Vulnerabilities > CVE-2016-7052 - NULL Pointer Dereference vulnerability in multiple products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

nessus

NVD

Published: 2016-09-26

Updated: 2023-11-07

Summary

crypto/x509/x509_vfy.c in OpenSSL 1.0.2i allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by triggering a CRL operation.

Vulnerable Configurations

Part	Description	Count
OS	Novell Novell Suse Linux Enterprise Module FOR WEB Scripting 12.0	1
Application	Openssl Openssl Openssl 1.0.2I	1
Application	Nodejs Nodejs Node.Js 4.0.0 Nodejs Node.Js 4.1.0 Nodejs Node.Js 4.1.1 Nodejs Node.Js 4.1.2 Nodejs Node.Js 6.0.0 Nodejs Node.Js 6.1.0 Nodejs Node.Js 6.2.0 Nodejs Node.Js 6.2.1 Nodejs Node.Js 6.2.2 Nodejs Node.Js 6.3.0 Nodejs Node.Js 6.3.1 Nodejs Node.Js 6.4.0 Nodejs Node.Js 6.5.0 Nodejs Node.Js 6.6.0 Nodejs Node.Js 4.2.0 Nodejs Node.Js 4.2.1 Nodejs Node.Js 4.2.2 Nodejs Node.Js 4.2.3 Nodejs Node.Js 4.2.4 Nodejs Node.Js 4.2.5 Nodejs Node.Js 4.2.6 Nodejs Node.Js 4.3.0 Nodejs Node.Js 4.3.1 Nodejs Node.Js 4.3.2 Nodejs Node.Js 4.4.0 Nodejs Node.Js 4.4.1 Nodejs Node.Js 4.4.2 Nodejs Node.Js 4.4.3 Nodejs Node.Js 4.4.4 Nodejs Node.Js 4.4.5 Nodejs Node.Js 4.4.6 Nodejs Node.Js 4.4.7 Nodejs Node.Js 4.5.0	38

Common Weakness Enumeration (CWE)

CWE-476 - NULL Pointer Dereference

Nessus

NASL family	Slackware Local Security Checks
NASL id	SLACKWARE_SSA_2016-270-01.NASL
description	New openssl packages are available for Slackware 14.2 and -current to fix a security issue.
last seen	2020-06-01
modified	2020-06-02
plugin id	93722
published	2016-09-27
reporter	This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/93722
title	Slackware 14.2 / current : openssl (SSA:2016-270-01)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Slackware Security Advisory 2016-270-01. The text # itself is copyright (C) Slackware Linux, Inc. # include("compat.inc"); if (description) { script_id(93722); script_version("$Revision: 2.2 $"); script_cvs_date("$Date: 2017/09/21 13:38:14 $"); script_cve_id("CVE-2016-7052"); script_xref(name:"SSA", value:"2016-270-01"); script_name(english:"Slackware 14.2 / current : openssl (SSA:2016-270-01)"); script_summary(english:"Checks for updated packages in /var/log/packages"); script_set_attribute( attribute:"synopsis", value:"The remote Slackware host is missing a security update." ); script_set_attribute( attribute:"description", value: "New openssl packages are available for Slackware 14.2 and -current to fix a security issue." ); # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.418332 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?9a3ef365" ); script_set_attribute( attribute:"solution", value:"Update the affected openssl and / or openssl-solibs packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:openssl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:openssl-solibs"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:14.2"); script_set_attribute(attribute:"patch_publication_date", value:"2016/09/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/09/27"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2017 Tenable Network Security, Inc."); script_family(english:"Slackware Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("slackware.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware"); if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu); flag = 0; if (slackware_check(osver:"14.2", pkgname:"openssl", pkgver:"1.0.2j", pkgarch:"i586", pkgnum:"1_slack14.2")) flag++; if (slackware_check(osver:"14.2", pkgname:"openssl-solibs", pkgver:"1.0.2j", pkgarch:"i586", pkgnum:"1_slack14.2")) flag++; if (slackware_check(osver:"14.2", arch:"x86_64", pkgname:"openssl", pkgver:"1.0.2j", pkgarch:"x86_64", pkgnum:"1_slack14.2")) flag++; if (slackware_check(osver:"14.2", arch:"x86_64", pkgname:"openssl-solibs", pkgver:"1.0.2j", pkgarch:"x86_64", pkgnum:"1_slack14.2")) flag++; if (slackware_check(osver:"current", pkgname:"openssl", pkgver:"1.0.2j", pkgarch:"i586", pkgnum:"1")) flag++; if (slackware_check(osver:"current", pkgname:"openssl-solibs", pkgver:"1.0.2j", pkgarch:"i586", pkgnum:"1")) flag++; if (slackware_check(osver:"current", arch:"x86_64", pkgname:"openssl", pkgver:"1.0.2j", pkgarch:"x86_64", pkgnum:"1")) flag++; if (slackware_check(osver:"current", arch:"x86_64", pkgname:"openssl-solibs", pkgver:"1.0.2j", pkgarch:"x86_64", pkgnum:"1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	Misc.
NASL id	ORACLE_ACCESS_MANAGER_CPU_JAN_2018.NASL
description	The version of Oracle Access Manager installed on the remote host is 10.1.4.3.x prior to 10.1.4.3.13 or 11.1.2.3.x prior to 11.1.2.3.180116. It is, therefore, affected by multiple vulnerabilities as noted in the October 2018 Critical Patch Update advisory: - A Vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware (subcomponent: Web Server Plugin (OpenSSL)). The affected version is 10.1.4.3.0. This is a difficult to exploit vulnerability that allows unauthenticated attacker with network access via HTTPS to compromise Oracle Access Manager. A successful attack of this vulnerability may result in unauthorized access to critical data or complete access to all Oracle Access Manager accessible data. (CVE-2017-3732) - A vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware (subcomponent: Web Server Plugin). The affected version is 11.1.2.3.0. This is a difficult to exploit vulnerability that allows an unauthenticated attacker with network access via HTTPS to compromise Oracle Access Manager. A successful attack of this vulnerability may result in unauthorized access to critical data or complete access to all Oracle Access Manager accessible data. (CVE-2017-10262) Note that Nessus has not tested for these issues but has instead relied only on the application
last seen	2020-06-01
modified	2020-06-02
plugin id	124059
published	2019-04-15
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/124059
title	Oracle Access Manager Multiple Vulnerabilities (Jan 2018 CPU)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2016-A555159613.NASL
description	Update from upstream with multiple security issues fixed. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-05
modified	2016-09-28
plugin id	93752
published	2016-09-28
reporter	This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/93752
title	Fedora 24 : 1:openssl (2016-a555159613)

NASL family	Misc.
NASL id	ORACLE_E-BUSINESS_CPU_JUL_2017.NASL
description	The version of Oracle E-Business installed on the remote host is missing the July 2017 Oracle Critical Patch Update (CPU). It is, therefore, affected by the following vulnerabilities : - Multiple integer overflow conditions exist in the OpenSSL component in s3_srvr.c, ssl_sess.c, and t1_lib.c due to improper use of pointer arithmetic for heap-buffer boundary checks. An unauthenticated, remote attacker can exploit this to cause a denial of service. (CVE-2016-2177) - An information disclosure vulnerability exists in the OpenSSL component in the dsa_sign_setup() function in dsa_ossl.c due to a failure to properly ensure the use of constant-time operations. An unauthenticated, remote attacker can exploit this, via a timing side-channel attack, to disclose DSA key information. (CVE-2016-2178) - A denial of service vulnerability exists in the OpennSSL component in the DTLS implementation due to a failure to properly restrict the lifetime of queue entries associated with unused out-of-order messages. An unauthenticated, remote attacker can exploit this, by maintaining multiple crafted DTLS sessions simultaneously, to exhaust memory. (CVE-2016-2179) - An out-of-bounds read error exists in the OpenSSL component in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation. An unauthenticated, remote attacker can exploit this, via a crafted time-stamp file that is mishandled by the
last seen	2020-06-01
modified	2020-06-02
plugin id	101845
published	2017-07-20
reporter	This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/101845
title	Oracle E-Business Multiple Vulnerabilities (July 2017 CPU) (SWEET32)

NASL family	Windows
NASL id	HP_VERSION_CONTROL_REPO_MANAGER_7_6_0_0.NASL
description	According to its self-reported version, the HP Version Control Repository Manager (VCRM) application installed on the remote Windows host is prior to 7.6.0. It is, therefore, affected by multiple vulnerabilities : - A denial of service vulnerability exists in OpenSSL in x509_vfy.c due to improper handling of certificate revocation lists (CRLs). An unauthenticated, remote attacker can exploit this, via a specially crafted CRL, to cause a NULL pointer dereference, resulting in a crash of the service. (CVE-2016-7052) - A cross-site request forgery (XSRF) vulnerability exists in VCRM due to HTTP requests not requiring multiple steps, explicit confirmation, or a unique token when performing certain sensitive actions. An unauthenticated, remote attacker can exploit this, by convincing a user into following a specially crafted link, to perform unspecified actions. (CVE-2016-8513) - An unspecified flaw exists in VCRM that allows an authenticated, remote attacker to disclose potentially sensitive information. (CVE-2016-8514) - An unspecified flaw exists in VCRM that allows an authenticated, remote attacker to upload arbitrary files. (CVE-2016-8515) Note that Nessus has not tested for these issues but has instead relied only on the application
last seen	2020-06-01
modified	2020-06-02
plugin id	96721
published	2017-01-24
reporter	This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/96721
title	HP Version Control Repository Manager < 7.6.0 Multiple Vulnerabilities

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2016-97454404FE.NASL
description	Update from upstream with multiple security issues fixed. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-05
modified	2016-10-12
plugin id	93978
published	2016-10-12
reporter	This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/93978
title	Fedora 23 : 1:openssl (2016-97454404fe)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2018-168.NASL
description	This update for openssl-steam fixes the following issues : - Merged changes from upstream openssl (Factory rev 137) into this fork for Steam. Updated to openssl 1.0.2k : - CVE-2016-7055: Montgomery multiplication may produce incorrect results (boo#1009528) - CVE-2016-7056: ECSDA P-256 timing attack key recovery (boo#1019334) - CVE-2017-3731: Truncated packet could crash via OOB read (boo#1022085) - CVE-2017-3732: BN_mod_exp may produce incorrect results on x86_64 (boo#1022086) Update to openssl-1.0.2j : - CVE-2016-7052: Missing CRL sanity check (boo#1001148) OpenSSL Security Advisory [22 Sep 2016] (boo#999665) - Severity: High - CVE-2016-6304: OCSP Status Request extension unbounded memory growth (boo#999666) - Severity: Low - CVE-2016-2177: Pointer arithmetic undefined behaviour (boo#982575) - CVE-2016-2178: Constant time flag not preserved in DSA signing (boo#983249) - CVE-2016-2179: DTLS buffered message DoS (boo#994844) - CVE-2016-2180: OOB read in TS_OBJ_print_bio() (boo#990419) - CVE-2016-2181: DTLS replay protection DoS (boo#994749) - CVE-2016-2182: OOB write in BN_bn2dec() (boo#993819) - CVE-2016-2183: Birthday attack against 64-bit block ciphers (SWEET32) (boo#995359) - CVE-2016-6302: Malformed SHA512 ticket DoS (boo#995324) - CVE-2016-6303: OOB write in MDC2_Update() (boo#995377) - CVE-2016-6306: Certificate message OOB reads (boo#999668) ALso fixed : - fixed a crash in print_notice (boo#998190) - fix X509_CERT_FILE path (boo#1022271) and rename - resume reading from /dev/urandom when interrupted by a signal (boo#995075) - fix problems with locking in FIPS mode (boo#992120) - duplicates: boo#991877, boo#991193, boo#990392, boo#990428 and boo#990207 - drop openssl-fips_RSA_compute_d_with_lcm.patch (upstream) (boo#984323) - don
last seen	2020-06-05
modified	2018-02-16
plugin id	106863
published	2018-02-16
reporter	This script is Copyright (C) 2018-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/106863
title	openSUSE Security Update : openssl-steam (openSUSE-2018-168)

NASL family	Misc.
NASL id	ORACLE_ENTERPRISE_MANAGER_APR_2017_CPU.NASL
description	The version of Oracle Enterprise Manager Grid Control installed on the remote host is missing a security patch. It is, therefore, affected by multiple vulnerabilities : - Multiple integer overflow conditions exist in the OpenSSL component in s3_srvr.c, ssl_sess.c, and t1_lib.c due to improper use of pointer arithmetic for heap-buffer boundary checks. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2016-2177) - An information disclosure vulnerability exists in the OpenSSL component in dsa_sign_setup() function in dsa_ossl.c due to a failure to properly ensure the use of constant-time operations. An unauthenticated, remote attacker can exploit this, via a timing side-channel attack, to disclose DSA key information. (CVE-2016-2178) - A denial of service vulnerability exists in the OpenSSL component in the DTLS implementation due to a failure to properly restrict the lifetime of queue entries associated with unused out-of-order messages. An unauthenticated, remote attacker can exploit this, by maintaining multiple crafted DTLS sessions simultaneously, to exhaust memory. (CVE-2016-2179) - An out-of-bounds read error exists in the OpenSSL component in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation. An unauthenticated, remote attacker can exploit this, via a crafted time-stamp file that is mishandled by the
last seen	2020-06-01
modified	2020-06-02
plugin id	99594
published	2017-04-21
reporter	This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/99594
title	Oracle Enterprise Manager Grid Control Multiple Vulnerabilities (April 2017 CPU) (SWEET32)

NASL family	Web Servers
NASL id	OPENSSL_1_0_2J.NASL
description	According to its banner, the remote host is running OpenSSL version 1.0.2i. It is, therefore, affected by a denial of service vulnerability in x509_vfy.c due to improper handling of certificate revocation lists (CRLs). An unauthenticated, remote attacker can exploit this, via a specially crafted CRL, to cause a NULL pointer dereference, resulting in a crash of the service.
last seen	2020-06-01
modified	2020-06-02
plugin id	93786
published	2016-09-28
reporter	This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/93786
title	OpenSSL 1.0.2i CRL Handling NULL Pointer Dereference DoS

NASL family	Misc.
NASL id	PVS_5_2_0.NASL
description	The version of Tenable Passive Vulnerability Scanner (PVS) installed on the remote host is 5.x < 5.2.0. It is, therefore, affected by multiple vulnerabilities : - Multiple denial of service vulnerabilities exist in Expat within file xmlparse.c due to a logical error in hash computations. An unauthenticated, remote attacker can exploit these, via a specially crafted XML file containing many identifiers with the same value, to cause the service to exhaust CPU resources. (CVE-2012-0876, CVE-2016-5300) - A flaw exists in the generate_hash_secret_salt() function in file lib/xmlparse.c within Expat due to the generation of non-random output by the PRNG. An unauthenticated, remote attacker can exploit this to more easily predict the PRNG output. (CVE-2012-6702) - Multiple buffer overflow conditions exist within Expat, specifically in the XML_GetBuffer() function in file lib/xmlparse.c, due to improper validation of user-supplied input when handling compressed XML content. An unauthenticated, remote attacker can exploit these to execute arbitrary code. (CVE-2015-1283, CVE-2016-4472) - Multiple buffer overflow conditions exist within the Expat XML parser when handling malformed input documents due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit these to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-0718, CVE-2016-0719) - Multiple integer overflow conditions exist in s3_srvr.c, ssl_sess.c, and t1_lib.c due to improper use of pointer arithmetic for heap-buffer boundary checks. An unauthenticated, remote attacker can exploit these to cause a denial of service. (CVE-2016-2177) - An information disclosure vulnerability exists in the dsa_sign_setup() function in dsa_ossl.c due to a failure to properly ensure the use of constant-time operations. An unauthenticated, remote attacker can exploit this, via a timing side-channel attack, to disclose DSA key information. (CVE-2016-2178) - A denial of service vulnerability exists in the DTLS implementation due to a failure to properly restrict the lifetime of queue entries associated with unused out-of-order messages. An unauthenticated, remote attacker can exploit this, by maintaining multiple crafted DTLS sessions simultaneously, to exhaust memory. (CVE-2016-2179) - An out-of-bounds read error exists in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation. An unauthenticated, remote attacker can exploit this, via a crafted time-stamp file that is mishandled by the
last seen	2020-06-01
modified	2020-06-02
plugin id	96337
published	2017-01-06
reporter	This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/96337
title	Tenable Passive Vulnerability Scanner 5.x < 5.2.0 Multiple Vulnerabilities (SWEET32)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2016-64E0743E16.NASL
description	Update from upstream with multiple security issues fixed. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-05
modified	2016-11-15
plugin id	94811
published	2016-11-15
reporter	This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/94811
title	Fedora 25 : 1:openssl (2016-64e0743e16)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2016-2470-1.NASL
description	This update brings the new upstream nodejs LTS version 4.6.0, fixing bugs and security issues : - Nodejs embedded openssl version update + upgrade to 1.0.2j (CVE-2016-6304, CVE-2016-2183, CVE-2016-2178, CVE-2016-6306, CVE-2016-7052) + remove support for dynamic 3rd party engine modules - http: Properly validate for allowable characters in input user data. This introduces a new case where throw may occur when configuring HTTP responses, users should already be adopting try/catch here. (CVE-2016-5325, bsc#985201) - tls: properly validate wildcard certificates (CVE-2016-7099, bsc#1001652) - buffer: Zero-fill excess bytes in new Buffer objects created with Buffer.concat() Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-03-24
modified	2019-01-02
plugin id	119982
published	2019-01-02
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/119982
title	SUSE SLES12 Security Update : nodejs4 (SUSE-SU-2016:2470-1)

NASL family	Misc.
NASL id	SECURITYCENTER_5_4_1.NASL
description	According to its self-reported version, the Tenable SecurityCenter application installed on the remote host is prior to 5.4.1. It is, therefore, affected by multiple vulnerabilities : - A denial of service vulnerability exists in x509_vfy.c due to improper handling of certificate revocation lists (CRLs). An unauthenticated, remote attacker can exploit this, via a specially crafted CRL, to cause a NULL pointer dereference, resulting in a crash of the service. (CVE-2016-7052) - A cross-site scripting (XSS) vulnerability exists within the JQuery UI dialog() function due to improper validation of input to the
last seen	2020-06-01
modified	2020-06-02
plugin id	96832
published	2017-01-27
reporter	This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/96832
title	Tenable SecurityCenter < 5.4.1 Multiple Vulnerabilities (TNS-2016-19)

NASL family	FreeBSD Local Security Checks
NASL id	FREEBSD_PKG_91A337D883ED11E6BF52B499BAEBFEAF.NASL
description	OpenSSL reports : Critical vulnerability in OpenSSL 1.1.0a Fix Use After Free for large message sizes (CVE-2016-6309) Moderate vulnerability in OpenSSL 1.0.2i Missing CRL sanity check (CVE-2016-7052)
last seen	2020-06-01
modified	2020-06-02
plugin id	93730
published	2016-09-27
reporter	This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/93730
title	FreeBSD : OpenSSL -- multiple vulnerabilities (91a337d8-83ed-11e6-bf52-b499baebfeaf)

NASL family	CGI abuses : XSS
NASL id	NESSUS_TNS_2016_16.NASL
description	According to its self-reported version number, the Tenable Nessus application running on the remote host is 6.x prior to 6.9. It is, therefore, affected by multiple vulnerabilities : - Multiple integer overflow conditions exist in the OpenSSL component in s3_srvr.c, ssl_sess.c, and t1_lib.c due to improper use of pointer arithmetic for heap-buffer boundary checks. An unauthenticated, remote attacker can exploit this to cause a denial of service. (CVE-2016-2177) - An information disclosure vulnerability exists in the OpenSSL component in the dsa_sign_setup() function in dsa_ossl.c due to a failure to properly ensure the use of constant-time operations. An unauthenticated, remote attacker can exploit this, via a timing side-channel attack, to disclose DSA key information. (CVE-2016-2178) - A denial of service vulnerability exists in the OpenSSL component in the DTLS implementation due to a failure to properly restrict the lifetime of queue entries associated with unused out-of-order messages. An unauthenticated, remote attacker can exploit this, by maintaining multiple crafted DTLS sessions simultaneously, to exhaust memory. (CVE-2016-2179) - An out-of-bounds read error exists in the OpenSSL component in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation. An unauthenticated, remote attacker can exploit this, via a crafted time-stamp file that is mishandled by the
last seen	2020-06-01
modified	2020-06-02
plugin id	97192
published	2017-02-15
reporter	This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/97192
title	Tenable Nessus 6.x < 6.9 Multiple Vulnerabilities (TNS-2016-16) (SWEET32)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2016-1172.NASL
description	This update brings the new upstream nodejs LTS version 4.6.0, fixing bugs and security issues : - Nodejs embedded openssl version update + upgrade to 1.0.2j (CVE-2016-6304, CVE-2016-2183, CVE-2016-2178, CVE-2016-6306, CVE-2016-7052) + remove support for dynamic 3rd party engine modules - http: Properly validate for allowable characters in input user data. This introduces a new case where throw may occur when configuring HTTP responses, users should already be adopting try/catch here. (CVE-2016-5325, bsc#985201) - tls: properly validate wildcard certificates (CVE-2016-7099, bsc#1001652) - buffer: Zero-fill excess bytes in new Buffer objects created with Buffer.concat()
last seen	2020-06-05
modified	2016-10-12
plugin id	94002
published	2016-10-12
reporter	This script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/94002
title	openSUSE Security Update : nodejs (openSUSE-2016-1172)

NASL family	AIX Local Security Checks
NASL id	AIX_OPENSSL_ADVISORY21.NASL
description	The version of OpenSSL installed on the remote AIX host is affected by the following vulnerabilities : - Multiple integer overflow conditions exist in s3_srvr.c, ssl_sess.c, and t1_lib.c due to improper use of pointer arithmetic for heap-buffer boundary checks. An unauthenticated, remote attacker can exploit this to cause a denial of service. (CVE-2016-2177) - An information disclosure vulnerability exists in the dsa_sign_setup() function in dsa_ossl.c due to a failure to properly ensure the use of constant-time operations. An unauthenticated, remote attacker can exploit this, via a timing side-channel attack, to disclose DSA key information. (CVE-2016-2178) - A denial of service vulnerability exists in the DTLS implementation due to a failure to properly restrict the lifetime of queue entries associated with unused out-of-order messages. An unauthenticated, remote attacker can exploit this, by maintaining multiple crafted DTLS sessions simultaneously, to exhaust memory. (CVE-2016-2179) - An out-of-bounds read error exists in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation. An unauthenticated, remote attacker can exploit this, via a crafted time-stamp file that is mishandled by the
last seen	2020-06-01
modified	2020-06-02
plugin id	95255
published	2016-11-22
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/95255
title	AIX OpenSSL Advisory : openssl_advisory21.asc (SWEET32)

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-201612-16.NASL
description	The remote host is affected by the vulnerability described in GLSA-201612-16 (OpenSSL: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers and the International Association for Cryptologic Research’s (IACR) paper, “Make Sure DSA Signing Exponentiations Really are Constant-Time” for further details. Impact : Remote attackers could cause a Denial of Service condition or have other unspecified impacts. Additionally, a time based side-channel attack may allow a local attacker to recover a private DSA key. Workaround : There is no known workaround at this time.
last seen	2020-06-01
modified	2020-06-02
plugin id	95602
published	2016-12-07
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/95602
title	GLSA-201612-16 : OpenSSL: Multiple vulnerabilities

Packetstorm

data source	https://packetstormsecurity.com/files/download/143369/orionbrowser79-mitm.txt
id	PACKETSTORM:143369
last seen	2017-07-15
published	2017-07-14
reporter	MaXe
source	https://packetstormsecurity.com/files/143369/Orion-Elite-Hidden-IP-Browser-Pro-7.9-OpenSSL-Tor-Man-In-The-Middle.html
title	Orion Elite Hidden IP Browser Pro 7.9 OpenSSL / Tor / Man-In-The-Middle

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

Packetstorm

References