Vulnerabilities > CVE-2017-1000385 - Information Exposure Through Discrepancy vulnerability in multiple products

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
erlang
debian
CWE-203
nessus
metasploit

Summary

The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA PKCS #1 1.5 padding. This allows an attacker to decrypt content or sign messages with the server's private key (this is a variation of the Bleichenbacher attack).

Common Weakness Enumeration (CWE)

Metasploit

descriptionSome TLS implementations handle errors processing RSA key exchanges and encryption (PKCS #1 v1.5 messages) in a broken way that leads an adaptive chosen-chiphertext attack. Attackers cannot recover a server's private key, but they can decrypt and sign messages with it. A strong oracle occurs when the TLS server does not strictly check message formatting and needs less than a million requests on average to decode a given ciphertext. A weak oracle server strictly checks message formatting and often requires many more requests to perform the attack. This module requires Python 3 with the gmpy2 and cryptography packages to be present.
idMSF:AUXILIARY/SCANNER/SSL/BLEICHENBACHER_ORACLE
last seen2020-03-09
modified2018-08-27
published2018-02-02
references
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/scanner/ssl/bleichenbacher_oracle.py
titleScanner for Bleichenbacher Oracle in RSA PKCS #1 v1.5

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-9E6DF1E099.NASL
    description - Ver. 19.3.6.4 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2018-01-15
    plugin id105939
    published2018-01-15
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/105939
    titleFedora 27 : erlang (2017-9e6df1e099) (ROBOT)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2017-9e6df1e099.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(105939);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2017-1000385");
      script_xref(name:"FEDORA", value:"2017-9e6df1e099");
    
      script_name(english:"Fedora 27 : erlang (2017-9e6df1e099) (ROBOT)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "  - Ver. 19.3.6.4
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2017-9e6df1e099"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected erlang package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:erlang");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:27");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/12/12");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/12/12");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/01/15");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^27([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 27", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"FC27", reference:"erlang-19.3.6.4-1.fc27")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "erlang");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4057.NASL
    descriptionIt was discovered that the TLS server in Erlang is vulnerable to an adaptive chosen ciphertext attack against RSA keys.
    last seen2020-06-01
    modified2020-06-02
    plugin id105089
    published2017-12-08
    reporterThis script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/105089
    titleDebian DSA-4057-1 : erlang - security update (ROBOT)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-4057. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(105089);
      script_version("3.6");
      script_cvs_date("Date: 2018/11/13 12:30:46");
    
      script_cve_id("CVE-2017-1000385");
      script_xref(name:"DSA", value:"4057");
    
      script_name(english:"Debian DSA-4057-1 : erlang - security update (ROBOT)");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "It was discovered that the TLS server in Erlang is vulnerable to an
    adaptive chosen ciphertext attack against RSA keys."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/source-package/erlang"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/jessie/erlang"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/stretch/erlang"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.debian.org/security/2017/dsa-4057"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the erlang packages.
    
    For the oldstable distribution (jessie), this problem has been fixed
    in version 1:17.3-dfsg-4+deb8u2.
    
    For the stable distribution (stretch), this problem has been fixed in
    version 1:19.2.1+dfsg-2+deb9u1."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:9.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2017/12/08");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/12/08");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"8.0", prefix:"erlang", reference:"1:17.3-dfsg-4+deb8u2")) flag++;
    if (deb_check(release:"8.0", prefix:"erlang-asn1", reference:"1:17.3-dfsg-4+deb8u2")) flag++;
    if (deb_check(release:"8.0", prefix:"erlang-base", reference:"1:17.3-dfsg-4+deb8u2")) flag++;
    if (deb_check(release:"8.0", prefix:"erlang-base-hipe", reference:"1:17.3-dfsg-4+deb8u2")) flag++;
    if (deb_check(release:"8.0", prefix:"erlang-common-test", reference:"1:17.3-dfsg-4+deb8u2")) flag++;
    if (deb_check(release:"8.0", prefix:"erlang-corba", reference:"1:17.3-dfsg-4+deb8u2")) flag++;
    if (deb_check(release:"8.0", prefix:"erlang-crypto", reference:"1:17.3-dfsg-4+deb8u2")) flag++;
    if (deb_check(release:"8.0", prefix:"erlang-dbg", reference:"1:17.3-dfsg-4+deb8u2")) flag++;
    if (deb_check(release:"8.0", prefix:"erlang-debugger", reference:"1:17.3-dfsg-4+deb8u2")) flag++;
    if (deb_check(release:"8.0", prefix:"erlang-dev", reference:"1:17.3-dfsg-4+deb8u2")) flag++;
    if (deb_check(release:"8.0", prefix:"erlang-dialyzer", reference:"1:17.3-dfsg-4+deb8u2")) flag++;
    if (deb_check(release:"8.0", prefix:"erlang-diameter", reference:"1:17.3-dfsg-4+deb8u2")) flag++;
    if (deb_check(release:"8.0", prefix:"erlang-doc", reference:"1:17.3-dfsg-4+deb8u2")) flag++;
    if (deb_check(release:"8.0", prefix:"erlang-edoc", reference:"1:17.3-dfsg-4+deb8u2")) flag++;
    if (deb_check(release:"8.0", prefix:"erlang-eldap", reference:"1:17.3-dfsg-4+deb8u2")) flag++;
    if (deb_check(release:"8.0", prefix:"erlang-erl-docgen", reference:"1:17.3-dfsg-4+deb8u2")) flag++;
    if (deb_check(release:"8.0", prefix:"erlang-et", reference:"1:17.3-dfsg-4+deb8u2")) flag++;
    if (deb_check(release:"8.0", prefix:"erlang-eunit", reference:"1:17.3-dfsg-4+deb8u2")) flag++;
    if (deb_check(release:"8.0", prefix:"erlang-examples", reference:"1:17.3-dfsg-4+deb8u2")) flag++;
    if (deb_check(release:"8.0", prefix:"erlang-gs", reference:"1:17.3-dfsg-4+deb8u2")) flag++;
    if (deb_check(release:"8.0", prefix:"erlang-ic", reference:"1:17.3-dfsg-4+deb8u2")) flag++;
    if (deb_check(release:"8.0", prefix:"erlang-ic-java", reference:"1:17.3-dfsg-4+deb8u2")) flag++;
    if (deb_check(release:"8.0", prefix:"erlang-inets", reference:"1:17.3-dfsg-4+deb8u2")) flag++;
    if (deb_check(release:"8.0", prefix:"erlang-jinterface", reference:"1:17.3-dfsg-4+deb8u2")) flag++;
    if (deb_check(release:"8.0", prefix:"erlang-manpages", reference:"1:17.3-dfsg-4+deb8u2")) flag++;
    if (deb_check(release:"8.0", prefix:"erlang-megaco", reference:"1:17.3-dfsg-4+deb8u2")) flag++;
    if (deb_check(release:"8.0", prefix:"erlang-mnesia", reference:"1:17.3-dfsg-4+deb8u2")) flag++;
    if (deb_check(release:"8.0", prefix:"erlang-mode", reference:"1:17.3-dfsg-4+deb8u2")) flag++;
    if (deb_check(release:"8.0", prefix:"erlang-nox", reference:"1:17.3-dfsg-4+deb8u2")) flag++;
    if (deb_check(release:"8.0", prefix:"erlang-observer", reference:"1:17.3-dfsg-4+deb8u2")) flag++;
    if (deb_check(release:"8.0", prefix:"erlang-odbc", reference:"1:17.3-dfsg-4+deb8u2")) flag++;
    if (deb_check(release:"8.0", prefix:"erlang-os-mon", reference:"1:17.3-dfsg-4+deb8u2")) flag++;
    if (deb_check(release:"8.0", prefix:"erlang-parsetools", reference:"1:17.3-dfsg-4+deb8u2")) flag++;
    if (deb_check(release:"8.0", prefix:"erlang-percept", reference:"1:17.3-dfsg-4+deb8u2")) flag++;
    if (deb_check(release:"8.0", prefix:"erlang-public-key", reference:"1:17.3-dfsg-4+deb8u2")) flag++;
    if (deb_check(release:"8.0", prefix:"erlang-reltool", reference:"1:17.3-dfsg-4+deb8u2")) flag++;
    if (deb_check(release:"8.0", prefix:"erlang-runtime-tools", reference:"1:17.3-dfsg-4+deb8u2")) flag++;
    if (deb_check(release:"8.0", prefix:"erlang-snmp", reference:"1:17.3-dfsg-4+deb8u2")) flag++;
    if (deb_check(release:"8.0", prefix:"erlang-src", reference:"1:17.3-dfsg-4+deb8u2")) flag++;
    if (deb_check(release:"8.0", prefix:"erlang-ssh", reference:"1:17.3-dfsg-4+deb8u2")) flag++;
    if (deb_check(release:"8.0", prefix:"erlang-ssl", reference:"1:17.3-dfsg-4+deb8u2")) flag++;
    if (deb_check(release:"8.0", prefix:"erlang-syntax-tools", reference:"1:17.3-dfsg-4+deb8u2")) flag++;
    if (deb_check(release:"8.0", prefix:"erlang-test-server", reference:"1:17.3-dfsg-4+deb8u2")) flag++;
    if (deb_check(release:"8.0", prefix:"erlang-tools", reference:"1:17.3-dfsg-4+deb8u2")) flag++;
    if (deb_check(release:"8.0", prefix:"erlang-typer", reference:"1:17.3-dfsg-4+deb8u2")) flag++;
    if (deb_check(release:"8.0", prefix:"erlang-webtool", reference:"1:17.3-dfsg-4+deb8u2")) flag++;
    if (deb_check(release:"8.0", prefix:"erlang-wx", reference:"1:17.3-dfsg-4+deb8u2")) flag++;
    if (deb_check(release:"8.0", prefix:"erlang-x11", reference:"1:17.3-dfsg-4+deb8u2")) flag++;
    if (deb_check(release:"8.0", prefix:"erlang-xmerl", reference:"1:17.3-dfsg-4+deb8u2")) flag++;
    if (deb_check(release:"9.0", prefix:"erlang", reference:"1:19.2.1+dfsg-2+deb9u1")) flag++;
    if (deb_check(release:"9.0", prefix:"erlang-asn1", reference:"1:19.2.1+dfsg-2+deb9u1")) flag++;
    if (deb_check(release:"9.0", prefix:"erlang-base", reference:"1:19.2.1+dfsg-2+deb9u1")) flag++;
    if (deb_check(release:"9.0", prefix:"erlang-base-hipe", reference:"1:19.2.1+dfsg-2+deb9u1")) flag++;
    if (deb_check(release:"9.0", prefix:"erlang-common-test", reference:"1:19.2.1+dfsg-2+deb9u1")) flag++;
    if (deb_check(release:"9.0", prefix:"erlang-corba", reference:"1:19.2.1+dfsg-2+deb9u1")) flag++;
    if (deb_check(release:"9.0", prefix:"erlang-crypto", reference:"1:19.2.1+dfsg-2+deb9u1")) flag++;
    if (deb_check(release:"9.0", prefix:"erlang-dbg", reference:"1:19.2.1+dfsg-2+deb9u1")) flag++;
    if (deb_check(release:"9.0", prefix:"erlang-debugger", reference:"1:19.2.1+dfsg-2+deb9u1")) flag++;
    if (deb_check(release:"9.0", prefix:"erlang-dev", reference:"1:19.2.1+dfsg-2+deb9u1")) flag++;
    if (deb_check(release:"9.0", prefix:"erlang-dialyzer", reference:"1:19.2.1+dfsg-2+deb9u1")) flag++;
    if (deb_check(release:"9.0", prefix:"erlang-diameter", reference:"1:19.2.1+dfsg-2+deb9u1")) flag++;
    if (deb_check(release:"9.0", prefix:"erlang-doc", reference:"1:19.2.1+dfsg-2+deb9u1")) flag++;
    if (deb_check(release:"9.0", prefix:"erlang-edoc", reference:"1:19.2.1+dfsg-2+deb9u1")) flag++;
    if (deb_check(release:"9.0", prefix:"erlang-eldap", reference:"1:19.2.1+dfsg-2+deb9u1")) flag++;
    if (deb_check(release:"9.0", prefix:"erlang-erl-docgen", reference:"1:19.2.1+dfsg-2+deb9u1")) flag++;
    if (deb_check(release:"9.0", prefix:"erlang-et", reference:"1:19.2.1+dfsg-2+deb9u1")) flag++;
    if (deb_check(release:"9.0", prefix:"erlang-eunit", reference:"1:19.2.1+dfsg-2+deb9u1")) flag++;
    if (deb_check(release:"9.0", prefix:"erlang-examples", reference:"1:19.2.1+dfsg-2+deb9u1")) flag++;
    if (deb_check(release:"9.0", prefix:"erlang-gs", reference:"1:19.2.1+dfsg-2+deb9u1")) flag++;
    if (deb_check(release:"9.0", prefix:"erlang-ic", reference:"1:19.2.1+dfsg-2+deb9u1")) flag++;
    if (deb_check(release:"9.0", prefix:"erlang-ic-java", reference:"1:19.2.1+dfsg-2+deb9u1")) flag++;
    if (deb_check(release:"9.0", prefix:"erlang-inets", reference:"1:19.2.1+dfsg-2+deb9u1")) flag++;
    if (deb_check(release:"9.0", prefix:"erlang-jinterface", reference:"1:19.2.1+dfsg-2+deb9u1")) flag++;
    if (deb_check(release:"9.0", prefix:"erlang-manpages", reference:"1:19.2.1+dfsg-2+deb9u1")) flag++;
    if (deb_check(release:"9.0", prefix:"erlang-megaco", reference:"1:19.2.1+dfsg-2+deb9u1")) flag++;
    if (deb_check(release:"9.0", prefix:"erlang-mnesia", reference:"1:19.2.1+dfsg-2+deb9u1")) flag++;
    if (deb_check(release:"9.0", prefix:"erlang-mode", reference:"1:19.2.1+dfsg-2+deb9u1")) flag++;
    if (deb_check(release:"9.0", prefix:"erlang-nox", reference:"1:19.2.1+dfsg-2+deb9u1")) flag++;
    if (deb_check(release:"9.0", prefix:"erlang-observer", reference:"1:19.2.1+dfsg-2+deb9u1")) flag++;
    if (deb_check(release:"9.0", prefix:"erlang-odbc", reference:"1:19.2.1+dfsg-2+deb9u1")) flag++;
    if (deb_check(release:"9.0", prefix:"erlang-os-mon", reference:"1:19.2.1+dfsg-2+deb9u1")) flag++;
    if (deb_check(release:"9.0", prefix:"erlang-parsetools", reference:"1:19.2.1+dfsg-2+deb9u1")) flag++;
    if (deb_check(release:"9.0", prefix:"erlang-percept", reference:"1:19.2.1+dfsg-2+deb9u1")) flag++;
    if (deb_check(release:"9.0", prefix:"erlang-public-key", reference:"1:19.2.1+dfsg-2+deb9u1")) flag++;
    if (deb_check(release:"9.0", prefix:"erlang-reltool", reference:"1:19.2.1+dfsg-2+deb9u1")) flag++;
    if (deb_check(release:"9.0", prefix:"erlang-runtime-tools", reference:"1:19.2.1+dfsg-2+deb9u1")) flag++;
    if (deb_check(release:"9.0", prefix:"erlang-snmp", reference:"1:19.2.1+dfsg-2+deb9u1")) flag++;
    if (deb_check(release:"9.0", prefix:"erlang-src", reference:"1:19.2.1+dfsg-2+deb9u1")) flag++;
    if (deb_check(release:"9.0", prefix:"erlang-ssh", reference:"1:19.2.1+dfsg-2+deb9u1")) flag++;
    if (deb_check(release:"9.0", prefix:"erlang-ssl", reference:"1:19.2.1+dfsg-2+deb9u1")) flag++;
    if (deb_check(release:"9.0", prefix:"erlang-syntax-tools", reference:"1:19.2.1+dfsg-2+deb9u1")) flag++;
    if (deb_check(release:"9.0", prefix:"erlang-tools", reference:"1:19.2.1+dfsg-2+deb9u1")) flag++;
    if (deb_check(release:"9.0", prefix:"erlang-typer", reference:"1:19.2.1+dfsg-2+deb9u1")) flag++;
    if (deb_check(release:"9.0", prefix:"erlang-wx", reference:"1:19.2.1+dfsg-2+deb9u1")) flag++;
    if (deb_check(release:"9.0", prefix:"erlang-x11", reference:"1:19.2.1+dfsg-2+deb9u1")) flag++;
    if (deb_check(release:"9.0", prefix:"erlang-xmerl", reference:"1:19.2.1+dfsg-2+deb9u1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1207.NASL
    descriptionAn erlang TLS server configured with cipher suites using RSA key exchange, may be vulnerable to an Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) against RSA, which when exploited, may result in plaintext recovery of encrypted messages and/or a Man-in-the-middle (MiTM) attack, despite the attacker not having gained access to the server
    last seen2020-03-17
    modified2017-12-18
    plugin id105325
    published2017-12-18
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/105325
    titleDebian DLA-1207-1 : erlang security update (ROBOT)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Debian Security Advisory DLA-1207-1. The text
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(105325);
      script_version("3.9");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2017-1000385");
    
      script_name(english:"Debian DLA-1207-1 : erlang security update (ROBOT)");
      script_summary(english:"Checks dpkg output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An erlang TLS server configured with cipher suites using RSA key
    exchange, may be vulnerable to an Adaptive Chosen Ciphertext attack
    (AKA Bleichenbacher attack) against RSA, which when exploited, may
    result in plaintext recovery of encrypted messages and/or a
    Man-in-the-middle (MiTM) attack, despite the attacker not having
    gained access to the server's private key itself.
    
    For Debian 7 'Wheezy', these problems have been fixed in version
    15.b.1-dfsg-4+deb7u2.
    
    We recommend that you upgrade your erlang packages.
    
    NOTE: Tenable Network Security has extracted the preceding description
    block directly from the DLA security advisory. Tenable has attempted
    to automatically clean and format it as much as possible without
    introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.debian.org/debian-lts-announce/2017/12/msg00010.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/wheezy/erlang"
      );
      script_set_attribute(attribute:"solution", value:"Upgrade the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-appmon");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-asn1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-base-hipe");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-common-test");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-corba");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-crypto");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-debugger");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-dialyzer");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-diameter");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-edoc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-eldap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-erl-docgen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-et");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-eunit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-examples");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-gs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-ic");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-ic-java");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-inets");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-inviso");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-jinterface");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-manpages");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-megaco");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-mnesia");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-mode");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-nox");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-observer");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-odbc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-os-mon");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-parsetools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-percept");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-pman");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-public-key");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-reltool");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-runtime-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-snmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-src");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-ssh");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-ssl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-syntax-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-test-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-toolbar");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-tv");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-typer");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-webtool");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-wx");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-x11");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:erlang-xmerl");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2017/12/15");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/12/18");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"7.0", prefix:"erlang", reference:"15.b.1-dfsg-4+deb7u2")) flag++;
    if (deb_check(release:"7.0", prefix:"erlang-appmon", reference:"15.b.1-dfsg-4+deb7u2")) flag++;
    if (deb_check(release:"7.0", prefix:"erlang-asn1", reference:"15.b.1-dfsg-4+deb7u2")) flag++;
    if (deb_check(release:"7.0", prefix:"erlang-base", reference:"15.b.1-dfsg-4+deb7u2")) flag++;
    if (deb_check(release:"7.0", prefix:"erlang-base-hipe", reference:"15.b.1-dfsg-4+deb7u2")) flag++;
    if (deb_check(release:"7.0", prefix:"erlang-common-test", reference:"15.b.1-dfsg-4+deb7u2")) flag++;
    if (deb_check(release:"7.0", prefix:"erlang-corba", reference:"15.b.1-dfsg-4+deb7u2")) flag++;
    if (deb_check(release:"7.0", prefix:"erlang-crypto", reference:"15.b.1-dfsg-4+deb7u2")) flag++;
    if (deb_check(release:"7.0", prefix:"erlang-debugger", reference:"15.b.1-dfsg-4+deb7u2")) flag++;
    if (deb_check(release:"7.0", prefix:"erlang-dev", reference:"15.b.1-dfsg-4+deb7u2")) flag++;
    if (deb_check(release:"7.0", prefix:"erlang-dialyzer", reference:"15.b.1-dfsg-4+deb7u2")) flag++;
    if (deb_check(release:"7.0", prefix:"erlang-diameter", reference:"15.b.1-dfsg-4+deb7u2")) flag++;
    if (deb_check(release:"7.0", prefix:"erlang-doc", reference:"15.b.1-dfsg-4+deb7u2")) flag++;
    if (deb_check(release:"7.0", prefix:"erlang-edoc", reference:"15.b.1-dfsg-4+deb7u2")) flag++;
    if (deb_check(release:"7.0", prefix:"erlang-eldap", reference:"15.b.1-dfsg-4+deb7u2")) flag++;
    if (deb_check(release:"7.0", prefix:"erlang-erl-docgen", reference:"15.b.1-dfsg-4+deb7u2")) flag++;
    if (deb_check(release:"7.0", prefix:"erlang-et", reference:"15.b.1-dfsg-4+deb7u2")) flag++;
    if (deb_check(release:"7.0", prefix:"erlang-eunit", reference:"15.b.1-dfsg-4+deb7u2")) flag++;
    if (deb_check(release:"7.0", prefix:"erlang-examples", reference:"15.b.1-dfsg-4+deb7u2")) flag++;
    if (deb_check(release:"7.0", prefix:"erlang-gs", reference:"15.b.1-dfsg-4+deb7u2")) flag++;
    if (deb_check(release:"7.0", prefix:"erlang-ic", reference:"15.b.1-dfsg-4+deb7u2")) flag++;
    if (deb_check(release:"7.0", prefix:"erlang-ic-java", reference:"15.b.1-dfsg-4+deb7u2")) flag++;
    if (deb_check(release:"7.0", prefix:"erlang-inets", reference:"15.b.1-dfsg-4+deb7u2")) flag++;
    if (deb_check(release:"7.0", prefix:"erlang-inviso", reference:"15.b.1-dfsg-4+deb7u2")) flag++;
    if (deb_check(release:"7.0", prefix:"erlang-jinterface", reference:"15.b.1-dfsg-4+deb7u2")) flag++;
    if (deb_check(release:"7.0", prefix:"erlang-manpages", reference:"15.b.1-dfsg-4+deb7u2")) flag++;
    if (deb_check(release:"7.0", prefix:"erlang-megaco", reference:"15.b.1-dfsg-4+deb7u2")) flag++;
    if (deb_check(release:"7.0", prefix:"erlang-mnesia", reference:"15.b.1-dfsg-4+deb7u2")) flag++;
    if (deb_check(release:"7.0", prefix:"erlang-mode", reference:"15.b.1-dfsg-4+deb7u2")) flag++;
    if (deb_check(release:"7.0", prefix:"erlang-nox", reference:"15.b.1-dfsg-4+deb7u2")) flag++;
    if (deb_check(release:"7.0", prefix:"erlang-observer", reference:"15.b.1-dfsg-4+deb7u2")) flag++;
    if (deb_check(release:"7.0", prefix:"erlang-odbc", reference:"15.b.1-dfsg-4+deb7u2")) flag++;
    if (deb_check(release:"7.0", prefix:"erlang-os-mon", reference:"15.b.1-dfsg-4+deb7u2")) flag++;
    if (deb_check(release:"7.0", prefix:"erlang-parsetools", reference:"15.b.1-dfsg-4+deb7u2")) flag++;
    if (deb_check(release:"7.0", prefix:"erlang-percept", reference:"15.b.1-dfsg-4+deb7u2")) flag++;
    if (deb_check(release:"7.0", prefix:"erlang-pman", reference:"15.b.1-dfsg-4+deb7u2")) flag++;
    if (deb_check(release:"7.0", prefix:"erlang-public-key", reference:"15.b.1-dfsg-4+deb7u2")) flag++;
    if (deb_check(release:"7.0", prefix:"erlang-reltool", reference:"15.b.1-dfsg-4+deb7u2")) flag++;
    if (deb_check(release:"7.0", prefix:"erlang-runtime-tools", reference:"15.b.1-dfsg-4+deb7u2")) flag++;
    if (deb_check(release:"7.0", prefix:"erlang-snmp", reference:"15.b.1-dfsg-4+deb7u2")) flag++;
    if (deb_check(release:"7.0", prefix:"erlang-src", reference:"15.b.1-dfsg-4+deb7u2")) flag++;
    if (deb_check(release:"7.0", prefix:"erlang-ssh", reference:"15.b.1-dfsg-4+deb7u2")) flag++;
    if (deb_check(release:"7.0", prefix:"erlang-ssl", reference:"15.b.1-dfsg-4+deb7u2")) flag++;
    if (deb_check(release:"7.0", prefix:"erlang-syntax-tools", reference:"15.b.1-dfsg-4+deb7u2")) flag++;
    if (deb_check(release:"7.0", prefix:"erlang-test-server", reference:"15.b.1-dfsg-4+deb7u2")) flag++;
    if (deb_check(release:"7.0", prefix:"erlang-toolbar", reference:"15.b.1-dfsg-4+deb7u2")) flag++;
    if (deb_check(release:"7.0", prefix:"erlang-tools", reference:"15.b.1-dfsg-4+deb7u2")) flag++;
    if (deb_check(release:"7.0", prefix:"erlang-tv", reference:"15.b.1-dfsg-4+deb7u2")) flag++;
    if (deb_check(release:"7.0", prefix:"erlang-typer", reference:"15.b.1-dfsg-4+deb7u2")) flag++;
    if (deb_check(release:"7.0", prefix:"erlang-webtool", reference:"15.b.1-dfsg-4+deb7u2")) flag++;
    if (deb_check(release:"7.0", prefix:"erlang-wx", reference:"15.b.1-dfsg-4+deb7u2")) flag++;
    if (deb_check(release:"7.0", prefix:"erlang-x11", reference:"15.b.1-dfsg-4+deb7u2")) flag++;
    if (deb_check(release:"7.0", prefix:"erlang-xmerl", reference:"15.b.1-dfsg-4+deb7u2")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3571-1.NASL
    descriptionIt was discovered that the Erlang FTP module incorrectly handled certain CRLF sequences. A remote attacker could possibly use this issue to inject arbitrary FTP commands. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-1693) It was discovered that Erlang incorrectly checked CBC padding bytes. A remote attacker could possibly use this issue to perform a padding oracle attack and decrypt traffic. This issue only affected Ubuntu 14.04 LTS. (CVE-2015-2774) It was discovered that Erlang incorrectly handled certain regular expressions. A remote attacker could possibly use this issue to cause Erlang to crash, resulting in a denial of service, or execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-10253) Hanno Bock, Juraj Somorovsky and Craig Young discovered that the Erlang otp TLS server incorrectly handled error reporting. A remote attacker could possibly use this issue to perform a variation of the Bleichenbacher attack and decrypt traffic or sign messages. (CVE-2017-1000385). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id106838
    published2018-02-15
    reporterUbuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/106838
    titleUbuntu 14.04 LTS / 16.04 LTS / 17.10 : erlang vulnerabilities (USN-3571-1) (ROBOT)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-3571-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(106838);
      script_version("3.6");
      script_cvs_date("Date: 2019/09/18 12:31:48");
    
      script_cve_id("CVE-2014-1693", "CVE-2015-2774", "CVE-2016-10253", "CVE-2017-1000385");
      script_xref(name:"USN", value:"3571-1");
    
      script_name(english:"Ubuntu 14.04 LTS / 16.04 LTS / 17.10 : erlang vulnerabilities (USN-3571-1) (ROBOT)");
      script_summary(english:"Checks dpkg output for updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Ubuntu host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "It was discovered that the Erlang FTP module incorrectly handled
    certain CRLF sequences. A remote attacker could possibly use this
    issue to inject arbitrary FTP commands. This issue only affected
    Ubuntu 14.04 LTS. (CVE-2014-1693)
    
    It was discovered that Erlang incorrectly checked CBC padding bytes. A
    remote attacker could possibly use this issue to perform a padding
    oracle attack and decrypt traffic. This issue only affected Ubuntu
    14.04 LTS. (CVE-2015-2774)
    
    It was discovered that Erlang incorrectly handled certain regular
    expressions. A remote attacker could possibly use this issue to cause
    Erlang to crash, resulting in a denial of service, or execute
    arbitrary code. This issue only affected Ubuntu 16.04 LTS.
    (CVE-2016-10253)
    
    Hanno Bock, Juraj Somorovsky and Craig Young discovered that the
    Erlang otp TLS server incorrectly handled error reporting. A remote
    attacker could possibly use this issue to perform a variation of the
    Bleichenbacher attack and decrypt traffic or sign messages.
    (CVE-2017-1000385).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/3571-1/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected erlang package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:erlang");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:17.10");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/12/08");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/02/14");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/02/15");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(14\.04|16\.04|17\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 14.04 / 16.04 / 17.10", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"14.04", pkgname:"erlang", pkgver:"1:16.b.3-dfsg-1ubuntu2.2")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"erlang", pkgver:"1:18.3-dfsg-1ubuntu3.1")) flag++;
    if (ubuntu_check(osver:"17.10", pkgname:"erlang", pkgver:"1:20.0.4+dfsg-1ubuntu1.1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "erlang");
    }
    
  • NASL familyGeneral
    NASL idSSL_ROBOT_BLEICHENBACHER.NASL
    descriptionThe remote host is affected by an information disclosure vulnerability. The SSL/TLS service supports RSA key exchanges, and incorrectly leaks whether or not the RSA key exchange sent by a client was correctly formatted. This information can allow an attacker to decrypt previous SSL/TLS sessions or impersonate the server. Note that this plugin does not attempt to recover an RSA ciphertext, however it sends a number of correct and malformed RSA ciphertexts as part of an SSL handshake and observes how the server responds. This plugin attempts to discover the vulnerability in multiple ways, by not completing the handshake and by completing it incorrectly, as well as using a variety of cipher suites. Only the first method that finds the service to be vulnerable is reported. This plugin requires report paranoia as some services will report as affected even though the issue is not exploitable.
    last seen2020-04-07
    modified2017-12-26
    plugin id105415
    published2017-12-26
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/105415
    titleReturn Of Bleichenbacher's Oracle Threat (ROBOT) Information Disclosure
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2020-2_0-0251_ERLANG.NASL
    descriptionAn update of the erlang package has been released.
    last seen2020-06-10
    modified2020-06-06
    plugin id137194
    published2020-06-06
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/137194
    titlePhoton OS 2.0: Erlang PHSA-2020-2.0-0251
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2017-1358.NASL
    descriptionThis update for erlang fixes security issues and bugs. The following vulnerabilities were addressed : - CVE-2017-1000385: Harden against the Bleichenbacher attacher against RSA - CVE-2016-10253: Heap overflow through regular expressions (bsc#1030062) In addition Erlang was updated to version 18.3.4.6, containing a number of upstream bug fixes and improvements.
    last seen2020-06-05
    modified2017-12-14
    plugin id105241
    published2017-12-14
    reporterThis script is Copyright (C) 2017-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/105241
    titleopenSUSE Security Update : erlang (openSUSE-2017-1358) (ROBOT)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-93B6236635.NASL
    description - Ver. 19.3.6.4 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-12-13
    plugin id105204
    published2017-12-13
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/105204
    titleFedora 26 : erlang (2017-93b6236635) (ROBOT)

Redhat

advisories
  • rhsa
    idRHSA-2018:0242
  • rhsa
    idRHSA-2018:0303
  • rhsa
    idRHSA-2018:0368
  • rhsa
    idRHSA-2018:0528
rpms
  • erlang-0:18.3.4.7-1.el7ost
  • erlang-asn1-0:18.3.4.7-1.el7ost
  • erlang-compiler-0:18.3.4.7-1.el7ost
  • erlang-cosEvent-0:18.3.4.7-1.el7ost
  • erlang-cosEventDomain-0:18.3.4.7-1.el7ost
  • erlang-cosFileTransfer-0:18.3.4.7-1.el7ost
  • erlang-cosNotification-0:18.3.4.7-1.el7ost
  • erlang-cosProperty-0:18.3.4.7-1.el7ost
  • erlang-cosTime-0:18.3.4.7-1.el7ost
  • erlang-cosTransactions-0:18.3.4.7-1.el7ost
  • erlang-crypto-0:18.3.4.7-1.el7ost
  • erlang-debuginfo-0:18.3.4.7-1.el7ost
  • erlang-diameter-0:18.3.4.7-1.el7ost
  • erlang-edoc-0:18.3.4.7-1.el7ost
  • erlang-eldap-0:18.3.4.7-1.el7ost
  • erlang-erl_docgen-0:18.3.4.7-1.el7ost
  • erlang-erl_interface-0:18.3.4.7-1.el7ost
  • erlang-erts-0:18.3.4.7-1.el7ost
  • erlang-eunit-0:18.3.4.7-1.el7ost
  • erlang-hipe-0:18.3.4.7-1.el7ost
  • erlang-ic-0:18.3.4.7-1.el7ost
  • erlang-inets-0:18.3.4.7-1.el7ost
  • erlang-kernel-0:18.3.4.7-1.el7ost
  • erlang-mnesia-0:18.3.4.7-1.el7ost
  • erlang-odbc-0:18.3.4.7-1.el7ost
  • erlang-orber-0:18.3.4.7-1.el7ost
  • erlang-os_mon-0:18.3.4.7-1.el7ost
  • erlang-ose-0:18.3.4.7-1.el7ost
  • erlang-otp_mibs-0:18.3.4.7-1.el7ost
  • erlang-parsetools-0:18.3.4.7-1.el7ost
  • erlang-percept-0:18.3.4.7-1.el7ost
  • erlang-public_key-0:18.3.4.7-1.el7ost
  • erlang-runtime_tools-0:18.3.4.7-1.el7ost
  • erlang-sasl-0:18.3.4.7-1.el7ost
  • erlang-snmp-0:18.3.4.7-1.el7ost
  • erlang-ssh-0:18.3.4.7-1.el7ost
  • erlang-ssl-0:18.3.4.7-1.el7ost
  • erlang-stdlib-0:18.3.4.7-1.el7ost
  • erlang-syntax_tools-0:18.3.4.7-1.el7ost
  • erlang-tools-0:18.3.4.7-1.el7ost
  • erlang-xmerl-0:18.3.4.7-1.el7ost
  • erlang-0:18.3.4.7-1.el7ost
  • erlang-asn1-0:18.3.4.7-1.el7ost
  • erlang-compiler-0:18.3.4.7-1.el7ost
  • erlang-cosEvent-0:18.3.4.7-1.el7ost
  • erlang-cosEventDomain-0:18.3.4.7-1.el7ost
  • erlang-cosFileTransfer-0:18.3.4.7-1.el7ost
  • erlang-cosNotification-0:18.3.4.7-1.el7ost
  • erlang-cosProperty-0:18.3.4.7-1.el7ost
  • erlang-cosTime-0:18.3.4.7-1.el7ost
  • erlang-cosTransactions-0:18.3.4.7-1.el7ost
  • erlang-crypto-0:18.3.4.7-1.el7ost
  • erlang-debuginfo-0:18.3.4.7-1.el7ost
  • erlang-diameter-0:18.3.4.7-1.el7ost
  • erlang-edoc-0:18.3.4.7-1.el7ost
  • erlang-eldap-0:18.3.4.7-1.el7ost
  • erlang-erl_docgen-0:18.3.4.7-1.el7ost
  • erlang-erl_interface-0:18.3.4.7-1.el7ost
  • erlang-erts-0:18.3.4.7-1.el7ost
  • erlang-eunit-0:18.3.4.7-1.el7ost
  • erlang-hipe-0:18.3.4.7-1.el7ost
  • erlang-ic-0:18.3.4.7-1.el7ost
  • erlang-inets-0:18.3.4.7-1.el7ost
  • erlang-kernel-0:18.3.4.7-1.el7ost
  • erlang-mnesia-0:18.3.4.7-1.el7ost
  • erlang-odbc-0:18.3.4.7-1.el7ost
  • erlang-orber-0:18.3.4.7-1.el7ost
  • erlang-os_mon-0:18.3.4.7-1.el7ost
  • erlang-ose-0:18.3.4.7-1.el7ost
  • erlang-otp_mibs-0:18.3.4.7-1.el7ost
  • erlang-parsetools-0:18.3.4.7-1.el7ost
  • erlang-percept-0:18.3.4.7-1.el7ost
  • erlang-public_key-0:18.3.4.7-1.el7ost
  • erlang-runtime_tools-0:18.3.4.7-1.el7ost
  • erlang-sasl-0:18.3.4.7-1.el7ost
  • erlang-snmp-0:18.3.4.7-1.el7ost
  • erlang-ssh-0:18.3.4.7-1.el7ost
  • erlang-ssl-0:18.3.4.7-1.el7ost
  • erlang-stdlib-0:18.3.4.7-1.el7ost
  • erlang-syntax_tools-0:18.3.4.7-1.el7ost
  • erlang-tools-0:18.3.4.7-1.el7ost
  • erlang-xmerl-0:18.3.4.7-1.el7ost
  • erlang-0:18.3.4.7-1.el7ost
  • erlang-asn1-0:18.3.4.7-1.el7ost
  • erlang-compiler-0:18.3.4.7-1.el7ost
  • erlang-cosEvent-0:18.3.4.7-1.el7ost
  • erlang-cosEventDomain-0:18.3.4.7-1.el7ost
  • erlang-cosFileTransfer-0:18.3.4.7-1.el7ost
  • erlang-cosNotification-0:18.3.4.7-1.el7ost
  • erlang-cosProperty-0:18.3.4.7-1.el7ost
  • erlang-cosTime-0:18.3.4.7-1.el7ost
  • erlang-cosTransactions-0:18.3.4.7-1.el7ost
  • erlang-crypto-0:18.3.4.7-1.el7ost
  • erlang-debuginfo-0:18.3.4.7-1.el7ost
  • erlang-diameter-0:18.3.4.7-1.el7ost
  • erlang-edoc-0:18.3.4.7-1.el7ost
  • erlang-eldap-0:18.3.4.7-1.el7ost
  • erlang-erl_docgen-0:18.3.4.7-1.el7ost
  • erlang-erl_interface-0:18.3.4.7-1.el7ost
  • erlang-erts-0:18.3.4.7-1.el7ost
  • erlang-eunit-0:18.3.4.7-1.el7ost
  • erlang-hipe-0:18.3.4.7-1.el7ost
  • erlang-ic-0:18.3.4.7-1.el7ost
  • erlang-inets-0:18.3.4.7-1.el7ost
  • erlang-kernel-0:18.3.4.7-1.el7ost
  • erlang-mnesia-0:18.3.4.7-1.el7ost
  • erlang-odbc-0:18.3.4.7-1.el7ost
  • erlang-orber-0:18.3.4.7-1.el7ost
  • erlang-os_mon-0:18.3.4.7-1.el7ost
  • erlang-ose-0:18.3.4.7-1.el7ost
  • erlang-otp_mibs-0:18.3.4.7-1.el7ost
  • erlang-parsetools-0:18.3.4.7-1.el7ost
  • erlang-percept-0:18.3.4.7-1.el7ost
  • erlang-public_key-0:18.3.4.7-1.el7ost
  • erlang-runtime_tools-0:18.3.4.7-1.el7ost
  • erlang-sasl-0:18.3.4.7-1.el7ost
  • erlang-snmp-0:18.3.4.7-1.el7ost
  • erlang-ssh-0:18.3.4.7-1.el7ost
  • erlang-ssl-0:18.3.4.7-1.el7ost
  • erlang-stdlib-0:18.3.4.7-1.el7ost
  • erlang-syntax_tools-0:18.3.4.7-1.el7ost
  • erlang-tools-0:18.3.4.7-1.el7ost
  • erlang-xmerl-0:18.3.4.7-1.el7ost
  • erlang-0:18.3.4.7-1.el7ost
  • erlang-asn1-0:18.3.4.7-1.el7ost
  • erlang-compiler-0:18.3.4.7-1.el7ost
  • erlang-cosEvent-0:18.3.4.7-1.el7ost
  • erlang-cosEventDomain-0:18.3.4.7-1.el7ost
  • erlang-cosFileTransfer-0:18.3.4.7-1.el7ost
  • erlang-cosNotification-0:18.3.4.7-1.el7ost
  • erlang-cosProperty-0:18.3.4.7-1.el7ost
  • erlang-cosTime-0:18.3.4.7-1.el7ost
  • erlang-cosTransactions-0:18.3.4.7-1.el7ost
  • erlang-crypto-0:18.3.4.7-1.el7ost
  • erlang-debuginfo-0:18.3.4.7-1.el7ost
  • erlang-diameter-0:18.3.4.7-1.el7ost
  • erlang-edoc-0:18.3.4.7-1.el7ost
  • erlang-eldap-0:18.3.4.7-1.el7ost
  • erlang-erl_docgen-0:18.3.4.7-1.el7ost
  • erlang-erl_interface-0:18.3.4.7-1.el7ost
  • erlang-erts-0:18.3.4.7-1.el7ost
  • erlang-eunit-0:18.3.4.7-1.el7ost
  • erlang-hipe-0:18.3.4.7-1.el7ost
  • erlang-ic-0:18.3.4.7-1.el7ost
  • erlang-inets-0:18.3.4.7-1.el7ost
  • erlang-kernel-0:18.3.4.7-1.el7ost
  • erlang-mnesia-0:18.3.4.7-1.el7ost
  • erlang-odbc-0:18.3.4.7-1.el7ost
  • erlang-orber-0:18.3.4.7-1.el7ost
  • erlang-os_mon-0:18.3.4.7-1.el7ost
  • erlang-ose-0:18.3.4.7-1.el7ost
  • erlang-otp_mibs-0:18.3.4.7-1.el7ost
  • erlang-parsetools-0:18.3.4.7-1.el7ost
  • erlang-percept-0:18.3.4.7-1.el7ost
  • erlang-public_key-0:18.3.4.7-1.el7ost
  • erlang-runtime_tools-0:18.3.4.7-1.el7ost
  • erlang-sasl-0:18.3.4.7-1.el7ost
  • erlang-snmp-0:18.3.4.7-1.el7ost
  • erlang-ssh-0:18.3.4.7-1.el7ost
  • erlang-ssl-0:18.3.4.7-1.el7ost
  • erlang-stdlib-0:18.3.4.7-1.el7ost
  • erlang-syntax_tools-0:18.3.4.7-1.el7ost
  • erlang-tools-0:18.3.4.7-1.el7ost
  • erlang-xmerl-0:18.3.4.7-1.el7ost