Vulnerabilities > CVE-2016-7056

047910
CVSS 5.5 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
local
low complexity
openssl
debian
redhat
canonical
nessus

Summary

A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with local access to recover ECDSA P-256 private keys.

Vulnerable Configurations

Part Description Count
Application
Openssl
161
OS
Debian
2
OS
Redhat
2
OS
Canonical
2

Nessus

  • NASL familyMacOS X Local Security Checks
    NASL idMACOS_10_12_4.NASL
    descriptionThe remote host is running a version of macOS that is 10.12.x prior to 10.12.4. It is, therefore, affected by multiple vulnerabilities in multiple components, some of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these remote code execution vulnerabilities by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user. The affected components are as follows : - apache - apache_mod_php - AppleGraphicsPowerManagement - AppleRAID - Audio - Bluetooth - Carbon - CoreGraphics - CoreMedia - CoreText - curl - EFI - FinderKit - FontParser - HTTPProtocol - Hypervisor - iBooks - ImageIO - Intel Graphics Driver - IOATAFamily - IOFireWireAVC - IOFireWireFamily - Kernel - Keyboards - libarchive - libc++abi - LibreSSL - MCX Client - Menus - Multi-Touch - OpenSSH - OpenSSL - Printing - python - QuickTime - Security - SecurityFoundation - sudo - System Integrity Protection - tcpdump - tiffutil - WebKit
    last seen2020-06-01
    modified2020-06-02
    plugin id99134
    published2017-03-31
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99134
    titlemacOS 10.12.x < 10.12.4 Multiple Vulnerabilities (httpoxy)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(99134);
      script_version("1.9");
      script_cvs_date("Date: 2019/11/13");
    
      script_cve_id(
        "CVE-2016-0736",
        "CVE-2016-2161",
        "CVE-2016-3619",
        "CVE-2016-4688",
        "CVE-2016-5387",
        "CVE-2016-5636",
        "CVE-2016-7056",
        "CVE-2016-7585",
        "CVE-2016-7922",
        "CVE-2016-7923",
        "CVE-2016-7924",
        "CVE-2016-7925",
        "CVE-2016-7926",
        "CVE-2016-7927",
        "CVE-2016-7928",
        "CVE-2016-7929",
        "CVE-2016-7930",
        "CVE-2016-7931",
        "CVE-2016-7932",
        "CVE-2016-7933",
        "CVE-2016-7934",
        "CVE-2016-7935",
        "CVE-2016-7936",
        "CVE-2016-7937",
        "CVE-2016-7938",
        "CVE-2016-7939",
        "CVE-2016-7940",
        "CVE-2016-7973",
        "CVE-2016-7974",
        "CVE-2016-7975",
        "CVE-2016-7983",
        "CVE-2016-7984",
        "CVE-2016-7985",
        "CVE-2016-7986",
        "CVE-2016-7992",
        "CVE-2016-7993",
        "CVE-2016-8574",
        "CVE-2016-8575",
        "CVE-2016-8740",
        "CVE-2016-8743",
        "CVE-2016-9533",
        "CVE-2016-9535",
        "CVE-2016-9536",
        "CVE-2016-9537",
        "CVE-2016-9538",
        "CVE-2016-9539",
        "CVE-2016-9540",
        "CVE-2016-9586",
        "CVE-2016-9935",
        "CVE-2016-10009",
        "CVE-2016-10010",
        "CVE-2016-10011",
        "CVE-2016-10012",
        "CVE-2016-10158",
        "CVE-2016-10159",
        "CVE-2016-10160",
        "CVE-2016-10161",
        "CVE-2017-2379",
        "CVE-2017-2381",
        "CVE-2017-2388",
        "CVE-2017-2390",
        "CVE-2017-2398",
        "CVE-2017-2401",
        "CVE-2017-2402",
        "CVE-2017-2403",
        "CVE-2017-2406",
        "CVE-2017-2407",
        "CVE-2017-2408",
        "CVE-2017-2409",
        "CVE-2017-2410",
        "CVE-2017-2413",
        "CVE-2017-2416",
        "CVE-2017-2417",
        "CVE-2017-2418",
        "CVE-2017-2420",
        "CVE-2017-2421",
        "CVE-2017-2422",
        "CVE-2017-2423",
        "CVE-2017-2425",
        "CVE-2017-2426",
        "CVE-2017-2427",
        "CVE-2017-2428",
        "CVE-2017-2429",
        "CVE-2017-2430",
        "CVE-2017-2431",
        "CVE-2017-2432",
        "CVE-2017-2435",
        "CVE-2017-2436",
        "CVE-2017-2437",
        "CVE-2017-2438",
        "CVE-2017-2439",
        "CVE-2017-2440",
        "CVE-2017-2441",
        "CVE-2017-2443",
        "CVE-2017-2448",
        "CVE-2017-2449",
        "CVE-2017-2450",
        "CVE-2017-2451",
        "CVE-2017-2456",
        "CVE-2017-2458",
        "CVE-2017-2461",
        "CVE-2017-2462",
        "CVE-2017-2467",
        "CVE-2017-2472",
        "CVE-2017-2473",
        "CVE-2017-2474",
        "CVE-2017-2477",
        "CVE-2017-2478",
        "CVE-2017-2482",
        "CVE-2017-2483",
        "CVE-2017-2485",
        "CVE-2017-2487",
        "CVE-2017-2489",
        "CVE-2017-2490",
        "CVE-2017-5029",
        "CVE-2017-5202",
        "CVE-2017-5203",
        "CVE-2017-5204",
        "CVE-2017-5205",
        "CVE-2017-5341",
        "CVE-2017-5342",
        "CVE-2017-5482",
        "CVE-2017-5483",
        "CVE-2017-5484",
        "CVE-2017-5485",
        "CVE-2017-5486",
        "CVE-2017-6974",
        "CVE-2017-7070"
      );
      script_bugtraq_id(
        85919,
        91247,
        91816,
        94572,
        94650,
        94742,
        94744,
        94745,
        94746,
        94747,
        94753,
        94754,
        94846,
        94968,
        94972,
        94975,
        94977,
        95019,
        95076,
        95077,
        95078,
        95375,
        95764,
        95768,
        95774,
        95783,
        95852,
        96767,
        97132,
        97134,
        97137,
        97140,
        97146,
        97147,
        97300,
        97301,
        97303
      );
      script_xref(name:"APPLE-SA", value:"APPLE-SA-2017-03-27-3");
      script_xref(name:"CERT", value:"797896");
      script_xref(name:"EDB-ID", value:"40961");
      script_xref(name:"EDB-ID", value:"40962");
    
      script_name(english:"macOS 10.12.x < 10.12.4 Multiple Vulnerabilities (httpoxy)");
      script_summary(english:"Checks the version of macOS.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote host is missing a macOS update that fixes multiple security
    vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The remote host is running a version of macOS that is 10.12.x prior to
    10.12.4. It is, therefore, affected by multiple vulnerabilities in
    multiple components, some of which are remote code execution
    vulnerabilities. An unauthenticated, remote attacker can exploit these
    remote code execution vulnerabilities by convincing a user to visit a
    specially crafted website, resulting in the execution of arbitrary
    code in the context of the current user. The affected components are
    as follows :
    
      - apache
      - apache_mod_php
      - AppleGraphicsPowerManagement
      - AppleRAID
      - Audio
      - Bluetooth
      - Carbon
      - CoreGraphics
      - CoreMedia
      - CoreText
      - curl
      - EFI
      - FinderKit
      - FontParser
      - HTTPProtocol
      - Hypervisor
      - iBooks
      - ImageIO
      - Intel Graphics Driver
      - IOATAFamily
      - IOFireWireAVC
      - IOFireWireFamily
      - Kernel
      - Keyboards
      - libarchive
      - libc++abi
      - LibreSSL
      - MCX Client
      - Menus
      - Multi-Touch
      - OpenSSH
      - OpenSSL
      - Printing
      - python
      - QuickTime
      - Security
      - SecurityFoundation
      - sudo
      - System Integrity Protection
      - tcpdump
      - tiffutil
      - WebKit");
      script_set_attribute(attribute:"see_also", value:"https://support.apple.com/en-us/HT207615");
      # https://lists.apple.com/archives/security-announce/2017/Mar/msg00004.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ddb4db4a");
      script_set_attribute(attribute:"see_also", value:"https://httpoxy.org");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to macOS version 10.12.4 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-5636");
    
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"in_the_news", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/01/21");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/03/27");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/03/31");
    
      script_set_attribute(attribute:"plugin_type", value:"combined");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:macos");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"MacOS X Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl", "os_fingerprint.nasl");
      script_require_ports("Host/MacOSX/Version", "Host/OS");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    
    os = get_kb_item("Host/MacOSX/Version");
    if (!os)
    {
      os = get_kb_item_or_exit("Host/OS");
      if ("Mac OS X" >!< os) audit(AUDIT_OS_NOT, "macOS / Mac OS X");
    
      c = get_kb_item("Host/OS/Confidence");
      if (c <= 70) exit(1, "Can't determine the host's OS with sufficient confidence.");
    }
    if (!os) audit(AUDIT_OS_NOT, "macOS / Mac OS X");
    
    matches = eregmatch(pattern:"Mac OS X ([0-9]+(\.[0-9]+)+)", string:os);
    if (isnull(matches)) exit(1, "Failed to parse the macOS / Mac OS X version ('" + os + "').");
    
    version = matches[1];
    if (version !~ "^10\.12($|[^0-9])") audit(AUDIT_OS_NOT, "Mac OS 10.12.x");
    
    fixed_version = "10.12.4";
    if (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)
    {
      security_report_v4(
        port:0,
        severity:SECURITY_HOLE,
        xss:TRUE,
        extra:
          '\n  Installed version : ' + version +
          '\n  Fixed version     : ' + fixed_version +
          '\n'
      );
    }
    else audit(AUDIT_INST_VER_NOT_VULN, "macOS / Mac OS X", version);
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-0461-1.NASL
    descriptionThis update for openssl fixes the following issues contained in the OpenSSL Security Advisory [26 Jan 2017] (bsc#1021641) Security issues fixed : - CVE-2016-7056: A local ECSDA P-256 timing attack that might have allowed key recovery was fixed (bsc#1019334) - CVE-2016-8610: A remote denial of service in SSL alert handling was fixed (bsc#1005878) - CVE-2016-2108: Added a missing commit for CVE-2016-2108, fixing the negative zero handling in the ASN.1 decoder (bsc#1004499) - CVE-2017-3731: Truncated packet could crash via OOB read (bsc#1022085, CVE-2017-3731) - Degrade the 3DES cipher to MEDIUM in SSLv2 (bsc#1001912) Bugs fixed : - fix crash in openssl speed (bsc#1000677) - fix ca-bundle path (bsc#1022271) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id97188
    published2017-02-15
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97188
    titleSUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2017:0461-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2017:0461-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(97188);
      script_version("3.10");
      script_cvs_date("Date: 2019/09/11 11:22:14");
    
      script_cve_id("CVE-2016-2108", "CVE-2016-7056", "CVE-2016-8610", "CVE-2017-3731");
    
      script_name(english:"SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2017:0461-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for openssl fixes the following issues contained in the
    OpenSSL Security Advisory [26 Jan 2017] (bsc#1021641) Security issues
    fixed :
    
      - CVE-2016-7056: A local ECSDA P-256 timing attack that
        might have allowed key recovery was fixed (bsc#1019334)
    
      - CVE-2016-8610: A remote denial of service in SSL alert
        handling was fixed (bsc#1005878)
    
      - CVE-2016-2108: Added a missing commit for CVE-2016-2108,
        fixing the negative zero handling in the ASN.1 decoder
        (bsc#1004499)
    
      - CVE-2017-3731: Truncated packet could crash via OOB read
        (bsc#1022085, CVE-2017-3731)
    
      - Degrade the 3DES cipher to MEDIUM in SSLv2 (bsc#1001912)
        Bugs fixed :
    
      - fix crash in openssl speed (bsc#1000677)
    
      - fix ca-bundle path (bsc#1022271)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1000677"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1001912"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1004499"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1005878"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1019334"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1021641"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1022085"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1022271"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-2108/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-7056/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-8610/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-3731/"
      );
      # https://www.suse.com/support/update/announcement/2017/suse-su-20170461-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?bd3f3072"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Software Development Kit 12-SP1:zypper in -t
    patch SUSE-SLE-SDK-12-SP1-2017-236=1
    
    SUSE Linux Enterprise Server 12-SP1:zypper in -t patch
    SUSE-SLE-SERVER-12-SP1-2017-236=1
    
    SUSE Linux Enterprise Desktop 12-SP1:zypper in -t patch
    SUSE-SLE-DESKTOP-12-SP1-2017-236=1
    
    To bring your system up-to-date, use 'zypper patch'."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libopenssl1_0_0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libopenssl1_0_0-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libopenssl1_0_0-hmac");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:openssl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:openssl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:openssl-debugsource");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/05/05");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/02/14");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/02/15");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(1)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP1", os_ver + " SP" + sp);
    if (os_ver == "SLED12" && (! preg(pattern:"^(1)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP1", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"1", reference:"libopenssl1_0_0-1.0.1i-54.5.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"libopenssl1_0_0-debuginfo-1.0.1i-54.5.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"libopenssl1_0_0-hmac-1.0.1i-54.5.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"openssl-1.0.1i-54.5.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"openssl-debuginfo-1.0.1i-54.5.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"openssl-debugsource-1.0.1i-54.5.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"libopenssl1_0_0-32bit-1.0.1i-54.5.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"libopenssl1_0_0-debuginfo-32bit-1.0.1i-54.5.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"libopenssl1_0_0-hmac-32bit-1.0.1i-54.5.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libopenssl1_0_0-1.0.1i-54.5.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libopenssl1_0_0-32bit-1.0.1i-54.5.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libopenssl1_0_0-debuginfo-1.0.1i-54.5.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libopenssl1_0_0-debuginfo-32bit-1.0.1i-54.5.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"openssl-1.0.1i-54.5.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"openssl-debuginfo-1.0.1i-54.5.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"openssl-debugsource-1.0.1i-54.5.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openssl");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-814.NASL
    descriptionSeveral vulnerabilities were discovered in OpenSSL : CVE-2016-7056 A local timing attack was discovered against ECDSA P-256. CVE-2016-8610 It was discovered that no limit was imposed on alert packets during an SSL handshake. CVE-2017-3731 Robert Swiecki discovered that the RC4-MD5 cipher when running on 32 bit systems could be forced into an out-of-bounds read, resulting in denial of service. For Debian 7
    last seen2020-03-17
    modified2017-02-02
    plugin id96931
    published2017-02-02
    reporterThis script is Copyright (C) 2017-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/96931
    titleDebian DLA-814-1 : openssl security update
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Debian Security Advisory DLA-814-1. The text
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(96931);
      script_version("3.10");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2016-7056", "CVE-2016-8610", "CVE-2017-3731");
    
      script_name(english:"Debian DLA-814-1 : openssl security update");
      script_summary(english:"Checks dpkg output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Several vulnerabilities were discovered in OpenSSL :
    
    CVE-2016-7056
    
    A local timing attack was discovered against ECDSA P-256.
    
    CVE-2016-8610
    
    It was discovered that no limit was imposed on alert packets during an
    SSL handshake.
    
    CVE-2017-3731
    
    Robert Swiecki discovered that the RC4-MD5 cipher when running on 32
    bit systems could be forced into an out-of-bounds read, resulting in
    denial of service.
    
    For Debian 7 'Wheezy', these problems have been fixed in version
    1.0.1t-1+deb7u2.
    
    We recommend that you upgrade your openssl packages.
    
    NOTE: Tenable Network Security has extracted the preceding description
    block directly from the DLA security advisory. Tenable has attempted
    to automatically clean and format it as much as possible without
    introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.debian.org/debian-lts-announce/2017/02/msg00001.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/wheezy/openssl"
      );
      script_set_attribute(attribute:"solution", value:"Upgrade the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libssl-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libssl-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libssl1.0.0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libssl1.0.0-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:openssl");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2017/02/01");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/02/02");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2020 Tenable Network Security, Inc.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"7.0", prefix:"libssl-dev", reference:"1.0.1t-1+deb7u2")) flag++;
    if (deb_check(release:"7.0", prefix:"libssl-doc", reference:"1.0.1t-1+deb7u2")) flag++;
    if (deb_check(release:"7.0", prefix:"libssl1.0.0", reference:"1.0.1t-1+deb7u2")) flag++;
    if (deb_check(release:"7.0", prefix:"libssl1.0.0-dbg", reference:"1.0.1t-1+deb7u2")) flag++;
    if (deb_check(release:"7.0", prefix:"openssl", reference:"1.0.1t-1+deb7u2")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-0605-1.NASL
    descriptionThis update for compat-openssl098 fixes the following issues contained in the OpenSSL Security Advisory [26 Jan 2017] (bsc#1021641) Security issues fixed : - CVE-2016-7056: A local ECSDA P-256 timing attack that might have allowed key recovery was fixed (bsc#1019334) - CVE-2016-8610: A remote denial of service in SSL alert handling was fixed (bsc#1005878) - degrade 3DES to MEDIUM in SSL2 (bsc#1001912) - CVE-2016-2108: Added a missing commit for CVE-2016-2108, fixing the negative zero handling in the ASN.1 decoder (bsc#1004499) Bugs fixed : - fix crash in openssl speed (bsc#1000677) - don
    last seen2020-06-01
    modified2020-06-02
    plugin id97550
    published2017-03-06
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97550
    titleSUSE SLED12 / SLES12 Security Update : compat-openssl098 (SUSE-SU-2017:0605-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2017:0605-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(97550);
      script_version("3.7");
      script_cvs_date("Date: 2019/09/11 11:22:15");
    
      script_cve_id("CVE-2016-2108", "CVE-2016-7056", "CVE-2016-8610");
    
      script_name(english:"SUSE SLED12 / SLES12 Security Update : compat-openssl098 (SUSE-SU-2017:0605-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for compat-openssl098 fixes the following issues contained
    in the OpenSSL Security Advisory [26 Jan 2017] (bsc#1021641) Security
    issues fixed :
    
      - CVE-2016-7056: A local ECSDA P-256 timing attack that
        might have allowed key recovery was fixed (bsc#1019334)
    
      - CVE-2016-8610: A remote denial of service in SSL alert
        handling was fixed (bsc#1005878)
    
      - degrade 3DES to MEDIUM in SSL2 (bsc#1001912)
    
      - CVE-2016-2108: Added a missing commit for CVE-2016-2108,
        fixing the negative zero handling in the ASN.1 decoder
        (bsc#1004499) Bugs fixed :
    
      - fix crash in openssl speed (bsc#1000677)
    
      - don't attempt session resumption if no ticket is present
        and session ID length is zero (bsc#984663)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1000677"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1001912"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1004499"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1005878"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1019334"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1021641"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=984663"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-2108/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-7056/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-8610/"
      );
      # https://www.suse.com/support/update/announcement/2017/suse-su-20170605-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?e5901b77"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Server for SAP 12-SP2:zypper in -t patch
    SUSE-SLE-SAP-12-SP2-2017-319=1
    
    SUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch
    SUSE-SLE-SAP-12-SP1-2017-319=1
    
    SUSE Linux Enterprise Module for Legacy Software 12:zypper in -t patch
    SUSE-SLE-Module-Legacy-12-2017-319=1
    
    SUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch
    SUSE-SLE-DESKTOP-12-SP2-2017-319=1
    
    SUSE Linux Enterprise Desktop 12-SP1:zypper in -t patch
    SUSE-SLE-DESKTOP-12-SP1-2017-319=1
    
    To bring your system up-to-date, use 'zypper patch'."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:compat-openssl098-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libopenssl0_9_8");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libopenssl0_9_8-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/05/05");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/03/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/03/06");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP0", os_ver + " SP" + sp);
    if (os_ver == "SLED12" && (! preg(pattern:"^(1|2)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP1/2", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"0", reference:"compat-openssl098-debugsource-0.9.8j-105.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"libopenssl0_9_8-0.9.8j-105.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"libopenssl0_9_8-32bit-0.9.8j-105.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"libopenssl0_9_8-debuginfo-0.9.8j-105.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"libopenssl0_9_8-debuginfo-32bit-0.9.8j-105.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"compat-openssl098-debugsource-0.9.8j-105.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libopenssl0_9_8-0.9.8j-105.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libopenssl0_9_8-32bit-0.9.8j-105.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libopenssl0_9_8-debuginfo-0.9.8j-105.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libopenssl0_9_8-debuginfo-32bit-0.9.8j-105.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"compat-openssl098-debugsource-0.9.8j-105.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libopenssl0_9_8-0.9.8j-105.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libopenssl0_9_8-32bit-0.9.8j-105.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libopenssl0_9_8-debuginfo-0.9.8j-105.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libopenssl0_9_8-debuginfo-32bit-0.9.8j-105.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "compat-openssl098");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-168.NASL
    descriptionThis update for openssl-steam fixes the following issues : - Merged changes from upstream openssl (Factory rev 137) into this fork for Steam. Updated to openssl 1.0.2k : - CVE-2016-7055: Montgomery multiplication may produce incorrect results (boo#1009528) - CVE-2016-7056: ECSDA P-256 timing attack key recovery (boo#1019334) - CVE-2017-3731: Truncated packet could crash via OOB read (boo#1022085) - CVE-2017-3732: BN_mod_exp may produce incorrect results on x86_64 (boo#1022086) Update to openssl-1.0.2j : - CVE-2016-7052: Missing CRL sanity check (boo#1001148) OpenSSL Security Advisory [22 Sep 2016] (boo#999665) - Severity: High - CVE-2016-6304: OCSP Status Request extension unbounded memory growth (boo#999666) - Severity: Low - CVE-2016-2177: Pointer arithmetic undefined behaviour (boo#982575) - CVE-2016-2178: Constant time flag not preserved in DSA signing (boo#983249) - CVE-2016-2179: DTLS buffered message DoS (boo#994844) - CVE-2016-2180: OOB read in TS_OBJ_print_bio() (boo#990419) - CVE-2016-2181: DTLS replay protection DoS (boo#994749) - CVE-2016-2182: OOB write in BN_bn2dec() (boo#993819) - CVE-2016-2183: Birthday attack against 64-bit block ciphers (SWEET32) (boo#995359) - CVE-2016-6302: Malformed SHA512 ticket DoS (boo#995324) - CVE-2016-6303: OOB write in MDC2_Update() (boo#995377) - CVE-2016-6306: Certificate message OOB reads (boo#999668) ALso fixed : - fixed a crash in print_notice (boo#998190) - fix X509_CERT_FILE path (boo#1022271) and rename - resume reading from /dev/urandom when interrupted by a signal (boo#995075) - fix problems with locking in FIPS mode (boo#992120) - duplicates: boo#991877, boo#991193, boo#990392, boo#990428 and boo#990207 - drop openssl-fips_RSA_compute_d_with_lcm.patch (upstream) (boo#984323) - don
    last seen2020-06-05
    modified2018-02-16
    plugin id106863
    published2018-02-16
    reporterThis script is Copyright (C) 2018-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/106863
    titleopenSUSE Security Update : openssl-steam (openSUSE-2018-168)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3181-1.NASL
    descriptionGuido Vranken discovered that OpenSSL used undefined behaviour when performing pointer arithmetic. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS as other releases were fixed in a previous security update. (CVE-2016-2177) It was discovered that OpenSSL did not properly handle Montgomery multiplication, resulting in incorrect results leading to transient failures. This issue only applied to Ubuntu 16.04 LTS, and Ubuntu 16.10. (CVE-2016-7055) It was discovered that OpenSSL did not properly use constant-time operations when performing ECDSA P-256 signing. A remote attacker could possibly use this issue to perform a timing attack and recover private ECDSA keys. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-7056) Shi Lei discovered that OpenSSL incorrectly handled certain warning alerts. A remote attacker could possibly use this issue to cause OpenSSL to stop responding, resulting in a denial of service. (CVE-2016-8610) Robert Swiecki discovered that OpenSSL incorrectly handled certain truncated packets. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2017-3731) It was discovered that OpenSSL incorrectly performed the x86_64 Montgomery squaring procedure. While unlikely, a remote attacker could possibly use this issue to recover private keys. This issue only applied to Ubuntu 16.04 LTS, and Ubuntu 16.10. (CVE-2017-3732). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id96927
    published2017-02-01
    reporterUbuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96927
    titleUbuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : openssl vulnerabilities (USN-3181-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-1413.NASL
    descriptionAn update is now available for Red Hat JBoss Core Services on RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.23, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Security Fix(es) : * A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiation. A remote attacker could cause a TLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory, if it enabled OCSP stapling support. (CVE-2016-6304) * It was discovered that the mod_session_crypto module of httpd did not use any mechanisms to verify integrity of the encrypted session data stored in the user
    last seen2020-06-01
    modified2020-06-02
    plugin id117315
    published2018-09-06
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/117315
    titleRHEL 7 : JBoss Core Services (RHSA-2017:1413)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2017-560.NASL
    descriptionThis update for libressl to version 2.5.1 fixes the following issues : These security issues were fixed : - CVE-2016-0702: Prevent side channel attack on modular exponentiation (boo#968050). - CVE-2016-7056: Avoid a side-channel cache-timing attack that can leak the ECDSA private keys when signing (boo#1019334). These non-security issues were fixed : - Detect zero-length encrypted session data early - Curve25519 Key Exchange support. - Support for alternate chains for certificate verification. - Added EVP interface for MD5+SHA1 hashes - Fixed DTLS client failures when the server sends a certificate request. - Corrected handling of padding when upgrading an SSLv2 challenge into an SSLv3/TLS connection. - Allowed protocols and ciphers to be set on a TLS config object in libtls.
    last seen2020-06-05
    modified2017-05-09
    plugin id100042
    published2017-05-09
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100042
    titleopenSUSE Security Update : libressl (openSUSE-2017-560)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-1801.NASL
    descriptionAn update is now available for Red Hat JBoss Web Server 3.1 for RHEL 6 and Red Hat JBoss Web Server 3.1 for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1 Service Pack 1 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Security Fix(es) : * It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. An attacker could use this flaw to send a specially crafted log event that, during deserialization, would execute arbitrary code in the context of the logger application. (CVE-2017-5645) * A vulnerability was discovered in tomcat
    last seen2020-05-09
    modified2018-08-29
    plugin id112177
    published2018-08-29
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/112177
    titleRHEL 6 / 7 : Red Hat JBoss Web Server 3.1.0 Service Pack 1 (RHSA-2017:1801)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-0112-1.NASL
    descriptionThis update for openssl fixes the following issues: Security issues fixed : - CVE-2016-7056: ECSDA P-256 timing attack key recovery (bsc#1019334) - CVE-2017-3731: Truncated packet could crash via OOB read (bsc#1022085) - CVE-2016-8610: remote denial of service in SSL alert handling (bsc#1005878) - CVE-2017-3735: Malformed X.509 IPAdressFamily could cause OOB read (bsc#1056058) Bug fixes : - support alternate root ca chains (bsc#1032261) - X509_get_default_cert_file() returns an incorrect path (bsc#1022271) - Segmentation fault in
    last seen2020-06-01
    modified2020-06-02
    plugin id106093
    published2018-01-17
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/106093
    titleSUSE SLES12 Security Update : openssl (SUSE-SU-2018:0112-1)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SECUPD2017-001.NASL
    descriptionThe remote host is running a version of Mac OS X 10.10.5 or 10.11.6 that is missing a security update. It is therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists in the LibreSSL component due to a flaw in the ECDSA implementation that is triggered when not properly setting a flag in ECDSA signing nonces to indicate that only constant-time code paths should be followed. An unauthenticated, remote attacker can exploit this to conduct side-channel cache-timing attacks, allowing the attacker to recover the modular inversion state sequences and the ECDSA private keys. Note that this vulnerability does not affect Mac OS X 10.10.5. (CVE-2016-7056) - An integer overflow condition exists in the ImageIO component due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, by convincing a user to open a specially crafted JPEG file, to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-2432) - Multiple memory corruption issues exist in the libxslt component that allow an unauthenticated, remote attacker to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-2477) - An integer overflow condition exists in the libxslt component in the xsltAddTextString() function in transform.c. An unauthenticated, remote attacker can exploit this, by convincing a user to open a specially crafted file, to cause an out-of-bounds write, potentially allowing the execution of arbitrary code. (CVE-2017-5029)
    last seen2020-06-01
    modified2020-06-02
    plugin id99135
    published2017-03-31
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99135
    titleMac OS X Multiple Vulnerabilities (Security Update 2017-001
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2017-222.NASL
    descriptionThis update for libressl fixes the following issues : - CVE-2016-7056: Difficult to execute cache timing attack that may have allowed a local user to recover the private part from ECDSA P-256 keys (boo#1019334)
    last seen2020-06-05
    modified2017-02-09
    plugin id97076
    published2017-02-09
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97076
    titleopenSUSE Security Update : libressl (openSUSE-2017-222)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-0585-1.NASL
    descriptionThis update for openssl fixes the following issues contained in the OpenSSL Security Advisory [26 Jan 2017] (bsc#1021641) Security issues fixed : - CVE-2016-7056: A local ECSDA P-256 timing attack that might have allowed key recovery was fixed (bsc#1019334) - CVE-2016-8610: A remote denial of service in SSL alert handling was fixed (bsc#1005878) - degrade 3DES to MEDIUM in SSL2 (bsc#1001912) - CVE-2016-2108: Added a missing commit for CVE-2016-2108, fixing the negative zero handling in the ASN.1 decoder (bsc#1004499) Bugs fixed : - fix crash in openssl speed (bsc#1000677) - don
    last seen2020-06-01
    modified2020-06-02
    plugin id97494
    published2017-03-02
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97494
    titleSUSE SLES11 Security Update : openssl (SUSE-SU-2017:0585-1)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3773.NASL
    descriptionSeveral vulnerabilities were discovered in OpenSSL : - CVE-2016-7056 A local timing attack was discovered against ECDSA P-256. - CVE-2016-8610 It was discovered that no limit was imposed on alert packets during an SSL handshake. - CVE-2017-3731 Robert Swiecki discovered that the RC4-MD5 cipher when running on 32 bit systems could be forced into an out-of-bounds read, resulting in denial of service.
    last seen2020-06-01
    modified2020-06-02
    plugin id96842
    published2017-01-30
    reporterThis script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96842
    titleDebian DSA-3773-1 : openssl - security update
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2017-561.NASL
    descriptionThis update for libressl to version 2.5.1 fixes the following issues : These security issues were fixed : - CVE-2016-0702: Prevent side channel attack on modular exponentiation (boo#968050). - CVE-2016-7056: Avoid a side-channel cache-timing attack that can leak the ECDSA private keys when signing (boo#1019334). These non-security issues were fixed : - Detect zero-length encrypted session data early - Curve25519 Key Exchange support. - Support for alternate chains for certificate verification. - Added EVP interface for MD5+SHA1 hashes - Fixed DTLS client failures when the server sends a certificate request. - Corrected handling of padding when upgrading an SSLv2 challenge into an SSLv3/TLS connection. - Allowed protocols and ciphers to be set on a TLS config object in libtls. For additional changes please refer to the changelog.
    last seen2020-06-05
    modified2017-05-09
    plugin id100043
    published2017-05-09
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100043
    titleopenSUSE Security Update : libressl (openSUSE-2017-561)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_7CAEBE30D7F111E6A9A5B499BAEBFEAF.NASL
    descriptionCesar Pereida Garcia reports : The signing function in crypto/ecdsa/ecdsa_ossl.c in certain OpenSSL versions and forks is vulnerable to timing attacks when signing with the standardized elliptic curve P-256 despite featuring constant-time curve operations and modular inversion. A software defect omits setting the BN_FLG_CONSTTIME flag for nonces, failing to take a secure code path in the BN_mod_inverse method and therefore resulting in a cache-timing attack vulnerability. A malicious user with local access can recover ECDSA P-256 private keys.
    last seen2020-06-01
    modified2020-06-02
    plugin id96412
    published2017-01-12
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96412
    titleFreeBSD : openssl -- timing attack vulnerability (7caebe30-d7f1-11e6-a9a5-b499baebfeaf)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-1414.NASL
    descriptionAn update is now available for Red Hat JBoss Core Services on RHEL 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.23, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Security Fix(es) : * A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiation. A remote attacker could cause a TLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory, if it enabled OCSP stapling support. (CVE-2016-6304) * It was discovered that the mod_session_crypto module of httpd did not use any mechanisms to verify integrity of the encrypted session data stored in the user
    last seen2020-06-01
    modified2020-06-02
    plugin id117316
    published2018-09-06
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/117316
    titleRHEL 6 : JBoss Core Services (RHSA-2017:1414)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2017-255.NASL
    descriptionThis update for openssl fixes the following issues contained in the OpenSSL Security Advisory [26 Jan 2017] (bsc#1021641) Security issues fixed : - CVE-2016-7056: A local ECSDA P-256 timing attack that might have allowed key recovery was fixed (bsc#1019334) - CVE-2016-8610: A remote denial of service in SSL alert handling was fixed (bsc#1005878) - CVE-2016-2108: Added a missing commit for CVE-2016-2108, fixing the negative zero handling in the ASN.1 decoder (bsc#1004499) - CVE-2017-3731: Truncated packet could crash via OOB read (bsc#1022085, CVE-2017-3731) - Degrade the 3DES cipher to MEDIUM in SSLv2 (bsc#1001912) Bugs fixed : - fix crash in openssl speed (bsc#1000677) - fix ca-bundle path (bsc#1022271) This update was imported from the SUSE:SLE-12-SP1:Update update project.
    last seen2020-06-05
    modified2017-02-21
    plugin id97275
    published2017-02-21
    reporterThis script is Copyright (C) 2017-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/97275
    titleopenSUSE Security Update : openssl (openSUSE-2017-255)

Redhat

advisories
  • bugzilla
    id1450015
    titleRegression in openssl req -x509 in openssl-1.0.2
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 7 is installed
        ovaloval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • commentopenssl-devel is earlier than 1:1.0.2k-8.el7
            ovaloval:com.redhat.rhba:tst:20171929001
          • commentopenssl-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20171929002
        • AND
          • commentopenssl-perl is earlier than 1:1.0.2k-8.el7
            ovaloval:com.redhat.rhba:tst:20171929003
          • commentopenssl-perl is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20171929004
        • AND
          • commentopenssl-static is earlier than 1:1.0.2k-8.el7
            ovaloval:com.redhat.rhba:tst:20171929005
          • commentopenssl-static is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20171929006
        • AND
          • commentopenssl is earlier than 1:1.0.2k-8.el7
            ovaloval:com.redhat.rhba:tst:20171929007
          • commentopenssl is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20171929008
        • AND
          • commentopenssl-libs is earlier than 1:1.0.2k-8.el7
            ovaloval:com.redhat.rhba:tst:20171929009
          • commentopenssl-libs is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20171929010
    rhsa
    idRHBA-2017:1929
    released2017-08-01
    severityNone
    titleRHBA-2017:1929: openssl bug fix and enhancement update (None)
  • rhsa
    idRHSA-2017:1413
  • rhsa
    idRHSA-2017:1414
  • rhsa
    idRHSA-2017:1415
  • rhsa
    idRHSA-2017:1801
  • rhsa
    idRHSA-2017:1802
rpms
  • openssl-1:1.0.2k-8.el7
  • openssl-debuginfo-1:1.0.2k-8.el7
  • openssl-devel-1:1.0.2k-8.el7
  • openssl-libs-1:1.0.2k-8.el7
  • openssl-perl-1:1.0.2k-8.el7
  • openssl-static-1:1.0.2k-8.el7
  • jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el7
  • jbcs-httpd24-httpd-debuginfo-0:2.4.23-120.jbcs.el7
  • jbcs-httpd24-httpd-devel-0:2.4.23-120.jbcs.el7
  • jbcs-httpd24-httpd-libs-0:2.4.23-120.jbcs.el7
  • jbcs-httpd24-httpd-manual-0:2.4.23-120.jbcs.el7
  • jbcs-httpd24-httpd-selinux-0:2.4.23-120.jbcs.el7
  • jbcs-httpd24-httpd-tools-0:2.4.23-120.jbcs.el7
  • jbcs-httpd24-mod_ldap-0:2.4.23-120.jbcs.el7
  • jbcs-httpd24-mod_proxy_html-1:2.4.23-120.jbcs.el7
  • jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el7
  • jbcs-httpd24-mod_security-debuginfo-0:2.9.1-19.GA.jbcs.el7
  • jbcs-httpd24-mod_session-0:2.4.23-120.jbcs.el7
  • jbcs-httpd24-mod_ssl-1:2.4.23-120.jbcs.el7
  • jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el7
  • jbcs-httpd24-openssl-debuginfo-1:1.0.2h-13.jbcs.el7
  • jbcs-httpd24-openssl-devel-1:1.0.2h-13.jbcs.el7
  • jbcs-httpd24-openssl-libs-1:1.0.2h-13.jbcs.el7
  • jbcs-httpd24-openssl-perl-1:1.0.2h-13.jbcs.el7
  • jbcs-httpd24-openssl-static-1:1.0.2h-13.jbcs.el7
  • jbcs-httpd24-httpd-0:2.4.23-120.jbcs.el6
  • jbcs-httpd24-httpd-debuginfo-0:2.4.23-120.jbcs.el6
  • jbcs-httpd24-httpd-devel-0:2.4.23-120.jbcs.el6
  • jbcs-httpd24-httpd-libs-0:2.4.23-120.jbcs.el6
  • jbcs-httpd24-httpd-manual-0:2.4.23-120.jbcs.el6
  • jbcs-httpd24-httpd-selinux-0:2.4.23-120.jbcs.el6
  • jbcs-httpd24-httpd-tools-0:2.4.23-120.jbcs.el6
  • jbcs-httpd24-mod_ldap-0:2.4.23-120.jbcs.el6
  • jbcs-httpd24-mod_proxy_html-1:2.4.23-120.jbcs.el6
  • jbcs-httpd24-mod_security-0:2.9.1-19.GA.jbcs.el6
  • jbcs-httpd24-mod_security-debuginfo-0:2.9.1-19.GA.jbcs.el6
  • jbcs-httpd24-mod_session-0:2.4.23-120.jbcs.el6
  • jbcs-httpd24-mod_ssl-1:2.4.23-120.jbcs.el6
  • jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el6
  • jbcs-httpd24-openssl-debuginfo-1:1.0.2h-13.jbcs.el6
  • jbcs-httpd24-openssl-devel-1:1.0.2h-13.jbcs.el6
  • jbcs-httpd24-openssl-libs-1:1.0.2h-13.jbcs.el6
  • jbcs-httpd24-openssl-perl-1:1.0.2h-13.jbcs.el6
  • jbcs-httpd24-openssl-static-1:1.0.2h-13.jbcs.el6
  • log4j-eap6-0:1.2.16-12.redhat_3.1.ep6.el6
  • log4j-eap6-0:1.2.16-12.redhat_3.1.ep6.el7
  • tomcat-native-0:1.2.8-10.redhat_10.ep7.el6
  • tomcat-native-0:1.2.8-10.redhat_10.ep7.el7
  • tomcat-native-debuginfo-0:1.2.8-10.redhat_10.ep7.el6
  • tomcat-native-debuginfo-0:1.2.8-10.redhat_10.ep7.el7
  • tomcat7-0:7.0.70-22.ep7.el6
  • tomcat7-0:7.0.70-22.ep7.el7
  • tomcat7-admin-webapps-0:7.0.70-22.ep7.el6
  • tomcat7-admin-webapps-0:7.0.70-22.ep7.el7
  • tomcat7-docs-webapp-0:7.0.70-22.ep7.el6
  • tomcat7-docs-webapp-0:7.0.70-22.ep7.el7
  • tomcat7-el-2.2-api-0:7.0.70-22.ep7.el6
  • tomcat7-el-2.2-api-0:7.0.70-22.ep7.el7
  • tomcat7-javadoc-0:7.0.70-22.ep7.el6
  • tomcat7-javadoc-0:7.0.70-22.ep7.el7
  • tomcat7-jsp-2.2-api-0:7.0.70-22.ep7.el6
  • tomcat7-jsp-2.2-api-0:7.0.70-22.ep7.el7
  • tomcat7-jsvc-0:7.0.70-22.ep7.el6
  • tomcat7-jsvc-0:7.0.70-22.ep7.el7
  • tomcat7-lib-0:7.0.70-22.ep7.el6
  • tomcat7-lib-0:7.0.70-22.ep7.el7
  • tomcat7-log4j-0:7.0.70-22.ep7.el6
  • tomcat7-log4j-0:7.0.70-22.ep7.el7
  • tomcat7-selinux-0:7.0.70-22.ep7.el6
  • tomcat7-selinux-0:7.0.70-22.ep7.el7
  • tomcat7-servlet-3.0-api-0:7.0.70-22.ep7.el6
  • tomcat7-servlet-3.0-api-0:7.0.70-22.ep7.el7
  • tomcat7-webapps-0:7.0.70-22.ep7.el6
  • tomcat7-webapps-0:7.0.70-22.ep7.el7
  • tomcat8-0:8.0.36-24.ep7.el6
  • tomcat8-0:8.0.36-24.ep7.el7
  • tomcat8-admin-webapps-0:8.0.36-24.ep7.el6
  • tomcat8-admin-webapps-0:8.0.36-24.ep7.el7
  • tomcat8-docs-webapp-0:8.0.36-24.ep7.el6
  • tomcat8-docs-webapp-0:8.0.36-24.ep7.el7
  • tomcat8-el-2.2-api-0:8.0.36-24.ep7.el6
  • tomcat8-el-2.2-api-0:8.0.36-24.ep7.el7
  • tomcat8-javadoc-0:8.0.36-24.ep7.el6
  • tomcat8-javadoc-0:8.0.36-24.ep7.el7
  • tomcat8-jsp-2.3-api-0:8.0.36-24.ep7.el6
  • tomcat8-jsp-2.3-api-0:8.0.36-24.ep7.el7
  • tomcat8-jsvc-0:8.0.36-24.ep7.el6
  • tomcat8-jsvc-0:8.0.36-24.ep7.el7
  • tomcat8-lib-0:8.0.36-24.ep7.el6
  • tomcat8-lib-0:8.0.36-24.ep7.el7
  • tomcat8-log4j-0:8.0.36-24.ep7.el6
  • tomcat8-log4j-0:8.0.36-24.ep7.el7
  • tomcat8-selinux-0:8.0.36-24.ep7.el6
  • tomcat8-selinux-0:8.0.36-24.ep7.el7
  • tomcat8-servlet-3.1-api-0:8.0.36-24.ep7.el6
  • tomcat8-servlet-3.1-api-0:8.0.36-24.ep7.el7
  • tomcat8-webapps-0:8.0.36-24.ep7.el6
  • tomcat8-webapps-0:8.0.36-24.ep7.el7

References