Vulnerabilities > CVE-2017-3735 - Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

047910
CVSS 5.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
LOW
Availability impact
NONE
network
low complexity
openssl
debian
CWE-119
nessus

Summary

While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g.

Vulnerable Configurations

Part Description Count
Application
Openssl
100
OS
Debian
2

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
  • Client-side Injection-induced Buffer Overflow
    This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
  • Filter Failure through Buffer Overflow
    In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
  • MIME Conversion
    An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-0293-1.NASL
    descriptionThis update for nodejs6 fixes the following issues: Security issues fixed : - CVE-2017-15896: Vulnerable to CVE-2017-3737 due to embedded OpenSSL (bsc#1072322). - CVE-2017-14919: Embedded zlib issue could cause a DoS via specific windowBits value. - CVE-2017-3738: Embedded OpenSSL is vulnerable to rsaz_1024_mul_avx2 overflow bug on x86_64. - CVE-2017-3736: Embedded OpenSSL is vulnerable to bn_sqrx8x_internal carry bug on x86_64 (bsc#1066242). - CVE-2017-3735: Embedded OpenSSL is vulnerable to malformed X.509 IPAdressFamily that could cause OOB read (bsc#1056058). Bug fixes : - Update to LTS release 6.12.2 (bsc#1072322): https://nodejs.org/en/blog/vulnerability/december-2017-s ecurity-releases/ - https://nodejs.org/en/blog/release/v6.12.2/ - https://nodejs.org/en/blog/release/v6.12.1/ - https://nodejs.org/en/blog/release/v6.12.0/ - https://nodejs.org/en/blog/release/v6.11.5/ - https://nodejs.org/en/blog/release/v6.11.4/ - https://nodejs.org/en/blog/release/v6.11.3/ - https://nodejs.org/en/blog/release/v6.11.2/ Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-24
    modified2019-01-02
    plugin id120014
    published2019-01-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120014
    titleSUSE SLES12 Security Update : nodejs6 (SUSE-SU-2018:0293-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-DBEC196DD8.NASL
    descriptionMinor security update release 1.1.0g. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-11-29
    plugin id104830
    published2017-11-29
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104830
    titleFedora 26 : 1:openssl (2017-dbec196dd8)
  • NASL familyAIX Local Security Checks
    NASL idAIX_OPENSSL_ADVISORY24.NASL
    descriptionThe version of OpenSSL installed on the remote AIX host is affected by an off-by-one out-of-bounds read flaw in when processing X.509 certificates. This allows a context-dependent attacker to disclose limited memory contents.
    last seen2020-05-12
    modified2018-03-08
    plugin id107231
    published2018-03-08
    reporterThis script is Copyright (C) 2018-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/107231
    titleAIX OpenSSL Advisory : openssl_advisory24.asc
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2018-3221.NASL
    descriptionAn update for openssl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es) : * openssl: ROHNP - Key Extraction Side Channel in Multiple Crypto Libraries (CVE-2018-0495) * openssl: Malicious server can send large prime to client during DH(E) TLS handshake causing the client to hang (CVE-2018-0732) * openssl: Handling of crafted recursive ASN.1 structures can cause a stack overflow and resulting denial of service (CVE-2018-0739) * openssl: Malformed X.509 IPAdressFamily could cause OOB read (CVE-2017-3735) * openssl: RSA key generation cache timing vulnerability in crypto/rsa/ rsa_gen.c allows attackers to recover private keys (CVE-2018-0737) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id118998
    published2018-11-16
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118998
    titleCentOS 7 : openssl (CESA-2018:3221)
  • NASL familyMisc.
    NASL idVIRTUALBOX_5_2_6.NASL
    descriptionThe version of Oracle VM VirtualBox running on the remote host is 5.1.x prior to 5.1.32 or 5.2.x prior to 5.2.6. It is, therefore, affected by multiple vulnerabilities as noted in the January 2018 Critical Patch Update advisory. Please consult the CVRF details for the applicable CVEs for additional information. Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id106104
    published2018-01-17
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/106104
    titleOracle VM VirtualBox 5.1.x < 5.1.32 / 5.2.x < 5.2.6 (January 2018 CPU)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-55A3247CFD.NASL
    descriptionMinor security update 1.0.2m. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-11-29
    plugin id104826
    published2017-11-29
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104826
    titleFedora 25 : 1:openssl (2017-55a3247cfd)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOS_10_13_2.NASL
    descriptionThe remote host is running a version of Mac OS X that is 10.13.x prior to 10.13.2. It is, therefore, affected by multiple vulnerabilities in the following components : - apache - curl - Directory Utility - IOAcceleratorFamily - IOKit - Intel Graphics Driver - Kernel - Mail - Mail Drafts - OpenSSL - Screen Sharing Server Note that successful exploitation of the most serious issues can result in arbitrary code execution.
    last seen2020-06-01
    modified2020-06-02
    plugin id105080
    published2017-12-07
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/105080
    titlemacOS 10.13.x < 10.13.2 Multiple Vulnerabilities (Meltdown)
  • NASL familyWeb Servers
    NASL idOPENSSL_1_1_0G.NASL
    descriptionAccording to its banner, the version of OpenSSL running on the remote host is 1.1.0 prior to 1.1.0g. It is, therefore, affected by an unspecified carry vulnerability.
    last seen2020-06-01
    modified2020-06-02
    plugin id104409
    published2017-11-06
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104409
    titleOpenSSL 1.1.0 < 1.1.0g RSA/DSA Unspecified Carry Issue
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_F40F07AAC00F11E7AC58B499BAEBFEAF.NASL
    descriptionThe OpenSSL project reports : bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736) Severity: Moderate There is a carry propagating bug in the x86_64 Montgomery squaring procedure. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. Malformed X.509 IPAddressFamily could cause OOB read (CVE-2017-3735) Severity: Low This issue was previously announced in security advisory https://www.openssl.org/news/secadv/20170828.txt, but the fix has not previously been included in a release due to its low severity.
    last seen2020-06-01
    modified2020-06-02
    plugin id104367
    published2017-11-03
    reporterThis script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104367
    titleFreeBSD : OpenSSL -- Multiple vulnerabilities (f40f07aa-c00f-11e7-ac58-b499baebfeaf)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4017.NASL
    descriptionMultiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues : - CVE-2017-3735 It was discovered that OpenSSL is prone to a one-byte buffer overread while parsing a malformed IPAddressFamily extension in an X.509 certificate. Details can be found in the upstream advisory: https://www.openssl.org/news/secadv/20170828.txt - CVE-2017-3736 It was discovered that OpenSSL contains a carry propagation bug in the x86_64 Montgomery squaring procedure. Details can be found in the upstream advisory: https://www.openssl.org/news/secadv/20171102.txt
    last seen2020-06-01
    modified2020-06-02
    plugin id104401
    published2017-11-06
    reporterThis script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104401
    titleDebian DSA-4017-1 : openssl1.0 - security update
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2018-3221.NASL
    descriptionFrom Red Hat Security Advisory 2018:3221 : An update for openssl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es) : * openssl: ROHNP - Key Extraction Side Channel in Multiple Crypto Libraries (CVE-2018-0495) * openssl: Malicious server can send large prime to client during DH(E) TLS handshake causing the client to hang (CVE-2018-0732) * openssl: Handling of crafted recursive ASN.1 structures can cause a stack overflow and resulting denial of service (CVE-2018-0739) * openssl: Malformed X.509 IPAdressFamily could cause OOB read (CVE-2017-3735) * openssl: RSA key generation cache timing vulnerability in crypto/rsa/ rsa_gen.c allows attackers to recover private keys (CVE-2018-0737) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id118777
    published2018-11-07
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118777
    titleOracle Linux 7 : openssl (ELSA-2018-3221)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-3169-1.NASL
    descriptionThis update for openssl fixes the following issues: Security issues fixed : - CVE-2017-3735: openssl1,openssl: Malformed X.509 IPAdressFamily could cause OOB read (bsc#1056058) - CVE-2017-3736: openssl: bn_sqrx8x_internal carry bug on x86_64 (bsc#1066242) - Out of bounds read+crash in DES_fcrypt (bsc#1065363) - openssl DEFAULT_SUSE cipher list is missing ECDHE-ECDSA ciphers (bsc#1055825) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id104967
    published2017-12-01
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104967
    titleSUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2017:3169-1)
  • NASL familyFirewalls
    NASL idPFSENSE_SA-17_07.NASL
    descriptionAccording to its self-reported version number, the remote pfSense install is a version prior to 2.4.2 It is, therefore, affected by multiple vulnerabilities as stated in the referenced vendor advisories.
    last seen2020-06-01
    modified2020-06-02
    plugin id108517
    published2018-03-21
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/108517
    titlepfSense < 2.4.2 Multiple Vulnerabilities (SA-17_07)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1157.NASL
    descriptionA security vulnerability was discovered in OpenSSL, the Secure Sockets Layer toolkit. CVE-2017-3735 It was discovered that OpenSSL is prone to a one-byte buffer overread while parsing a malformed IPAddressFamily extension in an X.509 certificate. Details can be found in the upstream advisory: https://www.openssl.org/news/secadv/20170828.txt For Debian 7
    last seen2020-03-17
    modified2017-11-10
    plugin id104481
    published2017-11-10
    reporterThis script is Copyright (C) 2017-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/104481
    titleDebian DLA-1157-1 : openssl security update
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0065_OPENSSL.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has openssl packages installed that are affected by multiple vulnerabilities: - While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g. (CVE-2017-3735) - Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. (CVE-2018-0495) - OpenSSL RSA key generation was found to be vulnerable to cache side-channel attacks. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover parts of the private key. (CVE-2018-0737) - Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n). (CVE-2018-0739) - A microprocessor side-channel vulnerability was found on SMT (e.g, Hyper-Threading) architectures. An attacker running a malicious process on the same core of the processor as the victim process can extract certain secret information. (CVE-2018-5407) - During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2-1.0.2o). (CVE-2018-0732) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id127262
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127262
    titleNewStart CGSL CORE 5.04 / MAIN 5.04 : openssl Multiple Vulnerabilities (NS-SA-2019-0065)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2509.NASL
    descriptionAccording to the versions of the openssl098e package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.Security Fix(es):The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the
    last seen2020-05-08
    modified2019-12-04
    plugin id131662
    published2019-12-04
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131662
    titleEulerOS 2.0 SP2 : openssl098e (EulerOS-SA-2019-2509)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20181030_OPENSSL_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - openssl: ROHNP - Key Extraction Side Channel in Multiple Crypto Libraries (CVE-2018-0495) - openssl: Malicious server can send large prime to client during DH(E) TLS handshake causing the client to hang (CVE-2018-0732) - openssl: Handling of crafted recursive ASN.1 structures can cause a stack overflow and resulting denial of service (CVE-2018-0739) - openssl: Malformed X.509 IPAdressFamily could cause OOB read (CVE-2017-3735) - openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys (CVE-2018-0737)
    last seen2020-03-18
    modified2018-11-27
    plugin id119194
    published2018-11-27
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119194
    titleScientific Linux Security Update : openssl on SL7.x x86_64 (20181030)
  • NASL familyMisc.
    NASL idSECURITYCENTER_OPENSSL_1_0_2M.NASL
    descriptionThe Tenable SecurityCenter application installed on the remote host is missing a security patch. It is, therefore, affected by multiple vulnerabilities in the bundled version of OpenSSL.
    last seen2020-06-01
    modified2020-06-02
    plugin id104639
    published2017-11-16
    reporterThis script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104639
    titleTenable SecurityCenter OpenSSL 1.0.2 < 1.0.2m Multiple Vulnerabilities
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3475-1.NASL
    descriptionIt was discovered that OpenSSL incorrectly parsed the IPAddressFamily extension in X.509 certificates, resulting in an erroneous display of the certificate in text format. (CVE-2017-3735) It was discovered that OpenSSL incorrectly performed the x86_64 Montgomery squaring procedure. While unlikely, a remote attacker could possibly use this issue to recover private keys. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 16.10 and Ubuntu 17.04. (CVE-2017-3736). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id104432
    published2017-11-07
    reporterUbuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104432
    titleUbuntu 14.04 LTS / 16.04 LTS / 17.04 / 17.10 : openssl vulnerabilities (USN-3475-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1009.NASL
    descriptionAccording to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - openssl: ROHNP - Key Extraction Side Channel in Multiple Crypto Libraries (CVE-2018-0495) - openssl: Malicious server can send large prime to client during DH(E) TLS handshake causing the client to hang (CVE-2018-0732) - openssl: Handling of crafted recursive ASN.1 structures can cause a stack overflow and resulting denial of service (CVE-2018-0739) - openssl: Malformed X.509 IPAdressFamily could cause OOB read (CVE-2017-3735) - openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys (CVE-2018-0737) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2019-01-08
    plugin id120997
    published2019-01-08
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120997
    titleEulerOS 2.0 SP5 : openssl (EulerOS-SA-2019-1009)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-5.NASL
    descriptionThis update for nodejs4 fixes the following issues : Security issues fixed : - CVE-2017-15896: Vulnerable to CVE-2017-3737 due to embedded OpenSSL (bsc#1072322). - CVE-2017-14919: Embedded zlib issue could cause a DoS via specific windowBits value. - CVE-2017-3738: Embedded OpenSSL is vulnerable to rsaz_1024_mul_avx2 overflow bug on x86_64. - CVE-2017-3736: Embedded OpenSSL is vulnerable to bn_sqrx8x_internal carry bug on x86_64 (bsc#1066242). - CVE-2017-3735: Embedded OpenSSL is vulnerable to malformed X.509 IPAdressFamily that could cause OOB read (bsc#1056058). Bug fixes : - Update to release 4.8.7 (bsc#1072322) : - https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/ - https://nodejs.org/en/blog/release/v4.8.7/ - https://nodejs.org/en/blog/release/v4.8.6/ - https://nodejs.org/en/blog/release/v4.8.5/ This update was imported from the SUSE:SLE-12:Update update project.
    last seen2020-06-05
    modified2018-01-08
    plugin id105638
    published2018-01-08
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/105638
    titleopenSUSE Security Update : nodejs4 (openSUSE-2018-5)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2019-0040.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - Oracle bug 28730228: backport (CVE-2018-0732) - Oracle bug 28758493: backport (CVE-2018-0737) - Merge upstream patch to fix (CVE-2018-0739) - Avoid out-of-bounds read. Fixes CVE-2017-3735. By Rich Salz - sha256 is used for the RSA pairwise consistency test instead of sha1 - fix CVE-2019-1559 - 0-byte record padding oracle
    last seen2020-06-01
    modified2020-06-02
    plugin id127975
    published2019-08-20
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127975
    titleOracleVM 3.4 : openssl (OVMSA-2019-0040)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-3221.NASL
    descriptionAn update for openssl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es) : * openssl: ROHNP - Key Extraction Side Channel in Multiple Crypto Libraries (CVE-2018-0495) * openssl: Malicious server can send large prime to client during DH(E) TLS handshake causing the client to hang (CVE-2018-0732) * openssl: Handling of crafted recursive ASN.1 structures can cause a stack overflow and resulting denial of service (CVE-2018-0739) * openssl: Malformed X.509 IPAdressFamily could cause OOB read (CVE-2017-3735) * openssl: RSA key generation cache timing vulnerability in crypto/rsa/ rsa_gen.c allows attackers to recover private keys (CVE-2018-0737) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id118534
    published2018-10-31
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118534
    titleRHEL 7 : openssl (RHSA-2018:3221)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4018.NASL
    descriptionMultiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues : - CVE-2017-3735 It was discovered that OpenSSL is prone to a one-byte buffer overread while parsing a malformed IPAddressFamily extension in an X.509 certificate. Details can be found in the upstream advisory: https://www.openssl.org/news/secadv/20170828.txt - CVE-2017-3736 It was discovered that OpenSSL contains a carry propagation bug in the x86_64 Montgomery squaring procedure. Details can be found in the upstream advisory: https://www.openssl.org/news/secadv/20171102.txt
    last seen2020-06-01
    modified2020-06-02
    plugin id104402
    published2017-11-06
    reporterThis script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104402
    titleDebian DSA-4018-1 : openssl - security update
  • NASL familyMisc.
    NASL idORACLE_E-BUSINESS_CPU_JAN_2018.NASL
    descriptionThe version of Oracle E-Business installed on the remote host is missing the January 2018 Oracle Critical Patch Update (CPU). It is, therefore, affected by multiple vulnerabilities as noted in the January 2018 Critical Patch Update advisory. Please consult the CVRF details for the applicable CVEs for additional information. Note that Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id106105
    published2018-01-17
    reporterThis script is Copyright (C) 2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/106105
    titleOracle E-Business Multiple Vulnerabilities (January 2018 CPU)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2018-1102.NASL
    descriptionLibgcrypt allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.(CVE-2018-0495) While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006.(CVE-2017-3735) Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe.(CVE-2018-0739)
    last seen2020-06-10
    modified2018-12-07
    plugin id119464
    published2018-12-07
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119464
    titleAmazon Linux AMI : openssl (ALAS-2018-1102)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-0112-1.NASL
    descriptionThis update for openssl fixes the following issues: Security issues fixed : - CVE-2016-7056: ECSDA P-256 timing attack key recovery (bsc#1019334) - CVE-2017-3731: Truncated packet could crash via OOB read (bsc#1022085) - CVE-2016-8610: remote denial of service in SSL alert handling (bsc#1005878) - CVE-2017-3735: Malformed X.509 IPAdressFamily could cause OOB read (bsc#1056058) Bug fixes : - support alternate root ca chains (bsc#1032261) - X509_get_default_cert_file() returns an incorrect path (bsc#1022271) - Segmentation fault in
    last seen2020-06-01
    modified2020-06-02
    plugin id106093
    published2018-01-17
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/106093
    titleSUSE SLES12 Security Update : openssl (SUSE-SU-2018:0112-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-116.NASL
    descriptionThis update for nodejs6 fixes the following issues : Security issues fixed : - CVE-2017-15896: Vulnerable to CVE-2017-3737 due to embedded OpenSSL (bsc#1072322). - CVE-2017-14919: Embedded zlib issue could cause a DoS via specific windowBits value. - CVE-2017-3738: Embedded OpenSSL is vulnerable to rsaz_1024_mul_avx2 overflow bug on x86_64. - CVE-2017-3736: Embedded OpenSSL is vulnerable to bn_sqrx8x_internal carry bug on x86_64 (bsc#1066242). - CVE-2017-3735: Embedded OpenSSL is vulnerable to malformed X.509 IPAdressFamily that could cause OOB read (bsc#1056058). Bug fixes : - Update to LTS release 6.12.2 (bsc#1072322) : - https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/ - https://nodejs.org/en/blog/release/v6.12.2/ - https://nodejs.org/en/blog/release/v6.12.1/ - https://nodejs.org/en/blog/release/v6.12.0/ - https://nodejs.org/en/blog/release/v6.11.5/ - https://nodejs.org/en/blog/release/v6.11.4/ - https://nodejs.org/en/blog/release/v6.11.3/ - https://nodejs.org/en/blog/release/v6.11.2/ This update was imported from the SUSE:SLE-12:Update update project.
    last seen2020-06-05
    modified2018-02-01
    plugin id106547
    published2018-02-01
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/106547
    titleopenSUSE Security Update : nodejs6 (openSUSE-2018-116)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2018-1420.NASL
    descriptionAccording to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - openssl: ROHNP - Key Extraction Side Channel in Multiple Crypto Libraries (CVE-2018-0495) - openssl: Malicious server can send large prime to client during DH(E) TLS handshake causing the client to hang (CVE-2018-0732) - openssl: Malformed X.509 IPAdressFamily could cause OOB read (CVE-2017-3735) - openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys (CVE-2018-0737) - openssl: Handling of crafted recursive ASN.1 structures can cause a stack overflow and resulting denial of service (CVE-2018-0739) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2018-12-28
    plugin id119909
    published2018-12-28
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119909
    titleEulerOS 2.0 SP2 : openssl (EulerOS-SA-2018-1420)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_9442A811DAB311E7B5AFA4BADB2F4699.NASL
    descriptionIf an X.509 certificate has a malformed IPAddressFamily extension, OpenSSL could do a one-byte buffer overread. [CVE-2017-3735] There is a carry propagating bug in the x86_64 Montgomery squaring procedure. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen. [CVE-2017-3736] This bug only affects FreeBSD 11.x. Impact : Application using OpenSSL may display erroneous certificate in text format. [CVE-2017-3735] Mishandling of carry propagation will produce incorrect output, and make it easier for a remote attacker to obtain sensitive private-key information. No EC algorithms are affected, analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. [CVE-2017-3736]
    last seen2020-06-01
    modified2020-06-02
    plugin id105067
    published2017-12-07
    reporterThis script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/105067
    titleFreeBSD : FreeBSD -- OpenSSL multiple vulnerabilities (9442a811-dab3-11e7-b5af-a4badb2f4699)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SECUPD2017-005.NASL
    descriptionThe remote host is running Mac OS X 10.11.6 or Mac OS X 10.12.6 and is missing a security update. It is therefore, affected by multiple vulnerabilities affecting the following components : - apache - curl - IOAcceleratorFamily - IOKit - Kernel - OpenSSL - Screen Sharing Server
    last seen2020-06-01
    modified2020-06-02
    plugin id105081
    published2017-12-07
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/105081
    titlemacOS and Mac OS X Multiple Vulnerabilities (Security Update 2017-002 and 2017-005)
  • NASL familyMisc.
    NASL idORACLE_ENTERPRISE_MANAGER_OPS_CENTER_JAN_2019_CPU.NASL
    descriptionThe version of Oracle Enterprise Manager Cloud Control installed on the remote host is affected by multiple vulnerabilities in Enterprise Manager Base Platform component: - An unspecified vulnerability in the subcomponent Networking (jQuery) of Enterprise Manager Ops Center. Supported versions that are affected are 12.2.2 and 12.3.3. An easy to exploit vulnerability could allow an unauthenticated attacker with network access via HTTP to compromise Enterprise Manager Ops Center. A successful attacks requires human interaction and can result in unauthorized update, insert or delete access to some of Enterprise Manager Ops Center accessible data. (CVE-2015-9251) - An unspecified vulnerability in the subcomponent Networking (OpenSSL) of the Enterprise Manager Ops Center. Supported versions that are affected are 12.2.2 and 12.3.3. An easy to exploit vulnerability could allow an unauthenticated attacker with network access via HTTPS to compromise Enterprise Manager Ops Center. A successful attack of this vulnerability could result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Enterprise Manager Ops Center. (CVE-2018-0732) - An unspecified vulnerability in the subcomponent Networking (cURL) of Enterprise Manager Ops Center. Supported versions that are affected are 12.2.2 and 12.3.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterprise Manager Ops Center. A successful attack requires human interaction from a person other than the attacker and can result in takeover of Enterprise Manager Ops Center. (CVE-2018-1000300)
    last seen2020-06-01
    modified2020-06-02
    plugin id131184
    published2019-11-21
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131184
    titleOracle Enterprise Manager Ops Center (Jan 2019 CPU)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-4CF72E2C11.NASL
    descriptionMinor security update release 1.1.0g. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2018-01-15
    plugin id105872
    published2018-01-15
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/105872
    titleFedora 27 : 1:openssl (2017-4cf72e2c11)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1546.NASL
    descriptionAccording to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.(CVE-2018-0495) - OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key.(CVE-2013-0166) - OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an
    last seen2020-06-01
    modified2020-06-02
    plugin id124999
    published2019-05-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124999
    titleEulerOS Virtualization 3.0.1.0 : openssl (EulerOS-SA-2019-1546)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1084.NASL
    descriptionAccording to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2b-1.0.2o).(CVE-2018-0737) - While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g.(CVE-2017-3735) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id122706
    published2019-03-08
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122706
    titleEulerOS Virtualization 2.5.2 : openssl (EulerOS-SA-2019-1084)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2018-1392.NASL
    descriptionAccording to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - openssl: ROHNP - Key Extraction Side Channel in Multiple Crypto Libraries (CVE-2018-0495) - openssl: Malicious server can send large prime to client during DH(E) TLS handshake causing the client to hang (CVE-2018-0732) - openssl: Handling of crafted recursive ASN.1 structures can cause a stack overflow and resulting denial of service (CVE-2018-0739) - openssl: Malformed X.509 IPAdressFamily could cause OOB read (CVE-2017-3735) - openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys (CVE-2018-0737) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-15
    modified2018-12-10
    plugin id119520
    published2018-12-10
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119520
    titleEulerOS 2.0 SP3 : openssl (EulerOS-SA-2018-1392)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-2981-1.NASL
    descriptionThis update for openssl fixes the following issues: Security issues fixed : - CVE-2017-3735: Malformed X.509 IPAdressFamily could cause OOB read (bsc#1056058) - adjust DEFAULT_SUSE to meet 1.0.2 and current state (bsc#1027908) - out of bounds read+crash in DES_fcrypt (bsc#1065363) - DEFAULT_SUSE cipher list is missing ECDHE-ECDSA ciphers (bsc#1055825) - Missing important ciphers in openssl 1.0.1i-47.1 (bsc#990592) Bug fixes : - support alternate root ca chains (bsc#1032261) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id104530
    published2017-11-13
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104530
    titleSUSE SLES12 Security Update : openssl (SUSE-SU-2017:2981-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1400.NASL
    descriptionAccording to the versions of the openssl packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable
    last seen2020-06-01
    modified2020-06-02
    plugin id124903
    published2019-05-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124903
    titleEulerOS Virtualization for ARM 64 3.0.1.0 : openssl (EulerOS-SA-2019-1400)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201712-03.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201712-03 (OpenSSL: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in OpenSSL. Please review the referenced CVE identifiers for details. Impact : A remote attacker could cause a Denial of Service condition, recover a private key in unlikely circumstances, circumvent security restrictions to perform unauthorized actions, or gain access to sensitive information. Workaround : There are no known workarounds at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id105263
    published2017-12-15
    reporterThis script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/105263
    titleGLSA-201712-03 : OpenSSL: Multiple vulnerabilities
  • NASL familyMisc.
    NASL idJUNIPER_NSM_JSA10851.NASL
    descriptionThe remote host is running a version of NSM (Network and Security Manager) Server that is prior to 2012.2R14. It is, therefore, affected by multiple vulnerabilities in the bundled version of OpenSSL.
    last seen2020-06-01
    modified2020-06-02
    plugin id109406
    published2018-04-27
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109406
    titleJuniper NSM < 2012.2R14 OpenSSL Multiple Vulnerabilities (JSA10851)
  • NASL familyWeb Servers
    NASL idOPENSSL_1_0_2M.NASL
    descriptionAccording to its banner, the version of OpenSSL running on the remote host is 1.0.x prior to 1.0.2m. It is, therefore, affected by an unspecified carry vulnerability.
    last seen2020-06-01
    modified2020-06-02
    plugin id104408
    published2017-11-06
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104408
    titleOpenSSL 1.0.x < 1.0.2m RSA/DSA Unspecified Carry Issue
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1201.NASL
    descriptionAccording to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.i1/4^CVE-2018-0495i1/4%0 - During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2-1.0.2o).i1/4^CVE-2018-0732i1/4%0 - Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n).i1/4^CVE-2018-0739i1/4%0 - While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g.i1/4^CVE-2017-3735i1/4%0 - OpenSSL RSA key generation was found to be vulnerable to cache side-channel attacks. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover parts of the private key.i1/4^CVE-2018-0737i1/4%0 Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-19
    modified2019-04-09
    plugin id123887
    published2019-04-09
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123887
    titleEulerOS Virtualization 2.5.4 : openssl (EulerOS-SA-2019-1201)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2017-1324.NASL
    descriptionThis update for openssl fixes the following issues : Security issues fixed : - CVE-2017-3735: openssl1,openssl: Malformed X.509 IPAdressFamily could cause OOB read (bsc#1056058) - CVE-2017-3736: openssl: bn_sqrx8x_internal carry bug on x86_64 (bsc#1066242) - Out of bounds read+crash in DES_fcrypt (bsc#1065363) - openssl DEFAULT_SUSE cipher list is missing ECDHE-ECDSA ciphers (bsc#1055825) This update was imported from the SUSE:SLE-12-SP2:Update update project.
    last seen2020-06-05
    modified2017-12-14
    plugin id105224
    published2017-12-14
    reporterThis script is Copyright (C) 2017-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/105224
    titleopenSUSE Security Update : openssl (openSUSE-2017-1324)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-0002-1.NASL
    descriptionThis update for nodejs4 fixes the following issues: Security issues fixed : - CVE-2017-15896: Vulnerable to CVE-2017-3737 due to embedded OpenSSL (bsc#1072322). - CVE-2017-14919: Embedded zlib issue could cause a DoS via specific windowBits value. - CVE-2017-3738: Embedded OpenSSL is vulnerable to rsaz_1024_mul_avx2 overflow bug on x86_64. - CVE-2017-3736: Embedded OpenSSL is vulnerable to bn_sqrx8x_internal carry bug on x86_64 (bsc#1066242). - CVE-2017-3735: Embedded OpenSSL is vulnerable to malformed X.509 IPAdressFamily that could cause OOB read (bsc#1056058). Bug fixes : - Update to release 4.8.7 (bsc#1072322): https://nodejs.org/en/blog/vulnerability/december-2017-s ecurity-releases/ - https://nodejs.org/en/blog/release/v4.8.7/ - https://nodejs.org/en/blog/release/v4.8.6/ - https://nodejs.org/en/blog/release/v4.8.5/ Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-24
    modified2019-01-02
    plugin id120012
    published2019-01-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120012
    titleSUSE SLES12 Security Update : nodejs4 (SUSE-SU-2018:0002-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-512A6C5AAE.NASL
    descriptionMinor update release 1.0.2m from upstream. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2018-01-15
    plugin id105877
    published2018-01-15
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/105877
    titleFedora 27 : 1:compat-openssl10 (2017-512a6c5aae)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-7F30914972.NASL
    descriptionMinor update release 1.0.2m from upstream. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-11-22
    plugin id104729
    published2017-11-22
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104729
    titleFedora 26 : 1:compat-openssl10 (2017-7f30914972)
  • NASL familyAmazon Linux Local Security Checks
    NASL idAL2_ALAS-2018-1102.NASL
    descriptionDuring key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack.(CVE-2018-0732) Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.(CVE-2018-0495) Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe.(CVE-2018-0739) While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006.(CVE-2017-3735)
    last seen2020-06-01
    modified2020-06-02
    plugin id118833
    published2018-11-09
    reporterThis script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118833
    titleAmazon Linux 2 : openssl (ALAS-2018-1102)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2017-0042.NASL
    descriptionAn update of [linux,openssl] packages for PhotonOS has been released.
    last seen2019-02-08
    modified2019-02-07
    plugin id111891
    published2018-08-17
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=111891
    titlePhoton OS 1.0: Linux / Openssl PHSA-2017-0042 (deprecated)
  • NASL familyMisc.
    NASL idORACLE_ENTERPRISE_MANAGER_APR_2018_CPU.NASL
    descriptionThe version of Oracle Enterprise Manager Cloud Control installed on the remote host is missing a security patch. It is, therefore, affected by multiple vulnerabilities: - A carry propagating bug exists in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This issue affects only processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen. (CVE-2017-3736) - A flaw exists in parsing routine of IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. An attacker can exploit this issue to display an incorrect text of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g. (CVE-2017-3735)
    last seen2020-06-01
    modified2020-06-02
    plugin id109204
    published2018-04-20
    reporterThis script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109204
    titleOracle Enterprise Manager Cloud Control Multiple Vulnerabilities (Apr 2018 CPU)
  • NASL familyMisc.
    NASL idORACLE_SECURE_GLOBAL_DESKTOP_JAN_2018_CPU.NASL
    descriptionThe version of Oracle Secure Global Desktop installed on the remote host is 5.3 and is missing a security patch from the January 2018 Critical Patch Update (CPU). It is, therefore, affected by multiple vulnerabilities: - The included OpenSSL library has a off-by-one out-of-bounds read flaw within the X509v3_addr_get_afi() function of crypto/x509v3/v3_addr.c when handling the IPAddressFamily extension of X.509 certificates. A content-dependent attacker, with a specially crafted request, could potentially read limited memory information. (CVE-2017-3735) - The included OpenSSL library has a carry propagating flaw within the bn_sqrx8x_internal() function in crypto/bn/asm/x86_64-mont5.pl when handling RSA / DSA encryption. A content-dependent attacker, with a specially crafted request, could potentially determine the private key. (CVE-2017-3736) - The included Apache Log4j contains a flaw due to improper validation of log events before deserializing. A remote attacker, with a specially crafted log event, could potentially execute arbitrary script code. (CVE-2017-5645)
    last seen2020-06-01
    modified2020-06-02
    plugin id106199
    published2018-01-19
    reporterThis script is Copyright (C) 2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/106199
    titleOracle Secure Global Desktop Multiple Vulnerabilities (January 2018 CPU)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2017-0042_OPENSSL.NASL
    descriptionAn update of the openssl package has been released.
    last seen2020-03-17
    modified2019-02-07
    plugin id121753
    published2019-02-07
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121753
    titlePhoton OS 1.0: Openssl PHSA-2017-0042
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-0053-1.NASL
    descriptionThe Docker images provided with SUSE CaaS Platform 2.0 have been updated to include the following updates: binutils : - Update to version 2.29 - 18750 bsc#1030296 CVE-2014-9939 - 20891 bsc#1030585 CVE-2017-7225 - 20892 bsc#1030588 CVE-2017-7224 - 20898 bsc#1030589 CVE-2017-7223 - 20905 bsc#1030584 CVE-2017-7226 - 20908 bsc#1031644 CVE-2017-7299 - 20909 bsc#1031656 CVE-2017-7300 - 20921 bsc#1031595 CVE-2017-7302 - 20922 bsc#1031593 CVE-2017-7303 - 20924 bsc#1031638 CVE-2017-7301 - 20931 bsc#1031590 CVE-2017-7304 - 21135 bsc#1030298 CVE-2017-7209 - 21137 bsc#1029909 CVE-2017-6965 - 21139 bsc#1029908 CVE-2017-6966 - 21156 bsc#1029907 CVE-2017-6969 - 21157 bsc#1030297 CVE-2017-7210 - 21409 bsc#1037052 CVE-2017-8392 - 21412 bsc#1037057 CVE-2017-8393 - 21414 bsc#1037061 CVE-2017-8394 - 21432 bsc#1037066 CVE-2017-8396 - 21440 bsc#1037273 CVE-2017-8421 - 21580 bsc#1044891 CVE-2017-9746 - 21581 bsc#1044897 CVE-2017-9747 - 21582 bsc#1044901 CVE-2017-9748 - 21587 bsc#1044909 CVE-2017-9750 - 21594 bsc#1044925 CVE-2017-9755 - 21595 bsc#1044927 CVE-2017-9756 - 21787 bsc#1052518 CVE-2017-12448 - 21813 bsc#1052503, CVE-2017-12456, bsc#1052507, CVE-2017-12454, bsc#1052509, CVE-2017-12453, bsc#1052511, CVE-2017-12452, bsc#1052514, CVE-2017-12450, bsc#1052503, CVE-2017-12456, bsc#1052507, CVE-2017-12454, bsc#1052509, CVE-2017-12453, bsc#1052511, CVE-2017-12452, bsc#1052514, CVE-2017-12450 - 21933 bsc#1053347 CVE-2017-12799 - 21990 bsc#1058480 CVE-2017-14333 - 22018 bsc#1056312 CVE-2017-13757 - 22047 bsc#1057144 CVE-2017-14129 - 22058 bsc#1057149 CVE-2017-14130 - 22059 bsc#1057139 CVE-2017-14128 - 22113 bsc#1059050 CVE-2017-14529 - 22148 bsc#1060599 CVE-2017-14745 - 22163 bsc#1061241 CVE-2017-14974 - 22170 bsc#1060621 CVE-2017-14729 - Make compressed debug section handling explicit, disable for old products and enable for gas on all architectures otherwise. [bsc#1029995] - Remove empty rpath component removal optimization from to workaround CMake rpath handling. [bsc#1025282] - Fix alignment frags for aarch64 (bsc#1003846) coreutils : - Fix df(1) to no longer interact with excluded file system types, so for example specifying -x nfs no longer hangs with problematic nfs mounts. (bsc#1026567) - Ensure df -l no longer interacts with dummy file system types, so for example no longer hangs with problematic NFS mounted via system.automount(5). (bsc#1043059) - Significantly speed up df(1) for huge mount lists. (bsc#965780) file : - update to version 5.22. - CVE-2014-9621: The ELF parser in file allowed remote attackers to cause a denial of service via a long string. (bsc#913650) - CVE-2014-9620: The ELF parser in file allowed remote attackers to cause a denial of service via a large number of notes. (bsc#913651) - CVE-2014-9653: readelf.c in file did not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory access) or possibly have unspecified other impact via a crafted ELF file. (bsc#917152) - CVE-2014-8116: The ELF parser (readelf.c) in file allowed remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid capabilities. (bsc#910253) - CVE-2014-8117: softmagic.c in file did not properly limit recursion, which allowed remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors. (bsc#910253) - Fixed a memory corruption during rpmbuild (bsc#1063269) - Backport of a fix for an increased printable string length as found in file 5.30 (bsc#996511) - file command throws
    last seen2020-06-01
    modified2020-06-02
    plugin id106092
    published2018-01-17
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/106092
    titleSUSE SLES12 Security Update : CaaS Platform 2.0 images (SUSE-SU-2018:0053-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1164.NASL
    descriptionAccording to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g.i1/4^CVE-2017-3735i1/4%0 - OpenSSL RSA key generation was found to be vulnerable to cache side-channel attacks. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover parts of the private key.i1/4^CVE-2018-0737i1/4%0 Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-19
    modified2019-04-09
    plugin id123850
    published2019-04-09
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123850
    titleEulerOS Virtualization 2.5.3 : openssl (EulerOS-SA-2019-1164)

Redhat

advisories
  • rhsa
    idRHSA-2018:3221
  • rhsa
    idRHSA-2018:3505
rpms
  • openssl-1:1.0.2k-16.el7
  • openssl-debuginfo-1:1.0.2k-16.el7
  • openssl-devel-1:1.0.2k-16.el7
  • openssl-libs-1:1.0.2k-16.el7
  • openssl-perl-1:1.0.2k-16.el7
  • openssl-static-1:1.0.2k-16.el7

References