possibly use this flaw to crash a TLS/SSL client using OpenSSL, or a TLS/SSL server using OpenSSL if it enabled client authentication. (CVE-2015-3194) A memory leak vulnerability was found in the way OpenSSL parsed PKCS#7 and CMS data. A remote attacker could use this flaw to cause an application that parses PKCS#7 or CMS data from untrusted sources to use an excessive amount of memory and possibly crash. (CVE-2015-3195) A race condition flaw, leading to a double free, was found in the way OpenSSL handled pre-shared key (PSK) identify hints. A remote attacker could use this flaw to crash a multi-threaded SSL/TLS client using OpenSSL. (CVE-2015-3196) For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
last seen	2020-03-18
modified	2015-12-16
plugin id	87402
published	2015-12-16
reporter	This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/87402
title	Scientific Linux Security Update : openssl on SL6.x i386/x86_64 (20151214)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2015-911.NASL
description	This update for openssl fixes the following issues : Security fixes : - CVE-2015-3194: The signature verification routines will crash with a NULL pointer dereference if presented with an ASN.1 signature using the RSA PSS algorithm and absent mask generation function parameter. Since these routines are used to verify certificate signature algorithms this can be used to crash any certificate verification operation and exploited in a DoS attack. Any application which performs certificate verification is vulnerable including OpenSSL clients and servers which enable client authentication. (bsc#957815) - CVE-2015-3195: When presented with a malformed X509_ATTRIBUTE structure OpenSSL would leak memory. This structure is used by the PKCS#7 and CMS routines so any application which reads PKCS#7 or CMS data from untrusted sources is affected. SSL/TLS is not affected. (bsc#957812) - CVE-2015-3196: If PSK identity hints are received by a multi-threaded client then the values were wrongly updated in the parent SSL_CTX structure. This could result in a race condition potentially leading to a double free of the identify hint data. (bsc#957813) Non security bugs fixed : - Improve S/390 performance on IBM z196 and z13 (bsc#954256) This update was imported from the SUSE:SLE-12-SP1:Update update project.
last seen	2020-06-05
modified	2015-12-18
plugin id	87487
published	2015-12-18
reporter	This script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/87487
title	openSUSE Security Update : openssl (openSUSE-2015-911)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2015-2237-1.NASL
description	This update for openssl fixes the following issues : Security fixes : - CVE-2015-3194: The signature verification routines will crash with a NULL pointer dereference if presented with an ASN.1 signature using the RSA PSS algorithm and absent mask generation function parameter. Since these routines are used to verify certificate signature algorithms this can be used to crash any certificate verification operation and exploited in a DoS attack. Any application which performs certificate verification is vulnerable including OpenSSL clients and servers which enable client authentication. (bsc#957815) - CVE-2015-3195: When presented with a malformed X509_ATTRIBUTE structure OpenSSL would leak memory. This structure is used by the PKCS#7 and CMS routines so any application which reads PKCS#7 or CMS data from untrusted sources is affected. SSL/TLS is not affected. (bsc#957812) - CVE-2015-3196: If PSK identity hints are received by a multi-threaded client then the values were wrongly updated in the parent SSL_CTX structure. This could result in a race condition potentially leading to a double free of the identify hint data. (bsc#957813) Non security bugs fixed : - Clear the error after setting non-fips mode (bsc#947104) - Improve S/390 performance on IBM z196 and z13 (bsc#954256) - Add support for
last seen	2020-06-01
modified	2020-06-02
plugin id	87318
published	2015-12-11
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/87318
title	SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2015:2237-1)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2015-940.NASL
description	This update for compat-openssl098 fixes the following issues : Security issue fixed : - CVE-2015-3195: When presented with a malformed X509_ATTRIBUTE structure OpenSSL would leak memory. This structure is used by the PKCS#7 and CMS routines so any application which reads PKCS#7 or CMS data from untrusted sources is affected. SSL/TLS is not affected. (bsc#957812) Non security issue fixed : - Prevent segfault in s_client with invalid options (bsc#952099) This update was imported from the SUSE:SLE-12:Update update project.
last seen	2020-06-05
modified	2015-12-29
plugin id	87619
published	2015-12-29
reporter	This script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/87619
title	openSUSE Security Update : compat-openssl098 (openSUSE-2015-940)

NASL family	MacOS X Local Security Checks
NASL id	MACOSX_CISCO_ANYCONNECT_CSCUX41420.NASL
description	The Cisco AnyConnect Secure Mobility Client installed on the remote Mac OS X host is a version prior to 3.1.13015.0 or 4.2.x prior to 4.2.1035.0. It is, therefore, affected by multiple vulnerabilities in the bundled version of OpenSSL : - A carry propagating flaw exists in the x86_64 Montgomery squaring implementation that may cause the BN_mod_exp() function to produce incorrect results. An attacker can exploit this to obtain sensitive information regarding private keys. (CVE-2015-3193) - A NULL pointer dereference flaw exists in file rsa_ameth.c when handling ASN.1 signatures that use the RSA PSS algorithm but are missing a mask generation function parameter. A remote attacker can exploit this to cause the signature verification routine to crash, leading to a denial of service. (CVE-2015-3194) - A flaw exists in the ASN1_TFLG_COMBINE implementation in file tasn_dec.c related to handling malformed X509_ATTRIBUTE structures. A remote attacker can exploit this to cause a memory leak by triggering a decoding failure in a PKCS#7 or CMS application, resulting in a denial of service. (CVE-2015-3195) - A race condition exists in s3_clnt.c that is triggered when PSK identity hints are incorrectly updated in the parent SSL_CTX structure when they are received by a multi-threaded client. A remote attacker can exploit this, via a crafted ServerKeyExchange message, to cause a double-free memory error, resulting in a denial of service. (CVE-2015-3196) - A flaw exists in the ssl3_get_key_exchange() function in file s3_clnt.c when handling a ServerKeyExchange message for an anonymous DH ciphersuite with the value of
last seen	2020-06-01
modified	2020-06-02
plugin id	88101
published	2016-01-22
reporter	This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/88101
title	Mac OS X : Cisco AnyConnect Secure Mobility Client < 3.1.13015.0 / 4.2.x < 4.2.1035.0 Multiple OpenSSL Vulnerabilities

NASL family	Misc.
NASL id	ORACLE_E-BUSINESS_CPU_JAN_2016.NASL
description	The version of Oracle E-Business Suite installed on the remote host is missing the January 2016 Critical Patch Update. It is, therefore, affected by multiple unspecified vulnerabilities in multiple components and subcomponents, the most severe of which can allow an unauthenticated, remote attacker to affect both confidentiality and integrity.
last seen	2020-06-01
modified	2020-06-02
plugin id	88042
published	2016-01-21
reporter	This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/88042
title	Oracle E-Business Multiple Vulnerabilities (January 2016 CPU)

NASL family	Web Servers
NASL id	OPENSSL_1_0_1Q.NASL
description	According to its banner, the remote host is running a version of OpenSSL 1.0.1 prior to 1.0.1q. It is, therefore, affected by the following vulnerabilities : - A NULL pointer dereference flaw exists in file rsa_ameth.c when handling ASN.1 signatures that use the RSA PSS algorithm but are missing a mask generation function parameter. A remote attacker can exploit this to cause the signature verification routine to crash, leading to a denial of service. (CVE-2015-3194) - A flaw exists in the ASN1_TFLG_COMBINE implementation in file tasn_dec.c related to handling malformed X509_ATTRIBUTE structures. A remote attacker can exploit this to cause a memory leak by triggering a decoding failure in a PKCS#7 or CMS application, resulting in a denial of service. (CVE-2015-3195)
last seen	2020-06-01
modified	2020-06-02
plugin id	87221
published	2015-12-07
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/87221
title	OpenSSL 1.0.1 < 1.0.1q Multiple DoS

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20151214_OPENSSL_ON_SL5_X.NASL
description	A memory leak vulnerability was found in the way OpenSSL parsed PKCS#7 and CMS data. A remote attacker could use this flaw to cause an application that parses PKCS#7 or CMS data from untrusted sources to use an excessive amount of memory and possibly crash. (CVE-2015-3195) For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
last seen	2020-03-18
modified	2015-12-16
plugin id	87401
published	2015-12-16
reporter	This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/87401
title	Scientific Linux Security Update : openssl on SL5.x i386/x86_64 (20151214)

NASL family	Firewalls
NASL id	SCREENOS_JSA10733.NASL
description	The version of Juniper ScreenOS running on the remote host is 6.3.x prior to 6.3.0r22. It is, therefore, affected by multiple vulnerabilities in its bundled version of OpenSSL : - A denial of service vulnerability exists due to improper validation of the content and length of the ASN1_TIME string by the X509_cmp_time() function. A remote attacker can exploit this, via a malformed certificate and CRLs of various sizes, to cause a segmentation fault, resulting in a denial of service condition. TLS clients that verify CRLs are affected. TLS clients and servers with client authentication enabled may be affected if they use custom verification callbacks. (CVE-2015-1789) - A NULL pointer dereference flaw exists in the PKCS#7 parsing code due to incorrect handling of missing inner
last seen	2020-06-01
modified	2020-06-02
plugin id	93383
published	2016-09-08
reporter	This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/93383
title	Juniper ScreenOS 6.3.x < 6.3.0r22 Multiple Vulnerabilities in OpenSSL (JSA10733)

NASL family	Web Servers
NASL id	HPSMH_7_5_5.NASL
description	According to its banner, the version of HP System Management Homepage (SMH) hosted on the remote web server is affected by the following vulnerabilities : - A denial of service vulnerability exists in the Apache HTTP Server due to the lack of the mod_reqtimeout module. An unauthenticated, remote attacker can exploit this, via a saturation of partial HTTP requests, to cause a daemon outage. (CVE-2007-6750) - A cross-site scripting (XSS) vulnerability exists in jQuery when using location.hash to select elements. An unauthenticated, remote attacker can exploit this, via a specially crafted tag, to inject arbitrary script code or HTML into the user
last seen	2020-06-01
modified	2020-06-02
plugin id	91222
published	2016-05-18
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/91222
title	HP System Management Homepage Multiple Vulnerabilities (HPSBMU03593)

NASL family	Junos Local Security Checks
NASL id	JUNIPER_JSA10759.NASL
description	According to its self-reported version number, the remote Juniper Junos device is affected by the following vulnerabilities related to OpenSSL : - A flaw exists in the ssl3_get_key_exchange() function in file s3_clnt.c when handling a ServerKeyExchange message for an anonymous DH ciphersuite with the value of
last seen	2020-03-18
modified	2017-01-05
plugin id	96316
published	2017-01-05
reporter	This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/96316
title	Juniper Junos Multiple OpenSSL Vulnerabilities (JSA10759) (SWEET32)

NASL family	F5 Networks Local Security Checks
NASL id	F5_BIGIP_SOL12824341.NASL
description	The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application. (CVE-2015-3195)
last seen	2020-06-01
modified	2020-06-02
plugin id	91201
published	2016-05-18
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/91201
title	F5 Networks BIG-IP : OpenSSL vulnerability (K12824341)

NASL family	OracleVM Local Security Checks
NASL id	ORACLEVM_OVMSA-2016-0049.NASL
description	The remote OracleVM system is missing necessary patches to address critical security updates : - fix CVE-2016-2105 - possible overflow in base64 encoding - fix CVE-2016-2106 - possible overflow in EVP_EncryptUpdate - fix CVE-2016-2107 - padding oracle in stitched AES-NI CBC-MAC - fix CVE-2016-2108 - memory corruption in ASN.1 encoder - fix CVE-2016-2109 - possible DoS when reading ASN.1 data from BIO - fix CVE-2016-0799 - memory issues in BIO_printf - fix CVE-2016-0702 - side channel attack on modular exponentiation - fix CVE-2016-0705 - double-free in DSA private key parsing - fix CVE-2016-0797 - heap corruption in BN_hex2bn and BN_dec2bn - fix CVE-2015-3197 - SSLv2 ciphersuite enforcement - disable SSLv2 in the generic TLS method - fix 1-byte memory leak in pkcs12 parse (#1229871) - document some options of the speed command (#1197095) - fix high-precision timestamps in timestamping authority - fix CVE-2015-7575 - disallow use of MD5 in TLS1.2 - fix CVE-2015-3194 - certificate verify crash with missing PSS parameter - fix CVE-2015-3195 - X509_ATTRIBUTE memory leak - fix CVE-2015-3196 - race condition when handling PSK identity hint
last seen	2020-06-01
modified	2020-06-02
plugin id	91154
published	2016-05-16
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/91154
title	OracleVM 3.3 / 3.4 : openssl (OVMSA-2016-0049) (SLOTH)

NASL family	Databases
NASL id	MYSQL_ES_5_6_29.NASL
description	The version of MySQL Enterprise Server 5.6 installed on the remote host is 5.6.x prior to 5.6.29 or 5.7.x prior to 5.7.11. It is, therefore, affected by multiple vulnerabilities in the included OpenSSL library : - A NULL pointer dereference flaw exists in file rsa_ameth.c due to improper handling of ASN.1 signatures that are missing the PSS parameter. A remote attacker can exploit this to cause the signature verification routine to crash, resulting in a denial of service condition. (CVE-2015-3194) - A flaw exists in the ASN1_TFLG_COMBINE implementation in file tasn_dec.c related to handling malformed X509_ATTRIBUTE structures. A remote attacker can exploit this to cause a memory leak by triggering a decoding failure in a PKCS#7 or CMS application, resulting in a denial of service. (CVE-2015-3195)
last seen	2020-06-01
modified	2020-06-02
plugin id	88698
published	2016-02-11
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/88698
title	MySQL Enterprise Server 5.6.x < 5.6.29 / 5.7.x < 5.7.11 OpenSSL Multiple Vulnerabilities

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2019-1861.NASL
description	According to the versions of the openssl098e package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An integer underflow flaw, leading to a buffer overflow, was found in the way OpenSSL decoded malformed Base64-encoded inputs. An attacker able to make an application using OpenSSL decode a specially crafted Base64-encoded input (such as a PEM file) could use this flaw to cause the application to crash. Note: this flaw is not exploitable via the TLS/SSL protocol because the data being transferred is not Base64-encoded.(CVE-2015-0292) - An out-of-bounds read flaw was found in the X509_cmp_time() function of OpenSSL, which is used to test the expiry dates of SSL/TLS certificates. An attacker could possibly use a specially crafted SSL/TLS certificate or CRL (Certificate Revocation List), which when parsed by an application would cause that application to crash.(CVE-2015-1789) - A memory leak vulnerability was found in the way OpenSSL parsed PKCS#7 and CMS data. A remote attacker could use this flaw to cause an application that parses PKCS#7 or CMS data from untrusted sources to use an excessive amount of memory and possibly crash.(CVE-2015-3195) - OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DTLS message that is processed with a different read operation for the handshake header than for the handshake body, related to the dtls1_get_record function in d1_pkt.c and the ssl3_read_n function in s3_pkt.c.(CVE-2014-3571) - OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c.(CVE-2016-2177) - An integer overflow flaw, leading to a buffer overflow, was found in the way the EVP_EncodeUpdate() function of OpenSSL parsed very large amounts of input data. A remote attacker could use this flaw to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application.(CVE-2016-2105) - An integer overflow flaw, leading to a buffer overflow, was found in the way the EVP_EncryptUpdate() function of OpenSSL parsed very large amounts of input data. A remote attacker could use this flaw to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application.(CVE-2016-2106) - A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an application compiled against the OpenSSL library.(CVE-2016-2108) - A denial of service flaw was found in the way OpenSSL parsed certain ASN.1-encoded data from BIO (OpenSSL
last seen	2020-05-08
modified	2019-09-17
plugin id	128913
published	2019-09-17
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/128913
title	EulerOS 2.0 SP2 : openssl098e (EulerOS-SA-2019-1861)

NASL family	CGI abuses
NASL id	BLUECOAT_PROXY_AV_3_5_4_1.NASL
description	According to its self-reported version number, the Blue Coat ProxyAV firmware installed on the remote device is 3.5.x prior to 3.5.4.1. It is, therefore, affected by the following vulnerabilities in the bundled version of OpenSSL : - A NULL pointer dereference flaw exists in file rsa_ameth.c due to improper handling of ASN.1 signatures that are missing the PSS parameter. A remote attacker can exploit this to cause the signature verification routine to crash, resulting in a denial of service condition. (CVE-2015-3194) - A flaw exists in the ASN1_TFLG_COMBINE implementation in file tasn_dec.c related to handling malformed X509_ATTRIBUTE structures. A remote attacker can exploit this to cause a memory leak by triggering a decoding failure in a PKCS#7 or CMS application, resulting in a denial of service. (CVE-2015-3195) Note that Nessus has not tested for these issues but has instead relied only on the application
last seen	2020-06-01
modified	2020-06-02
plugin id	93410
published	2016-09-09
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/93410
title	Blue Coat ProxyAV 3.5.x < 3.5.4.1 Multiple DoS Vulnerabilities

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2015-2616.NASL
description	Updated openssl packages that fix one security issue are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. A memory leak vulnerability was found in the way OpenSSL parsed PKCS#7 and CMS data. A remote attacker could use this flaw to cause an application that parses PKCS#7 or CMS data from untrusted sources to use an excessive amount of memory and possibly crash. (CVE-2015-3195) All openssl users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
last seen	2020-06-01
modified	2020-06-02
plugin id	87356
published	2015-12-15
reporter	This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/87356
title	CentOS 5 : openssl (CESA-2015:2616)

NASL family	Firewalls
NASL id	PFSENSE_SA-15_11.NASL
description	According to its self-reported version number, the remote pfSense install is prior to 2.2.6. It is, therefore, affected by multiple vulnerabilities.
last seen	2020-06-01
modified	2020-06-02
plugin id	106498
published	2018-01-31
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/106498
title	pfSense < 2.2.6 Multiple Vulnerabilities (SA-15_09 / SA-15_10 / SA-15_11)

NASL family	Misc.
NASL id	VIRTUALBOX_5_0_18.NASL
description	The Oracle VM VirtualBox application installed on the remote host is a version prior to 4.3.36 or 5.0.18. It is, therefore, affected by an unspecified flaw in the Core subcomponent that allows a local attacker to gain elevated privileges. Additionally, multiple vulnerabilities exist in the bundled version of OpenSSL : - A flaw exists in the ssl3_get_key_exchange() function in file s3_clnt.c when handling a ServerKeyExchange message for an anonymous DH ciphersuite with the value of
last seen	2020-06-01
modified	2020-06-02
plugin id	90680
published	2016-04-22
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/90680
title	Oracle VM VirtualBox < 4.3.36 / 5.0.18 Multiple Vulnerabilities (April 2016 CPU)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2015-2616.NASL
description	Updated openssl packages that fix one security issue are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. A memory leak vulnerability was found in the way OpenSSL parsed PKCS#7 and CMS data. A remote attacker could use this flaw to cause an application that parses PKCS#7 or CMS data from untrusted sources to use an excessive amount of memory and possibly crash. (CVE-2015-3195) All openssl users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
last seen	2020-06-01
modified	2020-06-02
plugin id	87334
published	2015-12-14
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/87334
title	RHEL 5 : openssl (RHSA-2015:2616)

NASL family	AIX Local Security Checks
NASL id	AIX_OPENSSL_ADVISORY15.NASL
description	The version of OpenSSL installed on the remote AIX host is affected by multiple vulnerabilities : - A NULL pointer dereference flaw exists in file rsa_ameth.c when handling ASN.1 signatures that use the RSA PSS algorithm but are missing a mask generation function parameter. A remote attacker can exploit this to cause the signature verification routine to crash, leading to a denial of service. (CVE-2015-3194) - A flaw exists in the ASN1_TFLG_COMBINE implementation in file tasn_dec.c related to handling malformed X509_ATTRIBUTE structures. A remote attacker can exploit this to cause a memory leak by triggering a decoding failure in a PKCS#7 or CMS application, resulting in a denial of service. (CVE-2015-3195) - A race condition exists in s3_clnt.c that is triggered when PSK identity hints are incorrectly updated in the parent SSL_CTX structure when they are received by a multi-threaded client. A remote attacker can exploit this, via a crafted ServerKeyExchange message, to cause a double-free memory error, resulting in a denial of service. (CVE-2015-3196)
last seen	2020-06-01
modified	2020-06-02
plugin id	88085
published	2016-01-22
reporter	This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/88085
title	AIX OpenSSL Advisory : openssl_advisory15.asc

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2015-2342-1.NASL
description	This update for compat-openssl098 fixes the following issues : Security issue fixed:; - CVE-2015-3195: When presented with a malformed X509_ATTRIBUTE structure OpenSSL would leak memory. This structure is used by the PKCS#7 and CMS routines so any application which reads PKCS#7 or CMS data from untrusted sources is affected. SSL/TLS is not affected. (bsc#957812) Non security issue fixed : - Prevent segfault in s_client with invalid options (bsc#952099) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	87654
published	2015-12-29
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/87654
title	SUSE SLED12 / SLES12 Security Update : compat-openssl098 (SUSE-SU-2015:2342-1)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2015-2275-1.NASL
description	This update for openssl fixes the following issues : - CVE-2015-3195: When presented with a malformed X509_ATTRIBUTE structure OpenSSL would leak memory. This structure is used by the PKCS#7 and CMS routines so any application which reads PKCS#7 or CMS data from untrusted sources is affected. SSL/TLS is not affected. (bsc#957812) - Prevent segfault in s_client with invalid options (bsc#952099) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	87461
published	2015-12-17
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/87461
title	SUSE SLED11 / SLES11 Security Update : openssl (SUSE-SU-2015:2275-1)

NASL family	Databases
NASL id	MYSQL_5_6_29_RPM.NASL
description	The version of Oracle MySQL installed on the remote host is 5.6.x prior to 5.6.29. It is, therefore, affected by the following vulnerabilities : - A NULL pointer dereference flaw exists in the bundled version of OpenSSL in file rsa_ameth.c due to improper handling of ASN.1 signatures that are missing the PSS parameter. A remote attacker can exploit this to cause the signature verification routine to crash, resulting in a denial of service condition. (CVE-2015-3194) - An unspecified flaw exists in the DML subcomponent that allows an authenticated, remote attacker to impact integrity and availability. (CVE-2016-0640) - An unspecified flaw exists in the MyISAM subcomponent that allows an authenticated, remote attacker to disclose sensitive information or cause a denial of service condition. (CVE-2016-0641) - An unspecified flaw exists in the DDL subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0644) - An unspecified flaw exists in the DML subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0646) - An unspecified flaw exists in the PS subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0649) - An unspecified flaw exists in the Replication subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0650) - An unspecified flaw exists in the Options subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0661) - An unspecified flaw exists in the Security: Encryption subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0665) - An unspecified flaw exists in the InnoDB subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0668) - A denial of service vulnerability exists in the bundled OpenSSL library due to improper handling of variables declared as TEXT or BLOB. An authenticated, remote attacker can exploit this to corrupt data or cause a denial of service condition. - A denial of service vulnerability exists that is triggered when handling a
last seen	2020-06-04
modified	2016-05-02
plugin id	90831
published	2016-05-02
reporter	This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/90831
title	Oracle MySQL 5.6.x < 5.6.29 Multiple Vulnerabilities (April 2016 CPU)

NASL family	Windows
NASL id	CISCO_ANYCONNECT_CSCUX41420.NASL
description	The Cisco AnyConnect Secure Mobility Client installed on the remote host is a version prior to 3.1.13015.0 or 4.2.x prior to 4.2.1035.0. It is, therefore, affected by multiple vulnerabilities in the bundled version of OpenSSL : - A carry propagating flaw exists in the x86_64 Montgomery squaring implementation that may cause the BN_mod_exp() function to produce incorrect results. An attacker can exploit this to obtain sensitive information regarding private keys. (CVE-2015-3193) - A NULL pointer dereference flaw exists in file rsa_ameth.c when handling ASN.1 signatures that use the RSA PSS algorithm but are missing a mask generation function parameter. A remote attacker can exploit this to cause the signature verification routine to crash, leading to a denial of service. (CVE-2015-3194) - A flaw exists in the ASN1_TFLG_COMBINE implementation in file tasn_dec.c related to handling malformed X509_ATTRIBUTE structures. A remote attacker can exploit this to cause a memory leak by triggering a decoding failure in a PKCS#7 or CMS application, resulting in a denial of service. (CVE-2015-3195) - A race condition exists in s3_clnt.c that is triggered when PSK identity hints are incorrectly updated in the parent SSL_CTX structure when they are received by a multi-threaded client. A remote attacker can exploit this, via a crafted ServerKeyExchange message, to cause a double-free memory error, resulting in a denial of service. (CVE-2015-3196) - A flaw exists in the ssl3_get_key_exchange() function in file s3_clnt.c when handling a ServerKeyExchange message for an anonymous DH ciphersuite with the value of
last seen	2020-06-01
modified	2020-06-02
plugin id	88100
published	2016-01-22
reporter	This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/88100
title	Cisco AnyConnect Secure Mobility Client < 3.1.13015.0 / 4.2.x < 4.2.1035.0 Multiple OpenSSL Vulnerabilities

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-3413.NASL
description	Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues : - CVE-2015-3194 Loic Jonas Etienne of Qnective AG discovered that the signature verification routines will crash with a NULL pointer dereference if presented with an ASN.1 signature using the RSA PSS algorithm and absent mask generation function parameter. A remote attacker can exploit this flaw to crash any certificate verification operation and mount a denial of service attack. - CVE-2015-3195 Adam Langley of Google/BoringSSL discovered that OpenSSL will leak memory when presented with a malformed X509_ATTRIBUTE structure. - CVE-2015-3196 A race condition flaw in the handling of PSK identify hints was discovered, potentially leading to a double free of the identify hint data.
last seen	2020-06-01
modified	2020-06-02
plugin id	87212
published	2015-12-07
reporter	This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/87212
title	Debian DSA-3413-1 : openssl - security update

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2015-605DE37B7F.NASL
description	Moderate security issues fixed in this update. Faster handling of some common elliptic curves enabled on 64 bit architectures. Improved Makefile.certificate to not use serial number 0 by default. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-05
modified	2016-03-04
plugin id	89256
published	2016-03-04
reporter	This script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/89256
title	Fedora 23 : openssl-1.0.2e-1.fc23 (2015-605de37b7f)

NASL family	Amazon Linux Local Security Checks
NASL id	ALA_ALAS-2015-614.NASL
description	A NULL pointer derefernce flaw was found in the way OpenSSL verified signatures using the RSA PSS algorithm. A remote attacked could possibly use this flaw to crash a TLS/SSL client using OpenSSL, or a TLS/SSL server using OpenSSL if it enabled client authentication. (CVE-2015-3194) A memory leak vulnerability was found in the way OpenSSL parsed PKCS#7 and CMS data. A remote attacker could use this flaw to cause an application that parses PKCS#7 or CMS data from untrusted sources to use an excessive amount of memory and possibly crash. (CVE-2015-3195) A race condition flaw, leading to a double free, was found in the way OpenSSL handled pre-shared key (PSK) identify hints. A remote attacker could use this flaw to crash a multi-threaded SSL/TLS client using OpenSSL. (CVE-2015-3196)
last seen	2020-06-01
modified	2020-06-02
plugin id	87340
published	2015-12-15
reporter	This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/87340
title	Amazon Linux AMI : openssl (ALAS-2015-614)

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2015-2616.NASL
description	From Red Hat Security Advisory 2015:2616 : Updated openssl packages that fix one security issue are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. A memory leak vulnerability was found in the way OpenSSL parsed PKCS#7 and CMS data. A remote attacker could use this flaw to cause an application that parses PKCS#7 or CMS data from untrusted sources to use an excessive amount of memory and possibly crash. (CVE-2015-3195) All openssl users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
last seen	2020-06-01
modified	2020-06-02
plugin id	87363
published	2015-12-15
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/87363
title	Oracle Linux 5 : openssl (ELSA-2015-2616)

NASL family	OracleVM Local Security Checks
NASL id	ORACLEVM_OVMSA-2016-0071.NASL
description	The remote OracleVM system is missing necessary patches to address critical security updates : - To disable SSLv2 client connections create the file /etc/sysconfig/openssl-ssl-client-kill-sslv2 (John Haxby) [orabug 21673934] - Backport openssl 08-Jan-2015 security fixes (John Haxby) [orabug 20409893] - fix CVE-2014-3570 - Bignum squaring may produce incorrect results - fix CVE-2014-3571 - DTLS segmentation fault in dtls1_get_record - fix CVE-2014-3572 - ECDHE silently downgrades to ECDH [Client] - fix CVE-2016-0797 - heap corruption in BN_hex2bn and BN_dec2bn - fix CVE-2015-3197 - SSLv2 ciphersuite enforcement - disable SSLv2 in the generic TLS method (can be reenabled by setting environment variable OPENSSL_ENABLE_SSL2) - fix CVE-2015-3195 - X509_ATTRIBUTE memory leak
last seen	2020-06-01
modified	2020-06-02
plugin id	91751
published	2016-06-22
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/91751
title	OracleVM 3.2 : openssl (OVMSA-2016-0071)

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-2830-1.NASL
description	Guy Leaver discovered that OpenSSL incorrectly handled a ServerKeyExchange for an anonymous DH ciphersuite with the value of p set to 0. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only applied to Ubuntu 15.10. (CVE-2015-1794) Hanno Bock discovered that the OpenSSL Montgomery squaring procedure algorithm may produce incorrect results when being used on x86_64. A remote attacker could possibly use this issue to break encryption. This issue only applied to Ubuntu 15.10. (CVE-2015-3193) Loic Jonas Etienne discovered that OpenSSL incorrectly handled ASN.1 signatures with a missing PSS parameter. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2015-3194) Adam Langley discovered that OpenSSL incorrectly handled malformed X509_ATTRIBUTE structures. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, resulting in a denial of service. (CVE-2015-3195) It was discovered that OpenSSL incorrectly handled PSK identity hints. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-3196). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	87236
published	2015-12-08
reporter	Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/87236
title	Ubuntu 12.04 LTS / 14.04 LTS / 15.04 / 15.10 : openssl vulnerabilities (USN-2830-1)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2015-2617.NASL
description	Updated openssl packages that fix three security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. A NULL pointer dereference flaw was found in the way OpenSSL verified signatures using the RSA PSS algorithm. A remote attacked could possibly use this flaw to crash a TLS/SSL client using OpenSSL, or a TLS/SSL server using OpenSSL if it enabled client authentication. (CVE-2015-3194) A memory leak vulnerability was found in the way OpenSSL parsed PKCS#7 and CMS data. A remote attacker could use this flaw to cause an application that parses PKCS#7 or CMS data from untrusted sources to use an excessive amount of memory and possibly crash. (CVE-2015-3195) A race condition flaw, leading to a double free, was found in the way OpenSSL handled pre-shared key (PSK) identify hints. A remote attacker could use this flaw to crash a multi-threaded SSL/TLS client using OpenSSL. (CVE-2015-3196) All openssl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
last seen	2020-06-01
modified	2020-06-02
plugin id	87335
published	2015-12-14
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/87335
title	RHEL 6 / 7 : openssl (RHSA-2015:2617)

NASL family	Web Servers
NASL id	OPENSSL_1_0_2E.NASL
description	According to its banner, the remote host is running a version of OpenSSL 1.0.2 prior to 1.0.2e. It is, therefore, affected by the following vulnerabilities : - A flaw exists in the ssl3_get_key_exchange() function in file s3_clnt.c when handling a ServerKeyExchange message for an anonymous DH ciphersuite with the value of
last seen	2020-06-01
modified	2020-06-02
plugin id	87222
published	2015-12-07
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/87222
title	OpenSSL 1.0.2 < 1.0.2e Multiple Vulnerabilities

Packetstorm

data source	https://packetstormsecurity.com/files/download/143369/orionbrowser79-mitm.txt
id	PACKETSTORM:143369
last seen	2017-07-15
published	2017-07-14
reporter	MaXe
source	https://packetstormsecurity.com/files/143369/Orion-Elite-Hidden-IP-Browser-Pro-7.9-OpenSSL-Tor-Man-In-The-Middle.html
title	Orion Elite Hidden IP Browser Pro 7.9 OpenSSL / Tor / Man-In-The-Middle

Redhat

advisories

bugzilla

id	1288322
title	CVE-2015-3195 OpenSSL: X509_ATTRIBUTE memory leak

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 5 is installed
oval oval:com.redhat.rhba:tst:20070331005

AND
comment openssl is earlier than 0:0.9.8e-37.el5_11
oval oval:com.redhat.rhsa:tst:20152616001
comment openssl is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070964004
AND
comment openssl-devel is earlier than 0:0.9.8e-37.el5_11
oval oval:com.redhat.rhsa:tst:20152616003
comment openssl-devel is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070964002
AND
comment openssl-perl is earlier than 0:0.9.8e-37.el5_11
oval oval:com.redhat.rhsa:tst:20152616005
comment openssl-perl is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070964006

rhsa

id	RHSA-2015:2616
released	2015-12-14
severity	Moderate
title	RHSA-2015:2616: openssl security update (Moderate)

rhsa
id RHSA-2015:2617
rhsa
id RHSA-2016:2056
rhsa
id RHSA-2016:2957

rpms

openssl-0:0.9.8e-37.el5_11
openssl-debuginfo-0:0.9.8e-37.el5_11
openssl-devel-0:0.9.8e-37.el5_11
openssl-perl-0:0.9.8e-37.el5_11
openssl-0:1.0.1e-42.el6_7.1
openssl-1:1.0.1e-51.el7_2.1
openssl-debuginfo-0:1.0.1e-42.el6_7.1
openssl-debuginfo-1:1.0.1e-51.el7_2.1
openssl-devel-0:1.0.1e-42.el6_7.1
openssl-devel-1:1.0.1e-51.el7_2.1
openssl-libs-1:1.0.1e-51.el7_2.1
openssl-perl-0:1.0.1e-42.el6_7.1
openssl-perl-1:1.0.1e-51.el7_2.1
openssl-static-0:1.0.1e-42.el6_7.1
openssl-static-1:1.0.1e-51.el7_2.1

Summary