Vulnerabilities > CVE-2019-1551 - Integer Overflow or Wraparound vulnerability in multiple products

047910
CVSS 5.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
LOW
Integrity impact
NONE
Availability impact
NONE

Summary

There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u (Affected 1.0.2-1.0.2t).

Vulnerable Configurations

Part Description Count
Application
Openssl
40
Application
Oracle
79
Application
Tenable
5
OS
Opensuse
1
OS
Canonical
3
OS
Fedoraproject
3
OS
Debian
2

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Forced Integer Overflow
    This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.

Nessus

  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2019-354-01.NASL
    descriptionNew openssl packages are available for Slackware 14.2 and -current to fix a security issue.
    last seen2020-05-09
    modified2019-12-23
    plugin id132383
    published2019-12-23
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132383
    titleSlackware 14.2 / current : openssl (SSA:2019-354-01)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Slackware Security Advisory 2019-354-01. The text 
    # itself is copyright (C) Slackware Linux, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(132383);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/08");
    
      script_cve_id("CVE-2019-1551");
      script_xref(name:"SSA", value:"2019-354-01");
      script_xref(name:"IAVA", value:"2019-A-0303-S");
    
      script_name(english:"Slackware 14.2 / current : openssl (SSA:2019-354-01)");
      script_summary(english:"Checks for updated packages in /var/log/packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Slackware host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "New openssl packages are available for Slackware 14.2 and -current to
    fix a security issue."
      );
      # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2019&m=slackware-security.420794
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?1f74addf"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:openssl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:openssl-solibs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:openssl10");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:openssl10-solibs");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:14.2");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/12/06");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/12/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/23");
      script_set_attribute(attribute:"stig_severity", value:"I");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Slackware Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("slackware.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware");
    if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu);
    
    
    flag = 0;
    if (slackware_check(osver:"14.2", pkgname:"openssl", pkgver:"1.0.2u", pkgarch:"i586", pkgnum:"1_slack14.2")) flag++;
    if (slackware_check(osver:"14.2", pkgname:"openssl-solibs", pkgver:"1.0.2u", pkgarch:"i586", pkgnum:"1_slack14.2")) flag++;
    if (slackware_check(osver:"14.2", arch:"x86_64", pkgname:"openssl", pkgver:"1.0.2u", pkgarch:"x86_64", pkgnum:"1_slack14.2")) flag++;
    if (slackware_check(osver:"14.2", arch:"x86_64", pkgname:"openssl-solibs", pkgver:"1.0.2u", pkgarch:"x86_64", pkgnum:"1_slack14.2")) flag++;
    
    if (slackware_check(osver:"current", pkgname:"openssl10", pkgver:"1.0.2u", pkgarch:"i586", pkgnum:"1")) flag++;
    if (slackware_check(osver:"current", pkgname:"openssl10-solibs", pkgver:"1.0.2u", pkgarch:"i586", pkgnum:"1")) flag++;
    if (slackware_check(osver:"current", arch:"x86_64", pkgname:"openssl10", pkgver:"1.0.2u", pkgarch:"x86_64", pkgnum:"1")) flag++;
    if (slackware_check(osver:"current", arch:"x86_64", pkgname:"openssl10-solibs", pkgver:"1.0.2u", pkgarch:"x86_64", pkgnum:"1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4376-1.NASL
    descriptionCesar Pereida Garcia, Sohaib ul Hassan, Nicola Tuveri, Iaroslav Gridin, Alejandro Cabrera Aldaya, and Billy Brumley discovered that OpenSSL incorrectly handled ECDSA signatures. An attacker could possibly use this issue to perform a timing side-channel attack and recover private ECDSA keys. (CVE-2019-1547) Matt Caswell discovered that OpenSSL incorrectly handled the random number generator (RNG). This may result in applications that use the fork() system call sharing the same RNG state between the parent and the child, contrary to expectations. This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.10. (CVE-2019-1549) Guido Vranken discovered that OpenSSL incorrectly performed the x86_64 Montgomery squaring procedure. While unlikely, a remote attacker could possibly use this issue to recover private keys. (CVE-2019-1551) Bernd Edlinger discovered that OpenSSL incorrectly handled certain decryption functions. In certain scenarios, a remote attacker could possibly use this issue to perform a padding oracle attack and decrypt traffic. (CVE-2019-1563). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-06
    modified2020-05-29
    plugin id136967
    published2020-05-29
    reporterUbuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136967
    titleUbuntu 16.04 LTS / 18.04 LTS / 19.10 : openssl vulnerabilities (USN-4376-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-4376-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(136967);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/05");
    
      script_cve_id("CVE-2019-1547", "CVE-2019-1549", "CVE-2019-1551", "CVE-2019-1563");
      script_xref(name:"USN", value:"4376-1");
    
      script_name(english:"Ubuntu 16.04 LTS / 18.04 LTS / 19.10 : openssl vulnerabilities (USN-4376-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis",
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "Cesar Pereida Garcia, Sohaib ul Hassan, Nicola Tuveri, Iaroslav
    Gridin, Alejandro Cabrera Aldaya, and Billy Brumley discovered that
    OpenSSL incorrectly handled ECDSA signatures. An attacker could
    possibly use this issue to perform a timing side-channel attack and
    recover private ECDSA keys. (CVE-2019-1547)
    
    Matt Caswell discovered that OpenSSL incorrectly handled the random
    number generator (RNG). This may result in applications that use the
    fork() system call sharing the same RNG state between the parent and
    the child, contrary to expectations. This issue only affected Ubuntu
    18.04 LTS and Ubuntu 19.10. (CVE-2019-1549)
    
    Guido Vranken discovered that OpenSSL incorrectly performed the x86_64
    Montgomery squaring procedure. While unlikely, a remote attacker could
    possibly use this issue to recover private keys. (CVE-2019-1551)
    
    Bernd Edlinger discovered that OpenSSL incorrectly handled certain
    decryption functions. In certain scenarios, a remote attacker could
    possibly use this issue to perform a padding oracle attack and decrypt
    traffic. (CVE-2019-1563).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/4376-1/"
      );
      script_set_attribute(
        attribute:"solution",
        value:"Update the affected libssl1.0.0 and / or libssl1.1 packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libssl1.0.0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libssl1.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:19.10");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/09/10");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/05/28");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/05/29");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(16\.04|18\.04|19\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 16.04 / 18.04 / 19.10", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"16.04", pkgname:"libssl1.0.0", pkgver:"1.0.2g-1ubuntu4.16")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"libssl1.1", pkgver:"1.1.1-1ubuntu2.1~18.04.6")) flag++;
    if (ubuntu_check(osver:"19.10", pkgname:"libssl1.1", pkgver:"1.1.1c-1ubuntu4.1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libssl1.0.0 / libssl1.1");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1021.NASL
    descriptionAccording to the version of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - An integer overflow was found in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. As per upstream: * No EC algorithms are affected. * Attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. * Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. * Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME(CVE-2019-1551) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-09
    modified2020-01-02
    plugin id132614
    published2020-01-02
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132614
    titleEulerOS 2.0 SP8 : openssl (EulerOS-SA-2020-1021)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(132614);
      script_version("1.5");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/08");
    
      script_cve_id(
        "CVE-2019-1551"
      );
      script_xref(name:"IAVA", value:"2019-A-0303-S");
    
      script_name(english:"EulerOS 2.0 SP8 : openssl (EulerOS-SA-2020-1021)");
      script_summary(english:"Checks the rpm output for the updated package.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS host is missing a security update.");
      script_set_attribute(attribute:"description", value:
    "According to the version of the openssl packages installed, the
    EulerOS installation on the remote host is affected by the following
    vulnerability :
    
      - An integer overflow was found in the x64_64 Montgomery
        squaring procedure used in exponentiation with 512-bit
        moduli. As per upstream: * No EC algorithms are
        affected. * Attacks against 2-prime RSA1024, 3-prime
        RSA1536, and DSA1024 as a result of this defect would
        be very difficult to perform and are not believed
        likely. * Attacks against DH512 are considered just
        feasible. However, for an attack the target would have
        to re-use the DH512 private key, which is not
        recommended anyway. * Also applications directly using
        the low level API BN_mod_exp may be affected if they
        use BN_FLG_CONSTTIME(CVE-2019-1551)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1021
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?415f800f");
      script_set_attribute(attribute:"solution", value:
    "Update the affected openssl package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2020/01/02");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/01/02");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:openssl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:openssl-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:openssl-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:openssl-perl");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_set_attribute(attribute:"stig_severity", value:"I");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
      script_exclude_keys("Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
    
    sp = get_kb_item("Host/EulerOS/sp");
    if (isnull(sp) || sp !~ "^(8)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8");
    
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8", "EulerOS UVP " + uvp);
    
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);
    
    flag = 0;
    
    pkgs = ["openssl-1.1.1-3.h10.eulerosv2r8",
            "openssl-devel-1.1.1-3.h10.eulerosv2r8",
            "openssl-libs-1.1.1-3.h10.eulerosv2r8",
            "openssl-perl-1.1.1-3.h10.eulerosv2r8"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", sp:"8", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openssl");
    }
    
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2020-1_0-0264_OPENSSL.NASL
    descriptionAn update of the openssl package has been released.
    last seen2020-05-09
    modified2020-01-16
    plugin id132983
    published2020-01-16
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132983
    titlePhoton OS 1.0: Openssl PHSA-2020-1.0-0264
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    # The descriptive text and package checks in this plugin were
    # extracted from VMware Security Advisory PHSA-2020-1.0-0264. The text
    # itself is copyright (C) VMware, Inc.
    
    include('compat.inc');
    
    if (description)
    {
      script_id(132983);
      script_version("1.5");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/08");
    
      script_cve_id("CVE-2019-1551");
      script_xref(name:"IAVA", value:"2019-A-0303-S");
    
      script_name(english:"Photon OS 1.0: Openssl PHSA-2020-1.0-0264");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote PhotonOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "An update of the openssl package has been released.");
      script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-1.0-264.md");
      script_set_attribute(attribute:"solution", value:
    "Update the affected Linux packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-1551");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/12/06");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/01/15");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/01/16");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:openssl");
      script_set_attribute(attribute:"stig_severity", value:"I");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:1.0");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"PhotonOS Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/PhotonOS/release");
    if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS");
    if (release !~ "^VMware Photon (?:Linux|OS) 1\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 1.0");
    
    if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu);
    
    flag = 0;
    
    if (rpm_check(release:"PhotonOS-1.0", cpu:"x86_64", reference:"openssl-1.0.2u-1.ph1")) flag++;
    if (rpm_check(release:"PhotonOS-1.0", cpu:"x86_64", reference:"openssl-c_rehash-1.0.2u-1.ph1")) flag++;
    if (rpm_check(release:"PhotonOS-1.0", cpu:"x86_64", reference:"openssl-devel-1.0.2u-1.ph1")) flag++;
    if (rpm_check(release:"PhotonOS-1.0", cpu:"x86_64", reference:"openssl-perl-1.0.2u-1.ph1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openssl");
    }
    
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2020-0002-1.NASL
    descriptionThis update for openssl-1_1 fixes the following issues : Security issue fixed : CVE-2019-1551: Fixed an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli (bsc#1158809). Various FIPS related improvements were done: FIPS: Backport SSH KDF to openssl (jsc#SLE-8789, bsc#1157775). Port FIPS patches from SLE-12 (bsc#1158101) Use SHA-2 in the RSA pairwise consistency check (bsc#1155346) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-09
    modified2020-01-06
    plugin id132671
    published2020-01-06
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132671
    titleSUSE SLED15 / SLES15 Security Update : openssl-1_1 (SUSE-SU-2020:0002-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2020:0002-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(132671);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/08");
    
      script_cve_id("CVE-2019-1551");
      script_xref(name:"IAVA", value:"2019-A-0303-S");
    
      script_name(english:"SUSE SLED15 / SLES15 Security Update : openssl-1_1 (SUSE-SU-2020:0002-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for openssl-1_1 fixes the following issues :
    
    Security issue fixed :
    
    CVE-2019-1551: Fixed an overflow bug in the x64_64 Montgomery squaring
    procedure used in exponentiation with 512-bit moduli (bsc#1158809).
    
    Various FIPS related improvements were done: FIPS: Backport SSH KDF to
    openssl (jsc#SLE-8789, bsc#1157775).
    
    Port FIPS patches from SLE-12 (bsc#1158101)
    
    Use SHA-2 in the RSA pairwise consistency check (bsc#1155346)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1155346"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1157775"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1158101"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1158809"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-1551/"
      );
      # https://www.suse.com/support/update/announcement/2020/suse-su-20200002-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?67de2328"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use the SUSE recommended
    installation methods like YaST online_update or 'zypper patch'.
    
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Module for Open Buildservice Development Tools
    15:zypper in -t patch
    SUSE-SLE-Module-Development-Tools-OBS-15-2020-2=1
    
    SUSE Linux Enterprise Module for Basesystem 15:zypper in -t patch
    SUSE-SLE-Module-Basesystem-15-2020-2=1"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libopenssl-1_1-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libopenssl1_1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libopenssl1_1-32bit-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libopenssl1_1-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libopenssl1_1-hmac");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:openssl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:openssl-1_1-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:openssl-1_1-debugsource");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/12/06");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/01/02");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/01/06");
      script_set_attribute(attribute:"stig_severity", value:"I");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLED15|SLES15)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED15 / SLES15", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES15" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES15 SP0", os_ver + " SP" + sp);
    if (os_ver == "SLED15" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLED15 SP0", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"libopenssl-1_1-devel-32bit-1.1.0i-4.27.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"libopenssl1_1-32bit-1.1.0i-4.27.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"libopenssl1_1-32bit-debuginfo-1.1.0i-4.27.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"libopenssl1_1-hmac-32bit-1.1.0i-4.27.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"libopenssl-1_1-devel-1.1.0i-4.27.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"libopenssl1_1-1.1.0i-4.27.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"libopenssl1_1-debuginfo-1.1.0i-4.27.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"libopenssl1_1-hmac-1.1.0i-4.27.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"openssl-1_1-1.1.0i-4.27.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"openssl-1_1-debuginfo-1.1.0i-4.27.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"openssl-1_1-debugsource-1.1.0i-4.27.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", cpu:"x86_64", reference:"libopenssl-1_1-devel-32bit-1.1.0i-4.27.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", cpu:"x86_64", reference:"libopenssl1_1-32bit-1.1.0i-4.27.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", cpu:"x86_64", reference:"libopenssl1_1-32bit-debuginfo-1.1.0i-4.27.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", cpu:"x86_64", reference:"libopenssl1_1-hmac-32bit-1.1.0i-4.27.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"libopenssl-1_1-devel-1.1.0i-4.27.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"libopenssl1_1-1.1.0i-4.27.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"libopenssl1_1-debuginfo-1.1.0i-4.27.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"libopenssl1_1-hmac-1.1.0i-4.27.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"openssl-1_1-1.1.0i-4.27.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"openssl-1_1-debuginfo-1.1.0i-4.27.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"openssl-1_1-debugsource-1.1.0i-4.27.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openssl-1_1");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2699.NASL
    descriptionAccording to the version of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e-dev (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u-dev (Affected 1.0.2-1.0.2t).(CVE-2019-1551) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-09
    modified2019-12-23
    plugin id132366
    published2019-12-23
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132366
    titleEulerOS 2.0 SP5 : openssl (EulerOS-SA-2019-2699)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(132366);
      script_version("1.5");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/08");
    
      script_cve_id(
        "CVE-2019-1551"
      );
      script_xref(name:"IAVA", value:"2019-A-0303-S");
    
      script_name(english:"EulerOS 2.0 SP5 : openssl (EulerOS-SA-2019-2699)");
      script_summary(english:"Checks the rpm output for the updated package.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS host is missing a security update.");
      script_set_attribute(attribute:"description", value:
    "According to the version of the openssl packages installed, the
    EulerOS installation on the remote host is affected by the following
    vulnerability :
    
      - There is an overflow bug in the x64_64 Montgomery
        squaring procedure used in exponentiation with 512-bit
        moduli. No EC algorithms are affected. Analysis
        suggests that attacks against 2-prime RSA1024, 3-prime
        RSA1536, and DSA1024 as a result of this defect would
        be very difficult to perform and are not believed
        likely. Attacks against DH512 are considered just
        feasible. However, for an attack the target would have
        to re-use the DH512 private key, which is not
        recommended anyway. Also applications directly using
        the low level API BN_mod_exp may be affected if they
        use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e-dev
        (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u-dev
        (Affected 1.0.2-1.0.2t).(CVE-2019-1551)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2699
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d6a87899");
      script_set_attribute(attribute:"solution", value:
    "Update the affected openssl package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2019/12/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/23");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:openssl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:openssl-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:openssl-libs");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_set_attribute(attribute:"stig_severity", value:"I");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
      script_exclude_keys("Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
    
    sp = get_kb_item("Host/EulerOS/sp");
    if (isnull(sp) || sp !~ "^(5)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5");
    
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5", "EulerOS UVP " + uvp);
    
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
    
    flag = 0;
    
    pkgs = ["openssl-1.0.2k-16.h9.eulerosv2r7",
            "openssl-devel-1.0.2k-16.h9.eulerosv2r7",
            "openssl-libs-1.0.2k-16.h9.eulerosv2r7"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", sp:"5", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openssl");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1444.NASL
    descriptionAccording to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - OpenSSL has internal defaults for a directory tree where it can find a configuration file as well as certificates used for verification in TLS. This directory is most commonly referred to as OPENSSLDIR, and is configurable with the --prefix / --openssldir configuration options. For OpenSSL versions 1.1.0 and 1.1.1, the mingw configuration targets assume that resulting programs and libraries are installed in a Unix-like environment and the default prefix for program installation as well as for OPENSSLDIR should be
    last seen2020-04-30
    modified2020-04-16
    plugin id135606
    published2020-04-16
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135606
    titleEulerOS Virtualization 3.0.2.2 : openssl (EulerOS-SA-2020-1444)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2020-0028-1.NASL
    descriptionThis update for openssl-1_0_0 fixes the following issues : Security issue fixed : CVE-2019-1551: Fixed an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli (bsc#1158809). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-09
    modified2020-01-08
    plugin id132707
    published2020-01-08
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132707
    titleSUSE SLED12 / SLES12 Security Update : openssl-1_0_0 (SUSE-SU-2020:0028-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2020-0064-1.NASL
    descriptionThis update for openssl-1_0_0 fixes the following issues : Security issue fixed : CVE-2019-1551: Fixed an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli (bsc#1158809). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-09
    modified2020-01-13
    plugin id132851
    published2020-01-13
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132851
    titleSUSE SLED15 / SLES15 Security Update : openssl-1_0_0 (SUSE-SU-2020:0064-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2020-61.NASL
    descriptionThis update for openssl-1_0_0 fixes the following issues : Security issue fixed : - CVE-2019-1551: Fixed an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli (bsc#1158809). This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-05-09
    modified2020-01-16
    plugin id132950
    published2020-01-16
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132950
    titleopenSUSE Security Update : openssl-1_0_0 (openSUSE-2020-61)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-202004-10.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-202004-10 (OpenSSL: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could perform a malicious crafted TLS 1.3 handshake against an application using OpenSSL, possibly resulting in a Denial of Service condition. In addition, it&rsquo;s feasible that an attacker might attack DH512. Workaround : There is no known workaround at this time.
    last seen2020-05-09
    modified2020-04-24
    plugin id135946
    published2020-04-24
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135946
    titleGLSA-202004-10 : OpenSSL: Multiple vulnerabilities
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1333.NASL
    descriptionAccording to the version of the compat-openssl10 package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - An integer overflow was found in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. As per upstream: * No EC algorithms are affected. * Attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. * Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. * Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME(CVE-2019-1551) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-04-07
    modified2020-04-02
    plugin id135120
    published2020-04-02
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135120
    titleEulerOS Virtualization for ARM 64 3.0.6.0 : compat-openssl10 (EulerOS-SA-2020-1333)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2020-0474-1.NASL
    descriptionThis update for openssl fixes the following issues : Security issue fixed : CVE-2019-1551: Fixed an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli (bsc#1158809). Non-security issue fixed: Fixed a crash in BN_copy (bsc#1160163). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-18
    modified2020-02-26
    plugin id134083
    published2020-02-26
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134083
    titleSUSE SLES12 Security Update : openssl (SUSE-SU-2020:0474-1)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2020-3_0-0054_NXTGN.NASL
    descriptionAn update of the nxtgn package has been released.
    last seen2020-05-09
    modified2020-02-06
    plugin id133498
    published2020-02-06
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133498
    titlePhoton OS 3.0: Nxtgn PHSA-2020-3.0-0054
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1538.NASL
    descriptionAccording to the version of the openssl packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e-dev (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u-dev (Affected 1.0.2-1.0.2t).(CVE-2019-1551) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2020-05-01
    plugin id136241
    published2020-05-01
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136241
    titleEulerOS Virtualization for ARM 64 3.0.2.0 : openssl (EulerOS-SA-2020-1538)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2020-2_0-0204_NXTGN.NASL
    descriptionAn update of the nxtgn package has been released.
    last seen2020-05-09
    modified2020-02-06
    plugin id133499
    published2020-02-06
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133499
    titlePhoton OS 2.0: Nxtgn PHSA-2020-2.0-0204
  • NASL familyWeb Servers
    NASL idOPENSSL_1_1_1E_DEV.NASL
    descriptionThe version of OpenSSL installed on the remote host is prior to 1.1.1e-dev. It is, therefore, affected by a vulnerability as referenced in the 1.1.1e-dev advisory. - There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e-dev (Affected 1.1.1-1.1.1d). (CVE-2019-1551) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-05-09
    modified2020-01-09
    plugin id132725
    published2020-01-09
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132725
    titleOpenSSL 1.1.1 < 1.1.1e-dev Procedure Overflow Vulnerability
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2020-0099-1.NASL
    descriptionThis update for openssl-1_1 fixes the following issues : Security issue fixed : CVE-2019-1551: Fixed an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli (bsc#1158809). CVE-2019-1563: Fixed bleichenbacher attack against cms/pkcs7 encryptioon transported key (bsc#1150250). CVE-2019-1551: Fixed integer overflow in RSAZ modular exponentiation on x86_64 (bsc#1158809). CVE-2019-1549: Fixed fork problem with random generator (bsc#1150247). CVE-2019-1547: Fixed EC_GROUP_set_generator side channel attack avoidance (bsc#1150003). Bug fixes : Ship the openssl 1.1.1 binary as openssl-1_1, and make it installable in parallel with the system openssl (bsc#1140277). Update to 1.1.1d (bsc#1133925, jsc#SLE-6430). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-09
    modified2020-01-15
    plugin id132926
    published2020-01-15
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132926
    titleSUSE SLED12 / SLES12 Security Update : openssl-1_1 (SUSE-SU-2020:0099-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2020-62.NASL
    descriptionThis update for openssl-1_1 fixes the following issues : Security issue fixed : - CVE-2019-1551: Fixed an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli (bsc#1158809). Various FIPS related improvements were done : - FIPS: Backport SSH KDF to openssl (jsc#SLE-8789, bsc#1157775). - Port FIPS patches from SLE-12 (bsc#1158101). - Use SHA-2 in the RSA pairwise consistency check (bsc#1155346). This update was imported from the SUSE:SLE-15-SP1:Update update project.
    last seen2020-05-09
    modified2020-01-16
    plugin id132951
    published2020-01-16
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132951
    titleopenSUSE Security Update : openssl-1_1 (openSUSE-2020-62)
  • NASL familyWeb Servers
    NASL idOPENSSL_1_0_2U.NASL
    descriptionThe version of OpenSSL installed on the remote host is prior to 1.0.2u. It is, therefore, affected by a vulnerability as referenced in the 1.0.2u advisory. - There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e-dev (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u-dev (Affected 1.0.2-1.0.2t). (CVE-2019-1551) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-05-09
    modified2020-01-09
    plugin id132726
    published2020-01-09
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132726
    titleOpenSSL 1.0.2 < 1.0.2u Procedure Overflow Vulnerability
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2020-D7B29838F6.NASL
    descriptionUpdate to version 1.1.1g from upstream fixing possible remote DoS security issue. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-15
    modified2020-05-11
    plugin id136439
    published2020-05-11
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136439
    titleFedora 31 : 1:openssl (2020-d7b29838f6)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_D778DDB0233811EAA1C7B499BAEBFEAF.NASL
    descriptionThe OpenSSL project reports : rsaz_512_sqr overflow bug on x86_64 (CVE-2019-1551) (Low) There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME.
    last seen2020-05-09
    modified2019-12-23
    plugin id132351
    published2019-12-23
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132351
    titleFreeBSD : OpenSSL -- Overflow vulnerability (d778ddb0-2338-11ea-a1c7-b499baebfeaf)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1063.NASL
    descriptionAccording to the versions of the openssl packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).(CVE-2019-1563) - OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A partial mitigation for this issue is that the output from a high precision timer is mixed into the RNG state so the likelihood of a parent and child process sharing state is significantly reduced. If an application already calls OPENSSL_init_crypto() explicitly using OPENSSL_INIT_ATFORK then this problem does not occur at all. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c).(CVE-2019-1549) - Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).(CVE-2019-1547) - OpenSSL has internal defaults for a directory tree where it can find a configuration file as well as certificates used for verification in TLS. This directory is most commonly referred to as OPENSSLDIR, and is configurable with the --prefix / --openssldir configuration options. For OpenSSL versions 1.1.0 and 1.1.1, the mingw configuration targets assume that resulting programs and libraries are installed in a Unix-like environment and the default prefix for program installation as well as for OPENSSLDIR should be
    last seen2020-05-09
    modified2020-01-13
    plugin id132817
    published2020-01-13
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132817
    titleEulerOS Virtualization for ARM 64 3.0.5.0 : openssl (EulerOS-SA-2020-1063)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2020-DA2D1EF2D7.NASL
    descriptionUpdate to version 1.1.1g from upstream fixing possible remote DoS security issue. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-09
    modified2020-04-30
    plugin id136155
    published2020-04-30
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136155
    titleFedora 30 : 1:openssl (2020-da2d1ef2d7)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2020-3_0-0048_OPENSSL.NASL
    descriptionAn update of the openssl package has been released.
    last seen2020-05-09
    modified2020-01-18
    plugin id133060
    published2020-01-18
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133060
    titlePhoton OS 3.0: Openssl PHSA-2020-3.0-0048
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2020-0069-1.NASL
    descriptionThis update for openssl-1_1 fixes the following issues : Security issue fixed : CVE-2019-1551: Fixed an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli (bsc#1158809). Various FIPS related improvements were done: FIPS: Backport SSH KDF to openssl (jsc#SLE-8789, bsc#1157775). Port FIPS patches from SLE-12 (bsc#1158101). Use SHA-2 in the RSA pairwise consistency check (bsc#1155346). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-09
    modified2020-01-13
    plugin id132853
    published2020-01-13
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132853
    titleSUSE SLED15 / SLES15 Security Update : openssl-1_1 (SUSE-SU-2020:0069-1)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4594.NASL
    descriptionGuido Vranken discovered an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli.
    last seen2020-05-09
    modified2019-12-30
    plugin id132425
    published2019-12-30
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132425
    titleDebian DSA-4594-1 : openssl1.0 - security update

References