CVEID: CVE-2015-3194
DESCRIPTION: OpenSSL allows remote attackers to cause a denial of service
(NULL pointer dereference and application crash) via an RSA PSS ASN.1
signature that lacks a mask generation function parameter.
CVSS Base Score: 5.3
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/108503 for the
current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVEID: CVE-2015-3195
DESCRIPTION: The ASN1_TFLG_COMBINE implementation in OpenSSL mishandles
errors caused by malformed X509_ATTRIBUTE data, which allows remote
attackers to obtain sensitive information from process memory by
triggering a decoding failure in a PKCS#7 or CMS application.
CVSS Base Score: 5.3
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/108504 for the
current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVEID: CVE-2015-3196
DESCRIPTION: OpenSSL when used for a multi-threaded client, writes the
PSK identity hint to an incorrect data structure, which allows remote
servers to cause a denial of service (race condition and double free)
via a crafted ServerKeyExchange message.
CVSS Base Score: 3.7
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/108505 for the
current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P)
AFFECTED PRODUCTS AND VERSIONS:
AIX 5.3, 6.1, 7.1, 7.2
VIOS 2.2.x
The following fileset levels are vulnerable:
key_fileset = osrcaix
A. CVE-2015-3194, CVE-2015-3196
Fileset Lower Level Upper Level KEY
--------------------------------------------------
openssl.base 1.0.1.500 1.0.1.515 key_w_fs
B. CVE-2015-3195
Fileset Lower Level Upper Level KEY
--------------------------------------------------
openssl.base 1.0.1.500 1.0.1.515 key_w_fs
openssl.base 0.9.8.401 0.9.8.2506 key_w_fs
openssl.base 12.9.8.1100 12.9.8.2506 key_w_fs
Note, 0.9.8.401 and 12.9.8.1100 are the Lowest OpenSSL version
available in aix web download site. Even OpenSSL versions below
this are impacted
Note: to find out whether the affected filesets are installed
on your systems, refer to the lslpp command found in AIX user's guide.
Example: lslpp -L | grep -i openssl.base
REMEDIATION:
A. FIXES
Fixes are available.
The fixes can be downloaded via ftp or http from:
ftp://aix.software.ibm.com/aix/efixes/security/openssl_fix15.tar
http://aix.software.ibm.com/aix/efixes/security/openssl_fix15.tar
https://aix.software.ibm.com/aix/efixes/security/openssl_fix15.tar
The link above is to a tar file containing this signed
advisory, fix packages, and OpenSSL signatures for each package.
The fixes below include prerequisite checking. This will
enforce the correct mapping between the fixes and AIX
Technology Levels.
Note that the tar file contains Interim fixes that are based on
OpenSSL version.
AIX Level Interim Fix (*.Z) Fileset Name(prereq for installation) KEY
--------------------------------------------------------------------------------------------
5.3, 6.1, 7.1, 7.2 101_ifix.151218.epkg.Z openssl.base(1.0.1.515 version) key_w_fix
5.3, 6.1, 7.1, 7.2 098_ifix.151218.epkg.Z openssl.base(0.9.8.2506 version) key_w_fix
5.3, 6.1, 7.1, 7.2 1298_ifix.151218.epkg.Z openssl.base(12.9.8.2506 version) key_w_fix
VIOS Level Interim Fix (*.Z) Fileset Name(prereq for installation) KEY
--------------------------------------------------------------------------------------------
2.2.* 101_ifix.151218.epkg.Z openssl.base(1.0.1.515 version) key_w_fix
2.2.* 098_ifix.151218.epkg.Z openssl.base(0.9.8.2506 version) key_w_fix
2.2.* 1298_ifix.151218.epkg.Z openssl.base(12.9.8.2506 version) key_w_fix
To extract the fixes from the tar file:
tar xvf openssl_fix15.tar
cd openssl_fix15
Verify you have retrieved the fixes intact:
The checksums below were generated using the
"openssl dgst -sha256 file" command as the followng:
openssl dgst -sha256 filename KEY
----------------------------------------------------------------------------------------------------
b65b7ce60380ac988767dd4319002ceb82c18d4786f8d6de014b58028f8bf847 101_ifix.151218.epkg.Z key_w_csum
0fb34df46591a4c4ff9c468e75da2e9c0a7541f3a0cda325c2fe28df1baa0571 098_ifix.151218.epkg.Z key_w_csum
d820d31b37fb9ffb51abdd504066f6a752fb0b8d83d305a6b7f4267161d5cf61 1298_ifix.151218.epkg.Z key_w_csum
These sums should match exactly. The OpenSSL signatures in the tar
file and on this advisory can also be used to verify the
integrity of the fixes. If the sums or signatures cannot be
confirmed, contact IBM AIX Security at
security-alert@austin.ibm.com and describe the discrepancy.
openssl dgst -sha1 -verify <pubkey_file> -signature <advisory_file>.sig <advisory_file>
openssl dgst -sha1 -verify <pubkey_file> -signature <ifix_file>.sig <ifix_file>
Published advisory OpenSSL signature file location:
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory15.asc.sig
https://aix.software.ibm.com/aix/efixes/security/openssl_advisory15.asc.sig
ftp://aix.software.ibm.com/aix/efixes/security/openssl_advisory15.asc.sig
B. FIX AND INTERIM FIX INSTALLATION
IMPORTANT: If possible, it is recommended that a mksysb backup
of the system be created. Verify it is both bootable and
readable before proceeding.
To preview a fix installation:
installp -a -d fix_name -p all # where fix_name is the name of the
# fix package being previewed.
To install a fix package:
installp -a -d fix_name -X all # where fix_name is the name of the
# fix package being installed.
Interim fixes have had limited functional and regression
testing but not the full regression testing that takes place
for Service Packs; however, IBM does fully support them.
Interim fix management documentation can be found at:
http://www14.software.ibm.com/webapp/set2/sas/f/aix.efixmgmt/home.html
To preview an interim fix installation:
emgr -e ipkg_name -p # where ipkg_name is the name of the
# interim fix package being previewed.
To install an interim fix package:
emgr -e ipkg_name -X # where ipkg_name is the name of the
# interim fix package being installed.
WORKAROUNDS AND MITIGATIONS:
None.
Note: Keywords labeled as KEY in this document are used for parsing
purposes.
If you would like to receive AIX Security Advisories via email,
please visit "My Notifications":
http://www.ibm.com/support/mynotifications
To view previously issued advisories, please visit:
http://www14.software.ibm.com/webapp/set2/subscriptions/onvdq
Comments regarding the content of this announcement can be
directed to:
security-alert@austin.ibm.com
To obtain the OpenSSL public key that can be used to verify the
signed advisories and ifixes:
Download the key from our web page:
http://www.ibm.com/systems/resources/systems_p_os_aix_security_pubkey.txt
To obtain the PGP public key that can be used to communicate
securely with the AIX Security Team via security-alert@austin.ibm.com you
can either:
A. Download the key from our web page:
*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact
of this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.
Disclaimer
According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT
OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
{"id": "OPENSSL_ADVISORY15.ASC", "bulletinFamily": "unix", "title": "Vulnerabilities in OpenSSL impact AIX", "description": "IBM SECURITY ADVISORY\n\nFirst Issued: Mon Jan 18 10:47:32 CST 2016\n\nThe most recent version of this document is available here:\n\nhttp://aix.software.ibm.com/aix/efixes/security/openssl_advisory15.asc\nhttps://aix.software.ibm.com/aix/efixes/security/openssl_advisory15.asc\nftp://aix.software.ibm.com/aix/efixes/security/openssl_advisory15.asc\n\n\nSecurity Bulletin: Vulnerabilities in OpenSSL affect AIX\n CVE-2015-3194 CVE-2015-3195 CVE-2015-3196\n\n\n===============================================================================\n\nSUMMARY:\n\n There are multiple vulnerabilities in OpenSSL that impact AIX.\n\n\n===============================================================================\n\nVULNERABILITY DETAILS:\n\n CVEID: CVE-2015-3194\n DESCRIPTION: OpenSSL allows remote attackers to cause a denial of service \n (NULL pointer dereference and application crash) via an RSA PSS ASN.1 \n signature that lacks a mask generation function parameter.\n CVSS Base Score: 5.3 \n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/108503 for the\n current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n \n CVEID: CVE-2015-3195\n DESCRIPTION: The ASN1_TFLG_COMBINE implementation in OpenSSL mishandles \n errors caused by malformed X509_ATTRIBUTE data, which allows remote \n attackers to obtain sensitive information from process memory by \n triggering a decoding failure in a PKCS#7 or CMS application.\n CVSS Base Score: 5.3 \n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/108504 for the\n current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)\n \n CVEID: CVE-2015-3196\n DESCRIPTION: OpenSSL when used for a multi-threaded client, writes the \n PSK identity hint to an incorrect data structure, which allows remote\n servers to cause a denial of service (race condition and double free)\n via a crafted ServerKeyExchange message.\n CVSS Base Score: 3.7 \n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/108505 for the\n current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P)\n\n\n AFFECTED PRODUCTS AND VERSIONS:\n \n AIX 5.3, 6.1, 7.1, 7.2\n VIOS 2.2.x\n\n The following fileset levels are vulnerable:\n \n key_fileset = osrcaix\n\n A. CVE-2015-3194, CVE-2015-3196\n\n Fileset Lower Level Upper Level KEY \n --------------------------------------------------\n openssl.base 1.0.1.500 1.0.1.515 key_w_fs\n\n B. CVE-2015-3195\n\n Fileset Lower Level Upper Level KEY \n --------------------------------------------------\n openssl.base 1.0.1.500 1.0.1.515 key_w_fs\n openssl.base 0.9.8.401 0.9.8.2506 key_w_fs\n openssl.base 12.9.8.1100 12.9.8.2506 key_w_fs\n\n\t Note, 0.9.8.401 and 12.9.8.1100 are the Lowest OpenSSL version\n\t available in aix web download site. Even OpenSSL versions below \n\t this are impacted\n\n Note: to find out whether the affected filesets are installed \n on your systems, refer to the lslpp command found in AIX user's guide.\n\n Example: lslpp -L | grep -i openssl.base\n\n REMEDIATION:\n\n A. FIXES\n\n Fixes are available.\n \n The fixes can be downloaded via ftp or http from:\n\n ftp://aix.software.ibm.com/aix/efixes/security/openssl_fix15.tar\n http://aix.software.ibm.com/aix/efixes/security/openssl_fix15.tar\n https://aix.software.ibm.com/aix/efixes/security/openssl_fix15.tar \n\n The link above is to a tar file containing this signed\n advisory, fix packages, and OpenSSL signatures for each package.\n The fixes below include prerequisite checking. This will\n enforce the correct mapping between the fixes and AIX\n Technology Levels.\n \n Note that the tar file contains Interim fixes that are based on \n OpenSSL version.\n\n AIX Level Interim Fix (*.Z) Fileset Name(prereq for installation) KEY\n --------------------------------------------------------------------------------------------\n 5.3, 6.1, 7.1, 7.2 101_ifix.151218.epkg.Z openssl.base(1.0.1.515 version) key_w_fix\n 5.3, 6.1, 7.1, 7.2 098_ifix.151218.epkg.Z openssl.base(0.9.8.2506 version) key_w_fix\n 5.3, 6.1, 7.1, 7.2 1298_ifix.151218.epkg.Z openssl.base(12.9.8.2506 version) key_w_fix\n\n VIOS Level Interim Fix (*.Z) Fileset Name(prereq for installation) KEY\n --------------------------------------------------------------------------------------------\n 2.2.* 101_ifix.151218.epkg.Z openssl.base(1.0.1.515 version) key_w_fix\n 2.2.* 098_ifix.151218.epkg.Z openssl.base(0.9.8.2506 version) key_w_fix\n 2.2.* 1298_ifix.151218.epkg.Z openssl.base(12.9.8.2506 version) key_w_fix\n\n\n To extract the fixes from the tar file:\n\n tar xvf openssl_fix15.tar\n cd openssl_fix15\n\n Verify you have retrieved the fixes intact:\n\n The checksums below were generated using the\n \"openssl dgst -sha256 file\" command as the followng:\n\n openssl dgst -sha256 filename KEY\n ----------------------------------------------------------------------------------------------------\n b65b7ce60380ac988767dd4319002ceb82c18d4786f8d6de014b58028f8bf847 101_ifix.151218.epkg.Z key_w_csum\n 0fb34df46591a4c4ff9c468e75da2e9c0a7541f3a0cda325c2fe28df1baa0571 098_ifix.151218.epkg.Z key_w_csum\n d820d31b37fb9ffb51abdd504066f6a752fb0b8d83d305a6b7f4267161d5cf61 1298_ifix.151218.epkg.Z key_w_csum\n\n These sums should match exactly. The OpenSSL signatures in the tar\n file and on this advisory can also be used to verify the\n integrity of the fixes. If the sums or signatures cannot be\n confirmed, contact IBM AIX Security at\n security-alert@austin.ibm.com and describe the discrepancy.\n \n openssl dgst -sha1 -verify <pubkey_file> -signature <advisory_file>.sig <advisory_file>\n\n openssl dgst -sha1 -verify <pubkey_file> -signature <ifix_file>.sig <ifix_file>\n\n Published advisory OpenSSL signature file location:\n \n http://aix.software.ibm.com/aix/efixes/security/openssl_advisory15.asc.sig\n https://aix.software.ibm.com/aix/efixes/security/openssl_advisory15.asc.sig\n ftp://aix.software.ibm.com/aix/efixes/security/openssl_advisory15.asc.sig \n\n B. FIX AND INTERIM FIX INSTALLATION\n\n IMPORTANT: If possible, it is recommended that a mksysb backup\n of the system be created. Verify it is both bootable and\n readable before proceeding.\n\n To preview a fix installation:\n\n installp -a -d fix_name -p all # where fix_name is the name of the\n # fix package being previewed.\n To install a fix package:\n\n installp -a -d fix_name -X all # where fix_name is the name of the\n # fix package being installed.\n\n Interim fixes have had limited functional and regression\n testing but not the full regression testing that takes place\n for Service Packs; however, IBM does fully support them.\n\n Interim fix management documentation can be found at:\n\n http://www14.software.ibm.com/webapp/set2/sas/f/aix.efixmgmt/home.html\n\n To preview an interim fix installation:\n\n emgr -e ipkg_name -p # where ipkg_name is the name of the\n # interim fix package being previewed.\n\n To install an interim fix package:\n\n emgr -e ipkg_name -X # where ipkg_name is the name of the\n # interim fix package being installed.\n\n\n WORKAROUNDS AND MITIGATIONS:\n\n None.\n\n\n===============================================================================\n\nCONTACT US:\n\n Note: Keywords labeled as KEY in this document are used for parsing\n purposes.\n\n If you would like to receive AIX Security Advisories via email,\n please visit \"My Notifications\":\n\n http://www.ibm.com/support/mynotifications\n\n To view previously issued advisories, please visit:\n\n http://www14.software.ibm.com/webapp/set2/subscriptions/onvdq\n \n Comments regarding the content of this announcement can be\n directed to:\n\n security-alert@austin.ibm.com\n\n To obtain the OpenSSL public key that can be used to verify the\n signed advisories and ifixes:\n\n Download the key from our web page:\n\n http://www.ibm.com/systems/resources/systems_p_os_aix_security_pubkey.txt\n\n To obtain the PGP public key that can be used to communicate\n securely with the AIX Security Team via security-alert@austin.ibm.com you\n can either:\n\n A. Download the key from our web page:\n\nhttp://www.ibm.com/systems/resources/systems_p_os_aix_security_pgppubkey.txt\n\n B. Download the key from a PGP Public Key Server. The key ID is:\n\n 0x28BFAA12\n\n Please contact your local IBM AIX support center for any\n assistance.\n\n\nREFERENCES:\n \n Complete CVSS Guide: http://www.first.org/cvss/cvss-guide.html\n On-line Calculator V2:\n http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2\n\n\nACKNOWLEDGEMENTS:\n\n None \n\n\nCHANGE HISTORY:\n\n First Issued: Mon Jan 18 10:47:32 CST 2016\n\n\n===============================================================================\n\n*The CVSS Environment Score is customer environment specific and will \nultimately impact the Overall CVSS Score. Customers can evaluate the impact \nof this vulnerability in their environments by accessing the links in the \nReference section of this Security Bulletin. \n\nDisclaimer\nAccording to the Forum of Incident Response and Security Teams (FIRST), the \nCommon Vulnerability Scoring System (CVSS) is an \"industry open standard \ndesigned to convey vulnerability severity and help to determine urgency and \npriority of response.\" IBM PROVIDES THE CVSS SCORES \"AS IS\" WITHOUT WARRANTY \nOF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS \nFOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT \nOF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n", "published": "2016-01-18T10:47:32", "modified": "2016-01-18T10:47:32", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "href": "https://aix.software.ibm.com/aix/efixes/security/openssl_advisory15.asc", "reporter": "CentOS Project", "references": [], "cvelist": ["CVE-2015-3195", "CVE-2015-3194", "CVE-2015-3196"], "type": "aix", "lastseen": "2019-05-29T19:19:11", "edition": 4, "viewCount": 108, "enchantments": {"dependencies": {"references": [{"type": "f5", "idList": ["SOL55540723", "F5:K55540723", "SOL86772626", "SOL90542710", "F5:K12824341", "SOL12824341", "F5:K86772626"]}, {"type": "cve", "idList": ["CVE-2015-3194", "CVE-2015-3196", "CVE-2015-3195"]}, {"type": "debian", "idList": ["DEBIAN:DSA-3413-1:0CE34"]}, {"type": "redhat", "idList": ["RHSA-2015:2617", "RHSA-2015:2616"]}, {"type": "amazon", "idList": ["ALAS-2015-614"]}, {"type": "nessus", "idList": ["CENTOS_RHSA-2015-2617.NASL", "REDHAT-RHSA-2015-2617.NASL", "OPENSUSE-2015-908.NASL", "SL_20151214_OPENSSL_ON_SL6_X.NASL", "SUSE_SU-2015-2237-1.NASL", "SUSE_SU-2015-2230-1.NASL", "ORACLEVM_OVMSA-2015-0155.NASL", "FEDORA_2015-D87D60B9A9.NASL", "DEBIAN_DSA-3413.NASL", "AIX_OPENSSL_ADVISORY15.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310106284", "OPENVAS:1361412562310120604", "OPENVAS:1361412562310882340", "OPENVAS:1361412562310106353", "OPENVAS:1361412562310131144", "OPENVAS:1361412562310871521", "OPENVAS:1361412562310703413", "OPENVAS:703413", "OPENVAS:1361412562310882337", "OPENVAS:1361412562310122803"]}, {"type": "fedora", "idList": ["FEDORA:9AEBD6087C55", "FEDORA:3AA44605DCD5"]}, {"type": "centos", "idList": ["CESA-2015:2617"]}, {"type": "archlinux", "idList": ["ASA-201512-2"]}, {"type": "ubuntu", "idList": ["USN-2830-1"]}, {"type": "slackware", "idList": ["SSA-2015-349-04"]}, {"type": "cisco", "idList": ["CISCO-SA-20151204-OPENSSL"]}, {"type": "freebsd", "idList": ["4C8D1D72-9B38-11E5-AECE-D050996490D0", "215E740E-9C56-11E5-90E7-B499BAEBFEAF"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:FD6E339752BA328AA16F0962172B55EF"]}, {"type": "gentoo", "idList": ["GLSA-201601-05"]}, {"type": "oraclelinux", "idList": ["ELSA-2016-3523"]}, {"type": "openssl", "idList": ["OPENSSL:CVE-2015-3195", "OPENSSL:CVE-2015-3194", "OPENSSL:CVE-2015-3196"]}], "modified": "2019-05-29T19:19:11", "rev": 2}, "score": {"value": 6.5, "vector": "NONE", "modified": "2019-05-29T19:19:11", "rev": 2}, "vulnersScore": 6.5}, "aixFileset": [{"fileset": "openssl.base", "productName": "aix", "productVersions": ["any"], "versionGte": "1.0.1.500", "versionLte": "1.0.1.515"}, {"fileset": "openssl.base", "productName": "aix", "productVersions": ["any"], "versionGte": "0.9.8.401", "versionLte": "0.9.8.2506"}, {"fileset": "openssl.base", "productName": "aix", "productVersions": ["any"], "versionGte": "12.9.8.1100", "versionLte": "12.9.8.2506"}], "aix": {"apars": []}, "scheme": null}
{"f5": [{"lastseen": "2016-05-09T01:00:37", "bulletinFamily": "software", "cvelist": ["CVE-2015-1794", "CVE-2015-3195", "CVE-2015-3194", "CVE-2015-3196", "CVE-2015-3193"], "edition": 1, "description": "**Note**: This is a temporary index. When an article has been published for all of the CVEs listed in the previous table, this article may no longer be maintained, may be repurposed, or may be archived without advanced notice.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n", "modified": "2015-12-07T00:00:00", "published": "2015-12-03T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/k/90/sol90542710.html", "id": "SOL90542710", "title": "SOL90542710 - OpenSSL vulnerabilities CVE-2015-3193, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196, and CVE-2015-1794", "type": "f5", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-07-06T10:21:42", "bulletinFamily": "software", "cvelist": ["CVE-2015-3196"], "edition": 1, "description": "\nF5 Product Development has assigned IDs 560962 and 560969 (BIG-IP) and ID 561897 and 561900 (BIG-IQ) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H55540723 on the **Diagnostics** > **Identified** > **Low** screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| 12.0.0 \n11.5.0 - 11.6.1| 12.1.0 \n12.0.0 HF3 \n11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| Low| OpenSSL \nBIG-IP AAM| 12.0.0 \n11.5.0 - 11.6.1| 12.1.0 \n12.0.0 HF3 \n11.4.0 - 11.4.1| Low| OpenSSL \nBIG-IP AFM| 12.0.0 \n11.5.0 - 11.6.1| 12.1.0 \n12.0.0 HF3 \n11.3.0 - 11.4.1| Low| OpenSSL \nBIG-IP Analytics| 12.0.0 \n11.5.0 - 11.6.1| 12.1.0 \n12.0.0 HF3 \n11.0.0 - 11.4.1| Low| OpenSSL \nBIG-IP APM| 12.0.0 \n11.5.0 - 11.6.1| 12.1.0 \n12.0.0 HF3 \n11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| Low| OpenSSL \nBIG-IP ASM| 12.0.0 \n11.5.0 - 11.6.1| 12.1.0 \n12.0.0 HF3 \n11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| Low| OpenSSL \nBIG-IP DNS| 12.0.0| 12.1.0 \n12.0.0 HF3| Low| OpenSSL \nBIG-IP Edge Gateway| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP GTM| 11.5.0 - 11.6.1| 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| Low| OpenSSL \nBIG-IP Link Controller| 12.0.0 \n11.5.0 - 11.6.1| 12.1.0 \n12.0.0 HF3 \n11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| Low| OpenSSL \nBIG-IP PEM| 12.0.0 \n11.5.0 - 11.6.1| 12.1.0 \n12.0.0 HF3 \n11.3.0 - 11.4.1| Low| OpenSSL \nBIG-IP PSM| None| 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP WebAccelerator| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP WOM| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nARX| None| 6.0.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| None| 3.0.0 - 3.1.1| Not vulnerable| None \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| Not vulnerable| None \nBIG-IQ Cloud| 4.4.0 - 4.5.0| 4.0.0 - 4.3.0| Low| OpenSSL \nBIG-IQ Device| 4.4.0 - 4.5.0| 4.2.0 - 4.3.0| Low| OpenSSL \nBIG-IQ Security| 4.4.0 - 4.5.0| 4.0.0 - 4.5.0| Low| OpenSSL \nBIG-IQ ADC| 4.5.0| None| Low| OpenSSL \nBIG-IQ Centralized Management| 4.6.0| 5.0.0| Low| OpenSSL \nBIG-IQ Cloud and Orchestration| 1.0.0| None| Low| OpenSSL \nNode.js \nF5 iWorkflow| None| 2.0.0| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| None| 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1| Not vulnerable| None\n\nIf you are running a version listed in the **Versions known to be vulnerable **column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable **column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "modified": "2017-07-06T08:38:00", "published": "2015-12-04T22:11:00", "href": "https://support.f5.com/csp/article/K55540723", "id": "F5:K55540723", "title": "OpenSSL vulnerability CVE-2015-3196", "type": "f5", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2020-04-06T22:40:53", "bulletinFamily": "software", "cvelist": ["CVE-2015-3194"], "description": "\nF5 Product Development has assigned IDs 560925 and 560910 (BIG-IP), IDs 562565 and 562570 (BIG-IQ), and LRS-60482 (LineRate) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H86772626 on the **Diagnostics** > **Identified** > **High** screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| 12.0.0 \n11.6.0 \n11.5.0 - 11.5.3| 12.1.0 \n12.0.0 HF3 \n11.6.1 \n11.5.4 \n11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| High| OpenSSL \nBIG-IP AAM| 12.0.0 \n11.6.0 \n11.5.0 - 11.5.3| 12.1.0 \n12.0.0 HF3 \n11.6.1 \n11.5.4 \n11.4.0 - 11.4.1| High| OpenSSL \nBIG-IP AFM| 12.0.0 \n11.6.0 \n11.5.0 - 11.5.3| 12.1.0 \n12.0.0 HF3 \n11.6.1 \n11.5.4 \n11.3.0 - 11.4.1| High| OpenSSL \nBIG-IP Analytics| 12.0.0 \n11.6.0 \n11.5.0 - 11.5.3| 12.1.0 \n12.0.0 HF3 \n11.6.1 \n11.5.4 \n11.0.0 - 11.4.1| High| OpenSSL \nBIG-IP APM| 12.0.0 \n11.6.0 \n11.5.0 - 11.5.3| 12.1.0 \n12.0.0 HF3 \n11.6.1 \n11.5.4 \n11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| High| OpenSSL \nBIG-IP ASM| 12.0.0 \n11.6.0 \n11.5.0 - 11.5.3| 12.1.0 \n12.0.0 HF3 \n11.6.1 \n11.5.4 \n11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| High| OpenSSL \nBIG-IP DNS| 12.0.0| 12.1.0 \n12.0.0 HF3| High| OpenSSL \nBIG-IP Edge Gateway| None| 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP GTM| 11.6.0 \n11.5.0 - 11.5.3| 11.6.1 \n11.5.4 \n11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| High| OpenSSL \nBIG-IP Link Controller| 12.0.0 \n11.6.0 \n11.5.0 - 11.5.3| 12.1.0 \n12.0.0 HF3 \n11.6.1 \n11.5.4 \n11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| High| OpenSSL \nBIG-IP PEM| 12.0.0 \n11.6.0 \n11.5.0 - 11.5.3| 12.1.0 \n12.0.0 HF3 \n11.6.1 \n11.5.4 \n11.3.0 - 11.4.1| High| OpenSSL \nBIG-IP PSM| None| 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP WebAccelerator| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP WOM| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nARX| None| 6.0.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| None| 3.0.0 - 3.1.1| Not vulnerable| None \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| Not vulnerable| None \nBIG-IQ Cloud| 4.4.0 - 4.5.0| 4.0.0 - 4.3.0| High| OpenSSL \nBIG-IQ Device| 4.4.0 - 4.5.0| 4.2.0 - 4.3.0| High| OpenSSL \nBIG-IQ Security| 4.4.0 - 4.5.0| 4.0.0 - 4.3.0| High| OpenSSL \nBIG-IQ ADC| 4.5.0| None| High| OpenSSL \nBIG-IQ Centralized Management| 4.6.0| 5.0.0| High| OpenSSL \nBIG-IQ Cloud and Orchestration| 1.0.0| None| High| OpenSSL \nF5 iWorkflow| None| 2.0.0| Not vulnerable| None \nLineRate| 2.2.0 - 2.3.3| 2.4.0 - 2.6.1| Medium| OpenSSL \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| None| 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1| Not vulnerable| None\n\n**BIG-IP**\n\n**Configuration utility**\n\nThe Configuration utility is not vulnerable by default. To be vulnerable, the system administrator must modify the configuration to perform client-side certification authentication, such as when you perform the procedures in either of the following articles:\n\n * [K13981: Restricting access to the Configuration utility using client certificates (11.x - 12.x)](<https://support.f5.com/csp/article/K13981>)\n * [K15137: Configuring two-way SSL authentication to the Configuration utility](<https://support.f5.com/csp/article/K15137>)\n\nThe result of a successful attack would be a disruption of service for the Configuration utility, iControl SOAP, and iControl REST. To mitigate the Configuration utility vulnerability, you should avoid modifying the configuration to perform client-side certification authentication. If that is not possible, F5 recommends that you permit access to the Configuration utility only over a secure network and limit access to trusted users.\n\n**HTTPS health monitors**\n\nThe HTTPS health monitor is vulnerable by default. This vulnerability would require the BIG-IP system to be configured to monitor a malicious server. To mitigate this vulnerability, you should limit traffic between the BIG-IP system and pool members to trusted traffic.\n\n**big3d**\n\nThe **big3d** process may be exposed to this vulnerability over the management port and for self IP addresses when the Port Lockdown feature is set to \"Default\", \"All\", or \"Custom\" with TCP port 4353 included. The impact for the **big3d** process would be a temporary disruption in the communications between peer systems until the system automatically restarts the **big3d** process. To mitigate this vulnerability for the **big3d** process, you should limit connections to port 4353 to trusted hosts. For more information, refer to [K13309: Restricting access to the Configuration utility by source IP address (11.x - 12.x).](<https://support.f5.com/csp/article/K13309>)\n\n**Note**: If you run **big3d_install** on BIG-IP versions earlier than 11.5.0, it is possible that you may install a vulnerable version of **big3d** on systems that are running non-vulnerable versions of the BIG-IP system. In this case, upgrade to a fixed version, or hotfix, and then refer to [K13312: Overview of the BIG-IP GTM big3d_install, bigip_add, and gtm_add utilities (11.x)](<https://support.f5.com/csp/article/K13312>) for information about running **big3d_install** to resolve the issue.\n\n**Note**: The **iquery** protocol used by the BIG-IP DNS system (formerly BIG-IP GTM) also uses port 4353. Ensure that all of the peer devices are included when you limit connections by IP address.\n\n**f5-rest-node** packages \n\nA vulnerable version of OpenSSL is included in the f5-rest-node RPM, which ships with the BIG-IP system; however, F5 does not support any instances where vulnerable JavaScript code is executed by this package.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "edition": 1, "modified": "2019-05-17T20:44:00", "published": "2015-12-04T21:40:00", "id": "F5:K86772626", "href": "https://support.f5.com/csp/article/K86772626", "title": "OpenSSL vulnerability CVE-2015-3194", "type": "f5", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2017-06-08T00:16:03", "bulletinFamily": "software", "cvelist": ["CVE-2015-3195"], "edition": 1, "description": "\nF5 Product Development has assigned ID 560948 (BIG-IP), ID 560959 (BIG-IP), ID 562095 (BIG-IQ), ID 562098 (Enterprise Manager), ID 410742 (ARX), and LRS-60483 (LineRate) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H12824341 on the **Diagnostics** > **Identified** > **Low** screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| 12.1.0 \n12.0.0 HF3* \n11.6.1* \n11.5.4*| Low| OpenSSL utility \nBIG-IP AAM| 12.0.0 \n11.4.0 - 11.6.0| 12.1.0 \n12.0.0 HF3* \n11.6.1* \n11.5.4*| Low| OpenSSL utility \nBIG-IP AFM| 12.0.0 \n11.3.0 - 11.6.0| 12.1.0 \n12.0.0 HF3* \n11.6.1* \n11.5.4*| Low| OpenSSL utility \nBIG-IP Analytics| 12.0.0 \n11.0.0 - 11.6.0| 12.1.0 \n12.0.0 HF3* \n11.6.1* \n11.5.4*| Low| OpenSSL utility \nBIG-IP APM| 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| 12.1.0 \n12.0.0 HF3* \n11.6.1* \n11.5.4*| Low| OpenSSL utility \nBIG-IP ASM| 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| 12.1.0 \n12.0.0 HF3* \n11.6.1* \n11.5.4*| Low| OpenSSL utility \nBIG-IP DNS| 12.0.0| 12.1.0 \n12.0.0 HF3*| Low| OpenSSL utility \nBIG-IP Edge Gateway| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Low| OpenSSL utility \nBIG-IP GTM| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| 11.6.1* \n11.5.4*| Low| OpenSSL utility \nBIG-IP Link Controller| 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| 12.1.0 \n12.0.0 HF3* \n11.6.1* \n11.5.4*| Low| OpenSSL utility \nBIG-IP PEM| 12.0.0 \n11.3.0 - 11.6.0| 12.1.0 \n12.0.0 HF3* \n11.6.1* \n11.5.4*| Low| OpenSSL utility \nBIG-IP PSM| 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| None| Low| OpenSSL utility \nBIG-IP WebAccelerator| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Low| OpenSSL utility \nBIG-IP WOM| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Low| OpenSSL utility \nARX| 6.0.0 - 6.4.0| None| Low| OpenSSL \nEnterprise Manager| 3.0.0 - 3.1.1| None| Low| OpenSSL utility \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| Not vulnerable| None \nBIG-IQ Cloud| 4.0.0 - 4.5.0| None| Low| OpenSSL utility \nBIG-IQ Device| 4.2.0 - 4.5.0| None| Low| OpenSSL utility \nBIG-IQ Security| 4.0.0 - 4.5.0| None| Low| OpenSSL utility \nBIG-IQ ADC| 4.5.0| None| Low| OpenSSL utility \nBIG-IQ Centralized Management| 4.6.0| 5.0.0| Low| OpenSSL utility \nBIG-IQ Cloud and Orchestration| 1.0.0| None| Low| OpenSSL utility \nF5 iWorkflow| None| 2.0.0| Not vulnerable| None \nLineRate| 2.5.0 - 2.6.1| None| Low| OpenSSL \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| None| 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1| Not vulnerable| None \n \n*ID 560948\n\nIf you are running a version listed in the **Versions known to be vulnerable **column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable **column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nBIG-IP/BIG-IQ /Enterprise Manager\n\nTo mitigate this vulnerability, you should limit command line access to only trusted users.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "modified": "2017-04-04T19:50:00", "published": "2015-12-04T22:14:00", "id": "F5:K12824341", "href": "https://support.f5.com/csp/article/K12824341", "title": "OpenSSL vulnerability CVE-2015-3195", "type": "f5", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-26T17:23:14", "bulletinFamily": "software", "cvelist": ["CVE-2015-3196"], "edition": 1, "description": "Vulnerability Recommended Actions\n\nIf you are running a version listed in the **Versions known to be vulnerable **column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable **column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the **Severity **values published in the previous table. The **Severity **values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n", "modified": "2016-07-25T00:00:00", "published": "2015-12-04T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/k/55/sol55540723.html", "id": "SOL55540723", "title": "SOL55540723 - OpenSSL vulnerability CVE-2015-3196", "type": "f5", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-26T17:23:26", "bulletinFamily": "software", "cvelist": ["CVE-2015-3194"], "edition": 1, "description": "Vulnerability Recommended Actions\n\n**BIG-IP**\n\n**Configuration utility**\n\nThe Configuration utility is not vulnerable by default. To be vulnerable, the system administrator must modify the configuration to perform client-side certification authentication, such as when you perform the procedures in either of the following articles:\n\n * SOL13981: Restricting access to the Configuration utility using client certificates (11.x)\n * SOL15137: Configuring two-way SSL authentication to the Configuration utility\n\nThe result of a successful attack would be a disruption of service for the Configuration utility, iControl SOAP, and iControl REST. To mitigate the Configuration utility vulnerability, you should avoid modifying the configuration to perform client-side certification authentication. If that is not possible, F5 recommends that you permit access to the Configuration utility only over a secure network and limit access to trusted users.\n\n**HTTPS health monitors**\n\nThe HTTPS health monitor is vulnerable by default. This vulnerability would require the BIG-IP system to be configured to monitor a malicious server. To mitigate this vulnerability, you should limit traffic between the BIG-IP system and pool members to trusted traffic.\n\n**big3d**\n\nThe **big3d** process may be exposed to this vulnerability over the management port and for self IP addresses when the Port Lockdown feature is set to \"Default\", \"All\", or \"Custom\" with TCP port 4353 included. The impact for the **big3d** process would be a temporary disruption in the communications between peer systems until the system automatically restarts the **big3d** process. To mitigate this vulnerability for the **big3d** process, you should limit connections to port 4353 to trusted hosts. For more information, refer to SOL13309: Restricting access to the Configuration utility by source IP address (11.x - 12.x).\n\n**Note**: If you run **big3d_install** on BIG-IP versions earlier than 11.5.0, it is possible that you may install a vulnerable version of **big3d** on systems that are running non-vulnerable versions of the BIG-IP system. In this case, upgrade to a fixed version, or hotfix, and then refer to SOL13312: Overview of the BIG-IP GTM big3d_install, bigip_add, and gtm_add utilities (11.x) for information about running **big3d_install** to resolve the issue.\n\n**Note**: The **iquery** protocol used by the BIG-IP DNS system (formerly BIG-IP GTM) also uses port 4353. Ensure that all of the peer devices are included when you limit connections by IP address.\n\n**f5-rest-node** packages \n\nA vulnerable version of OpenSSL is included in the f5-rest-node RPM, which ships with the BIG-IP system; however, F5 does not support any instances where vulnerable JavaScript code is executed by this package.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n", "modified": "2016-07-25T00:00:00", "published": "2015-12-04T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/k/86/sol86772626.html", "id": "SOL86772626", "type": "f5", "title": "SOL86772626 - OpenSSL vulnerability CVE-2015-3194", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-26T17:22:50", "bulletinFamily": "software", "cvelist": ["CVE-2015-3195"], "edition": 1, "description": "Vulnerability Recommended Actions\n\nIf you are running a version listed in the **Versions known to be vulnerable **column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable **column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nBIG-IP/BIG-IQ /Enterprise Manager\n\nTo mitigate this vulnerability, you should limit command line access to only trusted users.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n", "modified": "2016-07-25T00:00:00", "published": "2015-12-04T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/k/12/sol12824341.html", "id": "SOL12824341", "title": "SOL12824341 - OpenSSL vulnerability CVE-2015-3195", "type": "f5", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "cve": [{"lastseen": "2020-12-09T20:03:03", "description": "ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service (race condition and double free) via a crafted ServerKeyExchange message.", "edition": 6, "cvss3": {}, "published": "2015-12-06T20:59:00", "title": "CVE-2015-3196", "type": "cve", "cwe": ["CWE-362"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-3196"], "modified": "2019-06-13T18:15:00", "cpe": ["cpe:/o:redhat:enterprise_linux_server_tus:7.6", "cpe:/a:openssl:openssl:1.0.0k", "cpe:/a:openssl:openssl:1.0.1a", "cpe:/o:redhat:enterprise_linux_server_eus:7.4", "cpe:/o:redhat:enterprise_linux_server_eus:6.7", "cpe:/o:redhat:enterprise_linux_server_aus:7.3", "cpe:/a:openssl:openssl:1.0.1", "cpe:/a:openssl:openssl:1.0.1e", "cpe:/a:openssl:openssl:1.0.1d", "cpe:/a:openssl:openssl:1.0.1o", "cpe:/a:oracle:vm_virtualbox:4.3.35", "cpe:/o:canonical:ubuntu_linux:15.04", "cpe:/a:openssl:openssl:1.0.0a", "cpe:/o:redhat:enterprise_linux_desktop:6.0", "cpe:/a:openssl:openssl:1.0.1g", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/a:openssl:openssl:1.0.0h", "cpe:/o:redhat:enterprise_linux_server_eus:7.3", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/o:redhat:enterprise_linux_server_tus:7.2", "cpe:/a:openssl:openssl:1.0.0s", "cpe:/a:openssl:openssl:1.0.1b", "cpe:/o:redhat:enterprise_linux_server_eus:7.5", "cpe:/a:openssl:openssl:1.0.1h", "cpe:/a:openssl:openssl:1.0.0l", "cpe:/a:openssl:openssl:1.0.0", "cpe:/a:openssl:openssl:1.0.0i", "cpe:/a:hp:icewall_sso:10.0", "cpe:/o:canonical:ubuntu_linux:15.10", "cpe:/a:openssl:openssl:1.0.0f", "cpe:/a:hp:icewall_sso_agent_option:10.0", "cpe:/o:redhat:enterprise_linux_server_aus:7.4", "cpe:/a:openssl:openssl:1.0.1c", "cpe:/a:openssl:openssl:1.0.0e", "cpe:/a:openssl:openssl:1.0.0g", "cpe:/a:openssl:openssl:1.0.1i", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/a:openssl:openssl:1.0.1m", "cpe:/a:openssl:openssl:1.0.0o", "cpe:/a:openssl:openssl:1.0.0j", "cpe:/a:openssl:openssl:1.0.1n", "cpe:/a:oracle:vm_virtualbox:5.0.13", "cpe:/a:openssl:openssl:1.0.0b", "cpe:/o:redhat:enterprise_linux_server_tus:7.3", "cpe:/o:redhat:enterprise_linux_server_aus:7.2", "cpe:/a:openssl:openssl:1.0.0r", "cpe:/o:debian:debian_linux:7.0", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/a:openssl:openssl:1.0.0d", "cpe:/a:openssl:openssl:1.0.1j", "cpe:/a:openssl:openssl:1.0.1f", "cpe:/o:redhat:enterprise_linux_workstation:6.0", "cpe:/o:fedoraproject:fedora:22", "cpe:/a:openssl:openssl:1.0.0m", "cpe:/o:redhat:enterprise_linux_server_eus:7.2", "cpe:/o:redhat:enterprise_linux_server:6.0", "cpe:/a:openssl:openssl:1.0.0n", "cpe:/a:openssl:openssl:1.0.0c", "cpe:/a:openssl:openssl:1.0.0q", "cpe:/a:openssl:openssl:1.0.0p", "cpe:/o:redhat:enterprise_linux_server_eus:7.6", "cpe:/a:openssl:openssl:1.0.1l", "cpe:/a:openssl:openssl:1.0.1k", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2015-3196", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3196", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:vm_virtualbox:4.3.35:*:*:*:*:*:*:*", "cpe:2.3:a:hp:icewall_sso:10.0:*:*:*:certd:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:vm_virtualbox:5.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0q:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0n:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*", "cpe:2.3:a:hp:icewall_sso_agent_option:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0p:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0r:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0o:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0s:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T12:49:50", "description": "crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1 signature that lacks a mask generation function parameter.\n<a href=\"http://cwe.mitre.org/data/definitions/476.html\" rel=\"nofollow\">CWE-476: NULL Pointer Dereference</a>", "edition": 3, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2015-12-06T20:59:00", "title": "CVE-2015-3194", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-3194"], "modified": "2019-02-07T16:19:00", "cpe": ["cpe:/a:openssl:openssl:1.0.1a", "cpe:/a:openssl:openssl:1.0.1", "cpe:/a:openssl:openssl:1.0.1e", "cpe:/a:openssl:openssl:1.0.1d", "cpe:/a:openssl:openssl:1.0.1o", "cpe:/o:canonical:ubuntu_linux:15.04", "cpe:/a:openssl:openssl:1.0.1g", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/a:openssl:openssl:1.0.2", "cpe:/a:openssl:openssl:1.0.2a", "cpe:/a:openssl:openssl:1.0.1b", "cpe:/a:openssl:openssl:1.0.1h", "cpe:/a:openssl:openssl:1.0.2c", "cpe:/o:canonical:ubuntu_linux:15.10", "cpe:/a:openssl:openssl:1.0.2b", "cpe:/a:openssl:openssl:1.0.1c", "cpe:/a:openssl:openssl:1.0.1i", "cpe:/a:openssl:openssl:1.0.1m", "cpe:/a:openssl:openssl:1.0.1n", "cpe:/a:openssl:openssl:1.0.2d", "cpe:/o:debian:debian_linux:7.0", "cpe:/a:openssl:openssl:1.0.1j", "cpe:/a:openssl:openssl:1.0.1f", "cpe:/a:openssl:openssl:1.0.1p", "cpe:/a:openssl:openssl:1.0.1l", "cpe:/a:openssl:openssl:1.0.1k", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2015-3194", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3194", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1p:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}, {"lastseen": "2021-01-20T14:08:49", "description": "The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application.", "edition": 8, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "NONE", "baseScore": 5.3, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 1.4}, "published": "2015-12-06T20:59:00", "title": "CVE-2015-3195", "type": "cve", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-3195"], "modified": "2021-01-19T17:27:00", "cpe": ["cpe:/o:redhat:enterprise_linux_server_tus:7.6", "cpe:/o:oracle:linux:6", "cpe:/o:redhat:enterprise_linux_desktop:5.0", "cpe:/o:redhat:enterprise_linux_workstation:5.0", "cpe:/o:redhat:enterprise_linux_server_aus:7.3", "cpe:/a:oracle:api_gateway:11.1.2.3.0", "cpe:/a:oracle:communications_webrtc_session_controller:7.0", "cpe:/o:canonical:ubuntu_linux:15.04", "cpe:/o:opensuse:opensuse:13.1", "cpe:/a:oracle:api_gateway:11.1.2.4.0", "cpe:/o:redhat:enterprise_linux_desktop:6.0", "cpe:/o:debian:debian_linux:8.0", "cpe:/a:oracle:vm_server:3.2", "cpe:/a:oracle:exalogic_infrastructure:2.0", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/o:suse:linux_enterprise_server:10", "cpe:/a:oracle:transportation_management:6.2", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/o:redhat:enterprise_linux_server_tus:7.2", "cpe:/o:oracle:linux:5", "cpe:/o:canonical:ubuntu_linux:15.10", "cpe:/o:opensuse:opensuse:13.2", "cpe:/o:redhat:enterprise_linux_server_aus:7.4", "cpe:/o:redhat:enterprise_linux_server_aus:7.6", "cpe:/o:redhat:enterprise_linux_server_tus:7.7", "cpe:/a:oracle:exalogic_infrastructure:1.0", "cpe:/o:opensuse:leap:42.1", "cpe:/o:oracle:integrated_lights_out_manager_firmware:4.0.4", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/o:opensuse:opensuse:11.4", "cpe:/o:redhat:enterprise_linux_server:5.0", "cpe:/a:oracle:communications_webrtc_session_controller:7.1", "cpe:/o:redhat:enterprise_linux_server_tus:7.3", "cpe:/a:oracle:sun_ray_software:11.1", "cpe:/o:redhat:enterprise_linux_server_aus:7.7", "cpe:/o:redhat:enterprise_linux_server_aus:7.2", "cpe:/o:debian:debian_linux:7.0", "cpe:/o:oracle:linux:7", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/o:oracle:solaris:10", "cpe:/o:redhat:enterprise_linux_workstation:6.0", "cpe:/a:oracle:life_sciences_data_hub:2.1", "cpe:/o:fedoraproject:fedora:22", "cpe:/a:oracle:http_server:11.5.10.2", "cpe:/o:redhat:enterprise_linux_server:6.0", "cpe:/a:oracle:communications_webrtc_session_controller:7.2", "cpe:/a:oracle:transportation_management:6.1", "cpe:/o:oracle:solaris:11.3", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2015-3195", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3195", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.1:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:sun_ray_software:11.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:exalogic_infrastructure:2.0:*:*:*:*:*:*:*", "cpe:2.3:o:oracle:linux:7:-:*:*:*:*:*:*", "cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:life_sciences_data_hub:2.1:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*", "cpe:2.3:a:oracle:transportation_management:6.1:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:api_gateway:11.1.2.3.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:vm_server:3.2:*:*:*:*:*:x86:*", "cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:ltss:*:*:*", "cpe:2.3:o:oracle:integrated_lights_out_manager_firmware:4.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:transportation_management:6.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:exalogic_infrastructure:1.0:*:*:*:*:*:*:*", "cpe:2.3:o:oracle:linux:5:-:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "cpe:2.3:a:oracle:http_server:11.5.10.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*"]}], "centos": [{"lastseen": "2020-12-08T03:34:18", "bulletinFamily": "unix", "cvelist": ["CVE-2015-3195", "CVE-2015-3194", "CVE-2015-3196"], "description": "**CentOS Errata and Security Advisory** CESA-2015:2617\n\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nA NULL pointer derefernce flaw was found in the way OpenSSL verified\nsignatures using the RSA PSS algorithm. A remote attacked could possibly\nuse this flaw to crash a TLS/SSL client using OpenSSL, or a TLS/SSL server\nusing OpenSSL if it enabled client authentication. (CVE-2015-3194)\n\nA memory leak vulnerability was found in the way OpenSSL parsed PKCS#7 and\nCMS data. A remote attacker could use this flaw to cause an application\nthat parses PKCS#7 or CMS data from untrusted sources to use an excessive\namount of memory and possibly crash. (CVE-2015-3195)\n\nA race condition flaw, leading to a double free, was found in the way\nOpenSSL handled pre-shared key (PSK) identify hints. A remote attacker\ncould use this flaw to crash a multi-threaded SSL/TLS client using\nOpenSSL. (CVE-2015-3196)\n\nAll openssl users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all services linked to the OpenSSL library must be restarted, or\nthe system rebooted.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2015-December/033557.html\nhttp://lists.centos.org/pipermail/centos-announce/2015-December/033561.html\nhttp://lists.centos.org/pipermail/centos-announce/2015-December/045895.html\n\n**Affected packages:**\nopenssl\nopenssl-devel\nopenssl-libs\nopenssl-perl\nopenssl-static\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-2617.html", "edition": 4, "modified": "2015-12-14T23:44:26", "published": "2015-12-14T11:00:46", "href": "http://lists.centos.org/pipermail/centos-announce/2015-December/033557.html", "id": "CESA-2015:2617", "title": "openssl security update", "type": "centos", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "debian": [{"lastseen": "2020-08-12T00:55:51", "bulletinFamily": "unix", "cvelist": ["CVE-2015-3195", "CVE-2015-3194", "CVE-2015-3196"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3413-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nDecember 04, 2015 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : openssl\nCVE ID : CVE-2015-3194 CVE-2015-3195 CVE-2015-3196\n\nMultiple vulnerabilities have been discovered in OpenSSL, a Secure\nSockets Layer toolkit. The Common Vulnerabilities and Exposures project\nidentifies the following issues:\n\nCVE-2015-3194\n\n Loic Jonas Etienne of Qnective AG discovered that the signature\n verification routines will crash with a NULL pointer dereference if\n presented with an ASN.1 signature using the RSA PSS algorithm and\n absent mask generation function parameter. A remote attacker can\n exploit this flaw to crash any certificate verification operation\n and mount a denial of service attack.\n\nCVE-2015-3195\n\n Adam Langley of Google/BoringSSL discovered that OpenSSL will leak\n memory when presented with a malformed X509_ATTRIBUTE structure.\n\nCVE-2015-3196\n\n A race condition flaw in the handling of PSK identify hints was\n discovered, potentially leading to a double free of the identify\n hint data.\n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 1.0.1e-2+deb7u18.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1.0.1k-3+deb8u2.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.0.2e-1 or earlier.\n\nWe recommend that you upgrade your openssl packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 9, "modified": "2015-12-04T07:44:03", "published": "2015-12-04T07:44:03", "id": "DEBIAN:DSA-3413-1:0CE34", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2015/msg00318.html", "title": "[SECURITY] [DSA 3413-1] openssl security update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-11-11T13:16:51", "bulletinFamily": "unix", "cvelist": ["CVE-2015-3195"], "description": "Package : openssl\nVersion : 0.9.8o-4squeeze22\nCVE ID : CVE-2015-3195\n\nWhen presented with a malformed X509_ATTRIBUTE structure OpenSSL will leak\nmemory. This structure is used by the PKCS#7 and CMS routines so any\napplication which reads PKCS#7 or CMS data from untrusted sources is affected.\nSSL/TLS is not affected.\n\n\n\nKurt\n\n", "edition": 7, "modified": "2015-12-03T22:20:28", "published": "2015-12-03T22:20:28", "id": "DEBIAN:DLA-358-1:3BE9B", "href": "https://lists.debian.org/debian-lts-announce/2015/debian-lts-announce-201512/msg00000.html", "title": "[SECURITY] [DLA 358-1] openssl security update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:46:03", "bulletinFamily": "unix", "cvelist": ["CVE-2015-3194", "CVE-2015-3195", "CVE-2015-3196"], "description": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nA NULL pointer derefernce flaw was found in the way OpenSSL verified\nsignatures using the RSA PSS algorithm. A remote attacked could possibly\nuse this flaw to crash a TLS/SSL client using OpenSSL, or a TLS/SSL server\nusing OpenSSL if it enabled client authentication. (CVE-2015-3194)\n\nA memory leak vulnerability was found in the way OpenSSL parsed PKCS#7 and\nCMS data. A remote attacker could use this flaw to cause an application\nthat parses PKCS#7 or CMS data from untrusted sources to use an excessive\namount of memory and possibly crash. (CVE-2015-3195)\n\nA race condition flaw, leading to a double free, was found in the way\nOpenSSL handled pre-shared key (PSK) identify hints. A remote attacker\ncould use this flaw to crash a multi-threaded SSL/TLS client using\nOpenSSL. (CVE-2015-3196)\n\nAll openssl users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all services linked to the OpenSSL library must be restarted, or\nthe system rebooted.\n", "modified": "2018-06-06T20:24:36", "published": "2015-12-14T05:00:00", "id": "RHSA-2015:2617", "href": "https://access.redhat.com/errata/RHSA-2015:2617", "type": "redhat", "title": "(RHSA-2015:2617) Moderate: openssl security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-08-13T18:45:34", "bulletinFamily": "unix", "cvelist": ["CVE-2015-3195"], "description": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nA memory leak vulnerability was found in the way OpenSSL parsed PKCS#7 and\nCMS data. A remote attacker could use this flaw to cause an application\nthat parses PKCS#7 or CMS data from untrusted sources to use an excessive\namount of memory and possibly crash. (CVE-2015-3195)\n\nAll openssl users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. For the update to take\neffect, all services linked to the OpenSSL library must be restarted, or\nthe system rebooted.\n", "modified": "2017-09-08T12:18:17", "published": "2015-12-14T05:00:00", "id": "RHSA-2015:2616", "href": "https://access.redhat.com/errata/RHSA-2015:2616", "type": "redhat", "title": "(RHSA-2015:2616) Moderate: openssl security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "amazon": [{"lastseen": "2020-11-10T12:36:05", "bulletinFamily": "unix", "cvelist": ["CVE-2015-3195", "CVE-2015-3194", "CVE-2015-3196"], "description": "**Issue Overview:**\n\nA NULL pointer derefernce flaw was found in the way OpenSSL verified signatures using the RSA PSS algorithm. A remote attacked could possibly use this flaw to crash a TLS/SSL client using OpenSSL, or a TLS/SSL server using OpenSSL if it enabled client authentication. ([CVE-2015-3194 __](<https://access.redhat.com/security/cve/CVE-2015-3194>))\n\nA memory leak vulnerability was found in the way OpenSSL parsed PKCS#7 and CMS data. A remote attacker could use this flaw to cause an application that parses PKCS#7 or CMS data from untrusted sources to use an excessive amount of memory and possibly crash. ([CVE-2015-3195 __](<https://access.redhat.com/security/cve/CVE-2015-3195>))\n\nA race condition flaw, leading to a double free, was found in the way OpenSSL handled pre-shared key (PSK) identify hints. A remote attacker could use this flaw to crash a multi-threaded SSL/TLS client using OpenSSL. ([CVE-2015-3196 __](<https://access.redhat.com/security/cve/CVE-2015-3196>))\n\n \n**Affected Packages:** \n\n\nopenssl\n\n \n**Issue Correction:** \nRun _yum update openssl_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n openssl-static-1.0.1k-13.88.amzn1.i686 \n openssl-debuginfo-1.0.1k-13.88.amzn1.i686 \n openssl-1.0.1k-13.88.amzn1.i686 \n openssl-devel-1.0.1k-13.88.amzn1.i686 \n openssl-perl-1.0.1k-13.88.amzn1.i686 \n \n src: \n openssl-1.0.1k-13.88.amzn1.src \n \n x86_64: \n openssl-debuginfo-1.0.1k-13.88.amzn1.x86_64 \n openssl-1.0.1k-13.88.amzn1.x86_64 \n openssl-devel-1.0.1k-13.88.amzn1.x86_64 \n openssl-perl-1.0.1k-13.88.amzn1.x86_64 \n openssl-static-1.0.1k-13.88.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2015-12-14T10:00:00", "published": "2015-12-14T10:00:00", "id": "ALAS-2015-614", "href": "https://alas.aws.amazon.com/ALAS-2015-614.html", "title": "Medium: openssl", "type": "amazon", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2015-3194", "CVE-2015-3195", "CVE-2015-3196"], "description": "The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. ", "modified": "2015-12-14T11:54:41", "published": "2015-12-14T11:54:41", "id": "FEDORA:9AEBD6087C55", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 22 Update: openssl-1.0.1k-13.fc22", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2015-3193", "CVE-2015-3194", "CVE-2015-3195"], "description": "The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. ", "modified": "2015-12-06T19:20:38", "published": "2015-12-06T19:20:38", "id": "FEDORA:3AA44605DCD5", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 23 Update: openssl-1.0.2e-1.fc23", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "openvas": [{"lastseen": "2020-06-11T17:42:56", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-3195", "CVE-2015-3194", "CVE-2015-3196"], "description": "Check the version of openssl", "modified": "2020-06-09T00:00:00", "published": "2015-12-15T00:00:00", "id": "OPENVAS:1361412562310882337", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882337", "type": "openvas", "title": "CentOS Update for openssl CESA-2015:2617 centos7", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for openssl CESA-2015:2617 centos7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882337\");\n script_version(\"2020-06-09T14:44:58+0000\");\n script_tag(name:\"last_modification\", value:\"2020-06-09 14:44:58 +0000 (Tue, 09 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-12-15 05:46:32 +0100 (Tue, 15 Dec 2015)\");\n script_cve_id(\"CVE-2015-3194\", \"CVE-2015-3195\", \"CVE-2015-3196\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for openssl CESA-2015:2617 centos7\");\n script_tag(name:\"summary\", value:\"Check the version of openssl\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"OpenSSL is a toolkit that implements the\nSecure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols,\nas well as a full-strength, general purpose cryptography library.\n\nA NULL pointer dereference flaw was found in the way OpenSSL verified\nsignatures using the RSA PSS algorithm. A remote attacked could possibly\nuse this flaw to crash a TLS/SSL client using OpenSSL, or a TLS/SSL server\nusing OpenSSL if it enabled client authentication. (CVE-2015-3194)\n\nA memory leak vulnerability was found in the way OpenSSL parsed PKCS#7 and\nCMS data. A remote attacker could use this flaw to cause an application\nthat parses PKCS#7 or CMS data from untrusted sources to use an excessive\namount of memory and possibly crash. (CVE-2015-3195)\n\nA race condition flaw, leading to a double free, was found in the way\nOpenSSL handled pre-shared key (PSK) identify hints. A remote attacker\ncould use this flaw to crash a multi-threaded SSL/TLS client using\nOpenSSL. (CVE-2015-3196)\n\nAll openssl users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all services linked to the OpenSSL library must be restarted, or\nthe system rebooted.\");\n script_tag(name:\"affected\", value:\"openssl on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_xref(name:\"CESA\", value:\"2015:2617\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2015-December/021523.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1e~51.el7_2.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.1e~51.el7_2.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-libs\", rpm:\"openssl-libs~1.0.1e~51.el7_2.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-perl\", rpm:\"openssl-perl~1.0.1e~51.el7_2.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-static\", rpm:\"openssl-static~1.0.1e~51.el7_2.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2017-07-24T12:53:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-3195", "CVE-2015-3194", "CVE-2015-3196"], "description": "Multiple vulnerabilities have been\ndiscovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities\nand Exposures project identifies the following issues:\n\nCVE-2015-3194 \nLoic Jonas Etienne of Qnective AG discovered that the signature\nverification routines will crash with a NULL pointer dereference if\npresented with an ASN.1 signature using the RSA PSS algorithm and\nabsent mask generation function parameter. A remote attacker can\nexploit this flaw to crash any certificate verification operation\nand mount a denial of service attack.\n\nCVE-2015-3195 \nAdam Langley of Google/BoringSSL discovered that OpenSSL will leak\nmemory when presented with a malformed X509_ATTRIBUTE structure.\n\nCVE-2015-3196 \nA race condition flaw in the handling of PSK identify hints was\ndiscovered, potentially leading to a double free of the identify\nhint data.", "modified": "2017-07-07T00:00:00", "published": "2015-12-04T00:00:00", "id": "OPENVAS:703413", "href": "http://plugins.openvas.org/nasl.php?oid=703413", "type": "openvas", "title": "Debian Security Advisory DSA 3413-1 (openssl - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3413.nasl 6609 2017-07-07 12:05:59Z cfischer $\n# Auto-generated from advisory DSA 3413-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703413);\n script_version(\"$Revision: 6609 $\");\n script_cve_id(\"CVE-2015-3194\", \"CVE-2015-3195\", \"CVE-2015-3196\");\n script_name(\"Debian Security Advisory DSA 3413-1 (openssl - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:59 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2015-12-04 00:00:00 +0100 (Fri, 04 Dec 2015)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3413.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"openssl on Debian Linux\");\n script_tag(name: \"insight\", value: \"This package contains the openssl binary and related tools.\");\n script_tag(name: \"solution\", value: \"For the oldstable distribution (wheezy), these\nproblems have been fixed in version 1.0.1e-2+deb7u18.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1.0.1k-3+deb8u2.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.0.2e-1 or earlier.\n\nWe recommend that you upgrade your openssl packages.\");\n script_tag(name: \"summary\", value: \"Multiple vulnerabilities have been\ndiscovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities\nand Exposures project identifies the following issues:\n\nCVE-2015-3194 \nLoic Jonas Etienne of Qnective AG discovered that the signature\nverification routines will crash with a NULL pointer dereference if\npresented with an ASN.1 signature using the RSA PSS algorithm and\nabsent mask generation function parameter. A remote attacker can\nexploit this flaw to crash any certificate verification operation\nand mount a denial of service attack.\n\nCVE-2015-3195 \nAdam Langley of Google/BoringSSL discovered that OpenSSL will leak\nmemory when presented with a malformed X509_ATTRIBUTE structure.\n\nCVE-2015-3196 \nA race condition flaw in the handling of PSK identify hints was\ndiscovered, potentially leading to a double free of the identify\nhint data.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed\nsoftware version using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"1.0.1e-2+deb7u18\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-doc\", ver:\"1.0.1e-2+deb7u18\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0:amd64\", ver:\"1.0.1e-2+deb7u18\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0:i386\", ver:\"1.0.1e-2+deb7u18\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0-dbg:amd64\", ver:\"1.0.1e-2+deb7u18\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0-dbg:i386\", ver:\"1.0.1e-2+deb7u18\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openssl\", ver:\"1.0.1e-2+deb7u18\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"1.0.1k-3+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-doc\", ver:\"1.0.1k-3+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0:amd64\", ver:\"1.0.1k-3+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0:i386\", ver:\"1.0.1k-3+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0-dbg:amd64\", ver:\"1.0.1k-3+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0-dbg:i386\", ver:\"1.0.1k-3+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openssl\", ver:\"1.0.1k-3+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:36:18", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-3195", "CVE-2015-3194", "CVE-2015-3196"], "description": "Multiple vulnerabilities have been\ndiscovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities\nand Exposures project identifies the following issues:\n\nCVE-2015-3194\nLoic Jonas Etienne of Qnective AG discovered that the signature\nverification routines will crash with a NULL pointer dereference if\npresented with an ASN.1 signature using the RSA PSS algorithm and\nabsent mask generation function parameter. A remote attacker can\nexploit this flaw to crash any certificate verification operation\nand mount a denial of service attack.\n\nCVE-2015-3195\nAdam Langley of Google/BoringSSL discovered that OpenSSL will leak\nmemory when presented with a malformed X509_ATTRIBUTE structure.\n\nCVE-2015-3196\nA race condition flaw in the handling of PSK identify hints was\ndiscovered, potentially leading to a double free of the identify\nhint data.", "modified": "2019-03-18T00:00:00", "published": "2015-12-04T00:00:00", "id": "OPENVAS:1361412562310703413", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703413", "type": "openvas", "title": "Debian Security Advisory DSA 3413-1 (openssl - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3413.nasl 14278 2019-03-18 14:47:26Z cfischer $\n# Auto-generated from advisory DSA 3413-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703413\");\n script_version(\"$Revision: 14278 $\");\n script_cve_id(\"CVE-2015-3194\", \"CVE-2015-3195\", \"CVE-2015-3196\");\n script_name(\"Debian Security Advisory DSA 3413-1 (openssl - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:47:26 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-12-04 00:00:00 +0100 (Fri, 04 Dec 2015)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2015/dsa-3413.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(7|8)\");\n script_tag(name:\"affected\", value:\"openssl on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (wheezy), these\nproblems have been fixed in version 1.0.1e-2+deb7u18.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1.0.1k-3+deb8u2.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.0.2e-1 or earlier.\n\nWe recommend that you upgrade your openssl packages.\");\n script_tag(name:\"summary\", value:\"Multiple vulnerabilities have been\ndiscovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities\nand Exposures project identifies the following issues:\n\nCVE-2015-3194\nLoic Jonas Etienne of Qnective AG discovered that the signature\nverification routines will crash with a NULL pointer dereference if\npresented with an ASN.1 signature using the RSA PSS algorithm and\nabsent mask generation function parameter. A remote attacker can\nexploit this flaw to crash any certificate verification operation\nand mount a denial of service attack.\n\nCVE-2015-3195\nAdam Langley of Google/BoringSSL discovered that OpenSSL will leak\nmemory when presented with a malformed X509_ATTRIBUTE structure.\n\nCVE-2015-3196\nA race condition flaw in the handling of PSK identify hints was\ndiscovered, potentially leading to a double free of the identify\nhint data.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed\nsoftware version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"1.0.1e-2+deb7u18\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl-doc\", ver:\"1.0.1e-2+deb7u18\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl1.0.0:amd64\", ver:\"1.0.1e-2+deb7u18\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl1.0.0:i386\", ver:\"1.0.1e-2+deb7u18\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl1.0.0-dbg:amd64\", ver:\"1.0.1e-2+deb7u18\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl1.0.0-dbg:i386\", ver:\"1.0.1e-2+deb7u18\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openssl\", ver:\"1.0.1e-2+deb7u18\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"1.0.1k-3+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl-doc\", ver:\"1.0.1k-3+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl1.0.0:amd64\", ver:\"1.0.1k-3+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl1.0.0:i386\", ver:\"1.0.1k-3+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl1.0.0-dbg:amd64\", ver:\"1.0.1k-3+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl1.0.0-dbg:i386\", ver:\"1.0.1k-3+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openssl\", ver:\"1.0.1k-3+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-06-11T17:42:24", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-3195", "CVE-2015-3194", "CVE-2015-3196"], "description": "The remote host is missing an update announced via the referenced Security Advisory.", "modified": "2020-06-09T00:00:00", "published": "2015-12-15T00:00:00", "id": "OPENVAS:1361412562310120604", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120604", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2015-614)", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120604\");\n script_version(\"2020-06-09T14:44:58+0000\");\n script_tag(name:\"creation_date\", value:\"2015-12-15 02:51:18 +0200 (Tue, 15 Dec 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-06-09 14:44:58 +0000 (Tue, 09 Jun 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2015-614)\");\n script_tag(name:\"insight\", value:\"A NULL pointer dereference flaw was found in the way OpenSSL verified signatures using the RSA PSS algorithm. A remote attacked could possibly use this flaw to crash a TLS/SSL client using OpenSSL, or a TLS/SSL server using OpenSSL if it enabled client authentication. (CVE-2015-3194 )A memory leak vulnerability was found in the way OpenSSL parsed PKCS#7 and CMS data. A remote attacker could use this flaw to cause an application that parses PKCS#7 or CMS data from untrusted sources to use an excessive amount of memory and possibly crash. (CVE-2015-3195 )A race condition flaw, leading to a double free, was found in the way OpenSSL handled pre-shared key (PSK) identify hints. A remote attacker could use this flaw to crash a multi-threaded SSL/TLS client using OpenSSL. (CVE-2015-3196 )\");\n script_tag(name:\"solution\", value:\"Run yum update openssl to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2015-614.html\");\n script_cve_id(\"CVE-2015-3194\", \"CVE-2015-3195\", \"CVE-2015-3196\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"openssl-static\", rpm:\"openssl-static~1.0.1k~13.88.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-debuginfo\", rpm:\"openssl-debuginfo~1.0.1k~13.88.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1k~13.88.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.1k~13.88.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-perl\", rpm:\"openssl-perl~1.0.1k~13.88.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:36:38", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-3195", "CVE-2015-3194", "CVE-2015-3196"], "description": "Oracle Linux Local Security Checks ELSA-2015-2617", "modified": "2018-09-28T00:00:00", "published": "2015-12-15T00:00:00", "id": "OPENVAS:1361412562310122803", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122803", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2015-2617", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-2617.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122803\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-12-15 02:50:30 +0200 (Tue, 15 Dec 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-2617\");\n script_tag(name:\"insight\", value:\"ELSA-2015-2617 - openssl security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-2617\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-2617.html\");\n script_cve_id(\"CVE-2015-3194\", \"CVE-2015-3195\", \"CVE-2015-3196\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(7|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1e~51.el7_2.1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.1e~51.el7_2.1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-libs\", rpm:\"openssl-libs~1.0.1e~51.el7_2.1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-perl\", rpm:\"openssl-perl~1.0.1e~51.el7_2.1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-static\", rpm:\"openssl-static~1.0.1e~51.el7_2.1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1e~42.el6_7.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.1e~42.el6_7.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-perl\", rpm:\"openssl-perl~1.0.1e~42.el6_7.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-static\", rpm:\"openssl-static~1.0.1e~42.el6_7.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-06-11T17:42:20", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-3195", "CVE-2015-3194", "CVE-2015-3196"], "description": "The remote host is missing an update for the ", "modified": "2020-06-09T00:00:00", "published": "2015-12-15T00:00:00", "id": "OPENVAS:1361412562310871521", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871521", "type": "openvas", "title": "RedHat Update for openssl RHSA-2015:2617-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for openssl RHSA-2015:2617-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871521\");\n script_version(\"2020-06-09T14:44:58+0000\");\n script_tag(name:\"last_modification\", value:\"2020-06-09 14:44:58 +0000 (Tue, 09 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-12-15 05:45:09 +0100 (Tue, 15 Dec 2015)\");\n script_cve_id(\"CVE-2015-3194\", \"CVE-2015-3195\", \"CVE-2015-3196\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for openssl RHSA-2015:2617-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"OpenSSL is a toolkit that implements the\nSecure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols,\nas well as a full-strength, general purpose cryptography library.\n\nA NULL pointer dereference flaw was found in the way OpenSSL verified\nsignatures using the RSA PSS algorithm. A remote attacked could possibly\nuse this flaw to crash a TLS/SSL client using OpenSSL, or a TLS/SSL server\nusing OpenSSL if it enabled client authentication. (CVE-2015-3194)\n\nA memory leak vulnerability was found in the way OpenSSL parsed PKCS#7 and\nCMS data. A remote attacker could use this flaw to cause an application\nthat parses PKCS#7 or CMS data from untrusted sources to use an excessive\namount of memory and possibly crash. (CVE-2015-3195)\n\nA race condition flaw, leading to a double free, was found in the way\nOpenSSL handled pre-shared key (PSK) identify hints. A remote attacker\ncould use this flaw to crash a multi-threaded SSL/TLS client using\nOpenSSL. (CVE-2015-3196)\n\nAll openssl users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all services linked to the OpenSSL library must be restarted, or\nthe system rebooted.\");\n script_tag(name:\"affected\", value:\"openssl on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Server (v. 7),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"RHSA\", value:\"2015:2617-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2015-December/msg00034.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_(7|6)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1e~51.el7_2.1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-debuginfo\", rpm:\"openssl-debuginfo~1.0.1e~51.el7_2.1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.1e~51.el7_2.1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-libs\", rpm:\"openssl-libs~1.0.1e~51.el7_2.1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1e~42.el6_7.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-debuginfo\", rpm:\"openssl-debuginfo~1.0.1e~42.el6_7.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.1e~42.el6_7.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-06-11T17:41:41", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-3195", "CVE-2015-3194", "CVE-2015-3196"], "description": "Check the version of openssl", "modified": "2020-06-09T00:00:00", "published": "2015-12-15T00:00:00", "id": "OPENVAS:1361412562310882340", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882340", "type": "openvas", "title": "CentOS Update for openssl CESA-2015:2617 centos6", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for openssl CESA-2015:2617 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882340\");\n script_version(\"2020-06-09T14:44:58+0000\");\n script_tag(name:\"last_modification\", value:\"2020-06-09 14:44:58 +0000 (Tue, 09 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-12-15 05:46:43 +0100 (Tue, 15 Dec 2015)\");\n script_cve_id(\"CVE-2015-3194\", \"CVE-2015-3195\", \"CVE-2015-3196\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for openssl CESA-2015:2617 centos6\");\n script_tag(name:\"summary\", value:\"Check the version of openssl\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"OpenSSL is a toolkit that implements the\nSecure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols,\nas well as a full-strength, general purpose cryptography library.\n\nA NULL pointer dereference flaw was found in the way OpenSSL verified\nsignatures using the RSA PSS algorithm. A remote attacked could possibly\nuse this flaw to crash a TLS/SSL client using OpenSSL, or a TLS/SSL server\nusing OpenSSL if it enabled client authentication. (CVE-2015-3194)\n\nA memory leak vulnerability was found in the way OpenSSL parsed PKCS#7 and\nCMS data. A remote attacker could use this flaw to cause an application\nthat parses PKCS#7 or CMS data from untrusted sources to use an excessive\namount of memory and possibly crash. (CVE-2015-3195)\n\nA race condition flaw, leading to a double free, was found in the way\nOpenSSL handled pre-shared key (PSK) identify hints. A remote attacker\ncould use this flaw to crash a multi-threaded SSL/TLS client using\nOpenSSL. (CVE-2015-3196)\n\nAll openssl users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all services linked to the OpenSSL library must be restarted, or\nthe system rebooted.\");\n script_tag(name:\"affected\", value:\"openssl on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_xref(name:\"CESA\", value:\"2015:2617\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2015-December/021519.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1e~42.el6_7.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.1e~42.el6_7.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-perl\", rpm:\"openssl-perl~1.0.1e~42.el6_7.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-static\", rpm:\"openssl-static~1.0.1e~42.el6_7.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:36:18", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-1794", "CVE-2015-3195", "CVE-2015-3194", "CVE-2015-3196"], "description": "Mageia Linux Local Security Checks mgasa-2015-0466", "modified": "2018-09-28T00:00:00", "published": "2015-12-08T00:00:00", "id": "OPENVAS:1361412562310131144", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310131144", "type": "openvas", "title": "Mageia Linux Local Check: mgasa-2015-0466", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: mgasa-2015-0466.nasl 11692 2018-09-28 16:55:19Z cfischer $\n#\n# Mageia Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://www.solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.131144\");\n script_version(\"$Revision: 11692 $\");\n script_tag(name:\"creation_date\", value:\"2015-12-08 11:03:38 +0200 (Tue, 08 Dec 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 18:55:19 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Mageia Linux Local Check: mgasa-2015-0466\");\n script_tag(name:\"insight\", value:\"If a client receives a ServerKeyExchange for an anonymous DH ciphersuite with the value of p set to 0 then a seg fault can occur leading to a possible denial of service attack (CVE-2015-1794). Loic Jonas Etienne of Qnective AG discovered that the signature verification routines will crash with a NULL pointer dereference if presented with an ASN.1 signature using the RSA PSS algorithm and absent mask generation function parameter. A remote attacker can exploit this flaw to crash any certificate verification operation and mount a denial of service attack (CVE-2015-3194). Adam Langley of Google/BoringSSL discovered that OpenSSL will leak memory when presented with a malformed X509_ATTRIBUTE structure (CVE-2015-3195). A race condition flaw in the handling of PSK identify hints was discovered, potentially leading to a double free of the identify hint data (CVE-2015-3196).\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://advisories.mageia.org/MGASA-2015-0466.html\");\n script_cve_id(\"CVE-2015-1794\", \"CVE-2015-3194\", \"CVE-2015-3195\", \"CVE-2015-3196\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mageia_linux\", \"ssh/login/release\", re:\"ssh/login/release=MAGEIA5\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Mageia Linux Local Security Checks mgasa-2015-0466\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Mageia Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MAGEIA5\")\n{\nif ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.2e~1.mga5\", rls:\"MAGEIA5\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:35:28", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-1794", "CVE-2015-3195", "CVE-2015-3194", "CVE-2015-3196", "CVE-2015-3193"], "description": "On December 3, 2015, the OpenSSL Project released a security advisory\ndetailing five vulnerabilities. Cisco IP Phone 8800 Series incorporate a version of the OpenSSL package affected\nby one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service\n(DoS) condition.", "modified": "2018-11-12T00:00:00", "published": "2016-09-22T00:00:00", "id": "OPENVAS:1361412562310106286", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310106286", "type": "openvas", "title": "Cisco IP Phone 8800 Series Multiple Vulnerabilities in OpenSSL", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_cisco_ip_phone_cisco-sa-20151204-openssl.nasl 12313 2018-11-12 08:53:51Z asteins $\n#\n# Cisco IP Phone 8800 Series Multiple Vulnerabilities in OpenSSL\n#\n# Authors:\n# Christian Kuersteiner <christian.kuersteiner@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.106286\");\n script_version(\"$Revision: 12313 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-12 09:53:51 +0100 (Mon, 12 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-09-22 10:06:54 +0700 (Thu, 22 Sep 2016)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_cve_id(\"CVE-2015-3193\", \"CVE-2015-3194\", \"CVE-2015-3195\", \"CVE-2015-3196\", \"CVE-2015-1794\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"Cisco IP Phone 8800 Series Multiple Vulnerabilities in OpenSSL\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"This script is Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"CISCO\");\n script_dependencies(\"gb_cisco_ip_phone_detect.nasl\");\n script_mandatory_keys(\"cisco/ip_phone/model\");\n\n script_tag(name:\"summary\", value:\"On December 3, 2015, the OpenSSL Project released a security advisory\ndetailing five vulnerabilities. Cisco IP Phone 8800 Series incorporate a version of the OpenSSL package affected\nby one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service\n(DoS) condition.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple OpenSSL vulnerabilities affecting Cisco IP Phone 8800 Series:\n\n - A vulnerability in the Montgomery multiplication module of OpenSSL could allow an unauthenticated, remote\nattacker to cause the library to produce unexpected and possibly weak cryptographic output (CVE-2015-3193).\n\n - A vulnerability in OpenSSL could allow an unauthenticated, remote attacker to cause a DoS condition\n(CVE-2015-3194).\n\n - A vulnerability in OpenSSL could allow an unauthenticated, remote attacker to cause a DoS condition\n(CVE-2015-3195).\n\n - A vulnerability in OpenSSL could allow an unauthenticated, remote attacker to cause a DoS condition\n(CVE-2015-3196).\n\n - A vulnerability in the anonymous Diffie-Hellman cipher suite in OpenSSL could allow an unauthenticated,\nremote attacker to cause a denial of service (DoS) condition (CVE-2015-1794).\");\n\n script_tag(name:\"solution\", value:\"Update to Release 11.5(1) or later\");\n\n script_xref(name:\"URL\", value:\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-openssl\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nif (!model = get_kb_item(\"cisco/ip_phone/model\"))\n exit(0);\n\nif (model =~ \"^CP-88..\") {\n if (!version = get_kb_item(\"cisco/ip_phone/version\"))\n exit(0);\n\n version = eregmatch(pattern: \"sip88xx\\.([0-9-]+)\", string: version);\n if (version[1] && (version[1] =~ \"^10-2-1\" || version[1] =~ \"^10-2-2\")) {\n report = report_fixed_ver(installed_version: version[1], fixed_version: \"11-5-1\");\n security_message(port: 0, data: report);\n }\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:36:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-1794", "CVE-2015-3195", "CVE-2015-3194", "CVE-2015-3196", "CVE-2015-3193"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2015-12-08T00:00:00", "id": "OPENVAS:1361412562310842552", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842552", "type": "openvas", "title": "Ubuntu Update for openssl USN-2830-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for openssl USN-2830-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842552\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-12-08 10:53:48 +0100 (Tue, 08 Dec 2015)\");\n script_cve_id(\"CVE-2015-1794\", \"CVE-2015-3193\", \"CVE-2015-3194\", \"CVE-2015-3195\", \"CVE-2015-3196\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for openssl USN-2830-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Guy Leaver discovered that OpenSSL\nincorrectly handled a ServerKeyExchange for an anonymous DH ciphersuite with the\nvalue of p set to 0. A remote attacker could possibly use this issue to cause OpenSSL\nto crash, resulting in a denial of service. This issue only applied to Ubuntu 15.10.\n(CVE-2015-1794)\n\nHanno Bö ck discovered that the OpenSSL Montgomery squaring procedure\nalgorithm may produce incorrect results when being used on x86_64. A remote\nattacker could possibly use this issue to break encryption. This issue only\napplied to Ubuntu 15.10. (CVE-2015-3193)\n\nLoï c Jonas Etienne discovered that OpenSSL incorrectly handled ASN.1\nsignatures with a missing PSS parameter. A remote attacker could possibly\nuse this issue to cause OpenSSL to crash, resulting in a denial of service.\n(CVE-2015-3194)\n\nAdam Langley discovered that OpenSSL incorrectly handled malformed\nX509_ATTRIBUTE structures. A remote attacker could possibly use this issue\nto cause OpenSSL to consume resources, resulting in a denial of service.\n(CVE-2015-3195)\n\nIt was discovered that OpenSSL incorrectly handled PSK identity hints. A\nremote attacker could possibly use this issue to cause OpenSSL to crash,\nresulting in a denial of service. This issue only applied to Ubuntu 12.04\nLTS, Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-3196)\");\n script_tag(name:\"affected\", value:\"openssl on Ubuntu 15.10,\n Ubuntu 15.04,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2830-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2830-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(15\\.04|14\\.04 LTS|12\\.04 LTS|15\\.10)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU15.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl1.0.0:amd64\", ver:\"1.0.1f-1ubuntu11.5\", rls:\"UBUNTU15.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libssl1.0.0:i386\", ver:\"1.0.1f-1ubuntu11.5\", rls:\"UBUNTU15.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl1.0.0:amd64\", ver:\"1.0.1f-1ubuntu2.16\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libssl1.0.0:i386\", ver:\"1.0.1f-1ubuntu2.16\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl1.0.0\", ver:\"1.0.1-4ubuntu5.32\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU15.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl1.0.0:amd64\", ver:\"1.0.2d-0ubuntu1.2\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libssl1.0.0:i386\", ver:\"1.0.2d-0ubuntu1.2\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2021-01-06T09:18:37", "description": "The version of OpenSSL installed on the remote AIX host is affected by\nmultiple vulnerabilities :\n\n - A NULL pointer dereference flaw exists in file\n rsa_ameth.c when handling ASN.1 signatures that use the\n RSA PSS algorithm but are missing a mask generation\n function parameter. A remote attacker can exploit this\n to cause the signature verification routine to crash,\n leading to a denial of service. (CVE-2015-3194)\n\n - A flaw exists in the ASN1_TFLG_COMBINE implementation in\n file tasn_dec.c related to handling malformed\n X509_ATTRIBUTE structures. A remote attacker can exploit\n this to cause a memory leak by triggering a decoding\n failure in a PKCS#7 or CMS application, resulting in a\n denial of service. (CVE-2015-3195)\n\n - A race condition exists in s3_clnt.c that is triggered\n when PSK identity hints are incorrectly updated in the\n parent SSL_CTX structure when they are received by a\n multi-threaded client. A remote attacker can exploit\n this, via a crafted ServerKeyExchange message, to cause\n a double-free memory error, resulting in a denial of\n service. (CVE-2015-3196)", "edition": 29, "published": "2016-01-22T00:00:00", "title": "AIX OpenSSL Advisory : openssl_advisory15.asc", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-3195", "CVE-2015-3194", "CVE-2015-3196"], "modified": "2016-01-22T00:00:00", "cpe": ["cpe:/a:openssl:openssl", "cpe:/o:ibm:aix"], "id": "AIX_OPENSSL_ADVISORY15.NASL", "href": "https://www.tenable.com/plugins/nessus/88085", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(88085);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\n \"CVE-2015-3194\",\n \"CVE-2015-3195\",\n \"CVE-2015-3196\"\n );\n script_bugtraq_id(\n 78622,\n 78623,\n 78626\n );\n\n script_name(english:\"AIX OpenSSL Advisory : openssl_advisory15.asc\");\n script_summary(english:\"Checks the version of the OpenSSL packages and iFixes.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AIX host has a version of OpenSSL installed that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of OpenSSL installed on the remote AIX host is affected by\nmultiple vulnerabilities :\n\n - A NULL pointer dereference flaw exists in file\n rsa_ameth.c when handling ASN.1 signatures that use the\n RSA PSS algorithm but are missing a mask generation\n function parameter. A remote attacker can exploit this\n to cause the signature verification routine to crash,\n leading to a denial of service. (CVE-2015-3194)\n\n - A flaw exists in the ASN1_TFLG_COMBINE implementation in\n file tasn_dec.c related to handling malformed\n X509_ATTRIBUTE structures. A remote attacker can exploit\n this to cause a memory leak by triggering a decoding\n failure in a PKCS#7 or CMS application, resulting in a\n denial of service. (CVE-2015-3195)\n\n - A race condition exists in s3_clnt.c that is triggered\n when PSK identity hints are incorrectly updated in the\n parent SSL_CTX structure when they are received by a\n multi-threaded client. A remote attacker can exploit\n this, via a crafted ServerKeyExchange message, to cause\n a double-free memory error, resulting in a denial of\n service. (CVE-2015-3196)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://aix.software.ibm.com/aix/efixes/security/openssl_advisory15.asc\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www-01.ibm.com/marketing/iwm/iwm/web/preLogin.do?source=aixbp\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20151203.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"A fix is available and can be downloaded from the AIX website.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/12/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/01/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/01/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openssl:openssl\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"AIX Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\");\n\n exit(0);\n}\n\ninclude(\"aix.inc\");\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\noslevel = get_kb_item(\"Host/AIX/version\");\nif (isnull(oslevel)) audit(AUDIT_UNKNOWN_APP_VER, \"AIX\");\nif ( oslevel != \"AIX-5.3\" && oslevel != \"AIX-6.1\" && oslevel != \"AIX-7.1\" && oslevel != \"AIX-7.2\" )\n{\n oslevel = ereg_replace(string:oslevel, pattern:\"-\", replace:\" \");\n audit(AUDIT_OS_NOT, \"AIX 5.3 / 6.1 / 7.1 / 7.2\", oslevel);\n}\n\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif ( get_kb_item(\"Host/AIX/emgr_failure\" ) ) exit(0, \"This AIX package check is disabled because : \"+get_kb_item(\"Host/AIX/emgr_failure\") );\n\nflag = 0;\n\nifixes_098 = \"(098_ifix|IV81287m9b|IV83169m9b)\";\nifixes_1298 = \"(1298_ifix|IV81287m9c|IV83169m9c)\";\nifixes_101 = \"(101_ifix|101a_fix|IV81287m9a|IV83169m9a)\";\n\n#0.9.8.2506\nif (aix_check_ifix(release:\"5.3\", patch:ifixes_098, package:\"openssl.base\", minfilesetver:\"0.0.0.0\", maxfilesetver:\"0.9.8.2506\") < 0) flag++;\nif (aix_check_ifix(release:\"6.1\", patch:ifixes_098, package:\"openssl.base\", minfilesetver:\"0.0.0.0\", maxfilesetver:\"0.9.8.2506\") < 0) flag++;\nif (aix_check_ifix(release:\"7.1\", patch:ifixes_098, package:\"openssl.base\", minfilesetver:\"0.0.0.0\", maxfilesetver:\"0.9.8.2506\") < 0) flag++;\nif (aix_check_ifix(release:\"7.2\", patch:ifixes_098, package:\"openssl.base\", minfilesetver:\"0.0.0.0\", maxfilesetver:\"0.9.8.2506\") < 0) flag++;\n\n#12.9.8.2506\nif (aix_check_ifix(release:\"5.3\", patch:ifixes_1298, package:\"openssl.base\", minfilesetver:\"12.0.0.0\", maxfilesetver:\"12.9.8.2506\") < 0) flag++;\nif (aix_check_ifix(release:\"6.1\", patch:ifixes_1298, package:\"openssl.base\", minfilesetver:\"12.0.0.0\", maxfilesetver:\"12.9.8.2506\") < 0) flag++;\nif (aix_check_ifix(release:\"7.1\", patch:ifixes_1298, package:\"openssl.base\", minfilesetver:\"12.0.0.0\", maxfilesetver:\"12.9.8.2506\") < 0) flag++;\nif (aix_check_ifix(release:\"7.2\", patch:ifixes_1298, package:\"openssl.base\", minfilesetver:\"12.0.0.0\", maxfilesetver:\"12.9.8.2506\") < 0) flag++;\n\n#1.0.1.515\nif (aix_check_ifix(release:\"5.3\", patch:ifixes_101, package:\"openssl.base\", minfilesetver:\"1.0.1.500\", maxfilesetver:\"1.0.1.515\") < 0) flag++;\nif (aix_check_ifix(release:\"6.1\", patch:ifixes_101, package:\"openssl.base\", minfilesetver:\"1.0.1.500\", maxfilesetver:\"1.0.1.515\") < 0) flag++;\nif (aix_check_ifix(release:\"7.1\", patch:ifixes_101, package:\"openssl.base\", minfilesetver:\"1.0.1.500\", maxfilesetver:\"1.0.1.515\") < 0) flag++;\nif (aix_check_ifix(release:\"7.2\", patch:ifixes_101, package:\"openssl.base\", minfilesetver:\"1.0.1.500\", maxfilesetver:\"1.0.1.515\") < 0) flag++;\n\nif (flag)\n{\n aix_report_extra = ereg_replace(string:aix_report_get(), pattern:\"[()]\", replace:\"\");\n aix_report_extra = ereg_replace(string:aix_report_extra, pattern:\"[|]\", replace:\" or \");\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : aix_report_extra\n );\n}\nelse\n{\n tested = aix_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl.base\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T14:23:16", "description": "This update for openssl fixes the following issues :\n\nSecurity fixes :\n\n - CVE-2015-3194: The signature verification routines will\n crash with a NULL pointer dereference if presented with\n an ASN.1 signature using the RSA PSS algorithm and\n absent mask generation function parameter. Since these\n routines are used to verify certificate signature\n algorithms this can be used to crash any certificate\n verification operation and exploited in a DoS attack.\n Any application which performs certificate verification\n is vulnerable including OpenSSL clients and servers\n which enable client authentication. (bsc#957815)\n\n - CVE-2015-3195: When presented with a malformed\n X509_ATTRIBUTE structure OpenSSL would leak memory. This\n structure is used by the PKCS#7 and CMS routines so any\n application which reads PKCS#7 or CMS data from\n untrusted sources is affected. SSL/TLS is not affected.\n (bsc#957812)\n\n - CVE-2015-3196: If PSK identity hints are received by a\n multi-threaded client then the values were wrongly\n updated in the parent SSL_CTX structure. This could\n result in a race condition potentially leading to a\n double free of the identify hint data. (bsc#957813)\n\nNon security bugs fixed :\n\n - Improve S/390 performance on IBM z196 and z13\n (bsc#954256)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 28, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2015-12-09T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2015:2230-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-3195", "CVE-2015-3194", "CVE-2015-3196"], "modified": "2015-12-09T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:openssl-debuginfo", "cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:libopenssl1_0_0-hmac", "p-cpe:/a:novell:suse_linux:libopenssl1_0_0-debuginfo", "p-cpe:/a:novell:suse_linux:openssl", "p-cpe:/a:novell:suse_linux:libopenssl1_0_0", "p-cpe:/a:novell:suse_linux:openssl-debugsource"], "id": "SUSE_SU-2015-2230-1.NASL", "href": "https://www.tenable.com/plugins/nessus/87280", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:2230-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87280);\n script_version(\"2.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-3194\", \"CVE-2015-3195\", \"CVE-2015-3196\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2015:2230-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for openssl fixes the following issues :\n\nSecurity fixes :\n\n - CVE-2015-3194: The signature verification routines will\n crash with a NULL pointer dereference if presented with\n an ASN.1 signature using the RSA PSS algorithm and\n absent mask generation function parameter. Since these\n routines are used to verify certificate signature\n algorithms this can be used to crash any certificate\n verification operation and exploited in a DoS attack.\n Any application which performs certificate verification\n is vulnerable including OpenSSL clients and servers\n which enable client authentication. (bsc#957815)\n\n - CVE-2015-3195: When presented with a malformed\n X509_ATTRIBUTE structure OpenSSL would leak memory. This\n structure is used by the PKCS#7 and CMS routines so any\n application which reads PKCS#7 or CMS data from\n untrusted sources is affected. SSL/TLS is not affected.\n (bsc#957812)\n\n - CVE-2015-3196: If PSK identity hints are received by a\n multi-threaded client then the values were wrongly\n updated in the parent SSL_CTX structure. This could\n result in a race condition potentially leading to a\n double free of the identify hint data. (bsc#957813)\n\nNon security bugs fixed :\n\n - Improve S/390 performance on IBM z196 and z13\n (bsc#954256)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=954256\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=957812\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=957813\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=957815\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-3194/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-3195/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-3196/\"\n );\n # https://www.suse.com/support/update/announcement/2015/suse-su-20152230-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?76634ad7\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP1 :\n\nzypper in -t patch SUSE-SLE-SDK-12-SP1-2015-954=1\n\nSUSE Linux Enterprise Server 12-SP1 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP1-2015-954=1\n\nSUSE Linux Enterprise Desktop 12-SP1 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2015-954=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_0_0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_0_0-hmac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/12/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libopenssl1_0_0-1.0.1i-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libopenssl1_0_0-debuginfo-1.0.1i-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libopenssl1_0_0-hmac-1.0.1i-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"openssl-1.0.1i-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"openssl-debuginfo-1.0.1i-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"openssl-debugsource-1.0.1i-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libopenssl1_0_0-32bit-1.0.1i-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libopenssl1_0_0-debuginfo-32bit-1.0.1i-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libopenssl1_0_0-hmac-32bit-1.0.1i-36.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-1.0.1i-36.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-32bit-1.0.1i-36.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-debuginfo-1.0.1i-36.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-debuginfo-32bit-1.0.1i-36.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"openssl-1.0.1i-36.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"openssl-debuginfo-1.0.1i-36.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"openssl-debugsource-1.0.1i-36.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T09:49:19", "description": "Multiple vulnerabilities have been discovered in OpenSSL, a Secure\nSockets Layer toolkit. The Common Vulnerabilities and Exposures\nproject identifies the following issues :\n\n - CVE-2015-3194\n Loic Jonas Etienne of Qnective AG discovered that the\n signature verification routines will crash with a NULL\n pointer dereference if presented with an ASN.1 signature\n using the RSA PSS algorithm and absent mask generation\n function parameter. A remote attacker can exploit this\n flaw to crash any certificate verification operation and\n mount a denial of service attack.\n\n - CVE-2015-3195\n Adam Langley of Google/BoringSSL discovered that OpenSSL\n will leak memory when presented with a malformed\n X509_ATTRIBUTE structure.\n\n - CVE-2015-3196\n A race condition flaw in the handling of PSK identify\n hints was discovered, potentially leading to a double\n free of the identify hint data.", "edition": 24, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2015-12-07T00:00:00", "title": "Debian DSA-3413-1 : openssl - security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-3195", "CVE-2015-3194", "CVE-2015-3196"], "modified": "2015-12-07T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "cpe:/o:debian:debian_linux:7.0", "p-cpe:/a:debian:debian_linux:openssl"], "id": "DEBIAN_DSA-3413.NASL", "href": "https://www.tenable.com/plugins/nessus/87212", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3413. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87212);\n script_version(\"2.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-3194\", \"CVE-2015-3195\", \"CVE-2015-3196\");\n script_xref(name:\"DSA\", value:\"3413\");\n\n script_name(english:\"Debian DSA-3413-1 : openssl - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities have been discovered in OpenSSL, a Secure\nSockets Layer toolkit. The Common Vulnerabilities and Exposures\nproject identifies the following issues :\n\n - CVE-2015-3194\n Loic Jonas Etienne of Qnective AG discovered that the\n signature verification routines will crash with a NULL\n pointer dereference if presented with an ASN.1 signature\n using the RSA PSS algorithm and absent mask generation\n function parameter. A remote attacker can exploit this\n flaw to crash any certificate verification operation and\n mount a denial of service attack.\n\n - CVE-2015-3195\n Adam Langley of Google/BoringSSL discovered that OpenSSL\n will leak memory when presented with a malformed\n X509_ATTRIBUTE structure.\n\n - CVE-2015-3196\n A race condition flaw in the handling of PSK identify\n hints was discovered, potentially leading to a double\n free of the identify hint data.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-3194\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-3195\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-3196\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/openssl\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/openssl\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2015/dsa-3413\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the openssl packages.\n\nFor the oldstable distribution (wheezy), these problems have been\nfixed in version 1.0.1e-2+deb7u18.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 1.0.1k-3+deb8u2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libssl-dev\", reference:\"1.0.1e-2+deb7u18\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libssl-doc\", reference:\"1.0.1e-2+deb7u18\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libssl1.0.0\", reference:\"1.0.1e-2+deb7u18\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libssl1.0.0-dbg\", reference:\"1.0.1e-2+deb7u18\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"openssl\", reference:\"1.0.1e-2+deb7u18\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libcrypto1.0.0-udeb\", reference:\"1.0.1k-3+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libssl-dev\", reference:\"1.0.1k-3+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libssl-doc\", reference:\"1.0.1k-3+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libssl1.0.0\", reference:\"1.0.1k-3+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libssl1.0.0-dbg\", reference:\"1.0.1k-3+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"openssl\", reference:\"1.0.1k-3+deb8u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-20T12:29:00", "description": "This update for openssl fixes the following issues :\n\nSecurity fixes :\n\n - CVE-2015-3194: The signature verification routines will\n crash with a NULL pointer dereference if presented with\n an ASN.1 signature using the RSA PSS algorithm and\n absent mask generation function parameter. Since these\n routines are used to verify certificate signature\n algorithms this can be used to crash any certificate\n verification operation and exploited in a DoS attack.\n Any application which performs certificate verification\n is vulnerable including OpenSSL clients and servers\n which enable client authentication. (bsc#957815)\n\n - CVE-2015-3195: When presented with a malformed\n X509_ATTRIBUTE structure OpenSSL would leak memory. This\n structure is used by the PKCS#7 and CMS routines so any\n application which reads PKCS#7 or CMS data from\n untrusted sources is affected. SSL/TLS is not affected.\n (bsc#957812)\n\n - CVE-2015-3196: If PSK identity hints are received by a\n multi-threaded client then the values were wrongly\n updated in the parent SSL_CTX structure. This could\n result in a race condition potentially leading to a\n double free of the identify hint data. (bsc#957813)\n\nNon security bugs fixed :\n\n - Improve S/390 performance on IBM z196 and z13\n (bsc#954256)\n\nThis update was imported from the SUSE:SLE-12-SP1:Update update\nproject.", "edition": 18, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2015-12-18T00:00:00", "title": "openSUSE Security Update : openssl (openSUSE-2015-911)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-3195", "CVE-2015-3194", "CVE-2015-3196"], "modified": "2015-12-18T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:openssl", "cpe:/o:novell:opensuse:42.1", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-32bit", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-hmac-32bit", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:openssl-debugsource", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-hmac", "p-cpe:/a:novell:opensuse:libopenssl-devel", "p-cpe:/a:novell:opensuse:openssl-debuginfo", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo", "p-cpe:/a:novell:opensuse:libopenssl-devel-32bit", "p-cpe:/a:novell:opensuse:libopenssl1_0_0"], "id": "OPENSUSE-2015-911.NASL", "href": "https://www.tenable.com/plugins/nessus/87487", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2015-911.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87487);\n script_version(\"2.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-3194\", \"CVE-2015-3195\", \"CVE-2015-3196\");\n\n script_name(english:\"openSUSE Security Update : openssl (openSUSE-2015-911)\");\n script_summary(english:\"Check for the openSUSE-2015-911 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for openssl fixes the following issues :\n\nSecurity fixes :\n\n - CVE-2015-3194: The signature verification routines will\n crash with a NULL pointer dereference if presented with\n an ASN.1 signature using the RSA PSS algorithm and\n absent mask generation function parameter. Since these\n routines are used to verify certificate signature\n algorithms this can be used to crash any certificate\n verification operation and exploited in a DoS attack.\n Any application which performs certificate verification\n is vulnerable including OpenSSL clients and servers\n which enable client authentication. (bsc#957815)\n\n - CVE-2015-3195: When presented with a malformed\n X509_ATTRIBUTE structure OpenSSL would leak memory. This\n structure is used by the PKCS#7 and CMS routines so any\n application which reads PKCS#7 or CMS data from\n untrusted sources is affected. SSL/TLS is not affected.\n (bsc#957812)\n\n - CVE-2015-3196: If PSK identity hints are received by a\n multi-threaded client then the values were wrongly\n updated in the parent SSL_CTX structure. This could\n result in a race condition potentially leading to a\n double free of the identify hint data. (bsc#957813)\n\nNon security bugs fixed :\n\n - Improve S/390 performance on IBM z196 and z13\n (bsc#954256)\n\nThis update was imported from the SUSE:SLE-12-SP1:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=954256\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=957812\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=957813\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=957815\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-hmac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-hmac-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libopenssl-devel-1.0.1i-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libopenssl1_0_0-1.0.1i-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libopenssl1_0_0-debuginfo-1.0.1i-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libopenssl1_0_0-hmac-1.0.1i-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"openssl-1.0.1i-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"openssl-debuginfo-1.0.1i-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"openssl-debugsource-1.0.1i-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libopenssl-devel-32bit-1.0.1i-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-32bit-1.0.1i-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-debuginfo-32bit-1.0.1i-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-hmac-32bit-1.0.1i-9.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libopenssl-devel / libopenssl-devel-32bit / libopenssl1_0_0 / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-17T13:49:06", "description": "A NULL pointer derefernce flaw was found in the way OpenSSL verified\nsignatures using the RSA PSS algorithm. A remote attacked could\npossibly use this flaw to crash a TLS/SSL client using OpenSSL, or a\nTLS/SSL server using OpenSSL if it enabled client authentication.\n(CVE-2015-3194)\n\nA memory leak vulnerability was found in the way OpenSSL parsed PKCS#7\nand CMS data. A remote attacker could use this flaw to cause an\napplication that parses PKCS#7 or CMS data from untrusted sources to\nuse an excessive amount of memory and possibly crash. (CVE-2015-3195)\n\nA race condition flaw, leading to a double free, was found in the way\nOpenSSL handled pre-shared key (PSK) identify hints. A remote attacker\ncould use this flaw to crash a multi-threaded SSL/TLS client using\nOpenSSL. (CVE-2015-3196)\n\nFor the update to take effect, all services linked to the OpenSSL\nlibrary must be restarted, or the system rebooted.", "edition": 15, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2015-12-16T00:00:00", "title": "Scientific Linux Security Update : openssl on SL6.x i386/x86_64 (20151214)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-3195", "CVE-2015-3194", "CVE-2015-3196"], "modified": "2015-12-16T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:openssl-devel", "p-cpe:/a:fermilab:scientific_linux:openssl-debuginfo", "p-cpe:/a:fermilab:scientific_linux:openssl", "p-cpe:/a:fermilab:scientific_linux:openssl-perl", "x-cpe:/o:fermilab:scientific_linux", "p-cpe:/a:fermilab:scientific_linux:openssl-static"], "id": "SL_20151214_OPENSSL_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/87402", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87402);\n script_version(\"2.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2015-3194\", \"CVE-2015-3195\", \"CVE-2015-3196\");\n\n script_name(english:\"Scientific Linux Security Update : openssl on SL6.x i386/x86_64 (20151214)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A NULL pointer derefernce flaw was found in the way OpenSSL verified\nsignatures using the RSA PSS algorithm. A remote attacked could\npossibly use this flaw to crash a TLS/SSL client using OpenSSL, or a\nTLS/SSL server using OpenSSL if it enabled client authentication.\n(CVE-2015-3194)\n\nA memory leak vulnerability was found in the way OpenSSL parsed PKCS#7\nand CMS data. A remote attacker could use this flaw to cause an\napplication that parses PKCS#7 or CMS data from untrusted sources to\nuse an excessive amount of memory and possibly crash. (CVE-2015-3195)\n\nA race condition flaw, leading to a double free, was found in the way\nOpenSSL handled pre-shared key (PSK) identify hints. A remote attacker\ncould use this flaw to crash a multi-threaded SSL/TLS client using\nOpenSSL. (CVE-2015-3196)\n\nFor the update to take effect, all services linked to the OpenSSL\nlibrary must be restarted, or the system rebooted.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1512&L=scientific-linux-errata&F=&S=&P=1245\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?973e5d4b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/12/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"openssl-1.0.1e-42.el6_7.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"openssl-debuginfo-1.0.1e-42.el6_7.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"openssl-devel-1.0.1e-42.el6_7.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"openssl-perl-1.0.1e-42.el6_7.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"openssl-static-1.0.1e-42.el6_7.1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-debuginfo / openssl-devel / openssl-perl / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T10:13:55", "description": "Moderate security issues fixed in this update.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 18, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2016-03-04T00:00:00", "title": "Fedora 22 : openssl-1.0.1k-13.fc22 (2015-d87d60b9a9)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-3195", "CVE-2015-3194", "CVE-2015-3196"], "modified": "2016-03-04T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:openssl", "cpe:/o:fedoraproject:fedora:22"], "id": "FEDORA_2015-D87D60B9A9.NASL", "href": "https://www.tenable.com/plugins/nessus/89431", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-d87d60b9a9.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89431);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-3194\", \"CVE-2015-3195\", \"CVE-2015-3196\");\n script_xref(name:\"FEDORA\", value:\"2015-d87d60b9a9\");\n\n script_name(english:\"Fedora 22 : openssl-1.0.1k-13.fc22 (2015-d87d60b9a9)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Moderate security issues fixed in this update.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1288320\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1288322\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1288326\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-December/173801.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7f24ae84\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:22\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^22([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 22.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC22\", reference:\"openssl-1.0.1k-13.fc22\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T14:23:16", "description": "This update for openssl fixes the following issues :\n\nSecurity fixes :\n\n - CVE-2015-3194: The signature verification routines will\n crash with a NULL pointer dereference if presented with\n an ASN.1 signature using the RSA PSS algorithm and\n absent mask generation function parameter. Since these\n routines are used to verify certificate signature\n algorithms this can be used to crash any certificate\n verification operation and exploited in a DoS attack.\n Any application which performs certificate verification\n is vulnerable including OpenSSL clients and servers\n which enable client authentication. (bsc#957815)\n\n - CVE-2015-3195: When presented with a malformed\n X509_ATTRIBUTE structure OpenSSL would leak memory. This\n structure is used by the PKCS#7 and CMS routines so any\n application which reads PKCS#7 or CMS data from\n untrusted sources is affected. SSL/TLS is not affected.\n (bsc#957812)\n\n - CVE-2015-3196: If PSK identity hints are received by a\n multi-threaded client then the values were wrongly\n updated in the parent SSL_CTX structure. This could\n result in a race condition potentially leading to a\n double free of the identify hint data. (bsc#957813)\n\nNon security bugs fixed :\n\n - Clear the error after setting non-fips mode (bsc#947104)\n\n - Improve S/390 performance on IBM z196 and z13\n (bsc#954256)\n\n - Add support for 'ciphers' providing no encryption\n (bsc#937085)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 29, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2015-12-11T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2015:2237-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-3195", "CVE-2015-3194", "CVE-2015-3196"], "modified": "2015-12-11T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:openssl-debuginfo", "cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:libopenssl1_0_0-hmac", "p-cpe:/a:novell:suse_linux:libopenssl1_0_0-debuginfo", "p-cpe:/a:novell:suse_linux:openssl", "p-cpe:/a:novell:suse_linux:libopenssl1_0_0", "p-cpe:/a:novell:suse_linux:openssl-debugsource"], "id": "SUSE_SU-2015-2237-1.NASL", "href": "https://www.tenable.com/plugins/nessus/87318", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:2237-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87318);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-3194\", \"CVE-2015-3195\", \"CVE-2015-3196\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2015:2237-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for openssl fixes the following issues :\n\nSecurity fixes :\n\n - CVE-2015-3194: The signature verification routines will\n crash with a NULL pointer dereference if presented with\n an ASN.1 signature using the RSA PSS algorithm and\n absent mask generation function parameter. Since these\n routines are used to verify certificate signature\n algorithms this can be used to crash any certificate\n verification operation and exploited in a DoS attack.\n Any application which performs certificate verification\n is vulnerable including OpenSSL clients and servers\n which enable client authentication. (bsc#957815)\n\n - CVE-2015-3195: When presented with a malformed\n X509_ATTRIBUTE structure OpenSSL would leak memory. This\n structure is used by the PKCS#7 and CMS routines so any\n application which reads PKCS#7 or CMS data from\n untrusted sources is affected. SSL/TLS is not affected.\n (bsc#957812)\n\n - CVE-2015-3196: If PSK identity hints are received by a\n multi-threaded client then the values were wrongly\n updated in the parent SSL_CTX structure. This could\n result in a race condition potentially leading to a\n double free of the identify hint data. (bsc#957813)\n\nNon security bugs fixed :\n\n - Clear the error after setting non-fips mode (bsc#947104)\n\n - Improve S/390 performance on IBM z196 and z13\n (bsc#954256)\n\n - Add support for 'ciphers' providing no encryption\n (bsc#937085)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=937085\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=947104\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=954256\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=957812\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=957813\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=957815\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-3194/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-3195/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-3196/\"\n );\n # https://www.suse.com/support/update/announcement/2015/suse-su-20152237-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4e8d9bde\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12 :\n\nzypper in -t patch SUSE-SLE-SDK-12-2015-958=1\n\nSUSE Linux Enterprise Server 12 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-2015-958=1\n\nSUSE Linux Enterprise Desktop 12 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-2015-958=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_0_0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_0_0-hmac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/12/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libopenssl1_0_0-1.0.1i-27.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libopenssl1_0_0-debuginfo-1.0.1i-27.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libopenssl1_0_0-hmac-1.0.1i-27.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"openssl-1.0.1i-27.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"openssl-debuginfo-1.0.1i-27.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"openssl-debugsource-1.0.1i-27.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libopenssl1_0_0-32bit-1.0.1i-27.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libopenssl1_0_0-debuginfo-32bit-1.0.1i-27.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libopenssl1_0_0-hmac-32bit-1.0.1i-27.6.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-1.0.1i-27.6.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-32bit-1.0.1i-27.6.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-debuginfo-1.0.1i-27.6.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-debuginfo-32bit-1.0.1i-27.6.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"openssl-1.0.1i-27.6.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"openssl-debuginfo-1.0.1i-27.6.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"openssl-debugsource-1.0.1i-27.6.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-06T13:23:41", "description": "The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - fix CVE-2015-3194 - certificate verify crash with\n missing PSS parameter\n\n - fix CVE-2015-3195 - X509_ATTRIBUTE memory leak\n\n - fix CVE-2015-3196 - race condition when handling PSK\n identity hint", "edition": 28, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2015-12-15T00:00:00", "title": "OracleVM 3.3 : openssl (OVMSA-2015-0155)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-3195", "CVE-2015-3194", "CVE-2015-3196"], "modified": "2015-12-15T00:00:00", "cpe": ["cpe:/o:oracle:vm_server:3.3", "p-cpe:/a:oracle:vm:openssl"], "id": "ORACLEVM_OVMSA-2015-0155.NASL", "href": "https://www.tenable.com/plugins/nessus/87366", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2015-0155.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87366);\n script_version(\"2.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2015-3194\", \"CVE-2015-3195\", \"CVE-2015-3196\");\n\n script_name(english:\"OracleVM 3.3 : openssl (OVMSA-2015-0155)\");\n script_summary(english:\"Checks the RPM output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - fix CVE-2015-3194 - certificate verify crash with\n missing PSS parameter\n\n - fix CVE-2015-3195 - X509_ATTRIBUTE memory leak\n\n - fix CVE-2015-3196 - race condition when handling PSK\n identity hint\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2015-December/000403.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?20060b02\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/12/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.3\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.3\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.3\", reference:\"openssl-1.0.1e-42.el6_7.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-17T12:50:18", "description": "From Red Hat Security Advisory 2015:2617 :\n\nUpdated openssl packages that fix three security issues are now\navailable for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL\nv2/v3) and Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nA NULL pointer dereference flaw was found in the way OpenSSL verified\nsignatures using the RSA PSS algorithm. A remote attacked could\npossibly use this flaw to crash a TLS/SSL client using OpenSSL, or a\nTLS/SSL server using OpenSSL if it enabled client authentication.\n(CVE-2015-3194)\n\nA memory leak vulnerability was found in the way OpenSSL parsed PKCS#7\nand CMS data. A remote attacker could use this flaw to cause an\napplication that parses PKCS#7 or CMS data from untrusted sources to\nuse an excessive amount of memory and possibly crash. (CVE-2015-3195)\n\nA race condition flaw, leading to a double free, was found in the way\nOpenSSL handled pre-shared key (PSK) identify hints. A remote attacker\ncould use this flaw to crash a multi-threaded SSL/TLS client using\nOpenSSL. (CVE-2015-3196)\n\nAll openssl users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. For the\nupdate to take effect, all services linked to the OpenSSL library must\nbe restarted, or the system rebooted.", "edition": 26, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2015-12-15T00:00:00", "title": "Oracle Linux 6 / 7 : openssl (ELSA-2015-2617)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-3195", "CVE-2015-3194", "CVE-2015-3196"], "modified": "2015-12-15T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:openssl-libs", "p-cpe:/a:oracle:linux:openssl-devel", "p-cpe:/a:oracle:linux:openssl", "p-cpe:/a:oracle:linux:openssl-static", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:openssl-perl"], "id": "ORACLELINUX_ELSA-2015-2617.NASL", "href": "https://www.tenable.com/plugins/nessus/87364", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2015:2617 and \n# Oracle Linux Security Advisory ELSA-2015-2617 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87364);\n script_version(\"2.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2015-3194\", \"CVE-2015-3195\", \"CVE-2015-3196\");\n script_xref(name:\"RHSA\", value:\"2015:2617\");\n\n script_name(english:\"Oracle Linux 6 / 7 : openssl (ELSA-2015-2617)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2015:2617 :\n\nUpdated openssl packages that fix three security issues are now\navailable for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL\nv2/v3) and Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nA NULL pointer dereference flaw was found in the way OpenSSL verified\nsignatures using the RSA PSS algorithm. A remote attacked could\npossibly use this flaw to crash a TLS/SSL client using OpenSSL, or a\nTLS/SSL server using OpenSSL if it enabled client authentication.\n(CVE-2015-3194)\n\nA memory leak vulnerability was found in the way OpenSSL parsed PKCS#7\nand CMS data. A remote attacker could use this flaw to cause an\napplication that parses PKCS#7 or CMS data from untrusted sources to\nuse an excessive amount of memory and possibly crash. (CVE-2015-3195)\n\nA race condition flaw, leading to a double free, was found in the way\nOpenSSL handled pre-shared key (PSK) identify hints. A remote attacker\ncould use this flaw to crash a multi-threaded SSL/TLS client using\nOpenSSL. (CVE-2015-3196)\n\nAll openssl users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. For the\nupdate to take effect, all services linked to the OpenSSL library must\nbe restarted, or the system rebooted.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-December/005624.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-December/005625.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/12/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6 / 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"openssl-1.0.1e-42.el6_7.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"openssl-devel-1.0.1e-42.el6_7.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"openssl-perl-1.0.1e-42.el6_7.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"openssl-static-1.0.1e-42.el6_7.1\")) flag++;\n\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"openssl-1.0.1e-51.el7_2.1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"openssl-devel-1.0.1e-51.el7_2.1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"openssl-libs-1.0.1e-51.el7_2.1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"openssl-perl-1.0.1e-51.el7_2.1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"openssl-static-1.0.1e-51.el7_2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-devel / openssl-libs / openssl-perl / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-01T05:06:01", "description": "Updated openssl packages that fix three security issues are now\navailable for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL\nv2/v3) and Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nA NULL pointer dereference flaw was found in the way OpenSSL verified\nsignatures using the RSA PSS algorithm. A remote attacked could\npossibly use this flaw to crash a TLS/SSL client using OpenSSL, or a\nTLS/SSL server using OpenSSL if it enabled client authentication.\n(CVE-2015-3194)\n\nA memory leak vulnerability was found in the way OpenSSL parsed PKCS#7\nand CMS data. A remote attacker could use this flaw to cause an\napplication that parses PKCS#7 or CMS data from untrusted sources to\nuse an excessive amount of memory and possibly crash. (CVE-2015-3195)\n\nA race condition flaw, leading to a double free, was found in the way\nOpenSSL handled pre-shared key (PSK) identify hints. A remote attacker\ncould use this flaw to crash a multi-threaded SSL/TLS client using\nOpenSSL. (CVE-2015-3196)\n\nAll openssl users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. For the\nupdate to take effect, all services linked to the OpenSSL library must\nbe restarted, or the system rebooted.", "edition": 29, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2015-12-14T00:00:00", "title": "RHEL 6 / 7 : openssl (RHSA-2015:2617)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-3195", "CVE-2015-3194", "CVE-2015-3196"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:openssl-libs", "cpe:/o:redhat:enterprise_linux:6.7", "p-cpe:/a:redhat:enterprise_linux:openssl-static", "cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7.7", "p-cpe:/a:redhat:enterprise_linux:openssl-debuginfo", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:openssl-perl", "cpe:/o:redhat:enterprise_linux:7.3", "p-cpe:/a:redhat:enterprise_linux:openssl", "cpe:/o:redhat:enterprise_linux:7.2", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:openssl-devel"], "id": "REDHAT-RHSA-2015-2617.NASL", "href": "https://www.tenable.com/plugins/nessus/87335", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:2617. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(87335);\n script_version(\"2.22\");\n script_cvs_date(\"Date: 2019/10/24 15:35:40\");\n\n script_cve_id(\"CVE-2015-3194\", \"CVE-2015-3195\", \"CVE-2015-3196\");\n script_xref(name:\"RHSA\", value:\"2015:2617\");\n\n script_name(english:\"RHEL 6 / 7 : openssl (RHSA-2015:2617)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated openssl packages that fix three security issues are now\navailable for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL\nv2/v3) and Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nA NULL pointer dereference flaw was found in the way OpenSSL verified\nsignatures using the RSA PSS algorithm. A remote attacked could\npossibly use this flaw to crash a TLS/SSL client using OpenSSL, or a\nTLS/SSL server using OpenSSL if it enabled client authentication.\n(CVE-2015-3194)\n\nA memory leak vulnerability was found in the way OpenSSL parsed PKCS#7\nand CMS data. A remote attacker could use this flaw to cause an\napplication that parses PKCS#7 or CMS data from untrusted sources to\nuse an excessive amount of memory and possibly crash. (CVE-2015-3195)\n\nA race condition flaw, leading to a double free, was found in the way\nOpenSSL handled pre-shared key (PSK) identify hints. A remote attacker\ncould use this flaw to crash a multi-threaded SSL/TLS client using\nOpenSSL. (CVE-2015-3196)\n\nAll openssl users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. For the\nupdate to take effect, all services linked to the OpenSSL library must\nbe restarted, or the system rebooted.\"\n );\n # https://openssl.org/news/secadv/20151203.txt\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openssl.org/news/secadv/20151203.txt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:2617\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-3194\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-3196\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-3195\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/12/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x / 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:2617\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"openssl-1.0.1e-42.el6_7.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"openssl-debuginfo-1.0.1e-42.el6_7.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"openssl-devel-1.0.1e-42.el6_7.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"openssl-perl-1.0.1e-42.el6_7.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"openssl-perl-1.0.1e-42.el6_7.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"openssl-perl-1.0.1e-42.el6_7.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"openssl-static-1.0.1e-42.el6_7.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"openssl-static-1.0.1e-42.el6_7.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"openssl-static-1.0.1e-42.el6_7.1\")) flag++;\n\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"openssl-1.0.1e-51.el7_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"openssl-1.0.1e-51.el7_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"openssl-debuginfo-1.0.1e-51.el7_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"openssl-devel-1.0.1e-51.el7_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"openssl-libs-1.0.1e-51.el7_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"openssl-perl-1.0.1e-51.el7_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"openssl-perl-1.0.1e-51.el7_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"openssl-static-1.0.1e-51.el7_2.1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-debuginfo / openssl-devel / openssl-libs / etc\");\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "archlinux": [{"lastseen": "2016-09-02T18:44:46", "bulletinFamily": "unix", "cvelist": ["CVE-2015-1794", "CVE-2015-3195", "CVE-2015-3194", "CVE-2015-3196", "CVE-2015-3193"], "description": "- CVE-2015-3193 (insecure private key in connection with DHE)\n\nThere is a carry propagating bug in the x86_64 Montgomery squaring\nprocedure. No EC algorithms are affected. Analysis suggests that attacks against RSA\nand DSA as a result of this defect would be very difficult to perform and are\nnot believed likely. Attacks against DH are considered just feasible\n(although very difficult) because most of the work necessary to deduce information\nabout a private key may be performed offline. The amount of resources\nrequired for such an attack would be very significant and likely only\naccessible to a limited number of attackers. An attacker would\nadditionally need online access to an unpatched system using the target\nprivate key in a scenario with persistent DH parameters and a private\nkey that is shared between multiple clients. For example this can occur\nby default in OpenSSL DHE based SSL/TLS ciphersuites.[1]\n\n- CVE-2015-3194 (denial of service)\n\nThe signature verification routines will crash with a NULL pointer\ndereference if presented with an ASN.1 signature using the RSA PSS algorithm and\nabsent mask generation function parameter. Since these routines are used to\nverify certificate signature algorithms this can be used to crash any\ncertificate verification operation and exploited in a DoS attack. Any application\nwhich performs certificate verification is vulnerable including OpenSSL\nclients and servers which enable client authentication.[2]\n\n- CVE-2015-3195 (memory leaks)\n\nWhen presented with a malformed X509_ATTRIBUTE structure OpenSSL will\nleak memory. This structure is used by the PKCS#7 and CMS routines so any\napplication which reads PKCS#7 or CMS data from untrusted sources is\naffected. SSL/TLS is not affected.[3]\n\n- CVE-2015-3196 (double free)\n\nIf PSK identity hints are received by a multi-threaded client then\nthe values are wrongly updated in the parent SSL_CTX structure. This can\nresult in a race condition potentially leading to a double free of the\nidentify hint data.[4]\n\n- CVE-2015-1794 (denial of service)\n\nIf a client receives a ServerKeyExchange for an anonymous DH ciphersuite\nwith the value of p set to 0 then a seg fault can occur leading to a possible\ndenial of service attack.[5]", "modified": "2015-12-05T00:00:00", "published": "2015-12-05T00:00:00", "id": "ASA-201512-2", "href": "https://lists.archlinux.org/pipermail/arch-security/2015-December/000459.html", "type": "archlinux", "title": "openssl lib32-openssl: multiple issues", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2020-07-02T11:40:43", "bulletinFamily": "unix", "cvelist": ["CVE-2015-1794", "CVE-2015-3195", "CVE-2015-3194", "CVE-2015-3196", "CVE-2015-3193"], "description": "Guy Leaver discovered that OpenSSL incorrectly handled a ServerKeyExchange \nfor an anonymous DH ciphersuite with the value of p set to 0. A remote \nattacker could possibly use this issue to cause OpenSSL to crash, resulting \nin a denial of service. This issue only applied to Ubuntu 15.10. \n(CVE-2015-1794)\n\nHanno B\u00f6ck discovered that the OpenSSL Montgomery squaring procedure \nalgorithm may produce incorrect results when being used on x86_64. A remote \nattacker could possibly use this issue to break encryption. This issue only \napplied to Ubuntu 15.10. (CVE-2015-3193)\n\nLo\u00efc Jonas Etienne discovered that OpenSSL incorrectly handled ASN.1 \nsignatures with a missing PSS parameter. A remote attacker could possibly \nuse this issue to cause OpenSSL to crash, resulting in a denial of service. \n(CVE-2015-3194)\n\nAdam Langley discovered that OpenSSL incorrectly handled malformed \nX509_ATTRIBUTE structures. A remote attacker could possibly use this issue \nto cause OpenSSL to consume resources, resulting in a denial of service. \n(CVE-2015-3195)\n\nIt was discovered that OpenSSL incorrectly handled PSK identity hints. A \nremote attacker could possibly use this issue to cause OpenSSL to crash, \nresulting in a denial of service. This issue only applied to Ubuntu 12.04 \nLTS, Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-3196)", "edition": 5, "modified": "2015-12-07T00:00:00", "published": "2015-12-07T00:00:00", "id": "USN-2830-1", "href": "https://ubuntu.com/security/notices/USN-2830-1", "title": "OpenSSL vulnerabilities", "type": "ubuntu", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "slackware": [{"lastseen": "2020-10-25T16:35:54", "bulletinFamily": "unix", "cvelist": ["CVE-2015-1794", "CVE-2015-3193", "CVE-2015-3194", "CVE-2015-3195", "CVE-2015-3196"], "description": "New openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,\nand -current to fix security issues.\n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n\npatches/packages/openssl-1.0.1q-x86_64-1_slack14.1.txz: Upgraded.\n This update fixes the following security issues:\n BN_mod_exp may produce incorrect results on x86_64 (CVE-2015-3193).\n Certificate verify crash with missing PSS parameter (CVE-2015-3194).\n X509_ATTRIBUTE memory leak (CVE-2015-3195).\n Race condition handling PSK identify hint (CVE-2015-3196).\n Anon DH ServerKeyExchange with 0 p parameter (CVE-2015-1794).\n For more information, see:\n https://openssl.org/news/secadv_20151203.txt\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1794\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3193\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3194\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3195\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3196\n (* Security fix *)\npatches/packages/openssl-solibs-1.0.1q-x86_64-1_slack14.1.txz: Upgraded.\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated packages for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zh-i486-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zh-i486-1_slack13.0.txz\n\nUpdated packages for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zh-x86_64-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zh-x86_64-1_slack13.0.txz\n\nUpdated packages for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zh-i486-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zh-i486-1_slack13.1.txz\n\nUpdated packages for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zh-x86_64-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zh-x86_64-1_slack13.1.txz\n\nUpdated packages for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zh-i486-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zh-i486-1_slack13.37.txz\n\nUpdated packages for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zh-x86_64-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zh-x86_64-1_slack13.37.txz\n\nUpdated packages for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1q-i486-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1q-i486-1_slack14.0.txz\n\nUpdated packages for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1q-x86_64-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1q-x86_64-1_slack14.0.txz\n\nUpdated packages for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1q-i486-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1q-i486-1_slack14.1.txz\n\nUpdated packages for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1q-x86_64-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1q-x86_64-1_slack14.1.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.2e-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.2e-i586-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.2e-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.2e-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 13.0 packages:\n5e45a22283b41aaf4f867918746ebc1d openssl-0.9.8zh-i486-1_slack13.0.txz\n0ad74b36ce143d28e15dfcfcf1fcb483 openssl-solibs-0.9.8zh-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 packages:\nc360d323a2bed57c62d6699b2d4be65e openssl-0.9.8zh-x86_64-1_slack13.0.txz\n122240badbfbe51c842a9102d3cfe30f openssl-solibs-0.9.8zh-x86_64-1_slack13.0.txz\n\nSlackware 13.1 packages:\n1bf98b27573b20a7de5f6359f3eadbd7 openssl-0.9.8zh-i486-1_slack13.1.txz\n2b732f1f29de1cb6078fd1ddda8eb9ec openssl-solibs-0.9.8zh-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 packages:\n735c3bbc55902ec57e46370cde32ea4b openssl-0.9.8zh-x86_64-1_slack13.1.txz\n483f506f3b86572e60fe4c46a67c226b openssl-solibs-0.9.8zh-x86_64-1_slack13.1.txz\n\nSlackware 13.37 packages:\n9af41ba336c64b92d5bbd86c17a93e94 openssl-0.9.8zh-i486-1_slack13.37.txz\nb83170b9c5ec56b4e2dc882b3c64b306 openssl-solibs-0.9.8zh-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 packages:\n2220ff161d0bf3635d2dea7caae6e5e7 openssl-0.9.8zh-x86_64-1_slack13.37.txz\n17b3e8884f383e3327d5e4a6080634cb openssl-solibs-0.9.8zh-x86_64-1_slack13.37.txz\n\nSlackware 14.0 packages:\nced42bc3799f2b54aeb3b631a2864b90 openssl-1.0.1q-i486-1_slack14.0.txz\n52965f98ee30e8f3d22bde6b0fe7f53b openssl-solibs-1.0.1q-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 packages:\ncbf49f09bdcebc61cf7fcb2857dc3a71 openssl-1.0.1q-x86_64-1_slack14.0.txz\n156911f58b71ee6369467d8fec34a59f openssl-solibs-1.0.1q-x86_64-1_slack14.0.txz\n\nSlackware 14.1 packages:\n36d5f60b634788d4315ffb46ef6d4d88 openssl-1.0.1q-i486-1_slack14.1.txz\nfc18f566a9a2f5c6adb15d288245403a openssl-solibs-1.0.1q-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 packages:\n03f1832417a79f73b35180a39ae4fb16 openssl-1.0.1q-x86_64-1_slack14.1.txz\nbf447792f23deb14e1fe3f008a6b78a7 openssl-solibs-1.0.1q-x86_64-1_slack14.1.txz\n\nSlackware -current packages:\n27b2974199a970392ed2192bf4a207a9 a/openssl-solibs-1.0.2e-i586-1.txz\n940a7653a6cadb44ce143d3b0e0eaa16 n/openssl-1.0.2e-i586-1.txz\n\nSlackware x86_64 -current packages:\n8636a45f49d186d505b356b9be66309b a/openssl-solibs-1.0.2e-x86_64-1.txz\n87c33a76a94993864a52bfe4e5d5b2f0 n/openssl-1.0.2e-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the packages as root:\n > upgradepkg openssl-1.0.1q-i486-1_slack14.1.txz openssl-solibs-1.0.1q-i486-1_slack14.1.txz", "modified": "2015-12-16T06:25:41", "published": "2015-12-16T06:25:41", "id": "SSA-2015-349-04", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.754583", "type": "slackware", "title": "[slackware-security] openssl", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "cisco": [{"lastseen": "2020-12-24T11:41:20", "bulletinFamily": "software", "cvelist": ["CVE-2015-1794", "CVE-2015-3193", "CVE-2015-3194", "CVE-2015-3195", "CVE-2015-3196"], "description": "A vulnerability in OpenSSL could allow an unauthenticated, remote attacker to cause a DoS condition.\n\nThe vulnerability is due to improper handling of certificate signatures. An unauthenticated, remote attacker could exploit the vulnerability by using a malicious certificate during the connection to an application using OpenSSL. Successful exploitation could allow the attacker to cause the targeted application to terminate.\n\nA vulnerability in OpenSSL could allow an unauthenticated, remote attacker to cause a DoS condition.\n\nThe vulnerability is due to improper memory handling. An unauthenticated, remote attacker could exploit the vulnerability by sending malicious requests to an application that uses the OpenSSL library. Successful exploitation could allow the attacker to cause the application to consume available memory resources, resulting in a DoS condition.\n\nA vulnerability in OpenSSL could allow an unauthenticated, remote attacker to cause a DoS condition.\n\nThe vulnerability is due to improper memory operations performed when processing preshared keys. An unauthenticated, remote attacker could exploit the vulnerability by sending malicious requests to an application that uses OpenSSL. Successful exploitation could allow the attacker to cause the application to terminate, resulting in a DoS condition.\n\nA vulnerability in the Montgomery multiplication module of OpenSSL could allow an unauthenticated, remote attacker to cause the library to produce unexpected and possibly weak cryptographic output.\n\nThe vulnerability is due to an implementation error in the BN_mod_exp function. An unauthenticated, remote attacker could exploit the vulnerability by sending malicious requests to a targeted application that relies on OpenSSL. A successful exploit could allow the attacker to cause OpenSSL to produce weaker cryptographic protections than expected, possibly allowing the attacker to defeat security protections provided by OpenSSL more easily.\n\nA vulnerability in the anonymous Diffie-Hellman cipher suite in OpenSSL could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.\n\nThe vulnerability is due to improper handling of input by the OpenSSL library. An unauthenticated, remote attacker could exploit the vulnerability by returning malicious values to a client application using OpenSSL. A successful exploit could allow the attacker to cause the application to terminate, resulting in a DoS condition.\n\nOn December 3, 2015, the OpenSSL Project released a security advisory detailing five vulnerabilities.\n\nMultiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. \n\nThis advisory will be updated as additional information becomes available.\n\nCisco will release software updates that address these vulnerabilities.\n\nWorkarounds that mitigate these vulnerabilities are not available.\n\nThis advisory is available at the following link:\n\nhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-openssl[\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-openssl\"]", "modified": "2016-09-21T22:47:24", "published": "2015-12-04T17:38:00", "id": "CISCO-SA-20151204-OPENSSL", "href": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-openssl", "type": "cisco", "title": "Multiple Vulnerabilities in OpenSSL (December 2015) Affecting Cisco Products", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "freebsd": [{"lastseen": "2019-05-29T18:32:58", "bulletinFamily": "unix", "cvelist": ["CVE-2015-1794", "CVE-2015-3195", "CVE-2015-3194", "CVE-2015-3196", "CVE-2015-3193"], "description": "\nOpenSSL project reports:\n\n\nBN_mod_exp may produce incorrect results on x86_64\n\t (CVE-2015-3193)\nCertificate verify crash with missing PSS parameter\n\t (CVE-2015-3194)\nX509_ATTRIBUTE memory leak (CVE-2015-3195)\nRace condition handling PSK identify hint\n\t (CVE-2015-3196)\nAnon DH ServerKeyExchange with 0 p parameter\n\t (CVE-2015-1794)\n\n\n", "edition": 4, "modified": "2016-08-09T00:00:00", "published": "2015-12-03T00:00:00", "id": "4C8D1D72-9B38-11E5-AECE-D050996490D0", "href": "https://vuxml.freebsd.org/freebsd/4c8d1d72-9b38-11e5-aece-d050996490d0.html", "title": "openssl -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:32:57", "bulletinFamily": "unix", "cvelist": ["CVE-2015-3194"], "description": "\nThe OpenBSD project reports:\n\nA NULL pointer deference could be triggered by a crafted\n\t certificate sent to services configured to verify client\n\t certificates on TLS/SSL connections.\n\t \n\n", "edition": 4, "modified": "2015-12-03T00:00:00", "published": "2015-12-03T00:00:00", "id": "215E740E-9C56-11E5-90E7-B499BAEBFEAF", "href": "https://vuxml.freebsd.org/freebsd/215e740e-9c56-11e5-90e7-b499baebfeaf.html", "title": "libressl -- NULL pointer dereference", "type": "freebsd", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "cloudfoundry": [{"lastseen": "2019-05-29T18:33:04", "bulletinFamily": "software", "cvelist": ["CVE-2015-3195", "CVE-2015-3194"], "description": "USN-2830-1 OpenSSL vulnerability\n\n# \n\nMedium\n\n# Vendor\n\nOpenSSL\n\n# Versions Affected\n\n * Ubuntu 14.04 \n\n# Description\n\nLo\u00efc Jonas Etienne discovered that OpenSSL incorrectly handled ASN.1 signatures with a missing PSS parameter. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2015-3194)\n\nAdam Langley discovered that OpenSSL incorrectly handled malformed X509_ATTRIBUTE structures. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, resulting in a denial of service. (CVE-2015-3195)\n\nThe Cloud Foundry project released a BOSH stemcell version 3146.1 and 3149 that has the patched version of the Linux kernel. A new Cloud Foundry rootfs was also released, cflinuxfs2 v.1.21.0, that has the patches.\n\n# Affected Products and Versions\n\n_Severity is medium unless otherwise noted. \n_\n\n * All versions of Cloud Foundry BOSH stemcells prior to 3149 are vulnerable, besides patched versions of 3146.x. \n * All versions of Cloud Foundry cflinuxfs2 prior to v.1.21.0. \n\n# Mitigation\n\nUsers of affected versions should apply the following mitigation:\n\n * The Cloud Foundry project recommends that Cloud Foundry deployments run with BOSH stemcells 3149 or later versions, or patched 3146.x versions, and cflinuxfs2 v.1.21.0 or later versions. \n\n# Credit\n\nLo\u00efc Jonas Etienne and Adam Langley\n\n# References\n\n * <http://www.ubuntu.com/usn/usn-2830-1>\n * <https://bosh.io/stemcells>\n * <https://github.com/cloudfoundry/cf-release>\n", "edition": 5, "modified": "2016-01-07T00:00:00", "published": "2016-01-07T00:00:00", "id": "CFOUNDRY:FD6E339752BA328AA16F0962172B55EF", "href": "https://www.cloudfoundry.org/blog/usn-2830-1/", "title": "USN-2830-1 OpenSSL vulnerability | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:44", "bulletinFamily": "unix", "cvelist": ["CVE-2015-3197", "CVE-2015-1794", "CVE-2015-3195", "CVE-2015-3194", "CVE-2016-0701", "CVE-2015-3196", "CVE-2015-3193"], "edition": 1, "description": "### Background\n\nOpenSSL is an Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general purpose cryptography library. \n\n### Description\n\nMultiple vulnerabilities have been discovered in OpenSSL. Please review the upstream advisory and CVE identifiers referenced below for details. Note that the list includes CVE identifiers for an older OpenSSL Security Advisory (3 Dec 2015) for which we have not issued a GLSA before. \n\n### Impact\n\nA remote attacker could disclose a server\u2019s private DH exponent, or complete SSLv2 handshakes using ciphers that have been disabled on the server. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll OpenSSL users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-libs/openssl-1.0.2f\"", "modified": "2016-02-26T00:00:00", "published": "2016-01-29T00:00:00", "id": "GLSA-201601-05", "href": "https://security.gentoo.org/glsa/201601-05", "type": "gentoo", "title": "OpenSSL: Multiple vulnerabilities", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:36:28", "bulletinFamily": "unix", "cvelist": ["CVE-2015-3197", "CVE-2016-0705", "CVE-2015-3195", "CVE-2015-3194", "CVE-2016-0797", "CVE-2016-0702", "CVE-2015-7575", "CVE-2015-3196"], "description": "[1.0.1e-51.4]\n- fix CVE-2016-0702 - side channel attack on modular exponentiation\n- fix CVE-2016-0705 - double-free in DSA private key parsing\n- fix CVE-2016-0797 - heap corruption in BN_hex2bn and BN_dec2bn\n[1.0.1e-51.3]\n- fix CVE-2015-3197 - SSLv2 ciphersuite enforcement\n- disable SSLv2 in the generic TLS method\n[1.0.1e-51.2]\n- fix CVE-2015-7575 - disallow use of MD5 in TLS1.2\n[1.0.1e-51.1]\n- fix CVE-2015-3194 - certificate verify crash with missing PSS parameter\n- fix CVE-2015-3195 - X509_ATTRIBUTE memory leak\n- fix CVE-2015-3196 - race condition when handling PSK identity hint", "edition": 4, "modified": "2016-03-01T00:00:00", "published": "2016-03-01T00:00:00", "id": "ELSA-2016-3523", "href": "http://linux.oracle.com/errata/ELSA-2016-3523.html", "title": "openssl security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openssl": [{"lastseen": "2020-09-14T11:36:19", "bulletinFamily": "software", "cvelist": ["CVE-2015-3196"], "description": " If PSK identity hints are received by a multi-threaded client then the values are wrongly updated in the parent SSL_CTX structure. This can result in a race condition potentially leading to a double free of the identify hint data. Reported by Stephen Henson (OpenSSL). \n\n * Fixed in OpenSSL 1.0.2d (Affected 1.0.2-1.0.2c)\n * Fixed in OpenSSL 1.0.1p (Affected 1.0.1-1.0.1o)\n * Fixed in OpenSSL 1.0.0t (Affected 1.0.0-1.0.0g,1.0.0h-1.0.0s)\n", "edition": 1, "modified": "2015-12-03T00:00:00", "published": "2015-12-03T00:00:00", "id": "OPENSSL:CVE-2015-3196", "href": "https://www.openssl.org/news/secadv/20151203.txt", "title": "Vulnerability in OpenSSL - Race condition handling PSK identify hint ", "type": "openssl", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-09-14T11:36:20", "bulletinFamily": "software", "cvelist": ["CVE-2015-3194"], "description": " The signature verification routines will crash with a NULL pointer dereference if presented with an ASN.1 signature using the RSA PSS algorithm and absent mask generation function parameter. Since these routines are used to verify certificate signature algorithms this can be used to crash any certificate verification operation and exploited in a DoS attack. Any application which performs certificate verification is vulnerable including OpenSSL clients and servers which enable client authentication. Reported by Lo\u00efc Jonas Etienne (Qnective AG). \n\n * Fixed in OpenSSL 1.0.2e (Affected 1.0.2-1.0.2d)\n * Fixed in OpenSSL 1.0.1q (Affected 1.0.1-1.0.1p)\n", "edition": 1, "modified": "2015-12-03T00:00:00", "published": "2015-12-03T00:00:00", "id": "OPENSSL:CVE-2015-3194", "href": "https://www.openssl.org/news/secadv/20151203.txt", "title": "Vulnerability in OpenSSL - Certificate verify crash with missing PSS parameter ", "type": "openssl", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}]}
