Vulnerabilities > CVE-2016-2108 - Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

critical

nessus

NVD

Published: 2016-05-05

Updated: 2023-11-07

Summary

The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the "negative zero" issue.

Vulnerable Configurations

Part	Description	Count
OS	Redhat Redhat Enterprise Linux HPC Node 6.0 Redhat Enterprise Linux HPC Node 7.0 Redhat Enterprise Linux Desktop 6.0 Redhat Enterprise Linux Desktop 7.0 Redhat Enterprise Linux Server 6.0 Redhat Enterprise Linux Server 7.0 Redhat Enterprise Linux Workstation 6.0 Redhat Enterprise Linux Workstation 7.0 Redhat Enterprise Linux Server AUS 7.2 Redhat Enterprise Linux Server EUS 7.2 Redhat Enterprise Linux HPC Node EUS 7.2	11
OS	Google Google Android 5.1.0 Google Android 4.2 Google Android 4.1 Google Android 6.0.1 Google Android 6.0 Google Android 4.0.2 Google Android 4.4.3 Google Android 4.0.4 Google Android 4.3 Google Android 4.0.1 Google Android 4.2.1 Google Android 5.0.1 Google Android 5.0 Google Android 4.0.3 Google Android 4.0 Google Android 4.4 Google Android 4.4.1 Google Android 4.2.2 Google Android 4.3.1 Google Android 4.4.2 Google Android 5.1 Google Android 4.1.2	22
Application	Openssl Openssl Openssl 1.0.2A Openssl Openssl 1.0.2B Openssl Openssl 1.0.2 Openssl Openssl - Openssl Openssl 0.9.1C Openssl Openssl 0.9.2B Openssl Openssl 0.9.3 Openssl Openssl 0.9.3A Openssl Openssl 0.9.4 Openssl Openssl 0.9.5 Openssl Openssl 0.9.5A Openssl Openssl 0.9.6 Openssl Openssl 0.9.6A Openssl Openssl 0.9.6B Openssl Openssl 0.9.6C Openssl Openssl 0.9.6D Openssl Openssl 0.9.6E Openssl Openssl 0.9.6F Openssl Openssl 0.9.6G Openssl Openssl 0.9.6H Openssl Openssl 0.9.6I Openssl Openssl 0.9.6J Openssl Openssl 0.9.6K Openssl Openssl 0.9.6L Openssl Openssl 0.9.6M Openssl Openssl 0.9.7 Openssl Openssl 0.9.7A Openssl Openssl 0.9.7B Openssl Openssl 0.9.7C Openssl Openssl 0.9.7D Openssl Openssl 0.9.7E Openssl Openssl 0.9.7F Openssl Openssl 0.9.7G Openssl Openssl 0.9.7H Openssl Openssl 0.9.7I Openssl Openssl 0.9.7J Openssl Openssl 0.9.7K Openssl Openssl 0.9.7L Openssl Openssl 0.9.7M Openssl Openssl 0.9.8 Openssl Openssl 0.9.8A Openssl Openssl 0.9.8B Openssl Openssl 0.9.8C Openssl Openssl 0.9.8C-1 Openssl Openssl 0.9.8D Openssl Openssl 0.9.8E Openssl Openssl 0.9.8F Openssl Openssl 0.9.8G Openssl Openssl 0.9.8G-9 Openssl Openssl 0.9.8H Openssl Openssl 0.9.8I Openssl Openssl 0.9.8J Openssl Openssl 0.9.8K Openssl Openssl 0.9.8L Openssl Openssl 0.9.8M Openssl Openssl 0.9.8N Openssl Openssl 0.9.8O Openssl Openssl 0.9.8P Openssl Openssl 0.9.8Q Openssl Openssl 0.9.8R Openssl Openssl 0.9.8S Openssl Openssl 0.9.8T Openssl Openssl 0.9.8U Openssl Openssl 0.9.8V Openssl Openssl 0.9.8W Openssl Openssl 0.9.8X Openssl Openssl 0.9.8Y Openssl Openssl 0.9.8Z Openssl Openssl 0.9.8Za Openssl Openssl 0.9.8Zb Openssl Openssl 0.9.8Zc Openssl Openssl 0.9.8Zd Openssl Openssl 0.9.8Ze Openssl Openssl 0.9.8Zf Openssl Openssl 0.9.8Zg Openssl Openssl 0.9.8Zh Openssl Openssl 1.0.0 Openssl Openssl 1.0.0A Openssl Openssl 1.0.0B Openssl Openssl 1.0.0C Openssl Openssl 1.0.0D Openssl Openssl 1.0.0E Openssl Openssl 1.0.0F Openssl Openssl 1.0.0G Openssl Openssl 1.0.0H Openssl Openssl 1.0.0I Openssl Openssl 1.0.0J Openssl Openssl 1.0.0K Openssl Openssl 1.0.0L Openssl Openssl 1.0.0M Openssl Openssl 1.0.0N Openssl Openssl 1.0.0O Openssl Openssl 1.0.0P Openssl Openssl 1.0.0Q Openssl Openssl 1.0.0R Openssl Openssl 1.0.0S Openssl Openssl 1.0.0T Openssl Openssl 1.0.1 Openssl Openssl 1.0.1A Openssl Openssl 1.0.1B Openssl Openssl 1.0.1C Openssl Openssl 1.0.1D Openssl Openssl 1.0.1E Openssl Openssl 1.0.1F Openssl Openssl 1.0.1G Openssl Openssl 1.0.1H Openssl Openssl 1.0.1I Openssl Openssl 1.0.1J Openssl Openssl 1.0.1K Openssl Openssl 1.0.1L Openssl Openssl 1.0.1M Openssl Openssl 1.0.1N	160

Common Weakness Enumeration (CWE)

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Common Attack Pattern Enumeration and Classification (CAPEC)

Buffer Overflow via Environment Variables
This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
Overflow Buffers
Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
Client-side Injection-induced Buffer Overflow
This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
Filter Failure through Buffer Overflow
In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
MIME Conversion
An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.

Nessus

NASL family	F5 Networks Local Security Checks
NASL id	F5_BIGIP_SOL75152412.NASL
description	The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the
last seen	2020-06-01
modified	2020-06-02
plugin id	93841
published	2016-10-04
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/93841
title	F5 Networks BIG-IP : OpenSSL vulnerability (K75152412)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from F5 Networks BIG-IP Solution K75152412. # # The text description of this plugin is (C) F5 Networks. # include("compat.inc"); if (description) { script_id(93841); script_version("2.12"); script_cvs_date("Date: 2019/01/04 10:03:40"); script_cve_id("CVE-2016-2108"); script_name(english:"F5 Networks BIG-IP : OpenSSL vulnerability (K75152412)"); script_summary(english:"Checks the BIG-IP version."); script_set_attribute( attribute:"synopsis", value:"The remote device is missing a vendor-supplied security patch." ); script_set_attribute( attribute:"description", value: "The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the 'negative zero' issue. (CVE-2016-2108)" ); script_set_attribute( attribute:"see_also", value:"https://support.f5.com/csp/article/K75152412" ); script_set_attribute( attribute:"solution", value: "Upgrade to one of the non-vulnerable versions listed in the F5 Solution K75152412." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_access_policy_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_advanced_firewall_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_acceleration_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_security_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_visibility_and_reporting"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_global_traffic_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_link_controller"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_local_traffic_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_policy_enforcement_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_wan_optimization_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_webaccelerator"); script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip"); script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip_protocol_security_manager"); script_set_attribute(attribute:"patch_publication_date", value:"2016/05/19"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/10/04"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"F5 Networks Local Security Checks"); script_dependencies("f5_bigip_detect.nbin"); script_require_keys("Host/local_checks_enabled", "Host/BIG-IP/hotfix", "Host/BIG-IP/modules", "Host/BIG-IP/version", "Settings/ParanoidReport"); exit(0); } include("f5_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); version = get_kb_item("Host/BIG-IP/version"); if ( ! version ) audit(AUDIT_OS_NOT, "F5 Networks BIG-IP"); if ( isnull(get_kb_item("Host/BIG-IP/hotfix")) ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/hotfix"); if ( ! get_kb_item("Host/BIG-IP/modules") ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/modules"); sol = "K75152412"; vmatrix = make_array(); if (report_paranoia < 2) audit(AUDIT_PARANOID); # AFM vmatrix["AFM"] = make_array(); vmatrix["AFM"]["affected" ] = make_list("12.0.0-12.1.1","11.4.0-11.6.1"); vmatrix["AFM"]["unaffected"] = make_list("13.0.0","12.1.2","11.6.1HF1","11.5.4HF3"); # AM vmatrix["AM"] = make_array(); vmatrix["AM"]["affected" ] = make_list("12.0.0-12.1.1","11.4.0-11.6.1"); vmatrix["AM"]["unaffected"] = make_list("13.0.0","12.1.2","11.6.1HF1","11.5.4HF3"); # APM vmatrix["APM"] = make_array(); vmatrix["APM"]["affected" ] = make_list("12.0.0-12.1.1","11.4.0-11.6.1","11.2.1","10.2.1-10.2.4","12.0.0-12.1.1","11.4.0-11.6.1","11.2.1","10.2.1-10.2.4"); vmatrix["APM"]["unaffected"] = make_list("13.0.0","12.1.2","11.6.1HF1","11.5.4HF3","13.0.0","12.1.2","11.6.1HF2"); # ASM vmatrix["ASM"] = make_array(); vmatrix["ASM"]["affected" ] = make_list("12.0.0-12.1.1","11.4.0-11.6.1","11.2.1","10.2.1-10.2.4"); vmatrix["ASM"]["unaffected"] = make_list("13.0.0","12.1.2","11.6.1HF1","11.5.4HF3"); # AVR vmatrix["AVR"] = make_array(); vmatrix["AVR"]["affected" ] = make_list("12.0.0-12.1.1","11.4.0-11.6.1","11.2.1"); vmatrix["AVR"]["unaffected"] = make_list("13.0.0","12.1.2","11.6.1HF1","11.5.4HF3"); # GTM vmatrix["GTM"] = make_array(); vmatrix["GTM"]["affected" ] = make_list("11.4.0-11.6.1","11.2.1","10.2.1-10.2.4"); vmatrix["GTM"]["unaffected"] = make_list("11.6.1HF1","11.5.4HF3"); # LC vmatrix["LC"] = make_array(); vmatrix["LC"]["affected" ] = make_list("12.0.0-12.1.1","11.4.0-11.6.1","11.2.1","10.2.1-10.2.4"); vmatrix["LC"]["unaffected"] = make_list("13.0.0","12.1.2","11.6.1HF1","11.5.4HF3"); # LTM vmatrix["LTM"] = make_array(); vmatrix["LTM"]["affected" ] = make_list("12.0.0-12.1.1","11.4.0-11.6.1","11.2.1","10.2.1-10.2.4"); vmatrix["LTM"]["unaffected"] = make_list("13.0.0","12.1.2","11.6.1HF1","11.5.4HF3"); # PEM vmatrix["PEM"] = make_array(); vmatrix["PEM"]["affected" ] = make_list("12.0.0-12.1.1","11.4.0-11.6.1"); vmatrix["PEM"]["unaffected"] = make_list("13.0.0","12.1.2","11.6.1HF1","11.5.4HF3"); if (bigip_is_affected(vmatrix:vmatrix, sol:sol)) { if (report_verbosity > 0) security_hole(port:0, extra:bigip_report_get()); else security_hole(0); exit(0); } else { tested = bigip_get_tested_modules(); audit_extra = "For BIG-IP module(s) " + tested + ","; if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version); else audit(AUDIT_HOST_NOT, "running any of the affected modules"); }

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2016-561.NASL
description	This update for openssl fixes the following issues : - CVE-2016-2108: Memory corruption in the ASN.1 encoder (boo#977617) - CVE-2016-2107: Padding oracle in AES-NI CBC MAC check (boo#977616) - CVE-2016-2105: EVP_EncodeUpdate overflow (boo#977614) - CVE-2016-2106: EVP_EncryptUpdate overflow (boo#977615) - CVE-2016-2109: ASN.1 BIO excessive memory allocation (boo#976942) - boo#976943: Buffer overrun in ASN1_parse - boo#977621: Preserve digests for SNI - boo#958501: Fix openssl enc -non-fips-allow option in FIPS mode
last seen	2020-06-05
modified	2016-05-06
plugin id	90933
published	2016-05-06
reporter	This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/90933
title	openSUSE Security Update : openssl (openSUSE-2016-561)

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2016-0996.NASL
description	From Red Hat Security Advisory 2016:0996 : An update for openssl is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es) : * A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an application compiled against the OpenSSL library. (CVE-2016-2108) * Two integer overflow flaws, leading to buffer overflows, were found in the way the EVP_EncodeUpdate() and EVP_EncryptUpdate() functions of OpenSSL parsed very large amounts of input data. A remote attacker could use these flaws to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application. (CVE-2016-2105, CVE-2016-2106) * It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when the connection used the AES CBC cipher suite and the server supported AES-NI. A remote attacker could possibly use this flaw to retrieve plain text from encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2016-2107) * Several flaws were found in the way BIO_printf functions were implemented in OpenSSL. Applications which passed large amounts of untrusted data through these functions could crash or potentially execute code with the permissions of the user running such an application. (CVE-2016-0799, CVE-2016-2842) A denial of service flaw was found in the way OpenSSL parsed certain ASN.1-encoded data from BIO (OpenSSL
last seen	2020-06-01
modified	2020-06-02
plugin id	91152
published	2016-05-16
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/91152
title	Oracle Linux 6 : openssl (ELSA-2016-0996)

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-3566.NASL
description	Several vulnerabilities were discovered in OpenSSL, a Secure Socket Layer toolkit. - CVE-2016-2105 Guido Vranken discovered that an overflow can occur in the function EVP_EncodeUpdate(), used for Base64 encoding, if an attacker can supply a large amount of data. This could lead to a heap corruption. - CVE-2016-2106 Guido Vranken discovered that an overflow can occur in the function EVP_EncryptUpdate() if an attacker can supply a large amount of data. This could lead to a heap corruption. - CVE-2016-2107 Juraj Somorovsky discovered a padding oracle in the AES CBC cipher implementation based on the AES-NI instruction set. This could allow an attacker to decrypt TLS traffic encrypted with one of the cipher suites based on AES CBC. - CVE-2016-2108 David Benjamin from Google discovered that two separate bugs in the ASN.1 encoder, related to handling of negative zero integer values and large universal tags, could lead to an out-of-bounds write. - CVE-2016-2109 Brian Carpenter discovered that when ASN.1 data is read from a BIO using functions such as d2i_CMS_bio(), a short invalid encoding can cause allocation of large amounts of memory potentially consuming excessive resources or exhausting memory. Additional information about these issues can be found in the OpenSSL security advisory at https://www.openssl.org/news/secadv/20160503.txt
last seen	2020-06-01
modified	2020-06-02
plugin id	90896
published	2016-05-05
reporter	This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/90896
title	Debian DSA-3566-1 : openssl - security update

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2016-1137.NASL
description	From Red Hat Security Advisory 2016:1137 : An update for openssl is now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es) : * A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an application compiled against the OpenSSL library. (CVE-2016-2108) Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Huzaifa Sidhpurwala (Red Hat), Hanno Bock, and David Benjamin (Google) as the original reporters.
last seen	2020-06-01
modified	2020-06-02
plugin id	91414
published	2016-06-01
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/91414
title	Oracle Linux 5 : openssl (ELSA-2016-1137)

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2016-0722.NASL
description	An update for openssl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es) : * A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an application compiled against the OpenSSL library. (CVE-2016-2108) * Two integer overflow flaws, leading to buffer overflows, were found in the way the EVP_EncodeUpdate() and EVP_EncryptUpdate() functions of OpenSSL parsed very large amounts of input data. A remote attacker could use these flaws to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application. (CVE-2016-2105, CVE-2016-2106) * It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when the connection used the AES CBC cipher suite and the server supported AES-NI. A remote attacker could possibly use this flaw to retrieve plain text from encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2016-2107) * Several flaws were found in the way BIO_printf functions were implemented in OpenSSL. Applications which passed large amounts of untrusted data through these functions could crash or potentially execute code with the permissions of the user running such an application. (CVE-2016-0799, CVE-2016-2842) A denial of service flaw was found in the way OpenSSL parsed certain ASN.1-encoded data from BIO (OpenSSL
last seen	2020-06-01
modified	2020-06-02
plugin id	91017
published	2016-05-11
reporter	This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/91017
title	CentOS 7 : openssl (CESA-2016:0722)

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2016-0722.NASL
description	From Red Hat Security Advisory 2016:0722 : An update for openssl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es) : * A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an application compiled against the OpenSSL library. (CVE-2016-2108) * Two integer overflow flaws, leading to buffer overflows, were found in the way the EVP_EncodeUpdate() and EVP_EncryptUpdate() functions of OpenSSL parsed very large amounts of input data. A remote attacker could use these flaws to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application. (CVE-2016-2105, CVE-2016-2106) * It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when the connection used the AES CBC cipher suite and the server supported AES-NI. A remote attacker could possibly use this flaw to retrieve plain text from encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2016-2107) * Several flaws were found in the way BIO_printf functions were implemented in OpenSSL. Applications which passed large amounts of untrusted data through these functions could crash or potentially execute code with the permissions of the user running such an application. (CVE-2016-0799, CVE-2016-2842) A denial of service flaw was found in the way OpenSSL parsed certain ASN.1-encoded data from BIO (OpenSSL
last seen	2020-06-01
modified	2020-06-02
plugin id	91029
published	2016-05-11
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/91029
title	Oracle Linux 7 : openssl (ELSA-2016-0722)

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2016-0996.NASL
description	An update for openssl is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es) : * A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an application compiled against the OpenSSL library. (CVE-2016-2108) * Two integer overflow flaws, leading to buffer overflows, were found in the way the EVP_EncodeUpdate() and EVP_EncryptUpdate() functions of OpenSSL parsed very large amounts of input data. A remote attacker could use these flaws to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application. (CVE-2016-2105, CVE-2016-2106) * It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when the connection used the AES CBC cipher suite and the server supported AES-NI. A remote attacker could possibly use this flaw to retrieve plain text from encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2016-2107) * Several flaws were found in the way BIO_printf functions were implemented in OpenSSL. Applications which passed large amounts of untrusted data through these functions could crash or potentially execute code with the permissions of the user running such an application. (CVE-2016-0799, CVE-2016-2842) A denial of service flaw was found in the way OpenSSL parsed certain ASN.1-encoded data from BIO (OpenSSL
last seen	2020-06-01
modified	2020-06-02
plugin id	91171
published	2016-05-17
reporter	This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/91171
title	CentOS 6 : openssl (CESA-2016:0996)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2016-1228-1.NASL
description	This update for openssl fixes the following issues : - CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617) - CVE-2016-2107: Padding oracle in AES-NI CBC MAC check (bsc#977616) - CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614) - CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615) - CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942) - bsc#976943: Buffer overrun in ASN1_parse - bsc#977621: Preserve negotiated digests for SNI (bsc#977621) - bsc#958501: Fix openssl enc -non-fips-allow option in FIPS mode (bsc#958501) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	90913
published	2016-05-05
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/90913
title	SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2016:1228-1)

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2016-1137.NASL
description	An update for openssl is now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es) : * A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an application compiled against the OpenSSL library. (CVE-2016-2108) Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Huzaifa Sidhpurwala (Red Hat), Hanno Bock, and David Benjamin (Google) as the original reporters.
last seen	2020-06-01
modified	2020-06-02
plugin id	91390
published	2016-06-01
reporter	This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/91390
title	CentOS 5 : openssl (CESA-2016:1137)

NASL family	Firewalls
NASL id	SCREENOS_JSA10759.NASL
description	The version of Juniper ScreenOS running on the remote host is 6.3.x prior to 6.3.0r23. It is, therefore, affected by multiple vulnerabilities in its bundled version of OpenSSL : - A flaw exists in the SSLv2 implementation, specifically in the get_client_master_key() function within file s2_srvr.c, due to accepting a nonzero CLIENT-MASTER-KEY CLEAR-KEY-LENGTH value for an arbitrary cipher. A man-in-the-middle attacker can exploit this to determine the MASTER-KEY value and decrypt TLS ciphertext by leveraging a Bleichenbacher RSA padding oracle. (CVE-2016-0703) - A flaw exists in the SSLv2 oracle protection mechanism, specifically in the get_client_master_key() function within file s2_srvr.c, due to incorrectly overwriting MASTER-KEY bytes during use of export cipher suites. A remote attackers can exploit this to more easily decrypt TLS ciphertext by leveraging a Bleichenbacher RSA padding oracle. (CVE-2016-0704) - A NULL pointer dereference flaw exists in the BN_hex2bn() and BN_dec2bn() functions. A remote attacker can exploit this to trigger a heap corruption, resulting in the execution of arbitrary code. (CVE-2016-0797) - A flaw exists that allows a cross-protocol Bleichenbacher padding oracle attack known as DROWN (Decrypting RSA with Obsolete and Weakened eNcryption). This vulnerability exists due to a flaw in the Secure Sockets Layer Version 2 (SSLv2) implementation, and it allows captured TLS traffic to be decrypted. A man-in-the-middle attacker can exploit this to decrypt the TSL connection by utilizing previously captured traffic and weak cryptography along with a series of specially crafted connections to an SSLv2 server that uses the same private key. (CVE-2016-0800) - A heap buffer overflow condition exists in the EVP_EncodeUpdate() function within file crypto/evp/encode.c that is triggered when handling a large amount of input data. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2016-2105) - A heap buffer overflow condition exists in the EVP_EncryptUpdate() function within file crypto/evp/evp_enc.c that is triggered when handling a large amount of input data after a previous call occurs to the same function with a partial block. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2016-2106) - A remote code execution vulnerability exists in the ASN.1 encoder due to an underflow condition that occurs when attempting to encode the value zero represented as a negative integer. An unauthenticated, remote attacker can exploit this to corrupt memory, resulting in the execution of arbitrary code. (CVE-2016-2108) Note that Nessus has not tested for these issues but has instead relied only on the application
last seen	2020-06-01
modified	2020-06-02
plugin id	94679
published	2016-11-10
reporter	This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/94679
title	Juniper ScreenOS 6.3.x < 6.3.0r23 Multiple Vulnerabilities in OpenSSL (JSA10759) (DROWN)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2017-0461-1.NASL
description	This update for openssl fixes the following issues contained in the OpenSSL Security Advisory [26 Jan 2017] (bsc#1021641) Security issues fixed : - CVE-2016-7056: A local ECSDA P-256 timing attack that might have allowed key recovery was fixed (bsc#1019334) - CVE-2016-8610: A remote denial of service in SSL alert handling was fixed (bsc#1005878) - CVE-2016-2108: Added a missing commit for CVE-2016-2108, fixing the negative zero handling in the ASN.1 decoder (bsc#1004499) - CVE-2017-3731: Truncated packet could crash via OOB read (bsc#1022085, CVE-2017-3731) - Degrade the 3DES cipher to MEDIUM in SSLv2 (bsc#1001912) Bugs fixed : - fix crash in openssl speed (bsc#1000677) - fix ca-bundle path (bsc#1022271) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	97188
published	2017-02-15
reporter	This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/97188
title	SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2017:0461-1)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2016-1360-1.NASL
description	This update for OpenSSL fixes the following security issues : CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614) CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615) CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617) CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942) CVE-2016-0702: Side channel attack on modular exponentiation
last seen	2020-06-01
modified	2020-06-02
plugin id	91282
published	2016-05-20
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/91282
title	SUSE SLES10 Security Update : openssl (SUSE-SU-2016:1360-1)

NASL family	Firewalls
NASL id	BLUECOAT_PROXY_SG_6_5_9_8.NASL
description	The self-reported SGOS version installed on the remote Blue Coat ProxySG device is 6.5.x prior to 6.5.9.8 or 6.6.x prior to 6.6.4.1. It is, therefore, affected by multiple vulnerabilities in its bundled version of OpenSSL : - Multiple flaws exist in the aesni_cbc_hmac_sha1_cipher() function in file crypto/evp/e_aes_cbc_hmac_sha1.c and the aesni_cbc_hmac_sha256_cipher() function in file crypto/evp/e_aes_cbc_hmac_sha256.c that are triggered when the connection uses an AES-CBC cipher and AES-NI is supported by the server. A man-in-the-middle attacker can exploit these to conduct a padding oracle attack, resulting in the ability to decrypt the network traffic. Note that this issue does not affect the SG300 and SG600 hardware platforms. (CVE-2016-2107) - A remote code execution vulnerability exists in the ASN.1 encoder due to an underflow condition that occurs when attempting to encode the value zero represented as a negative integer. An unauthenticated, remote attacker can exploit this to corrupt memory, resulting in the execution of arbitrary code. (CVE-2016-2108) - Multiple unspecified flaws exist in the d2i BIO functions when reading ASN.1 data from a BIO due to invalid encoding causing a large allocation of memory. An unauthenticated, remote attacker can exploit these to cause a denial of service condition through resource exhaustion. Note that this issue only affects management connections. (CVE-2016-2109)
last seen	2020-06-01
modified	2020-06-02
plugin id	93381
published	2016-09-08
reporter	This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/93381
title	Blue Coat ProxySG 6.5.x < 6.5.9.8 / 6.6.x < 6.6.4.1 Multiple OpenSSL Vulnerabilities

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2017-0605-1.NASL
description	This update for compat-openssl098 fixes the following issues contained in the OpenSSL Security Advisory [26 Jan 2017] (bsc#1021641) Security issues fixed : - CVE-2016-7056: A local ECSDA P-256 timing attack that might have allowed key recovery was fixed (bsc#1019334) - CVE-2016-8610: A remote denial of service in SSL alert handling was fixed (bsc#1005878) - degrade 3DES to MEDIUM in SSL2 (bsc#1001912) - CVE-2016-2108: Added a missing commit for CVE-2016-2108, fixing the negative zero handling in the ASN.1 decoder (bsc#1004499) Bugs fixed : - fix crash in openssl speed (bsc#1000677) - don
last seen	2020-06-01
modified	2020-06-02
plugin id	97550
published	2017-03-06
reporter	This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/97550
title	SUSE SLED12 / SLES12 Security Update : compat-openssl098 (SUSE-SU-2017:0605-1)

NASL family	Misc.
NASL id	ARISTA_EOS_SA0020.NASL
description	The version of Arista Networks EOS running on the remote device is affected by a remote code execution vulnerability in the ASN.1 encoder due to an underflow condition that occurs when attempting to encode the value zero represented as a negative integer. An unauthenticated, remote attacker can exploit this to corrupt memory, resulting in the execution of arbitrary code.
last seen	2020-03-17
modified	2018-02-28
plugin id	107062
published	2018-02-28
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/107062
title	Arista Networks EOS ASN.1 Encoder RCE (SA0020)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2016-05C567DF1A.NASL
description	Security fix for CVE-2016-2108, CVE-2016-2107, CVE-2016-2105, CVE-2016-2106 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-05
modified	2016-05-05
plugin id	90898
published	2016-05-05
reporter	This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/90898
title	Fedora 23 : openssl-1.0.2h-1.fc23 (2016-05c567df1a)

NASL family	CISCO
NASL id	CISCO_TELEPRESENCE_VCS_MULTIPLE_880.NASL
description	According to its self-reported version, the Cisco TelePresence Video Communication Server (VCS) / Expressway running on the remote host is 8.x prior to 8.8. It is, therefore, affected by multiple vulnerabilities : - A security feature bypass vulnerability exists, known as Bar Mitzvah, due to improper combination of state data with key data by the RC4 cipher algorithm during the initialization phase. A man-in-the-middle attacker can exploit this, via a brute-force attack using LSB values, to decrypt the traffic. (CVE-2015-2808) - A flaw exists in the web framework of TelePresence Video Communication Server (VCS) Expressway due to missing authorization checks on certain administrative pages. An authenticated, remote attacker can exploit this to bypass read-only restrictions and install Tandberg Linux Packages (TLPs) without proper authorization. (CVE-2015-6413) - A flaw exists in certificate management and validation for the Mobile and Remote Access (MRA) component due to improper input validation of a trusted certificate. An unauthenticated, remote attacker can exploit this, using a trusted certificate, to bypass authentication and gain access to internal HTTP system resources. (CVE-2016-1444) - A heap buffer overflow condition exists in the EVP_EncodeUpdate() function within file crypto/evp/encode.c that is triggered when handling a large amount of input data. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2016-2105) - A heap buffer overflow condition exists in the EVP_EncryptUpdate() function within file crypto/evp/evp_enc.c that is triggered when handling a large amount of input data after a previous call occurs to the same function with a partial block. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2016-2106) - Multiple flaws exist in the aesni_cbc_hmac_sha1_cipher() function in file crypto/evp/e_aes_cbc_hmac_sha1.c and the aesni_cbc_hmac_sha256_cipher() function in file crypto/evp/e_aes_cbc_hmac_sha256.c that are triggered when the connection uses an AES-CBC cipher and AES-NI is supported by the server. A man-in-the-middle attacker can exploit these to conduct a padding oracle attack, resulting in the ability to decrypt the network traffic. (CVE-2016-2107) - A remote code execution vulnerability exists in the ASN.1 encoder due to an underflow condition that occurs when attempting to encode the value zero represented as a negative integer. An unauthenticated, remote attacker can exploit this to corrupt memory, resulting in the execution of arbitrary code. (CVE-2016-2108) - Multiple unspecified flaws exist in the d2i BIO functions when reading ASN.1 data from a BIO due to invalid encoding causing a large allocation of memory. An unauthenticated, remote attacker can exploit these to cause a denial of service condition through resource exhaustion. (CVE-2016-2109) - An out-of-bounds read error exists in the X509_NAME_oneline() function within file crypto/x509/x509_obj.c when handling very long ASN.1 strings. An unauthenticated, remote attacker can exploit this to disclose the contents of stack memory. (CVE-2016-2176) - An information disclosure vulnerability exists in the file system permissions due to certain files having overly permissive permissions. An unauthenticated, local attacker can exploit this to disclose sensitive information. (Cisco bug ID CSCuw55636) Note that Cisco bug ID CSCuw55636 and CVE-2015-6413 only affect versions 8.6.x prior to 8.8.
last seen	2020-06-01
modified	2020-06-02
plugin id	92045
published	2016-07-14
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/92045
title	Cisco TelePresence VCS / Expressway 8.x < 8.8 Multiple Vulnerabilities (Bar Mitzvah)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2016-563.NASL
description	This update for libopenssl0_9_8 fixes the following issues : - CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614) - CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615) - CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617) - CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942) - CVE-2016-0702: Side channel attack on modular exponentiation
last seen	2020-06-05
modified	2016-05-12
plugin id	91068
published	2016-05-12
reporter	This script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/91068
title	openSUSE Security Update : libopenssl0_9_8 (openSUSE-2016-563) (DROWN)

NASL family	OracleVM Local Security Checks
NASL id	ORACLEVM_OVMSA-2016-0135.NASL
description	The remote OracleVM system is missing necessary patches to address critical security updates : - fix CVE-2016-2177 - possible integer overflow - fix CVE-2016-2178 - non-constant time DSA operations - fix CVE-2016-2179 - further DoS issues in DTLS - fix CVE-2016-2180 - OOB read in TS_OBJ_print_bio - fix CVE-2016-2181 - DTLS1 replay protection and unprocessed records issue - fix CVE-2016-2182 - possible buffer overflow in BN_bn2dec - fix CVE-2016-6302 - insufficient TLS session ticket HMAC length check - fix CVE-2016-6304 - unbound memory growth with OCSP status request - fix CVE-2016-6306 - certificate message OOB reads - mitigate CVE-2016-2183 - degrade all 64bit block ciphers and RC4 to 112 bit effective strength - replace expired testing certificates - fix CVE-2016-2105 - possible overflow in base64 encoding - fix CVE-2016-2106 - possible overflow in EVP_EncryptUpdate - fix CVE-2016-2107 - padding oracle in stitched AES-NI CBC-MAC - fix CVE-2016-2108 - memory corruption in ASN.1 encoder - fix CVE-2016-2109 - possible DoS when reading ASN.1 data from BIO - fix CVE-2016-0799 - memory issues in BIO_printf
last seen	2020-06-01
modified	2020-06-02
plugin id	93761
published	2016-09-28
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/93761
title	OracleVM 3.3 / 3.4 : openssl (OVMSA-2016-0135)

NASL family	Web Servers
NASL id	OPENSSL_1_0_2C.NASL
description	According to its banner, the remote host is running a version of OpenSSL 1.0.2 prior to 1.0.2c. It is, therefore, affected by a remote code execution vulnerability in the ASN.1 encoder due to an underflow condition that occurs when attempting to encode the value zero represented as a negative integer. An unauthenticated, remote attacker can exploit this to corrupt memory, resulting in the execution of arbitrary code.
last seen	2020-06-01
modified	2020-06-02
plugin id	90889
published	2016-05-04
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/90889
title	OpenSSL 1.0.2 < 1.0.2c ASN.1 Encoder Negative Zero Value Handling RCE

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2016-562.NASL
description	This update for openssl fixes the following issues : - CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614) - CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615) - CVE-2016-2107: Padding oracle in AES-NI CBC MAC check (bsc#977616) - CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617) - CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942) - bsc#976943: Buffer overrun in ASN1_parse
last seen	2020-06-05
modified	2016-05-12
plugin id	91067
published	2016-05-12
reporter	This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/91067
title	openSUSE Security Update : openssl (openSUSE-2016-562)

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-2959-1.NASL
description	Huzaifa Sidhpurwala, Hanno Bock, and David Benjamin discovered that OpenSSL incorrectly handled memory when decoding ASN.1 structures. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-2108) Juraj Somorovsky discovered that OpenSSL incorrectly performed padding when the connection uses the AES CBC cipher and the server supports AES-NI. A remote attacker could possibly use this issue to perform a padding oracle attack and decrypt traffic. (CVE-2016-2107) Guido Vranken discovered that OpenSSL incorrectly handled large amounts of input data to the EVP_EncodeUpdate() function. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-2105) Guido Vranken discovered that OpenSSL incorrectly handled large amounts of input data to the EVP_EncryptUpdate() function. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-2106) Brian Carpenter discovered that OpenSSL incorrectly handled memory when ASN.1 data is read from a BIO. A remote attacker could possibly use this issue to cause memory consumption, resulting in a denial of service. (CVE-2016-2109) As a security improvement, this update also modifies OpenSSL behaviour to reject DH key sizes below 1024 bits, preventing a possible downgrade attack. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	90887
published	2016-05-04
reporter	Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/90887
title	Ubuntu 12.04 LTS / 14.04 LTS / 15.10 / 16.04 LTS : openssl vulnerabilities (USN-2959-1)

NASL family	Misc.
NASL id	LCE_4_8_1.NASL
description	The version of Tenable Log Correlation Engine (LCE) installed on the remote host is prior to 4.8.1. It is, therefore, affected by the following vulnerabilities : - Multiple cross-site scripting (XSS) vulnerabilities exist in the Handlebars library in the lib/handlebars/utils.js script due to a failure to properly escape input passed as unquoted attributes to templates. An unauthenticated, remote attacker can exploit these vulnerabilities, via a specially crafted request, to execute arbitrary script code in a user
last seen	2020-06-01
modified	2020-06-02
plugin id	97893
published	2017-03-22
reporter	This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/97893
title	Tenable Log Correlation Engine (LCE) < 4.8.1 Multiple Vulnerabilities

NASL family	Misc.
NASL id	CITRIX_XENSERVER_CTX212736.NASL
description	The version of Citrix XenServer running on the remote host is affected by multiple vulnerabilities in the bundled versions of OpenSSL and QEMU : - Multiple flaws exist in the bundled version of OpenSSL in the aesni_cbc_hmac_sha1_cipher() and aesni_cbc_hmac_sha256_cipher() functions that are triggered when the connection uses an AES-CBC cipher and AES-NI is supported by the server. A man-in-the-middle attacker can exploit these issues to conduct a padding oracle attack, resulting in the ability to decrypt the network traffic. (CVE-2016-2107) - A remote code execution vulnerability exists in the bundled version of OpenSSL in the ASN.1 encoder component due to an underflow condition that occurs when attempting to encode the value zero represented as a negative integer. An unauthenticated, remote attacker can exploit this to corrupt memory, resulting in the execution of arbitrary code. (CVE-2016-2108) - An out-of-bounds write error exists in the bundled version of QEMU in the vga_update_memory_access() function that is triggered when access nodes are changed after the register bank has been set. An attacker on the guest can exploit this to execute arbitrary code with the privileges of the host
last seen	2020-06-01
modified	2020-06-02
plugin id	91352
published	2016-05-27
reporter	This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/91352
title	Citrix XenServer Multiple Vulnerabilities (CTX212736)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2018-0112-1.NASL
description	This update for openssl fixes the following issues: Security issues fixed : - CVE-2016-7056: ECSDA P-256 timing attack key recovery (bsc#1019334) - CVE-2017-3731: Truncated packet could crash via OOB read (bsc#1022085) - CVE-2016-8610: remote denial of service in SSL alert handling (bsc#1005878) - CVE-2017-3735: Malformed X.509 IPAdressFamily could cause OOB read (bsc#1056058) Bug fixes : - support alternate root ca chains (bsc#1032261) - X509_get_default_cert_file() returns an incorrect path (bsc#1022271) - Segmentation fault in
last seen	2020-06-01
modified	2020-06-02
plugin id	106093
published	2018-01-17
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/106093
title	SUSE SLES12 Security Update : openssl (SUSE-SU-2018:0112-1)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2016-2073.NASL
description	An update for openssl is now available for Red Hat Enterprise Linux 6.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es) : * A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an application compiled against the OpenSSL library. (CVE-2016-2108) * Two integer overflow flaws, leading to buffer overflows, were found in the way the EVP_EncodeUpdate() and EVP_EncryptUpdate() functions of OpenSSL parsed very large amounts of input data. A remote attacker could use these flaws to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application. (CVE-2016-2105, CVE-2016-2106) * It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when the connection used the AES CBC cipher suite and the server supported AES-NI. A remote attacker could possibly use this flaw to retrieve plain text from encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2016-2107) * Several flaws were found in the way BIO_printf functions were implemented in OpenSSL. Applications which passed large amounts of untrusted data through these functions could crash or potentially execute code with the permissions of the user running such an application. (CVE-2016-0799, CVE-2016-2842) A denial of service flaw was found in the way OpenSSL parsed certain ASN.1-encoded data from BIO (OpenSSL
last seen	2020-06-01
modified	2020-06-02
plugin id	94105
published	2016-10-18
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/94105
title	RHEL 6 : openssl (RHSA-2016:2073)

NASL family	FreeBSD Local Security Checks
NASL id	FREEBSD_PKG_01D729CA114311E6B55EB499BAEBFEAF.NASL
description	OpenSSL reports : Memory corruption in the ASN.1 encoder Padding oracle in AES-NI CBC MAC check EVP_EncodeUpdate overflow EVP_EncryptUpdate overflow ASN.1 BIO excessive memory allocation EBCDIC overread (OpenSSL only)
last seen	2020-06-01
modified	2020-06-02
plugin id	90876
published	2016-05-04
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/90876
title	FreeBSD : OpenSSL -- multiple vulnerabilities (01d729ca-1143-11e6-b55e-b499baebfeaf)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2016-575.NASL
description	This update for compat-openssl098 fixes the following issues : - CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617) - CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614) - CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615) - CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942) - CVE-2016-0702: Side channel attack on modular exponentiation
last seen	2020-06-05
modified	2016-05-12
plugin id	91070
published	2016-05-12
reporter	This script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/91070
title	openSUSE Security Update : compat-openssl098 (openSUSE-2016-575)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2016-1233-1.NASL
description	This update for openssl fixes the following issues : - CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617) - CVE-2016-2107: Padding oracle in AES-NI CBC MAC check (bsc#977616) - CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614) - CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615) - CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942) - bsc#976943: Buffer overrun in ASN1_parse - bsc#977621: Preserve negotiated digests for SNI (bsc#977621) - bsc#958501: Fix openssl enc -non-fips-allow option in FIPS mode (bsc#958501) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	90914
published	2016-05-05
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/90914
title	SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2016:1233-1)

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20160531_OPENSSL_ON_SL5_X.NASL
description	Security Fix(es) : - A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an application compiled against the OpenSSL library. (CVE-2016-2108)
last seen	2020-03-18
modified	2016-06-01
plugin id	91421
published	2016-06-01
reporter	This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/91421
title	Scientific Linux Security Update : openssl on SL5.x i386/x86_64 (20160531)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2016-0722.NASL
description	An update for openssl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es) : * A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an application compiled against the OpenSSL library. (CVE-2016-2108) * Two integer overflow flaws, leading to buffer overflows, were found in the way the EVP_EncodeUpdate() and EVP_EncryptUpdate() functions of OpenSSL parsed very large amounts of input data. A remote attacker could use these flaws to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application. (CVE-2016-2105, CVE-2016-2106) * It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when the connection used the AES CBC cipher suite and the server supported AES-NI. A remote attacker could possibly use this flaw to retrieve plain text from encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2016-2107) * Several flaws were found in the way BIO_printf functions were implemented in OpenSSL. Applications which passed large amounts of untrusted data through these functions could crash or potentially execute code with the permissions of the user running such an application. (CVE-2016-0799, CVE-2016-2842) A denial of service flaw was found in the way OpenSSL parsed certain ASN.1-encoded data from BIO (OpenSSL
last seen	2020-06-01
modified	2020-06-02
plugin id	91033
published	2016-05-11
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/91033
title	RHEL 7 : openssl (RHSA-2016:0722)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2016-1290-1.NASL
description	This update for openssl fixes the following issues : Security issues fixed : - CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617) - CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614) - CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615) - CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942) - CVE-2016-0702: Side channel attack on modular exponentiation
last seen	2020-06-01
modified	2020-06-02
plugin id	91158
published	2016-05-16
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/91158
title	SUSE SLES11 Security Update : openssl (SUSE-SU-2016:1290-1)

NASL family	Junos Local Security Checks
NASL id	JUNIPER_JSA10759.NASL
description	According to its self-reported version number, the remote Juniper Junos device is affected by the following vulnerabilities related to OpenSSL : - A flaw exists in the ssl3_get_key_exchange() function in file s3_clnt.c when handling a ServerKeyExchange message for an anonymous DH ciphersuite with the value of
last seen	2020-03-18
modified	2017-01-05
plugin id	96316
published	2017-01-05
reporter	This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/96316
title	Juniper Junos Multiple OpenSSL Vulnerabilities (JSA10759) (SWEET32)

NASL family	MacOS X Local Security Checks
NASL id	MACOSX_10_11_6.NASL
description	The remote host is running a version of Mac OS X that is 10.11.x prior to 10.11.6. It is, therefore, affected by multiple vulnerabilities in the following components : - apache_mod_php - Audio - bsdiff - CFNetwork - CoreGraphics - FaceTime - Graphics Drivers - ImageIO - Intel Graphics Driver - IOHIDFamily - IOKit - IOSurface - Kernel - libc++abi - libexpat - LibreSSL - libxml2 - libxslt - Login Window - OpenSSL - QuickTime - Safari Login AutoFill - Sandbox Profiles Note that successful exploitation of the most serious issues can result in arbitrary code execution.
last seen	2020-06-01
modified	2020-06-02
plugin id	92496
published	2016-07-21
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/92496
title	Mac OS X 10.11.x < 10.11.6 Multiple Vulnerabilities

NASL family	OracleVM Local Security Checks
NASL id	ORACLEVM_OVMSA-2016-0049.NASL
description	The remote OracleVM system is missing necessary patches to address critical security updates : - fix CVE-2016-2105 - possible overflow in base64 encoding - fix CVE-2016-2106 - possible overflow in EVP_EncryptUpdate - fix CVE-2016-2107 - padding oracle in stitched AES-NI CBC-MAC - fix CVE-2016-2108 - memory corruption in ASN.1 encoder - fix CVE-2016-2109 - possible DoS when reading ASN.1 data from BIO - fix CVE-2016-0799 - memory issues in BIO_printf - fix CVE-2016-0702 - side channel attack on modular exponentiation - fix CVE-2016-0705 - double-free in DSA private key parsing - fix CVE-2016-0797 - heap corruption in BN_hex2bn and BN_dec2bn - fix CVE-2015-3197 - SSLv2 ciphersuite enforcement - disable SSLv2 in the generic TLS method - fix 1-byte memory leak in pkcs12 parse (#1229871) - document some options of the speed command (#1197095) - fix high-precision timestamps in timestamping authority - fix CVE-2015-7575 - disallow use of MD5 in TLS1.2 - fix CVE-2015-3194 - certificate verify crash with missing PSS parameter - fix CVE-2015-3195 - X509_ATTRIBUTE memory leak - fix CVE-2015-3196 - race condition when handling PSK identity hint
last seen	2020-06-01
modified	2020-06-02
plugin id	91154
published	2016-05-16
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/91154
title	OracleVM 3.3 / 3.4 : openssl (OVMSA-2016-0049) (SLOTH)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2016-565.NASL
description	This update for libopenssl0_9_8 fixes the following issues : - CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614) - CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615) - CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617) - CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942) - CVE-2016-0702: Side channel attack on modular exponentiation
last seen	2020-06-05
modified	2016-05-06
plugin id	90935
published	2016-05-06
reporter	This script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/90935
title	openSUSE Security Update : libopenssl0_9_8 (openSUSE-2016-565)

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DLA-456.NASL
description	Several vulnerabilities were discovered in OpenSSL, a Secure Socket Layer toolkit. CVE-2016-2105 Guido Vranken discovered that an overflow can occur in the function EVP_EncodeUpdate(), used for Base64 encoding, if an attacker can supply a large amount of data. This could lead to a heap corruption. CVE-2016-2106 Guido Vranken discovered that an overflow can occur in the function EVP_EncryptUpdate() if an attacker can supply a large amount of data. This could lead to a heap corruption. CVE-2016-2107 Juraj Somorovsky discovered a padding oracle in the AES CBC cipher implementation based on the AES-NI instruction set. This could allow an attacker to decrypt TLS traffic encrypted with one of the cipher suites based on AES CBC. CVE-2016-2108 David Benjamin from Google discovered that two separate bugs in the ASN.1 encoder, related to handling of negative zero integer values and large universal tags, could lead to an out-of-bounds write. CVE-2016-2109 Brian Carpenter discovered that when ASN.1 data is read from a BIO using functions such as d2i_CMS_bio(), a short invalid encoding can casuse allocation of large amounts of memory potentially consuming excessive resources or exhausting memory. CVE-2016-2176 Guido Vranken discovered that ASN.1 Strings that are over 1024 bytes can cause an overread in applications using the X509_NAME_oneline() function on EBCDIC systems. This could result in arbitrary stack data being returned in the buffer. Additional information about these issues can be found in the OpenSSL security advisory at https://www.openssl.org/news/secadv/20160503.txt NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-03-17
modified	2016-05-04
plugin id	90874
published	2016-05-04
reporter	This script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/90874
title	Debian DLA-456-1 : openssl security update

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2016-1E39D934ED.NASL
description	Security fix for CVE-2016-2108, CVE-2016-2107, CVE-2016-2105, CVE-2016-2106 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-05
modified	2016-05-12
plugin id	91058
published	2016-05-12
reporter	This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/91058
title	Fedora 22 : openssl-1.0.1k-15.fc22 (2016-1e39d934ed)

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2019-1861.NASL
description	According to the versions of the openssl098e package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An integer underflow flaw, leading to a buffer overflow, was found in the way OpenSSL decoded malformed Base64-encoded inputs. An attacker able to make an application using OpenSSL decode a specially crafted Base64-encoded input (such as a PEM file) could use this flaw to cause the application to crash. Note: this flaw is not exploitable via the TLS/SSL protocol because the data being transferred is not Base64-encoded.(CVE-2015-0292) - An out-of-bounds read flaw was found in the X509_cmp_time() function of OpenSSL, which is used to test the expiry dates of SSL/TLS certificates. An attacker could possibly use a specially crafted SSL/TLS certificate or CRL (Certificate Revocation List), which when parsed by an application would cause that application to crash.(CVE-2015-1789) - A memory leak vulnerability was found in the way OpenSSL parsed PKCS#7 and CMS data. A remote attacker could use this flaw to cause an application that parses PKCS#7 or CMS data from untrusted sources to use an excessive amount of memory and possibly crash.(CVE-2015-3195) - OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DTLS message that is processed with a different read operation for the handshake header than for the handshake body, related to the dtls1_get_record function in d1_pkt.c and the ssl3_read_n function in s3_pkt.c.(CVE-2014-3571) - OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c.(CVE-2016-2177) - An integer overflow flaw, leading to a buffer overflow, was found in the way the EVP_EncodeUpdate() function of OpenSSL parsed very large amounts of input data. A remote attacker could use this flaw to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application.(CVE-2016-2105) - An integer overflow flaw, leading to a buffer overflow, was found in the way the EVP_EncryptUpdate() function of OpenSSL parsed very large amounts of input data. A remote attacker could use this flaw to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application.(CVE-2016-2106) - A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an application compiled against the OpenSSL library.(CVE-2016-2108) - A denial of service flaw was found in the way OpenSSL parsed certain ASN.1-encoded data from BIO (OpenSSL
last seen	2020-05-08
modified	2019-09-17
plugin id	128913
published	2019-09-17
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/128913
title	EulerOS 2.0 SP2 : openssl098e (EulerOS-SA-2019-1861)

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20160509_OPENSSL_ON_SL7_X.NASL
description	Security Fix(es) : - A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an application compiled against the OpenSSL library. (CVE-2016-2108) - Two integer overflow flaws, leading to buffer overflows, were found in the way the EVP_EncodeUpdate() and EVP_EncryptUpdate() functions of OpenSSL parsed very large amounts of input data. A remote attacker could use these flaws to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application. (CVE-2016-2105, CVE-2016-2106) - It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when the connection used the AES CBC cipher suite and the server supported AES-NI. A remote attacker could possibly use this flaw to retrieve plain text from encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2016-2107) - Several flaws were found in the way BIO_*printf functions were implemented in OpenSSL. Applications which passed large amounts of untrusted data through these functions could crash or potentially execute code with the permissions of the user running such an application. (CVE-2016-0799, CVE-2016-2842) - A denial of service flaw was found in the way OpenSSL parsed certain ASN.1-encoded data from BIO (OpenSSL
last seen	2020-03-18
modified	2016-05-11
plugin id	91041
published	2016-05-11
reporter	This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/91041
title	Scientific Linux Security Update : openssl on SL7.x x86_64 (20160509)

NASL family	AIX Local Security Checks
NASL id	AIX_OPENSSL_ADVISORY20.NASL
description	The version of OpenSSL installed on the remote AIX host is affected by the following vulnerabilities : - A heap buffer overflow condition exists in the EVP_EncodeUpdate() function within file crypto/evp/encode.c that is triggered when handling a large amount of input data. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2016-2105) - A heap buffer overflow condition exists in the EVP_EncryptUpdate() function within file crypto/evp/evp_enc.c that is triggered when handling a large amount of input data after a previous call occurs to the same function with a partial block. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2016-2106) - A remote code execution vulnerability exists in the ASN.1 encoder due to an underflow condition that occurs when attempting to encode the value zero represented as a negative integer. An unauthenticated, remote attacker can exploit this to corrupt memory, resulting in the execution of arbitrary code. (CVE-2016-2108) - Multiple unspecified flaws exist in the d2i BIO functions when reading ASN.1 data from a BIO due to invalid encoding causing a large allocation of memory. An unauthenticated, remote attacker can exploit these to cause a denial of service condition through resource exhaustion. (CVE-2016-2109) - An out-of-bounds read error exists in the X509_NAME_oneline() function within file crypto/x509/x509_obj.c when handling very long ASN1 strings. An unauthenticated, remote attacker can exploit this to disclose the contents of stack memory. (CVE-2016-2176)
last seen	2020-06-01
modified	2020-06-02
plugin id	92323
published	2016-07-15
reporter	This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/92323
title	AIX OpenSSL Advisory : openssl_advisory20.asc

NASL family	Web Servers
NASL id	OPENSSL_1_0_1O.NASL
description	According to its banner, the remote host is running a version of OpenSSL 1.0.1 prior to 1.0.1o. It is, therefore, affected by a remote code execution vulnerability in the ASN.1 encoder due to an underflow condition that occurs when attempting to encode the value zero represented as a negative integer. An unauthenticated, remote attacker can exploit this to corrupt memory, resulting in the execution of arbitrary code.
last seen	2020-06-01
modified	2020-06-02
plugin id	90888
published	2016-05-04
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/90888
title	OpenSSL 1.0.1 < 1.0.1o ASN.1 Encoder Negative Zero Value Handling RCE

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2017-0585-1.NASL
description	This update for openssl fixes the following issues contained in the OpenSSL Security Advisory [26 Jan 2017] (bsc#1021641) Security issues fixed : - CVE-2016-7056: A local ECSDA P-256 timing attack that might have allowed key recovery was fixed (bsc#1019334) - CVE-2016-8610: A remote denial of service in SSL alert handling was fixed (bsc#1005878) - degrade 3DES to MEDIUM in SSL2 (bsc#1001912) - CVE-2016-2108: Added a missing commit for CVE-2016-2108, fixing the negative zero handling in the ASN.1 decoder (bsc#1004499) Bugs fixed : - fix crash in openssl speed (bsc#1000677) - don
last seen	2020-06-01
modified	2020-06-02
plugin id	97494
published	2017-03-02
reporter	This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/97494
title	SUSE SLES11 Security Update : openssl (SUSE-SU-2017:0585-1)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2016-0996.NASL
description	An update for openssl is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es) : * A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an application compiled against the OpenSSL library. (CVE-2016-2108) * Two integer overflow flaws, leading to buffer overflows, were found in the way the EVP_EncodeUpdate() and EVP_EncryptUpdate() functions of OpenSSL parsed very large amounts of input data. A remote attacker could use these flaws to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application. (CVE-2016-2105, CVE-2016-2106) * It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when the connection used the AES CBC cipher suite and the server supported AES-NI. A remote attacker could possibly use this flaw to retrieve plain text from encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2016-2107) * Several flaws were found in the way BIO_printf functions were implemented in OpenSSL. Applications which passed large amounts of untrusted data through these functions could crash or potentially execute code with the permissions of the user running such an application. (CVE-2016-0799, CVE-2016-2842) A denial of service flaw was found in the way OpenSSL parsed certain ASN.1-encoded data from BIO (OpenSSL
last seen	2020-06-01
modified	2020-06-02
plugin id	91037
published	2016-05-11
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/91037
title	RHEL 6 : openssl (RHSA-2016:0996)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2016-564.NASL
description	This update for openssl fixes the following issues : - CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617) - CVE-2016-2107: Padding oracle in AES-NI CBC MAC check (bsc#977616) - CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614) - CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615) - CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942) - bsc#976943: Buffer overrun in ASN1_parse - bsc#977621: Preserve negotiated digests for SNI (bsc#977621) - bsc#958501: Fix openssl enc -non-fips-allow option in FIPS mode (bsc#958501) This update was imported from the SUSE:SLE-12-SP1:Update update project.
last seen	2020-06-05
modified	2016-05-06
plugin id	90934
published	2016-05-06
reporter	This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/90934
title	openSUSE Security Update : openssl (openSUSE-2016-564)

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20160510_OPENSSL_ON_SL6_X.NASL
description	Security Fix(es) : - A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an application compiled against the OpenSSL library. (CVE-2016-2108) - Two integer overflow flaws, leading to buffer overflows, were found in the way the EVP_EncodeUpdate() and EVP_EncryptUpdate() functions of OpenSSL parsed very large amounts of input data. A remote attacker could use these flaws to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application. (CVE-2016-2105, CVE-2016-2106) - It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when the connection used the AES CBC cipher suite and the server supported AES-NI. A remote attacker could possibly use this flaw to retrieve plain text from encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2016-2107) - Several flaws were found in the way BIO_*printf functions were implemented in OpenSSL. Applications which passed large amounts of untrusted data through these functions could crash or potentially execute code with the permissions of the user running such an application. (CVE-2016-0799, CVE-2016-2842) - A denial of service flaw was found in the way OpenSSL parsed certain ASN.1-encoded data from BIO (OpenSSL
last seen	2020-03-18
modified	2016-06-09
plugin id	91541
published	2016-06-09
reporter	This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/91541
title	Scientific Linux Security Update : openssl on SL6.x i386/x86_64 (20160510)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2016-1267-1.NASL
description	This update for compat-openssl098 fixes the following issues : - CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617) - CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614) - CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615) - CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942) - CVE-2016-0702: Side channel attack on modular exponentiation
last seen	2020-06-01
modified	2020-06-02
plugin id	91043
published	2016-05-11
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/91043
title	SUSE SLED12 / SLES12 Security Update : compat-openssl098 (SUSE-SU-2016:1267-1)

NASL family	Amazon Linux Local Security Checks
NASL id	ALA_ALAS-2016-695.NASL
description	A vulnerability was discovered that allows a man-in-the-middle attacker to use a padding oracle attack to decrypt traffic on a connection using an AES CBC cipher with a server supporting AES-NI. (CVE-2016-2107 , Important) It was discovered that the ASN.1 parser can misinterpret a large universal tag as a negative value. If an application deserializes and later reserializes untrusted ASN.1 structures containing an ANY field, an attacker may be able to trigger an out-of-bounds write, which can cause potentially exploitable memory corruption. (CVE-2016-2108 , Important) An overflow bug was discovered in the EVP_EncodeUpdate() function. An attacker could supply very large amounts of input data to overflow a length check, resulting in heap corruption. (CVE-2016-2105 , Low) An overflow bug was discovered in the EVP_EncryptUpdate() function. An attacker could supply very large amounts of input data to overflow a length check, resulting in heap corruption. (CVE-2016-2106 , Low) An issue was discovered in the BIO functions, such as d2i_CMS_bio(), where a short invalid encoding in ASN.1 data can cause allocation of large amounts of memory, potentially resulting in a denial of service. (CVE-2016-2109 , Low)
last seen	2020-06-01
modified	2020-06-02
plugin id	90864
published	2016-05-04
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/90864
title	Amazon Linux AMI : openssl (ALAS-2016-695)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2017-0194.NASL
description	An update is now available for JBoss Core Services on RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. This release adds the new Apache HTTP Server 2.4.23 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.6 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release. Security Fix(es) : * A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an application compiled against the OpenSSL library. (CVE-2016-2108) * It was found that the length checks prior to writing to the target buffer for creating a virtual host mapping rule did not take account of the length of the virtual host name, creating the potential for a buffer overflow. (CVE-2016-6808) * It was discovered that OpenSSL did not always use constant time operations when computing Digital Signature Algorithm (DSA) signatures. A local attacker could possibly use this flaw to obtain a private DSA key belonging to another user or service running on the same system. (CVE-2016-2178) * Multiple integer overflow flaws were found in the way OpenSSL performed pointer arithmetic. A remote attacker could possibly use these flaws to cause a TLS/SSL server or client using OpenSSL to crash. (CVE-2016-2177) * It was discovered that specifying configuration with a JVMRoute path longer than 80 characters will cause segmentation fault leading to a server crash. (CVE-2016-4459) * An error was found in protocol parsing logic of mod_cluster load balancer Apache HTTP Server modules. An attacker could use this flaw to cause a Segmentation Fault in the serving httpd process. (CVE-2016-8612) Red Hat would like to thank the OpenSSL project for reporting CVE-2016-2108. The CVE-2016-4459 issue was discovered by Robert Bost (Red Hat). Upstream acknowledges Huzaifa Sidhpurwala (Red Hat), Hanno Bock, and David Benjamin (Google) as the original reporters of CVE-2016-2108.
last seen	2020-06-01
modified	2020-06-02
plugin id	96867
published	2017-01-30
reporter	This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/96867
title	RHEL 7 : JBoss Core Services (RHSA-2017:0194)

NASL family	OracleVM Local Security Checks
NASL id	ORACLEVM_OVMSA-2016-0086.NASL
description	The remote OracleVM system is missing necessary patches to address critical security updates : - CVE-2016-0799 - Fix memory issues in BIO_*printf functions - CVE-2016-2105 - Avoid overflow in EVP_EncodeUpdate - CVE-2016-2106 - Fix encrypt overflow - CVE-2016-2109 - Harden ASN.1 BIO handling of large amounts of data. - To disable SSLv2 client connections create the file /etc/sysconfig/openssl-ssl-client-kill-sslv2 (John Haxby) [orabug 21673934] - Backport openssl 08-Jan-2015 security fixes (John Haxby) [orabug 20409893] - fix CVE-2014-3570 - Bignum squaring may produce incorrect results - fix CVE-2014-3571 - DTLS segmentation fault in dtls1_get_record - fix CVE-2014-3572 - ECDHE silently downgrades to ECDH [Client] - fix CVE-2016-2108 - memory corruption in ASN.1 encoder
last seen	2020-06-01
modified	2020-06-02
plugin id	91777
published	2016-06-23
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/91777
title	OracleVM 3.2 : openssl (OVMSA-2016-0086)

NASL family	Slackware Local Security Checks
NASL id	SLACKWARE_SSA_2016-124-01.NASL
description	New openssl packages are available for Slackware 14.0, 14.1, and -current to fix security issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	90863
published	2016-05-04
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/90863
title	Slackware 14.0 / 14.1 / current : openssl (SSA:2016-124-01)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2017-0193.NASL
description	Updated packages that provide Red Hat JBoss Core Services Pack Apache Server 2.4.23 and fix several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. This release adds the new Apache HTTP Server 2.4.23 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.6, and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release. Security Fix(es) : * A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an application compiled against the OpenSSL library. (CVE-2016-2108) * It was found that the length checks prior to writing to the target buffer for creating a virtual host mapping rule did not take account of the length of the virtual host name, creating the potential for a buffer overflow. (CVE-2016-6808) * It was discovered that OpenSSL did not always use constant time operations when computing Digital Signature Algorithm (DSA) signatures. A local attacker could possibly use this flaw to obtain a private DSA key belonging to another user or service running on the same system. (CVE-2016-2178) * Multiple integer overflow flaws were found in the way OpenSSL performed pointer arithmetic. A remote attacker could possibly use these flaws to cause a TLS/SSL server or client using OpenSSL to crash. (CVE-2016-2177) * It was discovered that specifying configuration with a JVMRoute path longer than 80 characters will cause segmentation fault leading to a server crash. (CVE-2016-4459) * An error was found in protocol parsing logic of mod_cluster load balancer Apache HTTP Server modules. An attacker could use this flaw to cause a Segmentation Fault in the serving httpd process. (CVE-2016-8612) Red Hat would like to thank the OpenSSL project for reporting CVE-2016-2108. The CVE-2016-4459 issue was discovered by Robert Bost (Red Hat). Upstream acknowledges Huzaifa Sidhpurwala (Red Hat), Hanno Bock, and David Benjamin (Google) as the original reporters of CVE-2016-2108.
last seen	2020-06-01
modified	2020-06-02
plugin id	96824
published	2017-01-27
reporter	This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/96824
title	RHEL 6 : JBoss Core Services (RHSA-2017:0193)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2016-1411324654.NASL
description	Security fix for CVE-2016-2108, CVE-2016-2107, CVE-2016-2105, CVE-2016-2106 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-05
modified	2016-05-09
plugin id	90949
published	2016-05-09
reporter	This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/90949
title	Fedora 24 : openssl-1.0.2h-1.fc24 (2016-1411324654)

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-201612-16.NASL
description	The remote host is affected by the vulnerability described in GLSA-201612-16 (OpenSSL: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers and the International Association for Cryptologic Research’s (IACR) paper, “Make Sure DSA Signing Exponentiations Really are Constant-Time” for further details. Impact : Remote attackers could cause a Denial of Service condition or have other unspecified impacts. Additionally, a time based side-channel attack may allow a local attacker to recover a private DSA key. Workaround : There is no known workaround at this time.
last seen	2020-06-01
modified	2020-06-02
plugin id	95602
published	2016-12-07
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/95602
title	GLSA-201612-16 : OpenSSL: Multiple vulnerabilities

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2017-255.NASL
description	This update for openssl fixes the following issues contained in the OpenSSL Security Advisory [26 Jan 2017] (bsc#1021641) Security issues fixed : - CVE-2016-7056: A local ECSDA P-256 timing attack that might have allowed key recovery was fixed (bsc#1019334) - CVE-2016-8610: A remote denial of service in SSL alert handling was fixed (bsc#1005878) - CVE-2016-2108: Added a missing commit for CVE-2016-2108, fixing the negative zero handling in the ASN.1 decoder (bsc#1004499) - CVE-2017-3731: Truncated packet could crash via OOB read (bsc#1022085, CVE-2017-3731) - Degrade the 3DES cipher to MEDIUM in SSLv2 (bsc#1001912) Bugs fixed : - fix crash in openssl speed (bsc#1000677) - fix ca-bundle path (bsc#1022271) This update was imported from the SUSE:SLE-12-SP1:Update update project.
last seen	2020-06-05
modified	2017-02-21
plugin id	97275
published	2017-02-21
reporter	This script is Copyright (C) 2017-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/97275
title	openSUSE Security Update : openssl (openSUSE-2017-255)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2016-1137.NASL
description	An update for openssl is now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es) : * A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an application compiled against the OpenSSL library. (CVE-2016-2108) Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Huzaifa Sidhpurwala (Red Hat), Hanno Bock, and David Benjamin (Google) as the original reporters.
last seen	2020-06-01
modified	2020-06-02
plugin id	91380
published	2016-05-31
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/91380
title	RHEL 5 : openssl (RHSA-2016:1137)

Redhat

advisories

bugzilla

id	1331402
title	CVE-2016-2108 openssl: Memory corruption in the ASN.1 encoder

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 5 is installed
oval oval:com.redhat.rhba:tst:20070331005

AND
comment openssl is earlier than 0:0.9.8e-40.el5_11
oval oval:com.redhat.rhsa:tst:20161137001
comment openssl is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070964004
AND
comment openssl-perl is earlier than 0:0.9.8e-40.el5_11
oval oval:com.redhat.rhsa:tst:20161137003
comment openssl-perl is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070964006
AND
comment openssl-devel is earlier than 0:0.9.8e-40.el5_11
oval oval:com.redhat.rhsa:tst:20161137005
comment openssl-devel is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070964002

rhsa

id	RHSA-2016:1137
released	2016-05-31
severity	Important
title	RHSA-2016:1137: openssl security update (Important)

rhsa
id RHSA-2016:0722
rhsa
id RHSA-2016:0996
rhsa
id RHSA-2016:2056
rhsa
id RHSA-2016:2073
rhsa
id RHSA-2016:2957
rhsa
id RHSA-2017:0193
rhsa
id RHSA-2017:0194

rpms

openssl-1:1.0.1e-51.el7_2.5
openssl-debuginfo-1:1.0.1e-51.el7_2.5
openssl-devel-1:1.0.1e-51.el7_2.5
openssl-libs-1:1.0.1e-51.el7_2.5
openssl-perl-1:1.0.1e-51.el7_2.5
openssl-static-1:1.0.1e-51.el7_2.5
openssl-0:1.0.1e-48.el6_8.1
openssl-debuginfo-0:1.0.1e-48.el6_8.1
openssl-devel-0:1.0.1e-48.el6_8.1
openssl-perl-0:1.0.1e-48.el6_8.1
openssl-static-0:1.0.1e-48.el6_8.1
openssl-0:0.9.8e-40.el5_11
openssl-debuginfo-0:0.9.8e-40.el5_11
openssl-devel-0:0.9.8e-40.el5_11
openssl-perl-0:0.9.8e-40.el5_11
openssl-0:1.0.1e-42.el6_7.5
openssl-debuginfo-0:1.0.1e-42.el6_7.5
openssl-devel-0:1.0.1e-42.el6_7.5
openssl-perl-0:1.0.1e-42.el6_7.5
openssl-static-0:1.0.1e-42.el6_7.5
jbcs-httpd24-httpd-0:2.4.23-102.jbcs.el6
jbcs-httpd24-httpd-debuginfo-0:2.4.23-102.jbcs.el6
jbcs-httpd24-httpd-devel-0:2.4.23-102.jbcs.el6
jbcs-httpd24-httpd-manual-0:2.4.23-102.jbcs.el6
jbcs-httpd24-httpd-selinux-0:2.4.23-102.jbcs.el6
jbcs-httpd24-httpd-src-zip-0:2.4.23-102.jbcs.el6
jbcs-httpd24-httpd-tools-0:2.4.23-102.jbcs.el6
jbcs-httpd24-httpd-zip-0:2.4.23-102.jbcs.el6
jbcs-httpd24-mod_auth_kerb-0:5.4-35.jbcs.el6
jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-35.jbcs.el6
jbcs-httpd24-mod_bmx-0:0.9.6-14.GA.jbcs.el6
jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-14.GA.jbcs.el6
jbcs-httpd24-mod_bmx-src-zip-0:0.9.6-14.GA.jbcs.el6
jbcs-httpd24-mod_cluster-native-0:1.3.5-13.Final_redhat_1.jbcs.el6
jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.5-13.Final_redhat_1.jbcs.el6
jbcs-httpd24-mod_cluster-native-src-zip-0:1.3.5-13.Final_redhat_1.jbcs.el6
jbcs-httpd24-mod_jk-ap24-0:1.2.41-14.redhat_1.jbcs.el6
jbcs-httpd24-mod_jk-debuginfo-0:1.2.41-14.redhat_1.jbcs.el6
jbcs-httpd24-mod_jk-manual-0:1.2.41-14.redhat_1.jbcs.el6
jbcs-httpd24-mod_jk-src-zip-0:1.2.41-14.redhat_1.jbcs.el6
jbcs-httpd24-mod_ldap-0:2.4.23-102.jbcs.el6
jbcs-httpd24-mod_proxy_html-1:2.4.23-102.jbcs.el6
jbcs-httpd24-mod_rt-0:2.4.1-16.GA.jbcs.el6
jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-16.GA.jbcs.el6
jbcs-httpd24-mod_rt-src-zip-0:2.4.1-16.GA.jbcs.el6
jbcs-httpd24-mod_security-0:2.9.1-18.GA.jbcs.el6
jbcs-httpd24-mod_security-debuginfo-0:2.9.1-18.GA.jbcs.el6
jbcs-httpd24-mod_security-src-zip-0:2.9.1-18.GA.jbcs.el6
jbcs-httpd24-mod_session-0:2.4.23-102.jbcs.el6
jbcs-httpd24-mod_ssl-1:2.4.23-102.jbcs.el6
jbcs-httpd24-nghttp2-0:1.12.0-9.jbcs.el6
jbcs-httpd24-nghttp2-debuginfo-0:1.12.0-9.jbcs.el6
jbcs-httpd24-openssl-1:1.0.2h-12.jbcs.el6
jbcs-httpd24-openssl-debuginfo-1:1.0.2h-12.jbcs.el6
jbcs-httpd24-openssl-devel-1:1.0.2h-12.jbcs.el6
jbcs-httpd24-openssl-libs-1:1.0.2h-12.jbcs.el6
jbcs-httpd24-openssl-perl-1:1.0.2h-12.jbcs.el6
jbcs-httpd24-openssl-static-1:1.0.2h-12.jbcs.el6
jbcs-httpd24-httpd-0:2.4.23-102.jbcs.el7
jbcs-httpd24-httpd-debuginfo-0:2.4.23-102.jbcs.el7
jbcs-httpd24-httpd-devel-0:2.4.23-102.jbcs.el7
jbcs-httpd24-httpd-manual-0:2.4.23-102.jbcs.el7
jbcs-httpd24-httpd-selinux-0:2.4.23-102.jbcs.el7
jbcs-httpd24-httpd-src-zip-0:2.4.23-102.jbcs.el7
jbcs-httpd24-httpd-tools-0:2.4.23-102.jbcs.el7
jbcs-httpd24-httpd-zip-0:2.4.23-102.jbcs.el7
jbcs-httpd24-mod_auth_kerb-0:5.4-35.jbcs.el7
jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-35.jbcs.el7
jbcs-httpd24-mod_bmx-0:0.9.6-14.GA.jbcs.el7
jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-14.GA.jbcs.el7
jbcs-httpd24-mod_bmx-src-zip-0:0.9.6-14.GA.jbcs.el7
jbcs-httpd24-mod_cluster-native-0:1.3.5-13.Final_redhat_1.jbcs.el7
jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.5-13.Final_redhat_1.jbcs.el7
jbcs-httpd24-mod_jk-ap24-0:1.2.41-14.redhat_1.jbcs.el7
jbcs-httpd24-mod_jk-debuginfo-0:1.2.41-14.redhat_1.jbcs.el7
jbcs-httpd24-mod_jk-manual-0:1.2.41-14.redhat_1.jbcs.el7
jbcs-httpd24-mod_ldap-0:2.4.23-102.jbcs.el7
jbcs-httpd24-mod_proxy_html-1:2.4.23-102.jbcs.el7
jbcs-httpd24-mod_rt-0:2.4.1-16.GA.jbcs.el7
jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-16.GA.jbcs.el7
jbcs-httpd24-mod_rt-src-zip-0:2.4.1-16.GA.jbcs.el7
jbcs-httpd24-mod_security-0:2.9.1-18.GA.jbcs.el7
jbcs-httpd24-mod_security-debuginfo-0:2.9.1-18.GA.jbcs.el7
jbcs-httpd24-mod_security-src-zip-0:2.9.1-18.GA.jbcs.el7
jbcs-httpd24-mod_session-0:2.4.23-102.jbcs.el7
jbcs-httpd24-mod_ssl-1:2.4.23-102.jbcs.el7
jbcs-httpd24-nghttp2-0:1.12.0-9.jbcs.el7
jbcs-httpd24-nghttp2-debuginfo-0:1.12.0-9.jbcs.el7
jbcs-httpd24-openssl-1:1.0.2h-12.jbcs.el7
jbcs-httpd24-openssl-debuginfo-1:1.0.2h-12.jbcs.el7
jbcs-httpd24-openssl-devel-1:1.0.2h-12.jbcs.el7
jbcs-httpd24-openssl-libs-1:1.0.2h-12.jbcs.el7
jbcs-httpd24-openssl-perl-1:1.0.2h-12.jbcs.el7
jbcs-httpd24-openssl-static-1:1.0.2h-12.jbcs.el7

Seebug

bulletinFamily	exploit
description	No description provided by source.
id	SSV:91447
last seen	2017-11-19
modified	2016-05-04
published	2016-05-04
reporter	Root
title	OpenSSL Memory corruption in the ASN.1 encoder (CVE-2016-2108)

The Hacker News

id	THN:7CACCDBBDB47286572F59C67E92AF821
last seen	2018-01-27
modified	2016-05-05
published	2016-05-04
reporter	Mohit Kumar
source	https://thehackernews.com/2016/05/openssl-vulnerability.html
title	High-Severity OpenSSL Vulnerability allows Hackers to Decrypt HTTPS Traffic

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

Nessus

Redhat

Seebug

The Hacker News

References