Vulnerabilities > CVE-2017-1000385 - Information Exposure Through Discrepancy vulnerability in multiple products
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA PKCS #1 1.5 padding. This allows an attacker to decrypt content or sign messages with the server's private key (this is a variation of the Bleichenbacher attack).
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 3 | |
| OS | 2 |
Common Weakness Enumeration (CWE)
Metasploit
| description | Some TLS implementations handle errors processing RSA key exchanges and encryption (PKCS #1 v1.5 messages) in a broken way that leads an adaptive chosen-chiphertext attack. Attackers cannot recover a server's private key, but they can decrypt and sign messages with it. A strong oracle occurs when the TLS server does not strictly check message formatting and needs less than a million requests on average to decode a given ciphertext. A weak oracle server strictly checks message formatting and often requires many more requests to perform the attack. This module requires Python 3 with the gmpy2 and cryptography packages to be present. |
| id | MSF:AUXILIARY/SCANNER/SSL/BLEICHENBACHER_ORACLE |
| last seen | 2020-03-09 |
| modified | 2018-08-27 |
| published | 2018-02-02 |
| references |
|
| reporter | Rapid7 |
| source | https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/scanner/ssl/bleichenbacher_oracle.py |
| title | Scanner for Bleichenbacher Oracle in RSA PKCS #1 v1.5 |
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2017-9E6DF1E099.NASL description - Ver. 19.3.6.4 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2018-01-15 plugin id 105939 published 2018-01-15 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/105939 title Fedora 27 : erlang (2017-9e6df1e099) (ROBOT) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2017-9e6df1e099. # include("compat.inc"); if (description) { script_id(105939); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2017-1000385"); script_xref(name:"FEDORA", value:"2017-9e6df1e099"); script_name(english:"Fedora 27 : erlang (2017-9e6df1e099) (ROBOT)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: " - Ver. 19.3.6.4 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2017-9e6df1e099" ); script_set_attribute( attribute:"solution", value:"Update the affected erlang package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:erlang"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:27"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/12/12"); script_set_attribute(attribute:"patch_publication_date", value:"2017/12/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/01/15"); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^27([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 27", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC27", reference:"erlang-19.3.6.4-1.fc27")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "erlang"); }NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4057.NASL description It was discovered that the TLS server in Erlang is vulnerable to an adaptive chosen ciphertext attack against RSA keys. last seen 2020-06-01 modified 2020-06-02 plugin id 105089 published 2017-12-08 reporter This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/105089 title Debian DSA-4057-1 : erlang - security update (ROBOT) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-4057. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(105089); script_version("3.6"); script_cvs_date("Date: 2018/11/13 12:30:46"); script_cve_id("CVE-2017-1000385"); script_xref(name:"DSA", value:"4057"); script_name(english:"Debian DSA-4057-1 : erlang - security update (ROBOT)"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "It was discovered that the TLS server in Erlang is vulnerable to an adaptive chosen ciphertext attack against RSA keys." ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/source-package/erlang" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/jessie/erlang" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/stretch/erlang" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2017/dsa-4057" ); script_set_attribute( attribute:"solution", value: "Upgrade the erlang packages. For the oldstable distribution (jessie), this problem has been fixed in version 1:17.3-dfsg-4+deb8u2. For the stable distribution (stretch), this problem has been fixed in version 1:19.2.1+dfsg-2+deb9u1." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:9.0"); script_set_attribute(attribute:"patch_publication_date", value:"2017/12/08"); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/12/08"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"8.0", prefix:"erlang", reference:"1:17.3-dfsg-4+deb8u2")) flag++; if (deb_check(release:"8.0", prefix:"erlang-asn1", reference:"1:17.3-dfsg-4+deb8u2")) flag++; if (deb_check(release:"8.0", prefix:"erlang-base", reference:"1:17.3-dfsg-4+deb8u2")) flag++; if (deb_check(release:"8.0", prefix:"erlang-base-hipe", reference:"1:17.3-dfsg-4+deb8u2")) flag++; if (deb_check(release:"8.0", prefix:"erlang-common-test", reference:"1:17.3-dfsg-4+deb8u2")) flag++; if (deb_check(release:"8.0", prefix:"erlang-corba", reference:"1:17.3-dfsg-4+deb8u2")) flag++; if (deb_check(release:"8.0", prefix:"erlang-crypto", reference:"1:17.3-dfsg-4+deb8u2")) flag++; if (deb_check(release:"8.0", prefix:"erlang-dbg", reference:"1:17.3-dfsg-4+deb8u2")) flag++; if (deb_check(release:"8.0", prefix:"erlang-debugger", reference:"1:17.3-dfsg-4+deb8u2")) flag++; if (deb_check(release:"8.0", prefix:"erlang-dev", reference:"1:17.3-dfsg-4+deb8u2")) flag++; if (deb_check(release:"8.0", prefix:"erlang-dialyzer", reference:"1:17.3-dfsg-4+deb8u2")) flag++; if (deb_check(release:"8.0", prefix:"erlang-diameter", reference:"1:17.3-dfsg-4+deb8u2")) flag++; if (deb_check(release:"8.0", prefix:"erlang-doc", reference:"1:17.3-dfsg-4+deb8u2")) flag++; if (deb_check(release:"8.0", prefix:"erlang-edoc", reference:"1:17.3-dfsg-4+deb8u2")) flag++; if (deb_check(release:"8.0", prefix:"erlang-eldap", reference:"1:17.3-dfsg-4+deb8u2")) flag++; if (deb_check(release:"8.0", prefix:"erlang-erl-docgen", reference:"1:17.3-dfsg-4+deb8u2")) flag++; if (deb_check(release:"8.0", prefix:"erlang-et", reference:"1:17.3-dfsg-4+deb8u2")) flag++; if (deb_check(release:"8.0", prefix:"erlang-eunit", reference:"1:17.3-dfsg-4+deb8u2")) flag++; if (deb_check(release:"8.0", prefix:"erlang-examples", reference:"1:17.3-dfsg-4+deb8u2")) flag++; if (deb_check(release:"8.0", prefix:"erlang-gs", reference:"1:17.3-dfsg-4+deb8u2")) flag++; if (deb_check(release:"8.0", prefix:"erlang-ic", reference:"1:17.3-dfsg-4+deb8u2")) flag++; if (deb_check(release:"8.0", prefix:"erlang-ic-java", reference:"1:17.3-dfsg-4+deb8u2")) flag++; if (deb_check(release:"8.0", prefix:"erlang-inets", reference:"1:17.3-dfsg-4+deb8u2")) flag++; if (deb_check(release:"8.0", prefix:"erlang-jinterface", reference:"1:17.3-dfsg-4+deb8u2")) flag++; if (deb_check(release:"8.0", prefix:"erlang-manpages", reference:"1:17.3-dfsg-4+deb8u2")) flag++; if (deb_check(release:"8.0", prefix:"erlang-megaco", reference:"1:17.3-dfsg-4+deb8u2")) flag++; if (deb_check(release:"8.0", prefix:"erlang-mnesia", reference:"1:17.3-dfsg-4+deb8u2")) flag++; if (deb_check(release:"8.0", prefix:"erlang-mode", reference:"1:17.3-dfsg-4+deb8u2")) flag++; if (deb_check(release:"8.0", prefix:"erlang-nox", reference:"1:17.3-dfsg-4+deb8u2")) flag++; if (deb_check(release:"8.0", prefix:"erlang-observer", reference:"1:17.3-dfsg-4+deb8u2")) flag++; if (deb_check(release:"8.0", prefix:"erlang-odbc", reference:"1:17.3-dfsg-4+deb8u2")) flag++; if (deb_check(release:"8.0", prefix:"erlang-os-mon", reference:"1:17.3-dfsg-4+deb8u2")) flag++; if (deb_check(release:"8.0", prefix:"erlang-parsetools", reference:"1:17.3-dfsg-4+deb8u2")) flag++; if (deb_check(release:"8.0", prefix:"erlang-percept", reference:"1:17.3-dfsg-4+deb8u2")) flag++; if (deb_check(release:"8.0", prefix:"erlang-public-key", reference:"1:17.3-dfsg-4+deb8u2")) flag++; if (deb_check(release:"8.0", prefix:"erlang-reltool", reference:"1:17.3-dfsg-4+deb8u2")) flag++; if (deb_check(release:"8.0", prefix:"erlang-runtime-tools", reference:"1:17.3-dfsg-4+deb8u2")) flag++; if (deb_check(release:"8.0", prefix:"erlang-snmp", reference:"1:17.3-dfsg-4+deb8u2")) flag++; if (deb_check(release:"8.0", prefix:"erlang-src", reference:"1:17.3-dfsg-4+deb8u2")) flag++; if (deb_check(release:"8.0", prefix:"erlang-ssh", reference:"1:17.3-dfsg-4+deb8u2")) flag++; if (deb_check(release:"8.0", prefix:"erlang-ssl", reference:"1:17.3-dfsg-4+deb8u2")) flag++; if (deb_check(release:"8.0", prefix:"erlang-syntax-tools", reference:"1:17.3-dfsg-4+deb8u2")) flag++; if (deb_check(release:"8.0", prefix:"erlang-test-server", reference:"1:17.3-dfsg-4+deb8u2")) flag++; if (deb_check(release:"8.0", prefix:"erlang-tools", reference:"1:17.3-dfsg-4+deb8u2")) flag++; if (deb_check(release:"8.0", prefix:"erlang-typer", reference:"1:17.3-dfsg-4+deb8u2")) flag++; if (deb_check(release:"8.0", prefix:"erlang-webtool", reference:"1:17.3-dfsg-4+deb8u2")) flag++; if (deb_check(release:"8.0", prefix:"erlang-wx", reference:"1:17.3-dfsg-4+deb8u2")) flag++; if (deb_check(release:"8.0", prefix:"erlang-x11", reference:"1:17.3-dfsg-4+deb8u2")) flag++; if (deb_check(release:"8.0", prefix:"erlang-xmerl", reference:"1:17.3-dfsg-4+deb8u2")) flag++; if (deb_check(release:"9.0", prefix:"erlang", reference:"1:19.2.1+dfsg-2+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"erlang-asn1", reference:"1:19.2.1+dfsg-2+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"erlang-base", reference:"1:19.2.1+dfsg-2+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"erlang-base-hipe", reference:"1:19.2.1+dfsg-2+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"erlang-common-test", reference:"1:19.2.1+dfsg-2+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"erlang-corba", reference:"1:19.2.1+dfsg-2+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"erlang-crypto", reference:"1:19.2.1+dfsg-2+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"erlang-dbg", reference:"1:19.2.1+dfsg-2+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"erlang-debugger", reference:"1:19.2.1+dfsg-2+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"erlang-dev", reference:"1:19.2.1+dfsg-2+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"erlang-dialyzer", reference:"1:19.2.1+dfsg-2+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"erlang-diameter", reference:"1:19.2.1+dfsg-2+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"erlang-doc", reference:"1:19.2.1+dfsg-2+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"erlang-edoc", reference:"1:19.2.1+dfsg-2+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"erlang-eldap", reference:"1:19.2.1+dfsg-2+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"erlang-erl-docgen", reference:"1:19.2.1+dfsg-2+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"erlang-et", reference:"1:19.2.1+dfsg-2+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"erlang-eunit", reference:"1:19.2.1+dfsg-2+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"erlang-examples", reference:"1:19.2.1+dfsg-2+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"erlang-gs", reference:"1:19.2.1+dfsg-2+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"erlang-ic", reference:"1:19.2.1+dfsg-2+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"erlang-ic-java", reference:"1:19.2.1+dfsg-2+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"erlang-inets", reference:"1:19.2.1+dfsg-2+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"erlang-jinterface", reference:"1:19.2.1+dfsg-2+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"erlang-manpages", reference:"1:19.2.1+dfsg-2+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"erlang-megaco", reference:"1:19.2.1+dfsg-2+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"erlang-mnesia", reference:"1:19.2.1+dfsg-2+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"erlang-mode", reference:"1:19.2.1+dfsg-2+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"erlang-nox", reference:"1:19.2.1+dfsg-2+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"erlang-observer", reference:"1:19.2.1+dfsg-2+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"erlang-odbc", reference:"1:19.2.1+dfsg-2+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"erlang-os-mon", reference:"1:19.2.1+dfsg-2+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"erlang-parsetools", reference:"1:19.2.1+dfsg-2+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"erlang-percept", reference:"1:19.2.1+dfsg-2+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"erlang-public-key", reference:"1:19.2.1+dfsg-2+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"erlang-reltool", reference:"1:19.2.1+dfsg-2+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"erlang-runtime-tools", reference:"1:19.2.1+dfsg-2+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"erlang-snmp", reference:"1:19.2.1+dfsg-2+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"erlang-src", reference:"1:19.2.1+dfsg-2+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"erlang-ssh", reference:"1:19.2.1+dfsg-2+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"erlang-ssl", reference:"1:19.2.1+dfsg-2+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"erlang-syntax-tools", reference:"1:19.2.1+dfsg-2+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"erlang-tools", reference:"1:19.2.1+dfsg-2+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"erlang-typer", reference:"1:19.2.1+dfsg-2+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"erlang-wx", reference:"1:19.2.1+dfsg-2+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"erlang-x11", reference:"1:19.2.1+dfsg-2+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"erlang-xmerl", reference:"1:19.2.1+dfsg-2+deb9u1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1207.NASL description An erlang TLS server configured with cipher suites using RSA key exchange, may be vulnerable to an Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) against RSA, which when exploited, may result in plaintext recovery of encrypted messages and/or a Man-in-the-middle (MiTM) attack, despite the attacker not having gained access to the server last seen 2020-03-17 modified 2017-12-18 plugin id 105325 published 2017-12-18 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/105325 title Debian DLA-1207-1 : erlang security update (ROBOT) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DLA-1207-1. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(105325); script_version("3.9"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2017-1000385"); script_name(english:"Debian DLA-1207-1 : erlang security update (ROBOT)"); script_summary(english:"Checks dpkg output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security update." ); script_set_attribute( attribute:"description", value: "An erlang TLS server configured with cipher suites using RSA key exchange, may be vulnerable to an Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) against RSA, which when exploited, may result in plaintext recovery of encrypted messages and/or a Man-in-the-middle (MiTM) attack, despite the attacker not having gained access to the server's private key itself. For Debian 7 'Wheezy', these problems have been fixed in version 15.b.1-dfsg-4+deb7u2. We recommend that you upgrade your erlang packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://lists.debian.org/debian-lts-announce/2017/12/msg00010.html" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/wheezy/erlang" ); script_set_attribute(attribute:"solution", value:"Upgrade the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-appmon"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-asn1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-base-hipe"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-common-test"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-corba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-crypto"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-debugger"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-dialyzer"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-diameter"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-edoc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-eldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-erl-docgen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-et"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-eunit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-examples"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-gs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-ic"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-ic-java"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-inets"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-inviso"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-jinterface"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-manpages"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-megaco"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-mnesia"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-mode"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-nox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-observer"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-os-mon"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-parsetools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-percept"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-pman"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-public-key"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-reltool"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-runtime-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-src"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-ssh"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-ssl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-syntax-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-test-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-toolbar"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-tv"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-typer"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-webtool"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-wx"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-x11"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-xmerl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0"); script_set_attribute(attribute:"patch_publication_date", value:"2017/12/15"); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/12/18"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"7.0", prefix:"erlang", reference:"15.b.1-dfsg-4+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"erlang-appmon", reference:"15.b.1-dfsg-4+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"erlang-asn1", reference:"15.b.1-dfsg-4+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"erlang-base", reference:"15.b.1-dfsg-4+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"erlang-base-hipe", reference:"15.b.1-dfsg-4+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"erlang-common-test", reference:"15.b.1-dfsg-4+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"erlang-corba", reference:"15.b.1-dfsg-4+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"erlang-crypto", reference:"15.b.1-dfsg-4+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"erlang-debugger", reference:"15.b.1-dfsg-4+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"erlang-dev", reference:"15.b.1-dfsg-4+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"erlang-dialyzer", reference:"15.b.1-dfsg-4+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"erlang-diameter", reference:"15.b.1-dfsg-4+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"erlang-doc", reference:"15.b.1-dfsg-4+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"erlang-edoc", reference:"15.b.1-dfsg-4+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"erlang-eldap", reference:"15.b.1-dfsg-4+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"erlang-erl-docgen", reference:"15.b.1-dfsg-4+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"erlang-et", reference:"15.b.1-dfsg-4+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"erlang-eunit", reference:"15.b.1-dfsg-4+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"erlang-examples", reference:"15.b.1-dfsg-4+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"erlang-gs", reference:"15.b.1-dfsg-4+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"erlang-ic", reference:"15.b.1-dfsg-4+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"erlang-ic-java", reference:"15.b.1-dfsg-4+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"erlang-inets", reference:"15.b.1-dfsg-4+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"erlang-inviso", reference:"15.b.1-dfsg-4+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"erlang-jinterface", reference:"15.b.1-dfsg-4+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"erlang-manpages", reference:"15.b.1-dfsg-4+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"erlang-megaco", reference:"15.b.1-dfsg-4+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"erlang-mnesia", reference:"15.b.1-dfsg-4+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"erlang-mode", reference:"15.b.1-dfsg-4+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"erlang-nox", reference:"15.b.1-dfsg-4+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"erlang-observer", reference:"15.b.1-dfsg-4+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"erlang-odbc", reference:"15.b.1-dfsg-4+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"erlang-os-mon", reference:"15.b.1-dfsg-4+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"erlang-parsetools", reference:"15.b.1-dfsg-4+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"erlang-percept", reference:"15.b.1-dfsg-4+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"erlang-pman", reference:"15.b.1-dfsg-4+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"erlang-public-key", reference:"15.b.1-dfsg-4+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"erlang-reltool", reference:"15.b.1-dfsg-4+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"erlang-runtime-tools", reference:"15.b.1-dfsg-4+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"erlang-snmp", reference:"15.b.1-dfsg-4+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"erlang-src", reference:"15.b.1-dfsg-4+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"erlang-ssh", reference:"15.b.1-dfsg-4+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"erlang-ssl", reference:"15.b.1-dfsg-4+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"erlang-syntax-tools", reference:"15.b.1-dfsg-4+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"erlang-test-server", reference:"15.b.1-dfsg-4+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"erlang-toolbar", reference:"15.b.1-dfsg-4+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"erlang-tools", reference:"15.b.1-dfsg-4+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"erlang-tv", reference:"15.b.1-dfsg-4+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"erlang-typer", reference:"15.b.1-dfsg-4+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"erlang-webtool", reference:"15.b.1-dfsg-4+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"erlang-wx", reference:"15.b.1-dfsg-4+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"erlang-x11", reference:"15.b.1-dfsg-4+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"erlang-xmerl", reference:"15.b.1-dfsg-4+deb7u2")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3571-1.NASL description It was discovered that the Erlang FTP module incorrectly handled certain CRLF sequences. A remote attacker could possibly use this issue to inject arbitrary FTP commands. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-1693) It was discovered that Erlang incorrectly checked CBC padding bytes. A remote attacker could possibly use this issue to perform a padding oracle attack and decrypt traffic. This issue only affected Ubuntu 14.04 LTS. (CVE-2015-2774) It was discovered that Erlang incorrectly handled certain regular expressions. A remote attacker could possibly use this issue to cause Erlang to crash, resulting in a denial of service, or execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-10253) Hanno Bock, Juraj Somorovsky and Craig Young discovered that the Erlang otp TLS server incorrectly handled error reporting. A remote attacker could possibly use this issue to perform a variation of the Bleichenbacher attack and decrypt traffic or sign messages. (CVE-2017-1000385). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 106838 published 2018-02-15 reporter Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/106838 title Ubuntu 14.04 LTS / 16.04 LTS / 17.10 : erlang vulnerabilities (USN-3571-1) (ROBOT) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-3571-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(106838); script_version("3.6"); script_cvs_date("Date: 2019/09/18 12:31:48"); script_cve_id("CVE-2014-1693", "CVE-2015-2774", "CVE-2016-10253", "CVE-2017-1000385"); script_xref(name:"USN", value:"3571-1"); script_name(english:"Ubuntu 14.04 LTS / 16.04 LTS / 17.10 : erlang vulnerabilities (USN-3571-1) (ROBOT)"); script_summary(english:"Checks dpkg output for updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Ubuntu host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "It was discovered that the Erlang FTP module incorrectly handled certain CRLF sequences. A remote attacker could possibly use this issue to inject arbitrary FTP commands. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-1693) It was discovered that Erlang incorrectly checked CBC padding bytes. A remote attacker could possibly use this issue to perform a padding oracle attack and decrypt traffic. This issue only affected Ubuntu 14.04 LTS. (CVE-2015-2774) It was discovered that Erlang incorrectly handled certain regular expressions. A remote attacker could possibly use this issue to cause Erlang to crash, resulting in a denial of service, or execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-10253) Hanno Bock, Juraj Somorovsky and Craig Young discovered that the Erlang otp TLS server incorrectly handled error reporting. A remote attacker could possibly use this issue to perform a variation of the Bleichenbacher attack and decrypt traffic or sign messages. (CVE-2017-1000385). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/3571-1/" ); script_set_attribute( attribute:"solution", value:"Update the affected erlang package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:erlang"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:17.10"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/12/08"); script_set_attribute(attribute:"patch_publication_date", value:"2018/02/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/02/15"); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(14\.04|16\.04|17\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 14.04 / 16.04 / 17.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"14.04", pkgname:"erlang", pkgver:"1:16.b.3-dfsg-1ubuntu2.2")) flag++; if (ubuntu_check(osver:"16.04", pkgname:"erlang", pkgver:"1:18.3-dfsg-1ubuntu3.1")) flag++; if (ubuntu_check(osver:"17.10", pkgname:"erlang", pkgver:"1:20.0.4+dfsg-1ubuntu1.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "erlang"); }NASL family General NASL id SSL_ROBOT_BLEICHENBACHER.NASL description The remote host is affected by an information disclosure vulnerability. The SSL/TLS service supports RSA key exchanges, and incorrectly leaks whether or not the RSA key exchange sent by a client was correctly formatted. This information can allow an attacker to decrypt previous SSL/TLS sessions or impersonate the server. Note that this plugin does not attempt to recover an RSA ciphertext, however it sends a number of correct and malformed RSA ciphertexts as part of an SSL handshake and observes how the server responds. This plugin attempts to discover the vulnerability in multiple ways, by not completing the handshake and by completing it incorrectly, as well as using a variety of cipher suites. Only the first method that finds the service to be vulnerable is reported. This plugin requires report paranoia as some services will report as affected even though the issue is not exploitable. last seen 2020-04-07 modified 2017-12-26 plugin id 105415 published 2017-12-26 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/105415 title Return Of Bleichenbacher's Oracle Threat (ROBOT) Information Disclosure NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2020-2_0-0251_ERLANG.NASL description An update of the erlang package has been released. last seen 2020-06-10 modified 2020-06-06 plugin id 137194 published 2020-06-06 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/137194 title Photon OS 2.0: Erlang PHSA-2020-2.0-0251 NASL family SuSE Local Security Checks NASL id OPENSUSE-2017-1358.NASL description This update for erlang fixes security issues and bugs. The following vulnerabilities were addressed : - CVE-2017-1000385: Harden against the Bleichenbacher attacher against RSA - CVE-2016-10253: Heap overflow through regular expressions (bsc#1030062) In addition Erlang was updated to version 18.3.4.6, containing a number of upstream bug fixes and improvements. last seen 2020-06-05 modified 2017-12-14 plugin id 105241 published 2017-12-14 reporter This script is Copyright (C) 2017-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/105241 title openSUSE Security Update : erlang (openSUSE-2017-1358) (ROBOT) NASL family Fedora Local Security Checks NASL id FEDORA_2017-93B6236635.NASL description - Ver. 19.3.6.4 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2017-12-13 plugin id 105204 published 2017-12-13 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/105204 title Fedora 26 : erlang (2017-93b6236635) (ROBOT)
Redhat
| advisories |
| ||||||||||||||||
| rpms |
|
References
- http://erlang.org/pipermail/erlang-questions/2017-November/094255.html
- http://erlang.org/pipermail/erlang-questions/2017-November/094255.html
- http://erlang.org/pipermail/erlang-questions/2017-November/094256.html
- http://erlang.org/pipermail/erlang-questions/2017-November/094256.html
- http://erlang.org/pipermail/erlang-questions/2017-November/094257.html
- http://erlang.org/pipermail/erlang-questions/2017-November/094257.html
- http://www.securityfocus.com/bid/102197
- http://www.securityfocus.com/bid/102197
- https://access.redhat.com/errata/RHSA-2018:0242
- https://access.redhat.com/errata/RHSA-2018:0242
- https://access.redhat.com/errata/RHSA-2018:0303
- https://access.redhat.com/errata/RHSA-2018:0303
- https://access.redhat.com/errata/RHSA-2018:0368
- https://access.redhat.com/errata/RHSA-2018:0368
- https://access.redhat.com/errata/RHSA-2018:0528
- https://access.redhat.com/errata/RHSA-2018:0528
- https://lists.debian.org/debian-lts-announce/2017/12/msg00010.html
- https://lists.debian.org/debian-lts-announce/2017/12/msg00010.html
- https://robotattack.org/
- https://robotattack.org/
- https://usn.ubuntu.com/3571-1/
- https://usn.ubuntu.com/3571-1/
- https://www.debian.org/security/2017/dsa-4057
- https://www.debian.org/security/2017/dsa-4057
- https://www.kb.cert.org/vuls/id/144389
- https://www.kb.cert.org/vuls/id/144389