Vulnerabilities > CVE-2018-0733 - Unspecified vulnerability in Openssl
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
NONE Integrity impact
HIGH Availability impact
NONE Summary
Because of an implementation bug the PA-RISC CRYPTO_memcmp function is effectively reduced to only comparing the least significant bit of each byte. This allows an attacker to forge messages that would be considered as authenticated in an amount of tries lower than that guaranteed by the security claims of the scheme. The module can only be compiled by the HP-UX assembler, so that only HP-UX PA-RISC targets are affected. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g).
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 14 |
Nessus
NASL family Misc. NASL id ORACLE_SECURE_GLOBAL_DESKTOP_JUL_2018_CPU.NASL description The version of Oracle Secure Global Desktop installed on the remote host is 5.3 / 5.4 and is missing a security patch from the July 2018 Critical Patch Update (CPU). It is, therefore, affected by multiple vulnerabilities: - curl version curl 7.54.1 to and including curl 7.59.0 contains a Heap-based Buffer Overflow vulnerability in FTP connection closing down functionality which can lead to DoS and RCE conditions. This vulnerability appears to have been fixed in curl < 7.54.1 and curl >= 7.60.0. (CVE-2018-1000300) - Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. It was possible - depending on the order Servlets were loaded - for some security constraints not to be applied. This could have exposed resources to unauthorized users. (CVE-2018-1305) - ASN.1 types with a recursive definition could exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n). (CVE-2018-0739) last seen 2020-06-01 modified 2020-06-02 plugin id 111333 published 2018-07-25 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/111333 title Oracle Secure Global Desktop Multiple Vulnerabilities (July 2018 CPU) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(111333); script_version("1.5"); script_cvs_date("Date: 2019/11/04"); script_cve_id( "CVE-2017-3738", "CVE-2018-0733", "CVE-2018-0739", "CVE-2018-1304", "CVE-2018-1305", "CVE-2018-1000120", "CVE-2018-1000121", "CVE-2018-1000122", "CVE-2018-1000300", "CVE-2018-1000301" ); script_bugtraq_id( 102118, 103144, 103170, 103414, 103415, 103436, 103517, 103518, 104207, 104225 ); script_name(english:"Oracle Secure Global Desktop Multiple Vulnerabilities (July 2018 CPU)"); script_summary(english:"Checks the version of Oracle Secure Global Desktop."); script_set_attribute(attribute:"synopsis", value: "An application installed on the remote host is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of Oracle Secure Global Desktop installed on the remote host is 5.3 / 5.4 and is missing a security patch from the July 2018 Critical Patch Update (CPU). It is, therefore, affected by multiple vulnerabilities: - curl version curl 7.54.1 to and including curl 7.59.0 contains a Heap-based Buffer Overflow vulnerability in FTP connection closing down functionality which can lead to DoS and RCE conditions. This vulnerability appears to have been fixed in curl < 7.54.1 and curl >= 7.60.0. (CVE-2018-1000300) - Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. It was possible - depending on the order Servlets were loaded - for some security constraints not to be applied. This could have exposed resources to unauthorized users. (CVE-2018-1305) - ASN.1 types with a recursive definition could exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n). (CVE-2018-0739)"); # https://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html#AppendixOVIR script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d4c9a415"); script_set_attribute(attribute:"solution", value: "Apply the appropriate patch according to the July 2018 Oracle Critical Patch Update advisory."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-1000300"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/05/24"); script_set_attribute(attribute:"patch_publication_date", value:"2018/07/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/07/25"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:virtualization_secure_global_desktop"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Misc."); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("oracle_secure_global_desktop_installed.nbin"); script_require_keys("Host/Oracle_Secure_Global_Desktop/Version"); exit(0); } include('audit.inc'); include('global_settings.inc'); include('misc_func.inc'); app = 'Oracle Secure Global Desktop'; version = get_kb_item_or_exit('Host/Oracle_Secure_Global_Desktop/Version'); # this check is for Oracle Secure Global Desktop packages built for Linux platform uname = get_kb_item_or_exit('Host/uname'); if ('Linux' >!< uname) audit(AUDIT_OS_NOT, 'Linux'); fix_required = NULL; if (version =~ "^5\.30($|\.)") fix_required = make_list('Patch_53p5'); else if (version =~ "^5\.40($|\.)") fix_required = make_list('Patch_54p1', 'Patch_54p2', 'Patch_54p3'); if (isnull(fix_required)) audit(AUDIT_INST_VER_NOT_VULN, 'Oracle Secure Global Desktop', version); patches = get_kb_list('Host/Oracle_Secure_Global_Desktop/Patches'); patched = FALSE; foreach patch (patches) { foreach fix (fix_required) { if (patch == fix) { patched = TRUE; break; } } if (patched) break; } if (patched) audit(AUDIT_INST_VER_NOT_VULN, app, version + ' (with ' + patch + ')'); report = '\n Installed version : ' + version + '\n Patch required : ' + fix_required[0] + '\n'; security_report_v4(port:0, extra:report, severity:SECURITY_HOLE);
NASL family Fedora Local Security Checks NASL id FEDORA_2018-40DC8B8B16.NASL description Minor update to version 1.1.0h. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2018-04-02 plugin id 108775 published 2018-04-02 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/108775 title Fedora 26 : 1:openssl (2018-40dc8b8b16) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2018-40dc8b8b16. # include("compat.inc"); if (description) { script_id(108775); script_version("1.6"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2018-0733", "CVE-2018-0739"); script_xref(name:"FEDORA", value:"2018-40dc8b8b16"); script_name(english:"Fedora 26 : 1:openssl (2018-40dc8b8b16)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Minor update to version 1.1.0h. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2018-40dc8b8b16" ); script_set_attribute( attribute:"solution", value:"Update the affected 1:openssl package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:1:openssl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:26"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/03/27"); script_set_attribute(attribute:"patch_publication_date", value:"2018/04/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/04/02"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^26([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 26", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC26", reference:"openssl-1.1.0h-1.fc26", epoch:"1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "1:openssl"); }
NASL family Misc. NASL id SECURITYCENTER_OPENSSL_1_0_2N.NASL description The Tenable SecurityCenter application installed on the remote host is missing a security patch. It is, therefore, affected by multiple vulnerabilities in the bundled version of OpenSSL. last seen 2020-06-01 modified 2020-06-02 plugin id 106563 published 2018-02-02 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/106563 title Tenable SecurityCenter OpenSSL 1.0.2 < 1.0.2n Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(106563); script_version("1.9"); script_cvs_date("Date: 2019/11/08"); script_cve_id( "CVE-2017-3737", "CVE-2017-3738", "CVE-2018-0733", "CVE-2018-0739" ); script_bugtraq_id(102103, 102118); script_name(english:"Tenable SecurityCenter OpenSSL 1.0.2 < 1.0.2n Multiple Vulnerabilities"); script_summary(english:"Checks the version of OpenSSL in SecurityCenter."); script_set_attribute(attribute:"synopsis", value: "The Tenable SecurityCenter application on the remote host contains an OpenSSL library that is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The Tenable SecurityCenter application installed on the remote host is missing a security patch. It is, therefore, affected by multiple vulnerabilities in the bundled version of OpenSSL."); script_set_attribute(attribute:"see_also", value:"https://www.tenable.com/security/tns-2018-04"); # https://docs.tenable.com/releasenotes/securitycenter/securitycenter79.htm script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?706680e4"); script_set_attribute(attribute:"see_also", value:"https://www.openssl.org/news/secadv/20171207.txt"); script_set_attribute(attribute:"solution", value: "Upgrade to Tenable SecurityCenter version 5.6.1 or later. Alternatively, apply SecurityCenter Patch SC-201801.1.5.x."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-0733"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/01/15"); script_set_attribute(attribute:"patch_publication_date", value:"2018/01/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/02/02"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:tenable:securitycenter"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Misc."); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("securitycenter_installed.nbin", "securitycenter_detect.nbin"); script_require_ports("Host/SecurityCenter/Version", "installed_sw/SecurityCenter", "Host/SecurityCenter/support/openssl/version"); exit(0); } include("openssl_version.inc"); include("install_func.inc"); app = "OpenSSL (within SecurityCenter)"; fix = "1.0.2n"; sc_ver = get_kb_item("Host/SecurityCenter/Version"); port = 0; if(empty_or_null(sc_ver)) { port = 443; install = get_single_install(app_name:"SecurityCenter", combined:TRUE, exit_if_unknown_ver:TRUE); sc_ver = install["version"]; } if (empty_or_null(sc_ver)) audit(AUDIT_NOT_INST, "SecurityCenter"); version = get_kb_item("Host/SecurityCenter/support/openssl/version"); if (empty_or_null(version)) audit(AUDIT_UNKNOWN_APP_VER, app); if ( openssl_ver_cmp(ver:version, fix:"1.0.2", same_branch:TRUE, is_min_check:FALSE) >= 0 && openssl_ver_cmp(ver:version, fix:fix, same_branch:TRUE, is_min_check:FALSE) < 0 ) { report = '\n SecurityCenter version : ' + sc_ver + '\n SecurityCenter OpenSSL version : ' + version + '\n Fixed OpenSSL version : ' + fix + '\n'; security_report_v4(port:port, severity:SECURITY_WARNING, extra:report); exit(0); } else audit(AUDIT_INST_VER_NOT_VULN, app, version);
NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2018-1065.NASL description Because of an implementation bug the PA-RISC CRYPTO_memcmp function is effectively reduced to only comparing the least significant bit of each byte. This allows an attacker to forge messages that would be considered as authenticated in an amount of tries lower than that guaranteed by the security claims of the scheme. The module can only be compiled by the HP-UX assembler, so that only HP-UX PA-RISC targets are affected.(CVE-2018-0733) Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe.(CVE-2018-0739) last seen 2020-06-01 modified 2020-06-02 plugin id 112092 published 2018-08-24 reporter This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/112092 title Amazon Linux AMI : openssl (ALAS-2018-1065) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Amazon Linux AMI Security Advisory ALAS-2018-1065. # include("compat.inc"); if (description) { script_id(112092); script_version("1.2"); script_cvs_date("Date: 2018/08/31 12:25:01"); script_cve_id("CVE-2018-0733", "CVE-2018-0739"); script_xref(name:"ALAS", value:"2018-1065"); script_name(english:"Amazon Linux AMI : openssl (ALAS-2018-1065)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Amazon Linux AMI host is missing a security update." ); script_set_attribute( attribute:"description", value: "Because of an implementation bug the PA-RISC CRYPTO_memcmp function is effectively reduced to only comparing the least significant bit of each byte. This allows an attacker to forge messages that would be considered as authenticated in an amount of tries lower than that guaranteed by the security claims of the scheme. The module can only be compiled by the HP-UX assembler, so that only HP-UX PA-RISC targets are affected.(CVE-2018-0733) Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe.(CVE-2018-0739)" ); script_set_attribute( attribute:"see_also", value:"https://alas.aws.amazon.com/ALAS-2018-1065.html" ); script_set_attribute( attribute:"solution", value:"Run 'yum update openssl' to update your system." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:openssl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:openssl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:openssl-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:openssl-perl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:openssl-static"); script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2018/08/22"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/08/24"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Amazon Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/AmazonLinux/release"); if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux"); os_ver = pregmatch(pattern: "^AL(A|\d)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux"); os_ver = os_ver[1]; if (os_ver != "A") { if (os_ver == 'A') os_ver = 'AMI'; audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver); } if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (rpm_check(release:"ALA", reference:"openssl-1.0.2k-12.110.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"openssl-debuginfo-1.0.2k-12.110.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"openssl-devel-1.0.2k-12.110.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"openssl-perl-1.0.2k-12.110.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"openssl-static-1.0.2k-12.110.amzn1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openssl / openssl-debuginfo / openssl-devel / openssl-perl / etc"); }
NASL family Fedora Local Security Checks NASL id FEDORA_2018-76AFAF1961.NASL description Minor update to version 1.1.0h. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2018-04-02 plugin id 108776 published 2018-04-02 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/108776 title Fedora 27 : 1:openssl (2018-76afaf1961) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2018-76afaf1961. # include("compat.inc"); if (description) { script_id(108776); script_version("1.6"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2018-0733", "CVE-2018-0739"); script_xref(name:"FEDORA", value:"2018-76afaf1961"); script_name(english:"Fedora 27 : 1:openssl (2018-76afaf1961)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Minor update to version 1.1.0h. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2018-76afaf1961" ); script_set_attribute( attribute:"solution", value:"Update the affected 1:openssl package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:1:openssl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:27"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/03/27"); script_set_attribute(attribute:"patch_publication_date", value:"2018/04/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/04/02"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^27([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 27", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC27", reference:"openssl-1.1.0h-1.fc27", epoch:"1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "1:openssl"); }
NASL family Misc. NASL id ORACLE_ENTERPRISE_MANAGER_OPS_CENTER_JAN_2019_CPU.NASL description The version of Oracle Enterprise Manager Cloud Control installed on the remote host is affected by multiple vulnerabilities in Enterprise Manager Base Platform component: - An unspecified vulnerability in the subcomponent Networking (jQuery) of Enterprise Manager Ops Center. Supported versions that are affected are 12.2.2 and 12.3.3. An easy to exploit vulnerability could allow an unauthenticated attacker with network access via HTTP to compromise Enterprise Manager Ops Center. A successful attacks requires human interaction and can result in unauthorized update, insert or delete access to some of Enterprise Manager Ops Center accessible data. (CVE-2015-9251) - An unspecified vulnerability in the subcomponent Networking (OpenSSL) of the Enterprise Manager Ops Center. Supported versions that are affected are 12.2.2 and 12.3.3. An easy to exploit vulnerability could allow an unauthenticated attacker with network access via HTTPS to compromise Enterprise Manager Ops Center. A successful attack of this vulnerability could result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Enterprise Manager Ops Center. (CVE-2018-0732) - An unspecified vulnerability in the subcomponent Networking (cURL) of Enterprise Manager Ops Center. Supported versions that are affected are 12.2.2 and 12.3.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterprise Manager Ops Center. A successful attack requires human interaction from a person other than the attacker and can result in takeover of Enterprise Manager Ops Center. (CVE-2018-1000300) last seen 2020-06-01 modified 2020-06-02 plugin id 131184 published 2019-11-21 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131184 title Oracle Enterprise Manager Ops Center (Jan 2019 CPU) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(131184); script_version("1.2"); script_cvs_date("Date: 2019/11/22"); script_cve_id( "CVE-2015-9251", "CVE-2017-3735", "CVE-2017-3736", "CVE-2017-3738", "CVE-2018-0732", "CVE-2018-0733", "CVE-2018-0737", "CVE-2018-0739", "CVE-2018-1000120", "CVE-2018-1000121", "CVE-2018-1000122", "CVE-2018-1000300", "CVE-2018-1000301" ); script_name(english:"Oracle Enterprise Manager Ops Center (Jan 2019 CPU)"); script_summary(english:"Checks for the patch ID."); script_set_attribute(attribute:"synopsis", value: "An enterprise management application installed on the remote host is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of Oracle Enterprise Manager Cloud Control installed on the remote host is affected by multiple vulnerabilities in Enterprise Manager Base Platform component: - An unspecified vulnerability in the subcomponent Networking (jQuery) of Enterprise Manager Ops Center. Supported versions that are affected are 12.2.2 and 12.3.3. An easy to exploit vulnerability could allow an unauthenticated attacker with network access via HTTP to compromise Enterprise Manager Ops Center. A successful attacks requires human interaction and can result in unauthorized update, insert or delete access to some of Enterprise Manager Ops Center accessible data. (CVE-2015-9251) - An unspecified vulnerability in the subcomponent Networking (OpenSSL) of the Enterprise Manager Ops Center. Supported versions that are affected are 12.2.2 and 12.3.3. An easy to exploit vulnerability could allow an unauthenticated attacker with network access via HTTPS to compromise Enterprise Manager Ops Center. A successful attack of this vulnerability could result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Enterprise Manager Ops Center. (CVE-2018-0732) - An unspecified vulnerability in the subcomponent Networking (cURL) of Enterprise Manager Ops Center. Supported versions that are affected are 12.2.2 and 12.3.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterprise Manager Ops Center. A successful attack requires human interaction from a person other than the attacker and can result in takeover of Enterprise Manager Ops Center. (CVE-2018-1000300)"); # https://www.oracle.com/security-alerts/cpujan2019.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?69d7e6bf"); script_set_attribute(attribute:"solution", value: "Apply the appropriate patch according to the January 2019 Oracle Critical Patch Update advisory."); script_set_attribute(attribute:"agent", value:"unix"); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-1000300"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/01/16"); script_set_attribute(attribute:"patch_publication_date", value:"2019/01/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/21"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:enterprise_manager_ops_center"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Misc."); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("oracle_enterprise_manager_ops_center_installed.nbin"); script_require_keys("installed_sw/Oracle Enterprise Manager Ops Center"); exit(0); } include('global_settings.inc'); include('misc_func.inc'); include('install_func.inc'); get_kb_item_or_exit('Host/local_checks_enabled'); app_name = 'Oracle Enterprise Manager Ops Center'; install = get_single_install(app_name:app_name, exit_if_unknown_ver:TRUE); version = install['version']; version_full = install['Full Patch Version']; path = install['path']; patch_version = install['Patch Version']; patchid = NULL; fix = NULL; if (version_full =~ "^12\.2\.2\.") { patchid = '29215911'; fix = '1133'; } else if (version_full =~ "^12\.3\.3\.") { patchid = '29215911'; fix = '1817'; } if (isnull(patchid)) audit(AUDIT_HOST_NOT, 'affected'); if (ver_compare(ver:patch_version, fix:fix, strict:FALSE) != -1) audit(AUDIT_INST_PATH_NOT_VULN, app_name, version_full, path); report = '\n Path : ' + path + '\n Version : ' + version + '\n Ops Agent Version : ' + version_full + '\n Current Patch : ' + patch_version + '\n Fixed Patch Version : ' + fix + '\n Fix : ' + patchid; security_report_v4(extra:report, severity:SECURITY_HOLE, port:0);
NASL family Fedora Local Security Checks NASL id FEDORA_2018-49651B2236.NASL description Minor update to version 1.1.0h. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2019-01-03 plugin id 120390 published 2019-01-03 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/120390 title Fedora 28 : 1:openssl (2018-49651b2236) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2018-49651b2236. # include("compat.inc"); if (description) { script_id(120390); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2018-0733", "CVE-2018-0739"); script_xref(name:"FEDORA", value:"2018-49651b2236"); script_name(english:"Fedora 28 : 1:openssl (2018-49651b2236)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Minor update to version 1.1.0h. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2018-49651b2236" ); script_set_attribute( attribute:"solution", value:"Update the affected 1:openssl package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-0733"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:1:openssl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:28"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/03/27"); script_set_attribute(attribute:"patch_publication_date", value:"2018/04/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/03"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^28([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 28", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC28", reference:"openssl-1.1.0h-2.fc28", epoch:"1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "1:openssl"); }
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201811-21.NASL description The remote host is affected by the vulnerability described in GLSA-201811-21 (OpenSSL: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in OpenSSL. Please review the referenced CVE identifiers for details. Impact : A remote attacker could cause a Denial of Service condition, obtain private keying material, or gain access to sensitive information. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 119275 published 2018-11-29 reporter This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119275 title GLSA-201811-21 : OpenSSL: Multiple vulnerabilities
Related news
References
- https://www.openssl.org/news/secadv/20180327.txt
- http://www.securitytracker.com/id/1040576
- http://www.securityfocus.com/bid/103517
- https://security.netapp.com/advisory/ntap-20180330-0002/
- https://www.tenable.com/security/tns-2018-04
- https://www.tenable.com/security/tns-2018-07
- https://www.tenable.com/security/tns-2018-06
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
- https://security.gentoo.org/glsa/201811-21
- https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=56d5a4bfcaf37fa420aef2bb881aa55e61cf5f2f