Vulnerabilities > CVE-2018-0733 - Unspecified vulnerability in Openssl

047910
CVSS 5.9 - MEDIUM
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
HIGH
Availability impact
NONE
network
high complexity
openssl
nessus

Summary

Because of an implementation bug the PA-RISC CRYPTO_memcmp function is effectively reduced to only comparing the least significant bit of each byte. This allows an attacker to forge messages that would be considered as authenticated in an amount of tries lower than that guaranteed by the security claims of the scheme. The module can only be compiled by the HP-UX assembler, so that only HP-UX PA-RISC targets are affected. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g).

Nessus

  • NASL familyMisc.
    NASL idORACLE_SECURE_GLOBAL_DESKTOP_JUL_2018_CPU.NASL
    descriptionThe version of Oracle Secure Global Desktop installed on the remote host is 5.3 / 5.4 and is missing a security patch from the July 2018 Critical Patch Update (CPU). It is, therefore, affected by multiple vulnerabilities: - curl version curl 7.54.1 to and including curl 7.59.0 contains a Heap-based Buffer Overflow vulnerability in FTP connection closing down functionality which can lead to DoS and RCE conditions. This vulnerability appears to have been fixed in curl < 7.54.1 and curl >= 7.60.0. (CVE-2018-1000300) - Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. It was possible - depending on the order Servlets were loaded - for some security constraints not to be applied. This could have exposed resources to unauthorized users. (CVE-2018-1305) - ASN.1 types with a recursive definition could exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n). (CVE-2018-0739)
    last seen2020-06-01
    modified2020-06-02
    plugin id111333
    published2018-07-25
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111333
    titleOracle Secure Global Desktop Multiple Vulnerabilities (July 2018 CPU)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(111333);
      script_version("1.5");
      script_cvs_date("Date: 2019/11/04");
    
      script_cve_id(
        "CVE-2017-3738",
        "CVE-2018-0733",
        "CVE-2018-0739",
        "CVE-2018-1304",
        "CVE-2018-1305",
        "CVE-2018-1000120",
        "CVE-2018-1000121",
        "CVE-2018-1000122",
        "CVE-2018-1000300",
        "CVE-2018-1000301"
      );
      script_bugtraq_id(
        102118,
        103144,
        103170,
        103414,
        103415,
        103436,
        103517,
        103518,
        104207,
        104225
      );
    
      script_name(english:"Oracle Secure Global Desktop Multiple Vulnerabilities (July 2018 CPU)");
      script_summary(english:"Checks the version of Oracle Secure Global Desktop.");
    
      script_set_attribute(attribute:"synopsis", value:
    "An application installed on the remote host is affected by multiple
    vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of Oracle Secure Global Desktop installed on the remote
    host is 5.3 / 5.4 and is missing a security patch from the July 2018
    Critical Patch Update (CPU). It is, therefore, affected by multiple
    vulnerabilities:
    
     - curl version curl 7.54.1 to and including curl 7.59.0 contains a 
     Heap-based Buffer Overflow vulnerability in FTP connection closing
     down functionality which can lead to DoS and RCE conditions. This 
     vulnerability appears to have been fixed in curl < 7.54.1 and 
     curl >= 7.60.0. (CVE-2018-1000300)
    
     - Security constraints defined by annotations of Servlets in Apache 
     Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 
     7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. 
     It was possible - depending on the order Servlets were loaded - for 
     some security constraints not to be applied. This could have exposed 
     resources to unauthorized users. (CVE-2018-1305)
    
     - ASN.1 types with a recursive definition could exceed the stack 
     given malicious input with excessive recursion. This could result 
     in a Denial Of Service attack. Fixed in OpenSSL 1.1.0h (Affected 
     1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n).
     (CVE-2018-0739)");
      # https://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html#AppendixOVIR
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d4c9a415");
      script_set_attribute(attribute:"solution", value:
    "Apply the appropriate patch according to the July 2018 Oracle
    Critical Patch Update advisory.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-1000300");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/05/24");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/07/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/07/25");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:virtualization_secure_global_desktop");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Misc.");
    
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("oracle_secure_global_desktop_installed.nbin");
      script_require_keys("Host/Oracle_Secure_Global_Desktop/Version");
    
      exit(0);
    }
    
    include('audit.inc');
    include('global_settings.inc');
    include('misc_func.inc');
    
    app = 'Oracle Secure Global Desktop';
    version = get_kb_item_or_exit('Host/Oracle_Secure_Global_Desktop/Version');
    
    # this check is for Oracle Secure Global Desktop packages built for Linux platform
    uname = get_kb_item_or_exit('Host/uname');
    if ('Linux' >!< uname) audit(AUDIT_OS_NOT, 'Linux');
    
    fix_required = NULL;
    
    if (version =~ "^5\.30($|\.)")
      fix_required = make_list('Patch_53p5');
    else if (version =~ "^5\.40($|\.)")
      fix_required = make_list('Patch_54p1', 'Patch_54p2', 'Patch_54p3');
    
    if (isnull(fix_required)) audit(AUDIT_INST_VER_NOT_VULN, 'Oracle Secure Global Desktop', version);
    
    patches = get_kb_list('Host/Oracle_Secure_Global_Desktop/Patches');
    
    patched = FALSE;
    foreach patch (patches)
    {
      foreach fix (fix_required)
      {
        if (patch == fix)
        {
          patched = TRUE;
          break;
        }
      }
      if (patched) break;
    }
    
    if (patched) audit(AUDIT_INST_VER_NOT_VULN, app, version + ' (with ' + patch + ')');
    
    
    report = '\n  Installed version : ' + version +
             '\n  Patch required    : ' + fix_required[0] +
             '\n';
    security_report_v4(port:0, extra:report, severity:SECURITY_HOLE);
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-40DC8B8B16.NASL
    descriptionMinor update to version 1.1.0h. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2018-04-02
    plugin id108775
    published2018-04-02
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/108775
    titleFedora 26 : 1:openssl (2018-40dc8b8b16)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2018-40dc8b8b16.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(108775);
      script_version("1.6");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2018-0733", "CVE-2018-0739");
      script_xref(name:"FEDORA", value:"2018-40dc8b8b16");
    
      script_name(english:"Fedora 26 : 1:openssl (2018-40dc8b8b16)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Minor update to version 1.1.0h.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2018-40dc8b8b16"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected 1:openssl package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:1:openssl");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:26");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/03/27");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/04/01");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/04/02");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^26([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 26", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"FC26", reference:"openssl-1.1.0h-1.fc26", epoch:"1")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "1:openssl");
    }
    
  • NASL familyMisc.
    NASL idSECURITYCENTER_OPENSSL_1_0_2N.NASL
    descriptionThe Tenable SecurityCenter application installed on the remote host is missing a security patch. It is, therefore, affected by multiple vulnerabilities in the bundled version of OpenSSL.
    last seen2020-06-01
    modified2020-06-02
    plugin id106563
    published2018-02-02
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/106563
    titleTenable SecurityCenter OpenSSL 1.0.2 < 1.0.2n Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(106563);
      script_version("1.9");
      script_cvs_date("Date: 2019/11/08");
    
      script_cve_id(
        "CVE-2017-3737",
        "CVE-2017-3738",
        "CVE-2018-0733",
        "CVE-2018-0739"
      );
      script_bugtraq_id(102103, 102118);
    
      script_name(english:"Tenable SecurityCenter OpenSSL 1.0.2 < 1.0.2n Multiple Vulnerabilities");
      script_summary(english:"Checks the version of OpenSSL in SecurityCenter.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The Tenable SecurityCenter application on the remote host contains an
    OpenSSL library that is affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The Tenable SecurityCenter application installed on the remote host
    is missing a security patch. It is, therefore, affected by multiple
    vulnerabilities in the bundled version of OpenSSL.");
      script_set_attribute(attribute:"see_also", value:"https://www.tenable.com/security/tns-2018-04");
      # https://docs.tenable.com/releasenotes/securitycenter/securitycenter79.htm
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?706680e4");
      script_set_attribute(attribute:"see_also", value:"https://www.openssl.org/news/secadv/20171207.txt");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Tenable SecurityCenter version 5.6.1 or later.
    Alternatively, apply SecurityCenter Patch SC-201801.1.5.x.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-0733");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/01/15");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/01/15");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/02/02");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:tenable:securitycenter");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Misc.");
    
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("securitycenter_installed.nbin", "securitycenter_detect.nbin");
      script_require_ports("Host/SecurityCenter/Version", "installed_sw/SecurityCenter", "Host/SecurityCenter/support/openssl/version");
    
      exit(0);
    }
    
    include("openssl_version.inc");
    include("install_func.inc");
    
    app = "OpenSSL (within SecurityCenter)";
    fix = "1.0.2n";
    
    sc_ver = get_kb_item("Host/SecurityCenter/Version");
    port = 0;
    if(empty_or_null(sc_ver))
    {
      port = 443;
      install = get_single_install(app_name:"SecurityCenter", combined:TRUE, exit_if_unknown_ver:TRUE);
      sc_ver = install["version"];
    }
    if (empty_or_null(sc_ver)) audit(AUDIT_NOT_INST, "SecurityCenter");
    
    version = get_kb_item("Host/SecurityCenter/support/openssl/version");
    if (empty_or_null(version)) audit(AUDIT_UNKNOWN_APP_VER, app);
    
    if (
      openssl_ver_cmp(ver:version, fix:"1.0.2", same_branch:TRUE, is_min_check:FALSE) >= 0 &&
      openssl_ver_cmp(ver:version, fix:fix, same_branch:TRUE, is_min_check:FALSE) < 0
    )
    {
      report =
        '\n  SecurityCenter version         : ' + sc_ver +
        '\n  SecurityCenter OpenSSL version : ' + version +
        '\n  Fixed OpenSSL version          : ' + fix +
        '\n';
      security_report_v4(port:port, severity:SECURITY_WARNING, extra:report);
      exit(0);
    }
    else audit(AUDIT_INST_VER_NOT_VULN, app, version);
    
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2018-1065.NASL
    descriptionBecause of an implementation bug the PA-RISC CRYPTO_memcmp function is effectively reduced to only comparing the least significant bit of each byte. This allows an attacker to forge messages that would be considered as authenticated in an amount of tries lower than that guaranteed by the security claims of the scheme. The module can only be compiled by the HP-UX assembler, so that only HP-UX PA-RISC targets are affected.(CVE-2018-0733) Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe.(CVE-2018-0739)
    last seen2020-06-01
    modified2020-06-02
    plugin id112092
    published2018-08-24
    reporterThis script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/112092
    titleAmazon Linux AMI : openssl (ALAS-2018-1065)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Amazon Linux AMI Security Advisory ALAS-2018-1065.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(112092);
      script_version("1.2");
      script_cvs_date("Date: 2018/08/31 12:25:01");
    
      script_cve_id("CVE-2018-0733", "CVE-2018-0739");
      script_xref(name:"ALAS", value:"2018-1065");
    
      script_name(english:"Amazon Linux AMI : openssl (ALAS-2018-1065)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Amazon Linux AMI host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Because of an implementation bug the PA-RISC CRYPTO_memcmp function is
    effectively reduced to only comparing the least significant bit of
    each byte. This allows an attacker to forge messages that would be
    considered as authenticated in an amount of tries lower than that
    guaranteed by the security claims of the scheme. The module can only
    be compiled by the HP-UX assembler, so that only HP-UX PA-RISC targets
    are affected.(CVE-2018-0733)
    
    Constructed ASN.1 types with a recursive definition (such as can be
    found in PKCS7) could eventually exceed the stack given malicious
    input with excessive recursion. This could result in a Denial Of
    Service attack. There are no such structures used within SSL/TLS that
    come from untrusted sources so this is considered safe.(CVE-2018-0739)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://alas.aws.amazon.com/ALAS-2018-1065.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Run 'yum update openssl' to update your system."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:openssl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:openssl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:openssl-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:openssl-perl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:openssl-static");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2018/08/22");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/08/24");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Amazon Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/AmazonLinux/release");
    if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
    os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
    os_ver = os_ver[1];
    if (os_ver != "A")
    {
      if (os_ver == 'A') os_ver = 'AMI';
      audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
    }
    
    if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (rpm_check(release:"ALA", reference:"openssl-1.0.2k-12.110.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"openssl-debuginfo-1.0.2k-12.110.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"openssl-devel-1.0.2k-12.110.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"openssl-perl-1.0.2k-12.110.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"openssl-static-1.0.2k-12.110.amzn1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openssl / openssl-debuginfo / openssl-devel / openssl-perl / etc");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-76AFAF1961.NASL
    descriptionMinor update to version 1.1.0h. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2018-04-02
    plugin id108776
    published2018-04-02
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/108776
    titleFedora 27 : 1:openssl (2018-76afaf1961)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2018-76afaf1961.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(108776);
      script_version("1.6");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2018-0733", "CVE-2018-0739");
      script_xref(name:"FEDORA", value:"2018-76afaf1961");
    
      script_name(english:"Fedora 27 : 1:openssl (2018-76afaf1961)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Minor update to version 1.1.0h.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2018-76afaf1961"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected 1:openssl package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:1:openssl");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:27");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/03/27");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/04/01");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/04/02");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^27([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 27", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"FC27", reference:"openssl-1.1.0h-1.fc27", epoch:"1")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "1:openssl");
    }
    
  • NASL familyMisc.
    NASL idORACLE_ENTERPRISE_MANAGER_OPS_CENTER_JAN_2019_CPU.NASL
    descriptionThe version of Oracle Enterprise Manager Cloud Control installed on the remote host is affected by multiple vulnerabilities in Enterprise Manager Base Platform component: - An unspecified vulnerability in the subcomponent Networking (jQuery) of Enterprise Manager Ops Center. Supported versions that are affected are 12.2.2 and 12.3.3. An easy to exploit vulnerability could allow an unauthenticated attacker with network access via HTTP to compromise Enterprise Manager Ops Center. A successful attacks requires human interaction and can result in unauthorized update, insert or delete access to some of Enterprise Manager Ops Center accessible data. (CVE-2015-9251) - An unspecified vulnerability in the subcomponent Networking (OpenSSL) of the Enterprise Manager Ops Center. Supported versions that are affected are 12.2.2 and 12.3.3. An easy to exploit vulnerability could allow an unauthenticated attacker with network access via HTTPS to compromise Enterprise Manager Ops Center. A successful attack of this vulnerability could result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Enterprise Manager Ops Center. (CVE-2018-0732) - An unspecified vulnerability in the subcomponent Networking (cURL) of Enterprise Manager Ops Center. Supported versions that are affected are 12.2.2 and 12.3.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterprise Manager Ops Center. A successful attack requires human interaction from a person other than the attacker and can result in takeover of Enterprise Manager Ops Center. (CVE-2018-1000300)
    last seen2020-06-01
    modified2020-06-02
    plugin id131184
    published2019-11-21
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131184
    titleOracle Enterprise Manager Ops Center (Jan 2019 CPU)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(131184);
      script_version("1.2");
      script_cvs_date("Date: 2019/11/22");
    
      script_cve_id(
        "CVE-2015-9251",
        "CVE-2017-3735",
        "CVE-2017-3736",
        "CVE-2017-3738",
        "CVE-2018-0732",
        "CVE-2018-0733",
        "CVE-2018-0737",
        "CVE-2018-0739",
        "CVE-2018-1000120",
        "CVE-2018-1000121",
        "CVE-2018-1000122",
        "CVE-2018-1000300",
        "CVE-2018-1000301"
      );
    
      script_name(english:"Oracle Enterprise Manager Ops Center (Jan 2019 CPU)");
      script_summary(english:"Checks for the patch ID.");
    
      script_set_attribute(attribute:"synopsis", value:
    "An enterprise management application installed on the remote host is
    affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of Oracle Enterprise Manager Cloud Control installed on
    the remote host is affected by multiple vulnerabilities in
    Enterprise Manager Base Platform component:
    
      - An unspecified vulnerability in the subcomponent Networking
        (jQuery) of Enterprise Manager Ops Center. Supported versions
        that are affected are 12.2.2 and 12.3.3. An easy to exploit
        vulnerability could allow an unauthenticated attacker with
        network access via HTTP to compromise Enterprise Manager Ops
        Center. A successful attacks requires human interaction and
        can result in unauthorized update, insert or delete access
        to some of Enterprise Manager Ops Center accessible data.
        (CVE-2015-9251)
    
      - An unspecified vulnerability in the subcomponent Networking
        (OpenSSL) of the Enterprise Manager Ops Center. Supported
        versions that are affected are 12.2.2 and 12.3.3. An easy
        to exploit vulnerability could allow an unauthenticated
        attacker with network access via HTTPS to compromise
        Enterprise Manager Ops Center. A successful attack of this
        vulnerability could result in unauthorized ability to cause
        a hang or frequently repeatable crash (complete DOS) of
        Enterprise Manager Ops Center. (CVE-2018-0732)
    
      - An unspecified vulnerability in the subcomponent Networking
        (cURL) of Enterprise Manager Ops Center. Supported versions
        that are affected are 12.2.2 and 12.3.3. Difficult to exploit
        vulnerability allows unauthenticated attacker with network
        access via HTTP to compromise Enterprise Manager Ops Center.
        A successful attack requires human interaction from a person
        other than the attacker and can result in takeover of
        Enterprise Manager Ops Center. (CVE-2018-1000300)");
      # https://www.oracle.com/security-alerts/cpujan2019.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?69d7e6bf");
      script_set_attribute(attribute:"solution", value:
    "Apply the appropriate patch according to the January 2019
    Oracle Critical Patch Update advisory.");
      script_set_attribute(attribute:"agent", value:"unix");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-1000300");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/01/16");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/01/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/21");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:enterprise_manager_ops_center");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Misc.");
    
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("oracle_enterprise_manager_ops_center_installed.nbin");
      script_require_keys("installed_sw/Oracle Enterprise Manager Ops Center");
    
      exit(0);
    }
    
    include('global_settings.inc');
    include('misc_func.inc');
    include('install_func.inc');
    
    get_kb_item_or_exit('Host/local_checks_enabled');
    app_name = 'Oracle Enterprise Manager Ops Center';
    
    install = get_single_install(app_name:app_name, exit_if_unknown_ver:TRUE);
    version = install['version'];
    version_full = install['Full Patch Version'];
    path = install['path'];
    patch_version = install['Patch Version'];
    
    
    patchid = NULL;
    fix = NULL;
    
    if (version_full =~ "^12\.2\.2\.")
    {
      patchid = '29215911';
      fix = '1133';
    } 
    else if (version_full =~ "^12\.3\.3\.")
    {
      patchid = '29215911';
      fix = '1817';
    }
    
    if (isnull(patchid))
      audit(AUDIT_HOST_NOT, 'affected');
    
    if (ver_compare(ver:patch_version, fix:fix, strict:FALSE) != -1)
      audit(AUDIT_INST_PATH_NOT_VULN, app_name, version_full, path);
    
    report = 
      '\n Path                : ' + path + 
      '\n Version             : ' + version + 
      '\n Ops Agent Version   : ' + version_full + 
      '\n Current Patch       : ' + patch_version + 
      '\n Fixed Patch Version : ' + fix +
      '\n Fix                 : ' + patchid;
    
    security_report_v4(extra:report, severity:SECURITY_HOLE, port:0);
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-49651B2236.NASL
    descriptionMinor update to version 1.1.0h. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2019-01-03
    plugin id120390
    published2019-01-03
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120390
    titleFedora 28 : 1:openssl (2018-49651b2236)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2018-49651b2236.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(120390);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2018-0733", "CVE-2018-0739");
      script_xref(name:"FEDORA", value:"2018-49651b2236");
    
      script_name(english:"Fedora 28 : 1:openssl (2018-49651b2236)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Minor update to version 1.1.0h.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2018-49651b2236"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected 1:openssl package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-0733");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:1:openssl");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:28");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/03/27");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/04/01");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/03");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^28([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 28", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"FC28", reference:"openssl-1.1.0h-2.fc28", epoch:"1")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "1:openssl");
    }
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201811-21.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201811-21 (OpenSSL: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in OpenSSL. Please review the referenced CVE identifiers for details. Impact : A remote attacker could cause a Denial of Service condition, obtain private keying material, or gain access to sensitive information. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id119275
    published2018-11-29
    reporterThis script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119275
    titleGLSA-201811-21 : OpenSSL: Multiple vulnerabilities

References