Vulnerabilities > CVE-2016-7052 - NULL Pointer Dereference vulnerability in multiple products

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
novell
openssl
nodejs
CWE-476
nessus

Summary

crypto/x509/x509_vfy.c in OpenSSL 1.0.2i allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by triggering a CRL operation.

Common Weakness Enumeration (CWE)

Nessus

  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2016-270-01.NASL
    descriptionNew openssl packages are available for Slackware 14.2 and -current to fix a security issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id93722
    published2016-09-27
    reporterThis script is Copyright (C) 2016-2017 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/93722
    titleSlackware 14.2 / current : openssl (SSA:2016-270-01)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Slackware Security Advisory 2016-270-01. The text 
    # itself is copyright (C) Slackware Linux, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(93722);
      script_version("$Revision: 2.2 $");
      script_cvs_date("$Date: 2017/09/21 13:38:14 $");
    
      script_cve_id("CVE-2016-7052");
      script_xref(name:"SSA", value:"2016-270-01");
    
      script_name(english:"Slackware 14.2 / current : openssl (SSA:2016-270-01)");
      script_summary(english:"Checks for updated packages in /var/log/packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Slackware host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "New openssl packages are available for Slackware 14.2 and -current to
    fix a security issue."
      );
      # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.418332
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?9a3ef365"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected openssl and / or openssl-solibs packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:openssl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:openssl-solibs");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:14.2");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2016/09/26");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/09/27");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.");
      script_family(english:"Slackware Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("slackware.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware");
    if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu);
    
    
    flag = 0;
    if (slackware_check(osver:"14.2", pkgname:"openssl", pkgver:"1.0.2j", pkgarch:"i586", pkgnum:"1_slack14.2")) flag++;
    if (slackware_check(osver:"14.2", pkgname:"openssl-solibs", pkgver:"1.0.2j", pkgarch:"i586", pkgnum:"1_slack14.2")) flag++;
    if (slackware_check(osver:"14.2", arch:"x86_64", pkgname:"openssl", pkgver:"1.0.2j", pkgarch:"x86_64", pkgnum:"1_slack14.2")) flag++;
    if (slackware_check(osver:"14.2", arch:"x86_64", pkgname:"openssl-solibs", pkgver:"1.0.2j", pkgarch:"x86_64", pkgnum:"1_slack14.2")) flag++;
    
    if (slackware_check(osver:"current", pkgname:"openssl", pkgver:"1.0.2j", pkgarch:"i586", pkgnum:"1")) flag++;
    if (slackware_check(osver:"current", pkgname:"openssl-solibs", pkgver:"1.0.2j", pkgarch:"i586", pkgnum:"1")) flag++;
    if (slackware_check(osver:"current", arch:"x86_64", pkgname:"openssl", pkgver:"1.0.2j", pkgarch:"x86_64", pkgnum:"1")) flag++;
    if (slackware_check(osver:"current", arch:"x86_64", pkgname:"openssl-solibs", pkgver:"1.0.2j", pkgarch:"x86_64", pkgnum:"1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyMisc.
    NASL idORACLE_ACCESS_MANAGER_CPU_JAN_2018.NASL
    descriptionThe version of Oracle Access Manager installed on the remote host is 10.1.4.3.x prior to 10.1.4.3.13 or 11.1.2.3.x prior to 11.1.2.3.180116. It is, therefore, affected by multiple vulnerabilities as noted in the October 2018 Critical Patch Update advisory: - A Vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware (subcomponent: Web Server Plugin (OpenSSL)). The affected version is 10.1.4.3.0. This is a difficult to exploit vulnerability that allows unauthenticated attacker with network access via HTTPS to compromise Oracle Access Manager. A successful attack of this vulnerability may result in unauthorized access to critical data or complete access to all Oracle Access Manager accessible data. (CVE-2017-3732) - A vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware (subcomponent: Web Server Plugin). The affected version is 11.1.2.3.0. This is a difficult to exploit vulnerability that allows an unauthenticated attacker with network access via HTTPS to compromise Oracle Access Manager. A successful attack of this vulnerability may result in unauthorized access to critical data or complete access to all Oracle Access Manager accessible data. (CVE-2017-10262) Note that Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id124059
    published2019-04-15
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124059
    titleOracle Access Manager Multiple Vulnerabilities (Jan 2018 CPU)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2016-A555159613.NASL
    descriptionUpdate from upstream with multiple security issues fixed. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2016-09-28
    plugin id93752
    published2016-09-28
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93752
    titleFedora 24 : 1:openssl (2016-a555159613)
  • NASL familyMisc.
    NASL idORACLE_E-BUSINESS_CPU_JUL_2017.NASL
    descriptionThe version of Oracle E-Business installed on the remote host is missing the July 2017 Oracle Critical Patch Update (CPU). It is, therefore, affected by the following vulnerabilities : - Multiple integer overflow conditions exist in the OpenSSL component in s3_srvr.c, ssl_sess.c, and t1_lib.c due to improper use of pointer arithmetic for heap-buffer boundary checks. An unauthenticated, remote attacker can exploit this to cause a denial of service. (CVE-2016-2177) - An information disclosure vulnerability exists in the OpenSSL component in the dsa_sign_setup() function in dsa_ossl.c due to a failure to properly ensure the use of constant-time operations. An unauthenticated, remote attacker can exploit this, via a timing side-channel attack, to disclose DSA key information. (CVE-2016-2178) - A denial of service vulnerability exists in the OpennSSL component in the DTLS implementation due to a failure to properly restrict the lifetime of queue entries associated with unused out-of-order messages. An unauthenticated, remote attacker can exploit this, by maintaining multiple crafted DTLS sessions simultaneously, to exhaust memory. (CVE-2016-2179) - An out-of-bounds read error exists in the OpenSSL component in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation. An unauthenticated, remote attacker can exploit this, via a crafted time-stamp file that is mishandled by the
    last seen2020-06-01
    modified2020-06-02
    plugin id101845
    published2017-07-20
    reporterThis script is Copyright (C) 2017-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/101845
    titleOracle E-Business Multiple Vulnerabilities (July 2017 CPU) (SWEET32)
  • NASL familyWindows
    NASL idHP_VERSION_CONTROL_REPO_MANAGER_7_6_0_0.NASL
    descriptionAccording to its self-reported version, the HP Version Control Repository Manager (VCRM) application installed on the remote Windows host is prior to 7.6.0. It is, therefore, affected by multiple vulnerabilities : - A denial of service vulnerability exists in OpenSSL in x509_vfy.c due to improper handling of certificate revocation lists (CRLs). An unauthenticated, remote attacker can exploit this, via a specially crafted CRL, to cause a NULL pointer dereference, resulting in a crash of the service. (CVE-2016-7052) - A cross-site request forgery (XSRF) vulnerability exists in VCRM due to HTTP requests not requiring multiple steps, explicit confirmation, or a unique token when performing certain sensitive actions. An unauthenticated, remote attacker can exploit this, by convincing a user into following a specially crafted link, to perform unspecified actions. (CVE-2016-8513) - An unspecified flaw exists in VCRM that allows an authenticated, remote attacker to disclose potentially sensitive information. (CVE-2016-8514) - An unspecified flaw exists in VCRM that allows an authenticated, remote attacker to upload arbitrary files. (CVE-2016-8515) Note that Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id96721
    published2017-01-24
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96721
    titleHP Version Control Repository Manager < 7.6.0 Multiple Vulnerabilities
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2016-97454404FE.NASL
    descriptionUpdate from upstream with multiple security issues fixed. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2016-10-12
    plugin id93978
    published2016-10-12
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93978
    titleFedora 23 : 1:openssl (2016-97454404fe)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-168.NASL
    descriptionThis update for openssl-steam fixes the following issues : - Merged changes from upstream openssl (Factory rev 137) into this fork for Steam. Updated to openssl 1.0.2k : - CVE-2016-7055: Montgomery multiplication may produce incorrect results (boo#1009528) - CVE-2016-7056: ECSDA P-256 timing attack key recovery (boo#1019334) - CVE-2017-3731: Truncated packet could crash via OOB read (boo#1022085) - CVE-2017-3732: BN_mod_exp may produce incorrect results on x86_64 (boo#1022086) Update to openssl-1.0.2j : - CVE-2016-7052: Missing CRL sanity check (boo#1001148) OpenSSL Security Advisory [22 Sep 2016] (boo#999665) - Severity: High - CVE-2016-6304: OCSP Status Request extension unbounded memory growth (boo#999666) - Severity: Low - CVE-2016-2177: Pointer arithmetic undefined behaviour (boo#982575) - CVE-2016-2178: Constant time flag not preserved in DSA signing (boo#983249) - CVE-2016-2179: DTLS buffered message DoS (boo#994844) - CVE-2016-2180: OOB read in TS_OBJ_print_bio() (boo#990419) - CVE-2016-2181: DTLS replay protection DoS (boo#994749) - CVE-2016-2182: OOB write in BN_bn2dec() (boo#993819) - CVE-2016-2183: Birthday attack against 64-bit block ciphers (SWEET32) (boo#995359) - CVE-2016-6302: Malformed SHA512 ticket DoS (boo#995324) - CVE-2016-6303: OOB write in MDC2_Update() (boo#995377) - CVE-2016-6306: Certificate message OOB reads (boo#999668) ALso fixed : - fixed a crash in print_notice (boo#998190) - fix X509_CERT_FILE path (boo#1022271) and rename - resume reading from /dev/urandom when interrupted by a signal (boo#995075) - fix problems with locking in FIPS mode (boo#992120) - duplicates: boo#991877, boo#991193, boo#990392, boo#990428 and boo#990207 - drop openssl-fips_RSA_compute_d_with_lcm.patch (upstream) (boo#984323) - don
    last seen2020-06-05
    modified2018-02-16
    plugin id106863
    published2018-02-16
    reporterThis script is Copyright (C) 2018-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/106863
    titleopenSUSE Security Update : openssl-steam (openSUSE-2018-168)
  • NASL familyMisc.
    NASL idORACLE_ENTERPRISE_MANAGER_APR_2017_CPU.NASL
    descriptionThe version of Oracle Enterprise Manager Grid Control installed on the remote host is missing a security patch. It is, therefore, affected by multiple vulnerabilities : - Multiple integer overflow conditions exist in the OpenSSL component in s3_srvr.c, ssl_sess.c, and t1_lib.c due to improper use of pointer arithmetic for heap-buffer boundary checks. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2016-2177) - An information disclosure vulnerability exists in the OpenSSL component in dsa_sign_setup() function in dsa_ossl.c due to a failure to properly ensure the use of constant-time operations. An unauthenticated, remote attacker can exploit this, via a timing side-channel attack, to disclose DSA key information. (CVE-2016-2178) - A denial of service vulnerability exists in the OpenSSL component in the DTLS implementation due to a failure to properly restrict the lifetime of queue entries associated with unused out-of-order messages. An unauthenticated, remote attacker can exploit this, by maintaining multiple crafted DTLS sessions simultaneously, to exhaust memory. (CVE-2016-2179) - An out-of-bounds read error exists in the OpenSSL component in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation. An unauthenticated, remote attacker can exploit this, via a crafted time-stamp file that is mishandled by the
    last seen2020-06-01
    modified2020-06-02
    plugin id99594
    published2017-04-21
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99594
    titleOracle Enterprise Manager Grid Control Multiple Vulnerabilities (April 2017 CPU) (SWEET32)
  • NASL familyWeb Servers
    NASL idOPENSSL_1_0_2J.NASL
    descriptionAccording to its banner, the remote host is running OpenSSL version 1.0.2i. It is, therefore, affected by a denial of service vulnerability in x509_vfy.c due to improper handling of certificate revocation lists (CRLs). An unauthenticated, remote attacker can exploit this, via a specially crafted CRL, to cause a NULL pointer dereference, resulting in a crash of the service.
    last seen2020-06-01
    modified2020-06-02
    plugin id93786
    published2016-09-28
    reporterThis script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/93786
    titleOpenSSL 1.0.2i CRL Handling NULL Pointer Dereference DoS
  • NASL familyMisc.
    NASL idPVS_5_2_0.NASL
    descriptionThe version of Tenable Passive Vulnerability Scanner (PVS) installed on the remote host is 5.x < 5.2.0. It is, therefore, affected by multiple vulnerabilities : - Multiple denial of service vulnerabilities exist in Expat within file xmlparse.c due to a logical error in hash computations. An unauthenticated, remote attacker can exploit these, via a specially crafted XML file containing many identifiers with the same value, to cause the service to exhaust CPU resources. (CVE-2012-0876, CVE-2016-5300) - A flaw exists in the generate_hash_secret_salt() function in file lib/xmlparse.c within Expat due to the generation of non-random output by the PRNG. An unauthenticated, remote attacker can exploit this to more easily predict the PRNG output. (CVE-2012-6702) - Multiple buffer overflow conditions exist within Expat, specifically in the XML_GetBuffer() function in file lib/xmlparse.c, due to improper validation of user-supplied input when handling compressed XML content. An unauthenticated, remote attacker can exploit these to execute arbitrary code. (CVE-2015-1283, CVE-2016-4472) - Multiple buffer overflow conditions exist within the Expat XML parser when handling malformed input documents due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit these to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-0718, CVE-2016-0719) - Multiple integer overflow conditions exist in s3_srvr.c, ssl_sess.c, and t1_lib.c due to improper use of pointer arithmetic for heap-buffer boundary checks. An unauthenticated, remote attacker can exploit these to cause a denial of service. (CVE-2016-2177) - An information disclosure vulnerability exists in the dsa_sign_setup() function in dsa_ossl.c due to a failure to properly ensure the use of constant-time operations. An unauthenticated, remote attacker can exploit this, via a timing side-channel attack, to disclose DSA key information. (CVE-2016-2178) - A denial of service vulnerability exists in the DTLS implementation due to a failure to properly restrict the lifetime of queue entries associated with unused out-of-order messages. An unauthenticated, remote attacker can exploit this, by maintaining multiple crafted DTLS sessions simultaneously, to exhaust memory. (CVE-2016-2179) - An out-of-bounds read error exists in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation. An unauthenticated, remote attacker can exploit this, via a crafted time-stamp file that is mishandled by the
    last seen2020-06-01
    modified2020-06-02
    plugin id96337
    published2017-01-06
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96337
    titleTenable Passive Vulnerability Scanner 5.x < 5.2.0 Multiple Vulnerabilities (SWEET32)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2016-64E0743E16.NASL
    descriptionUpdate from upstream with multiple security issues fixed. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2016-11-15
    plugin id94811
    published2016-11-15
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94811
    titleFedora 25 : 1:openssl (2016-64e0743e16)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-2470-1.NASL
    descriptionThis update brings the new upstream nodejs LTS version 4.6.0, fixing bugs and security issues : - Nodejs embedded openssl version update + upgrade to 1.0.2j (CVE-2016-6304, CVE-2016-2183, CVE-2016-2178, CVE-2016-6306, CVE-2016-7052) + remove support for dynamic 3rd party engine modules - http: Properly validate for allowable characters in input user data. This introduces a new case where throw may occur when configuring HTTP responses, users should already be adopting try/catch here. (CVE-2016-5325, bsc#985201) - tls: properly validate wildcard certificates (CVE-2016-7099, bsc#1001652) - buffer: Zero-fill excess bytes in new Buffer objects created with Buffer.concat() Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-24
    modified2019-01-02
    plugin id119982
    published2019-01-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119982
    titleSUSE SLES12 Security Update : nodejs4 (SUSE-SU-2016:2470-1)
  • NASL familyMisc.
    NASL idSECURITYCENTER_5_4_1.NASL
    descriptionAccording to its self-reported version, the Tenable SecurityCenter application installed on the remote host is prior to 5.4.1. It is, therefore, affected by multiple vulnerabilities : - A denial of service vulnerability exists in x509_vfy.c due to improper handling of certificate revocation lists (CRLs). An unauthenticated, remote attacker can exploit this, via a specially crafted CRL, to cause a NULL pointer dereference, resulting in a crash of the service. (CVE-2016-7052) - A cross-site scripting (XSS) vulnerability exists within the JQuery UI dialog() function due to improper validation of input to the
    last seen2020-06-01
    modified2020-06-02
    plugin id96832
    published2017-01-27
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96832
    titleTenable SecurityCenter < 5.4.1 Multiple Vulnerabilities (TNS-2016-19)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_91A337D883ED11E6BF52B499BAEBFEAF.NASL
    descriptionOpenSSL reports : Critical vulnerability in OpenSSL 1.1.0a Fix Use After Free for large message sizes (CVE-2016-6309) Moderate vulnerability in OpenSSL 1.0.2i Missing CRL sanity check (CVE-2016-7052)
    last seen2020-06-01
    modified2020-06-02
    plugin id93730
    published2016-09-27
    reporterThis script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93730
    titleFreeBSD : OpenSSL -- multiple vulnerabilities (91a337d8-83ed-11e6-bf52-b499baebfeaf)
  • NASL familyCGI abuses : XSS
    NASL idNESSUS_TNS_2016_16.NASL
    descriptionAccording to its self-reported version number, the Tenable Nessus application running on the remote host is 6.x prior to 6.9. It is, therefore, affected by multiple vulnerabilities : - Multiple integer overflow conditions exist in the OpenSSL component in s3_srvr.c, ssl_sess.c, and t1_lib.c due to improper use of pointer arithmetic for heap-buffer boundary checks. An unauthenticated, remote attacker can exploit this to cause a denial of service. (CVE-2016-2177) - An information disclosure vulnerability exists in the OpenSSL component in the dsa_sign_setup() function in dsa_ossl.c due to a failure to properly ensure the use of constant-time operations. An unauthenticated, remote attacker can exploit this, via a timing side-channel attack, to disclose DSA key information. (CVE-2016-2178) - A denial of service vulnerability exists in the OpenSSL component in the DTLS implementation due to a failure to properly restrict the lifetime of queue entries associated with unused out-of-order messages. An unauthenticated, remote attacker can exploit this, by maintaining multiple crafted DTLS sessions simultaneously, to exhaust memory. (CVE-2016-2179) - An out-of-bounds read error exists in the OpenSSL component in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation. An unauthenticated, remote attacker can exploit this, via a crafted time-stamp file that is mishandled by the
    last seen2020-06-01
    modified2020-06-02
    plugin id97192
    published2017-02-15
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97192
    titleTenable Nessus 6.x < 6.9 Multiple Vulnerabilities (TNS-2016-16) (SWEET32)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-1172.NASL
    descriptionThis update brings the new upstream nodejs LTS version 4.6.0, fixing bugs and security issues : - Nodejs embedded openssl version update + upgrade to 1.0.2j (CVE-2016-6304, CVE-2016-2183, CVE-2016-2178, CVE-2016-6306, CVE-2016-7052) + remove support for dynamic 3rd party engine modules - http: Properly validate for allowable characters in input user data. This introduces a new case where throw may occur when configuring HTTP responses, users should already be adopting try/catch here. (CVE-2016-5325, bsc#985201) - tls: properly validate wildcard certificates (CVE-2016-7099, bsc#1001652) - buffer: Zero-fill excess bytes in new Buffer objects created with Buffer.concat()
    last seen2020-06-05
    modified2016-10-12
    plugin id94002
    published2016-10-12
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/94002
    titleopenSUSE Security Update : nodejs (openSUSE-2016-1172)
  • NASL familyAIX Local Security Checks
    NASL idAIX_OPENSSL_ADVISORY21.NASL
    descriptionThe version of OpenSSL installed on the remote AIX host is affected by the following vulnerabilities : - Multiple integer overflow conditions exist in s3_srvr.c, ssl_sess.c, and t1_lib.c due to improper use of pointer arithmetic for heap-buffer boundary checks. An unauthenticated, remote attacker can exploit this to cause a denial of service. (CVE-2016-2177) - An information disclosure vulnerability exists in the dsa_sign_setup() function in dsa_ossl.c due to a failure to properly ensure the use of constant-time operations. An unauthenticated, remote attacker can exploit this, via a timing side-channel attack, to disclose DSA key information. (CVE-2016-2178) - A denial of service vulnerability exists in the DTLS implementation due to a failure to properly restrict the lifetime of queue entries associated with unused out-of-order messages. An unauthenticated, remote attacker can exploit this, by maintaining multiple crafted DTLS sessions simultaneously, to exhaust memory. (CVE-2016-2179) - An out-of-bounds read error exists in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation. An unauthenticated, remote attacker can exploit this, via a crafted time-stamp file that is mishandled by the
    last seen2020-06-01
    modified2020-06-02
    plugin id95255
    published2016-11-22
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/95255
    titleAIX OpenSSL Advisory : openssl_advisory21.asc (SWEET32)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201612-16.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201612-16 (OpenSSL: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers and the International Association for Cryptologic Research&rsquo;s (IACR) paper, &ldquo;Make Sure DSA Signing Exponentiations Really are Constant-Time&rdquo; for further details. Impact : Remote attackers could cause a Denial of Service condition or have other unspecified impacts. Additionally, a time based side-channel attack may allow a local attacker to recover a private DSA key. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id95602
    published2016-12-07
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/95602
    titleGLSA-201612-16 : OpenSSL: Multiple vulnerabilities

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/143369/orionbrowser79-mitm.txt
idPACKETSTORM:143369
last seen2017-07-15
published2017-07-14
reporterMaXe
sourcehttps://packetstormsecurity.com/files/143369/Orion-Elite-Hidden-IP-Browser-Pro-7.9-OpenSSL-Tor-Man-In-The-Middle.html
titleOrion Elite Hidden IP Browser Pro 7.9 OpenSSL / Tor / Man-In-The-Middle

References